[pkg-netfilter-team] Bug#1068678: nftables: on sysvinit the init script does not start nftables at boot

Davide Baldini baldiniebaldini at gmail.com
Tue Apr 9 01:35:51 BST 2024 

Package: nftables
Version: 1.0.6-2+deb12u2
Severity: normal

Dear Maintainer,

the installation of nftables completed via apt from the stable repository leads 
to the creation of the following init script on a system with sysvinit without 
Systemd:

   /etc/init.d/nftables

whose LSB section is:

   ### BEGIN INIT INFO
   # Provides:          nftables
   # Required-Start:    $local_fs $network
   # Required-Stop:     $local_fs $network
   # Should-Start:
   # Default-Start:     S
   # Default-Stop:      0 1 6
   # Short-Description: Loads nftables firewall rules
   # Description: Loads nftables firewall rules
   ### END INIT INFO

The "Default-Start" tag is set to "S", which is problematic as it causes the 
script to never run at boot. If "S" is replaced by "1 2 3" the script instead 
runs at boot as intended. This seems to be a general problem with all init 
scripts under Debian whose "Default-Start" tag is set to "S". For example, I 
created the test file

   /etc/init.d/test.sh

with the following content:

   #!/bin/bash

   ### BEGIN INIT INFO
   # Provides:          test
   # Required-Start:
   # Required-Stop:
   # Should-Start:
   # Default-Start:     S
   # Default-Stop:      0 1 6
   # Short-Description: Test
   # Description: Test
   ### END INIT INFO

   echo $(date) "$@" >>/root/test.txt

and I enable it with:

   update-rc.d test.sh defaults

which results in these, and only these, rc symlinks being created:

   rc0.d/K01test.sh
   rc1.d/K01test.sh
   rc6.d/K01test.sh
   rcS.d/S01test.sh

After rebooting the system from an empty '/root/test.txt' file, the contents of 
this file become:

   Tue Apr 9 01:26:50 CEST 2024 stop

in which only one line is logged, corresponding to the time when I issued the 
reboot command, with no follow-up lines after the reboot.
My sysvinit configuration is unremarkably default and I encountered this problem 
on every Debian system under sysvinit.

-- System Information:
Debian Release: 12.4
   APT prefers stable-updates
   APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-9-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to en_US.UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
LSM: AppArmor: enabled

Versions of packages nftables depends on:
ii  libc6         2.36-9+deb12u3
ii  libedit2      3.1-20221030-2
ii  libnftables1  1.0.6-2+deb12u2

Versions of packages nftables recommends:
ii  netbase  6.4

Versions of packages nftables suggests:
pn  firewalld  <none>

-- Configuration Files:
/etc/nftables.conf changed [not included]

-- no debconf information

More information about the pkg-netfilter-team mailing list