Opened 7 years ago

Closed 6 years ago

#9691 closed enhancement (fixed)

iptables/ip6tables-utils package redundant

Reported by: Gil Kloepfer <owrt0711@…> Owned by: jow
Priority: low Milestone: Backfire 10.03.1
Component: packages Version: Trunk
Keywords: Cc:


The iptables-utils/ip6tables-utils package is redundant and simply places two additional copies of the iptables binary into the target.

The iptables-utils package only provides the iptables-save and iptables-restore commands, and these actually only need to be symlinks to the iptables binary, since the iptables-save/restore functionality is already built into iptables (uses the command name to determine the function, like busybox does).

On full Linux distributions, the iptables, iptables-save, and iptables-restore commands are all symlinks to iptables-multi.

The exact same issue exists for ip6tables and ip6tables-utils as well.

(example from Gentoo Linux)

$ ls -l iptables* ip6tables*
lrwxrwxrwx 1 root root     15 Dec 28  2010 ip6tables -> ip6tables-multi*
-rwxr-xr-x 1 root root 267992 Dec 28  2010 ip6tables-multi*
lrwxrwxrwx 1 root root     15 Dec 28  2010 ip6tables-restore -> ip6tables-multi*
lrwxrwxrwx 1 root root     15 Dec 28  2010 ip6tables-save -> ip6tables-multi*
lrwxrwxrwx 1 root root     14 Dec 28  2010 iptables -> iptables-multi*
-rwxr-xr-x 1 root root 285976 Dec 28  2010 iptables-multi*
lrwxrwxrwx 1 root root     14 Dec 28  2010 iptables-restore -> iptables-multi*
lrwxrwxrwx 1 root root     14 Dec 28  2010 iptables-save -> iptables-multi*

I am suggesting that the iptables-utils/ip6tables-utils packages be deprecated and symlinks for the iptables-save/iptables-restore and ip6tables-save/ip6tables-restore be included as part of the iptables/ip6tables packages (since negligible space is consumed by the symlinks).

As an alternative, the -utils packages could have the iptables/ip6tables package as a dependency and simply be two symlinks each, but it seems kind of silly to have a package that only contains two symlinks...

Also note that I have tested this by NOT installing the -utils packages and manually adding the symlinks myself, and it worked just fine.

If someone would like me to submit a patch, I could do so...

Attachments (1)

0001-iptables-eliminate-redundant-binaries.patch (2.6 KB) - added by Daniel Harding <dharding@…> 6 years ago.

Download all attachments as: .zip

Change History (5)

comment:1 Changed 7 years ago by jow

  • Owner changed from developers to jow
  • Status changed from new to accepted

comment:2 Changed 7 years ago by jow

  • Resolution set to fixed
  • Status changed from accepted to closed

Fixed in r27646, r27647

comment:3 Changed 6 years ago by dharding@…

  • Resolution fixed deleted
  • Status changed from closed to reopened

r27646 made the issue better, but didn't fix it completely: if iptables-utils/ip6tables-utils are installed, the system will end up with two copies of the iptables binary, one named iptables and one named iptables-multi. I have a patch which makes the iptables/ip6tables packages install the iptables-multi/ip6tables-multi binaries, and then makes iptables/ip6tables, iptables-save/ip6tables-save, and iptables-restore/ip6tables-restore symlinks to the respective *-multi binary.

Changed 6 years ago by Daniel Harding <dharding@…>

comment:4 Changed 6 years ago by jow

  • Resolution set to fixed
  • Status changed from reopened to closed

Fixed with r27961, r27962

Add Comment

Modify Ticket

as closed .
The resolution will be deleted. Next status will be 'reopened'.

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.