Bug#683789: iptables-persistent: bashism in iptables-persistent.init '$(< foo)' should be '$(cat foo)'

[Andreas Rütten]

Package: iptables-persistent
Version: 0.5.5
Severity: important
Tags: patch


There is a bashism in the flush_rules function of the init script: 

$ checkbashisms debian/iptables-persistent.init 
possible bashism in debian/iptables-persistent.init line 95 
        ('$(< foo)' should be '$(cat foo)'):
        for table in $(</proc/net/ip_tables_names)
possible bashism in debian/iptables-persistent.init line 112
        ('$(< foo)' should be '$(cat foo)'):
        for table in $(</proc/net/ip6_tables_names)

Because of that $table is always empty and no special table (e.g. nat)
will ever be flushed. Only the default one. 

Please find the attached patch.


Cheers,
Andreas

-- 
Andreas Rütten                                  andreasruet...@gmx.de

4096R: 0x6C9DFFB2 / 8394 99DA 59BD BCE2 3FC8 3A9E 6633 0089 6C9D FFB2

From dc9060847d31ca29182bd0b36672d9518ce32c53 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andreas=20R=C3=BCtten?= <andreasruet...@gmx.de>
Date: Sat, 4 Aug 2012 01:47:18 +0200
Subject: [PATCH] Fix bashism in the flush_rules function

The bashism in the flush_rules function leads us to the situation
where $table is always empty and no special table (e.g. nat) will
ever be flushed. Only the default one.
---
 debian/iptables-persistent.init |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/iptables-persistent.init b/debian/iptables-persistent.init
index 6e48df8..c7be564 100644
--- a/debian/iptables-persistent.init
+++ b/debian/iptables-persistent.init
@@ -92,7 +92,7 @@ flush_rules()
 	elif [ -x /sbin/iptables ]; then
 		log_action_cont_msg " IPv4"
 		for param in F Z X; do /sbin/iptables -$param; done
-		for table in $(</proc/net/ip_tables_names)
+		for table in $(cat /proc/net/ip_tables_names)
 		do
 			/sbin/iptables -t $table -F
 			/sbin/iptables -t $table -Z
@@ -109,7 +109,7 @@ flush_rules()
 	elif [ -x /sbin/ip6tables ]; then
 		log_action_cont_msg " IPv6"
 		for param in F Z X; do /sbin/ip6tables -$param; done
-		for table in $(</proc/net/ip6_tables_names)
+		for table in $(cat /proc/net/ip6_tables_names)
 		do
 			/sbin/ip6tables -t $table -F
 			/sbin/ip6tables -t $table -Z
-- 
1.7.9.5

signature.asc
Description: PGP signature