Package: ferm
Version: 2.5.1-1
Severity: normal
Running "ferm --remote --slow" produces iptables rules in different
orders on different runs. This makes it difficult to compare outputs
for regression testing, version control, etc.
For example, on two successive runs this input produced the following
output:
table filter {
chain INPUT policy DROP;
chain FORWARD policy DROP;
chain OUTPUT policy ACCEPT;
}
run #1
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P INPUT ACCEPT
iptables -t filter -F
iptables -t filter -X
iptables -t filter -P FORWARD DROP
iptables -t filter -P INPUT DROP
run #2
iptables -t filter -P INPUT ACCEPT
iptables -t filter -P FORWARD ACCEPT
iptables -t filter -P OUTPUT ACCEPT
iptables -t filter -F
iptables -t filter -X
iptables -t filter -P INPUT DROP
iptables -t filter -P FORWARD DROP
I think this behavior comes from Perl's randomized hash tables and the use of
while (my ($chain, $chain_info) = each %{$table_info->{chains}}) { ... }
constructs. Changing these to loops over sorted keys should fix the problem.
