Note I tested this on vivid with a /downitpables script containing:
#!/bin/sh
LXC_BRIDGE=lxcbr0
LXC_NETWORK="10.0.3.0/24"
use_iptables_lock="-w"
iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j
ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j
ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j
ACCEPT
iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j
ACCEPT
iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d
${LXC_NETWORK} -j MASQUERADE || true
iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m
udp --dport 68 -j CHECKSUM --checksum-fill
I raun /downitpables, then did 'sudo stop lxc-net', which succeeded.
Then did 'sudo start lxc-net', which succeeded.
** Changed in: lxc (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1429140
Title:
lxc-net upstart script fails on nonexistent iptables rules
Status in lxc package in Ubuntu:
Incomplete
Bug description:
Hello,
On Trusty, the stop of lxc-net fails if the iptables rules are not
present.
I added “exec >> /tmp/lxc-net.log 2>&1” at the beginning of pre-start
and post-stop and get:
iptables: Bad rule (does a matching rule exist in that chain?).
On Precise, a “|| true” was added to avoid errors.
I attach a patch to disable exit on failing iptables call.
Regards.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1429140/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
