diff options
| -rw-r--r-- | Changelog | 3 | ||||
| -rwxr-xr-x | lacme | 12 |
2 files changed, 9 insertions, 6 deletions
@@ -3,6 +3,9 @@ lacme (0.6) UNRELEASED + client: poll order URL instead of each authz URL successively. - lacme, client: new dependency Date::Parse, don't parse RFC 3339 datetime strings from X.509 certs manually. + - lacme: assume that the iptables(1) binaries are under /usr/sbin not + /sbin. As of Buster this is the case, and the maintainer plans to + drop compatibility symlinks once Bullseye is released. -- Guilhem Moulin <guilhem@fripost.org> Mon, 21 Jan 2019 02:07:58 +0100 @@ -399,10 +399,10 @@ sub iptables_save($@) { open STDIN, '<', '/dev/null' or die "Can't open /dev/null: $!"; open STDOUT, '>&', $iptables_tmp or die "Can't dup: $!"; $| = 1; # turn off buffering for STDOUT - exec "/sbin/$iptables_bin-save", "-c" or die; + exec "/usr/sbin/$iptables_bin-save", "-c" or die; } waitpid $pid => 0; - die "Error: /sbin/$iptables_bin-save exited with value ".($? >> 8) if $? > 0; + die "Error: /usr/sbin/$iptables_bin-save exited with value ".($? >> 8) if $? > 0; # seek back to the begining, as we'll restore directly from the # handle and not from the file. XXX if there was a way in Perl to @@ -416,10 +416,10 @@ sub iptables_save($@) { unless ($pid) { open STDIN, '<&', $iptables_tmp or die "Can't dup: $!"; open STDOUT, '>', '/dev/null' or die "Can't open /dev/null: $!"; - exec "/sbin/$iptables_bin-restore", "-c" or die; + exec "/usr/sbin/$iptables_bin-restore", "-c" or die; } waitpid $pid => 0; - warn "Warning: /sbin/$iptables_bin-restore exited with value ".($? >> 8) if $? > 0; + warn "Warning: /usr/sbin/$iptables_bin-restore exited with value ".($? >> 8) if $? > 0; }; @@ -437,10 +437,10 @@ sub iptables_save($@) { } my $dest = Socket::inet_ntop($domain, $addr) .'/'. $mask; - system ("/sbin/$iptables_bin", qw/-I INPUT -p tcp -m tcp -m state/, + system ("/usr/sbin/$iptables_bin", qw/-I INPUT -p tcp -m tcp -m state/, '-d', $dest, '--dport', $port, '--state', 'NEW,ESTABLISHED', '-j', 'ACCEPT') == 0 or die; - system ("/sbin/$iptables_bin", qw/-I OUTPUT -p tcp -m tcp -m state/, + system ("/usr/sbin/$iptables_bin", qw/-I OUTPUT -p tcp -m tcp -m state/, '-s', $dest, '--sport', $port, '--state', 'ESTABLISHED', '-j', 'ACCEPT') == 0 or die; } |