Re: [voidlinux/void-packages] sshguard: use sv start instead of sv check (#14331)

Nicolas Porcel at Fri, 11 May 2018 19:33:11 -0700

This is true, `iptables` is not a service. Same goes for `alsa` (and certainly many other packages using this trick). But at the same time this is very handy to be able to temporary stop `iptables` with `sv stop iptables` and restart it with `sv start iptables`. Of course, in that case you will lose all the rules created by other services. Most distros I've used solve this new problem by automatically saving the iptables rules on exit, which I usually disable as it gets in the way of sshguard whose purpose it to temporary block some hosts. But it could make sense for some people.

Enno Boland at Sat, 12 May 2018 05:55:15 -0700

`sv check` does more than just looking for the presence of a service in `/var/service`. See `man sv`: ``` ... check Check for the service to be in the state that's been requested. Wait up to 7 seconds for the service to reach the requested state, then report the status or timeout. If the requested state of the service is up, and the script ./check exists in the service directory, sv runs this script to check whether the service is up and running; it's considered to be up if ./check exits with 0. ... ```

Enno Boland at Sat, 12 May 2018 06:03:00 -0700

Real fix: add a `check` script to iptables that checks if rules are applied and exit 0 if they are.

Enno Boland at Sat, 12 May 2018 06:05:02 -0700

Closed #14331.

cr6git at Sat, 12 May 2018 07:31:03 -0700

@Duncaen another example: `ufw` makes use of `iptables` without having to start the `iptables` service.

Nicolas Porcel at Sun, 13 May 2018 05:40:41 -0700

@Gottox You are right, using `sv start` does nothing more. I thought it would wait for the program to start but without the `./check` script it does nothing more. Now, the difficulty is to add the `./check` script as this is not trivial.