Code review comment for lp:~neil-aldur/ubuntu/precise/iptables-persistent/fix-for-967018-905517

It needs to be both. You don't want to execute the mv_conffile unless both the files exist and you don't want to create a rules.v4 unless the old one already exists and you really need to do a mv_conffile.

You want to avoid the blank rules.v4 file which would cause the init script to try and do an unnecessary firewall load on a blank file.

It's a bit of an abuse of the mv_conffile facility really.

So I'm thinking

if [ -e /etc/iptables/rules ]; then
    [ -e /etc/iptables/rules.v4 ] || touch /etc/iptables/rules.v4
    dpkg-maintscript-helper mv_conffile \
        /etc/iptables/rules /etc/iptables/rules.v4 0.0.20101230 -- "$@"
fi

Which should make sure that the old file is only moved if the target isn't newer.