Bug#504703: marked as done (ERROR: Command "/sbin/iptables -A smurfs -s tcpflags -j DROP" Failed)

[Debian Bug Tracking System]

Your message dated Fri, 7 Nov 2008 15:05:14 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#504703: ERROR: Command "/sbin/iptables -A smurfs -s 
tcpflags -j DROP" Failed
has caused the Debian Bug report #504703,
regarding ERROR: Command "/sbin/iptables -A smurfs -s tcpflags -j DROP" Failed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
504703: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504703
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems

--- Begin Message ---

Package: shorewall-common
Version: 4.0.14-3
Severity: grave
Justification: renders package unusable

shorewall start
Compiling...
Initializing...
Determining Zones...
   IPv4 Zones: net
   Firewall Zone: fw
Validating interfaces file...
Validating hosts file...
Pre-processing Actions...
   Pre-processing /usr/share/shorewall/action.Drop...
   Pre-processing /usr/share/shorewall/action.Reject...
Validating Policy file...
Determining Hosts in Zones...
   net Zone: eth0:0.0.0.0/0 eth1:0.0.0.0/0 ppp0:0.0.0.0/0
Deleting user chains...
Compiling /etc/shorewall/routestopped ...
Creating Interface Chains...
Compiling Common Rules
Compiling TCP Flags checking...
Compiling Kernel Route Filtering...
Compiling Martian Logging...
Compiling /etc/shorewall/rules...
Compiling Actions...
Compiling /usr/share/shorewall/action.Drop for Chain Drop...
Compiling /usr/share/shorewall/action.Reject for Chain Reject...
Compiling /etc/shorewall/policy...
Compiling Traffic Control Rules...
Compiling Rule Activation...
Compiling IP Forwarding...
Shorewall configuration compiled to /var/lib/shorewall/.start
Processing /etc/shorewall/params ...
Starting Shorewall....
Initializing...
Processing /etc/shorewall/init ...
Clearing Traffic Control/QOS
Deleting user chains...
Processing /etc/shorewall/continue ...
Enabling Loopback and DNS Lookups
Creating Interface Chains...
Setting up SMURF control...
iptables v1.4.1.1: host/network `tcpflags' not found
Try `iptables -h' or 'iptables --help' for more information.
   ERROR: Command "/sbin/iptables -A smurfs -s tcpflags -j DROP" Failed
Processing /etc/shorewall/stop ...
Processing /etc/shorewall/stopped ...
Terminated


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (900, 'unstable'), (600, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages shorewall-common depends on:
ii  dash                          0.5.4-12   POSIX-compliant shell
ii  debconf                       1.5.24     Debian configuration management sy
ii  iproute                       20080725-2 networking and traffic control too
ii  iptables                      1.4.1.1-4  administration tools for packet fi

shorewall-common recommends no packages.

Versions of packages shorewall-common suggests:
ii  linux-image-2.6.26-1-686 [lin 2.6.26-9   Linux 2.6.26 image on PPro/Celeron
ii  linux-image-2.6.26-1-amd64 [l 2.6.26-9   Linux 2.6.26 image on AMD64
ii  linux-image-2.6.26-1-xen-686  2.6.26-9   Linux 2.6.26 image on i686
ii  linux-image-2.6.26x1 [linux-i x1         Linux kernel binary image for vers
ii  make                          3.81-5     The GNU version of the "make" util
ii  shorewall-doc                 4.0.14-2   documentation for Shoreline Firewa

-- debconf-show failed

--- End Message ---

--- Begin Message ---

On Fri, Nov 07, 2008 at 10:22:23AM +0100, Jan Rasche wrote:
> 
> Hello Roberto,
> 
> Thanks for your fast reply!
> 
> Here comes the /etc/shorewall/interfaces from my notebook. ;-)
> 
> #
> # Shorewall version 3.4 - Interfaces File
> #
> # For information about entries in this file, type "man
> shorewall-interfaces"
> #
> # For additional information, see
> # http://shorewall.net/Documentation.htm#Interfaces
> #
> ###############################################################################
> #ZONE INTERFACE BROADCAST OPTIONS
> net     eth0    192.168.168.63   tcpflags
> net     eth1    192.168.1.255   tcpflags
> net     ppp0                    tcpflags
> #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
> 

You are missing a dash in the empty column.  Shorewall thinks you are
using tcpflags as the broadcast address.

I am closing this bug.

Regards,

-Roberto
-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

signature.asc
Description: Digital signature

--- End Message ---