Your message dated Mon, 02 Mar 2009 21:17:22 +0000
with message-id <[email protected]>
and subject line Bug#511397: fixed in ferm 2.0.5-1
has caused the Debian Bug report #511397,
regarding ferm: fast flush does not work
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
511397: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511397
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ferm
Version: 2.0.3-1
Severity: normal
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-mtl.2 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages ferm depends on:
ii debconf 1.5.24 Debian configuration management sy
ii iptables 1.4.1.1-3 administration tools for packet fi
ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip
ii perl 5.10.0-18 Larry Wall's Practical Extraction
ferm recommends no packages.
ferm suggests no packages.
-- debconf information:
* ferm/enable: true
With FAST=yes in /etc/default/ferm, /etc/init.d/ferm stop will result in
following error:
Stopping Firewall: fermiptables-restore v1.4.1.1: Can't set policy
`myuserchain' on `ACCEPT' line 13: Bad built-in chain name
Failed to run /sbin/iptables-restore
Firewall rules rolled back.
The error does not appear when FAST=no. The problem seems to arise from the
fact that ferm without --slow option generates policy
definition lines not only for built-in chains, but also for user-defined ones.
iptables (at least lenny's v1.4) does not allow
policy rules for user defined chains.
==================
Sample config
==================
#
# Configuration file for ferm(1).
#
table filter {
chain myuserchain {
ACCEPT;
}
chain INPUT {
policy DROP;
jump myuserchain;
}
chain OUTPUT {
policy ACCEPT;
}
chain FORWARD {
policy DROP;
}
}
==================
Output of ferm --flush --lines --noexec:
==================
# Generated by ferm 2.0.3 on Sat Jan 10 14:18:50 2009
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
COMMIT
*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:myuserchain ACCEPT [0:0] # <=== that's it
COMMIT
==================
The same config processed with ferm --flush --lines --noexec --slow:
==================
/sbin/iptables -t mangle -P FORWARD ACCEPT
/sbin/iptables -t mangle -P INPUT ACCEPT
/sbin/iptables -t mangle -P OUTPUT ACCEPT
/sbin/iptables -t mangle -P PREROUTING ACCEPT
/sbin/iptables -t mangle -P POSTROUTING ACCEPT
/sbin/iptables -t mangle -F
/sbin/iptables -t mangle -X
/sbin/iptables -t filter -P FORWARD ACCEPT
/sbin/iptables -t filter -P INPUT ACCEPT
/sbin/iptables -t filter -P OUTPUT ACCEPT
/sbin/iptables -t filter -F
/sbin/iptables -t filter -X
--- End Message ---
--- Begin Message ---
Source: ferm
Source-Version: 2.0.5-1
We believe that the bug you reported is fixed in the latest version of
ferm, which is due to be installed in the Debian FTP archive:
ferm_2.0.5-1.diff.gz
to pool/main/f/ferm/ferm_2.0.5-1.diff.gz
ferm_2.0.5-1.dsc
to pool/main/f/ferm/ferm_2.0.5-1.dsc
ferm_2.0.5-1_all.deb
to pool/main/f/ferm/ferm_2.0.5-1_all.deb
ferm_2.0.5.orig.tar.gz
to pool/main/f/ferm/ferm_2.0.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alexander Wirt <[email protected]> (supplier of updated ferm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 02 Mar 2009 21:35:34 +0100
Source: ferm
Binary: ferm
Architecture: source all
Version: 2.0.5-1
Distribution: unstable
Urgency: low
Maintainer: ferm maintainers <[email protected]>
Changed-By: Alexander Wirt <[email protected]>
Description:
ferm - maintain and setup complicated firewall rules
Closes: 510418 511397 511661 513099
Changes:
ferm (2.0.5-1) unstable; urgency=low
.
[ Max Kellermann ]
* new upstream release
- flushing bug fixed (Closes: #511397)
- ipt_recent --remove supported (Closes: #511661)
- ignore dpkg's backup/temporary files (Closes: #510418)
* fixed typo in default configuration (Closes: #513099)
Checksums-Sha1:
b6a166ac8828dd50bdca871e3fe147f86073f970 1055 ferm_2.0.5-1.dsc
60d4e40cfc625c5436ab4c3d4a14e7435c6f54fc 109699 ferm_2.0.5.orig.tar.gz
b6d3b3b919092ac04f602c65edc88209151b1496 10708 ferm_2.0.5-1.diff.gz
308345ed770c0ceccba3c65dbe75f15c0914eb9d 103038 ferm_2.0.5-1_all.deb
Checksums-Sha256:
434e995d0bcd9b0a378240651139b22a350044d6aed9007ee5ef87ee28ea6d50 1055
ferm_2.0.5-1.dsc
d3a9b59be1370f66fc12c21ca206973e203b04bab255eda188cad3a1c63bfc4b 109699
ferm_2.0.5.orig.tar.gz
0b36e3592fcf6f00995df2a300a0133130a3b56b1533b71d1dd77d10b8111fd6 10708
ferm_2.0.5-1.diff.gz
964cba20c6b8f5b69aaea6a84b83b78bc60dd1e3e9907efa98084b42280bcb04 103038
ferm_2.0.5-1_all.deb
Files:
58a0c824f02ee2305d547f90e3bce0f5 1055 net optional ferm_2.0.5-1.dsc
e77db05360877299cb6fa8c5b51a5e77 109699 net optional ferm_2.0.5.orig.tar.gz
1c63adb0c3565aecfa7ecfaafb37fa33 10708 net optional ferm_2.0.5-1.diff.gz
ff90f7831be35a36876c7d880b3493e9 103038 net optional ferm_2.0.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkmsQ00ACgkQ01u8mbx9AgpLJgCeOxkjsUXk1LhJ3C2zA7G5z0bR
bAAAn16LzszhN+PIziVCnxM/S2cnP1Qh
=gkRv
-----END PGP SIGNATURE-----
--- End Message ---
