Your message dated Thu, 12 Jul 2018 09:39:53 +0800
with message-id <2589440.8koiZBSM5F@hosiet-mi>
and subject line Bug#709566: Removed package(s) from unstable
has caused the Debian Bug report #482600,
regarding firestarter: Always blocks NetBIOS broadcasts even when both "block
broadcasts" checkboxes are unset
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
482600: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=482600
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: firestarter
Version: 1.0.3-6
Severity: important
Tags: patch
Firestarter contains two options for blocking broadcasts:
- Preferences->Firewall->Advanced Options->Block broadcasts from external
- Preferences->Firewall->Advanced Options->Block broadcasts from
internal network
Even with both options deselected, NetBIOS traffic will not flow
properly. In particular, SMB/CIFS name lookups always fail. This thread
on the Ubuntu forums suggested a solution:
http://ubuntuforums.org/showthread.php?t=190542
I'm not sure whether the fact that iptables doesn't recognize UDP
replies to a UDP broadcast as RELATED is a bug or not, but since it does
not, one needs to allow NEW packets. The attached diff implements this
change in /etc/firestarter/inbound/setup, and seems to allow NetBIOS
browsing to work properly on my systems.
Whether or not this is an acceptable "out of the box" security stance,
or whether more fine-grained solutions are possible, is a different
matter. Nevertheless, it offers a solution for a widespread problem with
Firestarter, so I hope it helps.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (700, 'unstable'), (600, 'stable'), (550,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages firestarter depends on:
ii gconf2 2.22.0-1 GNOME configuration database syste
ii gksu 2.0.0-5 graphical frontend to su
ii iptables 1.4.0-4 administration tools for packet fi
ii libart-2.0-2 2.3.20-2 Library of functions for 2D graphi
ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit
ii libbonobo2-0 2.22.0-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.22.0-1 The Bonobo UI library
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libcairo2 1.6.4-1+b1 The Cairo 2D vector graphics libra
ii libfontconfig1 2.5.0-2 generic font configuration library
ii libfreetype6 2.3.5-1+b1 FreeType 2 font engine, shared lib
ii libgconf2-4 2.22.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.2-1 library to load .glade files at ru
ii libglib2.0-0 2.16.3-2 The GLib library of C routines
ii libgnome-keyring0 2.22.1-1 GNOME keyring services library
ii libgnome2-0 2.20.1.1-1 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.20.1.1-1 A powerful object-oriented display
ii libgnomeui-0 2.20.1.1-1 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 1:2.22.0-2 GNOME Virtual File System (runtime
ii libgtk2.0-0 2.12.9-3 The GTK+ graphical user interface
ii libice6 2:1.0.4-1 X11 Inter-Client Exchange library
ii liborbit2 1:2.14.12-0.1 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.20.2-2 Layout and rendering of internatio
ii libpng12-0 1.2.27-1 PNG library - runtime
ii libpopt0 1.10-3 lib for parsing cmdline parameters
ii libsm6 2:1.0.3-1+b1 X11 Session Management library
ii libx11-6 2:1.0.3-7 X11 client-side library
ii libxcursor1 1:1.1.9-1 X cursor management library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxfixes3 1:4.0.3-2 X11 miscellaneous 'fixes' extensio
ii libxi6 2:1.1.3-1 X11 Input extension library
ii libxinerama1 2:1.0.3-1 X11 Xinerama extension library
ii libxml2 2.6.32.dfsg-2 GNOME XML library
ii libxrandr2 2:1.2.2-1 X11 RandR extension library
ii libxrender1 1:0.9.4-1 X Rendering Extension client libra
ii lsb-base 3.2-11 Linux Standard Base 3.2 init scrip
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
firestarter recommends no packages.
-- no debconf information
--- setup 2008/05/06 03:08:33 1.1
+++ setup 2008/05/06 03:08:46
@@ -8,7 +8,7 @@
# Allow response traffic
$IPT -A INBOUND -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
-$IPT -A INBOUND -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT
+$IPT -A INBOUND -p udp -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Hosts from which connections are always allowed
while read host garbage
--- End Message ---
--- Begin Message ---
Version: 1.0.3-11+rm
Dear submitter,
As the package firestarter has been removed from the Debian archive
unstable we hereby close the associated bug reports. We are sorry that
we couldn't deal with your issue properly.
For details on the removal, please see https://bugs.debian.org/709566
The version of this package that was in Debian prior to this removal
can still be found using https://snapshot.debian.org/.
This message was not generated automatically; it is manually written
to deal with the issue that firestarter's bugs were not closed after
package removal in 2013. if you believe that there is a problem with
it, please contact the archive administrators by mailing
[email protected].
Debian distribution maintenance software
pp.
Boyuan Yang
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
