Your message dated Sat, 17 Nov 2018 13:34:45 +0000
with message-id <[email protected]>
and subject line Bug#913844: fixed in firehol 3.1.6+ds-7
has caused the Debian Bug report #913844,
regarding firehol: problem with ipsets using firehol 3.1.6+ds-6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
913844: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913844
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: firehol
Version: 3.1.6+ds-4
Severity: important
Dear Maintainer,
3.1.6+ds-4 seems to work fine with ipset. The following lines in
/etc/firehol/firehol.config seem to work fine.
ipv4 ipset create ssh_attackers_ips hash:ip
ipv4 ipset addfile ssh_attackers_ips ips ssh_attackers_ips.txt
ipv4 blacklist full ipset:ssh_attackers_ips
root@dimen:~# firehol restart
FireHOL: Saving active firewall to a temporary file... OK
FireHOL: Processing file '/etc/firehol/firehol.conf'... OK (170 iptables
rules)
FireHOL: Activating ipsets... OK
FireHOL: Fast activating new firewall... OK
FireHOL: Saving activated firewall to '/var/spool/firehol'... OK
However with 3.1.6+ds-6 this same file leads to:
FireHOL: Saving active firewall to a temporary file... OK
FireHOL: Processing file '/etc/firehol/firehol.conf'... OK (170 iptables
rules)
FireHOL: Activating ipsets...
--------------------------------------------------------------------------------
ERROR : # 1
WHEN : Setting default unmatched policy (options: UNMATCHED_INPUT_POLICY
UNMATCHED_OUTPUT_POLICY UNMATCHED_ROUTER_POLICY)
WHY : ipset ssh_attackers_ips already exists.
COMMAND: ipset create ssh_attackers_ips hash:ip
MODE : both
SOURCE : FIN
FireHOL: Restoring old firewall... OK
Broadcast message from systemd-journald@dimen (Thu 2018-11-15 21:28:31 GMT):
FireHOL[1771]: FAILED to activate the firewall from /etc/firehol/firehol.conf.
Last good firewall restoration: OK.
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.18.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_GB.UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) (ignored: LC_ALL set to
en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages firehol depends on:
ii firehol-common 3.1.6+ds-4
ii lsb-base 9.20170808
Versions of packages firehol recommends:
pn fireqos <none>
Versions of packages firehol suggests:
ii firehol-doc 3.1.6+ds-4
ii firehol-tools 3.1.6+ds-4
pn ulogd2 <none>
--- End Message ---
--- Begin Message ---
Source: firehol
Source-Version: 3.1.6+ds-7
We believe that the bug you reported is fixed in the latest version of
firehol, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jerome Benoit <[email protected]> (supplier of updated firehol package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Nov 2018 13:17:32 +0000
Source: firehol
Binary: firehol firehol-doc fireqos fireqos-doc firehol-tools firehol-tools-doc
firehol-common
Architecture: source
Version: 3.1.6+ds-7
Distribution: unstable
Urgency: medium
Maintainer: Jerome Benoit <[email protected]>
Changed-By: Jerome Benoit <[email protected]>
Description:
firehol - easy to use but powerful iptables stateful firewall (program)
firehol-common - easy to use but powerful traffic suite (common library)
firehol-doc - easy to use but powerful iptables stateful firewall (docs)
firehol-tools - easy to use but powerful traffic suite (extra tools)
firehol-tools-doc - easy to use but powerful traffic suite (extra tools docs)
fireqos - easy to use but powerful traffic shaping tool (program)
fireqos-doc - easy to use but powerful traffic shaping tool (docs)
Closes: 913844
Changes:
firehol (3.1.6+ds-7) unstable; urgency=medium
.
* RC bug fix release (Closes: #913844), harden smooth usrmerge transition.
* Debianization:
- debian/patches/debianization-usrmerge-transition.patch, harden.
Checksums-Sha1:
950b9f5bd28da4cb5d26a6e4f39b06033994c834 3133 firehol_3.1.6+ds-7.dsc
127cb200eb5da7fd932ca366ab25f13279a0b882 22096 firehol_3.1.6+ds-7.debian.tar.xz
3dd141b7e1876963c9a8400b6940277111bdcf12 4756
firehol_3.1.6+ds-7_source.buildinfo
Checksums-Sha256:
e65a413227e6134445a7e86caf718d888b12c01ff6ec9b981f03f8fb902057fd 3133
firehol_3.1.6+ds-7.dsc
1d5e431b326be85b22480e6d2264e065e55b0bcd401a8daf577f84134833b2af 22096
firehol_3.1.6+ds-7.debian.tar.xz
f7dcc74c5bd65eac3bcad7fbe3e5a68962394f734701b9ae6f770aab35f827da 4756
firehol_3.1.6+ds-7_source.buildinfo
Files:
2055c7f24857dfc1b763a34dccf89741 3133 net optional firehol_3.1.6+ds-7.dsc
e52abecab7eb6c3b4ffdd6ac47fc135c 22096 net optional
firehol_3.1.6+ds-7.debian.tar.xz
a70ca98e6c11c5efb65b22bb07f7a75e 4756 net optional
firehol_3.1.6+ds-7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQRJBAEBCgAzFiEEriiuFXEN/x2H5adiP5IZpn82xosFAlvwFlEVHGNhbGN1bHVz
QHJlem96ZXIubmV0AAoJED+SGaZ/NsaLW0kf/1tHetbLP2pC3leJGmJwwayDNIPE
QhjatIVnoDC4b+nVWuXL+3wfHWqze1+uNKyjXTa7izmoSSUbZUv/lnBavbsx6E0p
5neTjWy0SM21yxariOBa8SpuvC/tGclC7dt4JzrpYEvB4lQ/l09HbaXsdQ6XYW6o
KQmFIYt/yhKUR9ICHRkyTPshtD8WzhactBrmJyEozQzkun9QQZeNxtbaX9mQGGkb
Nla5V6qf8AXwvK9YOH2mzYh4L7xndy+EHB/hXH+AZKaU0hX6yx1IwO6vKSqX7wWl
xdNuZ15Bpg+373ckyMU7+uKfSsm5Rxi2qx1rzPdEtKF2nBoY/YKsGjuAfCwHgGEz
l+TNrUBE6a5LkfsfyapCG7Y6sEFlvXJnBdQVxvDAhpjzl46M56lRlqo1UiXfRAr+
Rxxlva7ncbF1Zgko4a+s+17R1n9Ev78HjdB72nJtkZUZOzEiDlkuJ3pc+oQMK01V
fZDco6uLpaTRcvnh1myTdvHv/LFy6pGGgQF5U/n7g6QoiHyMWacHbVhRaij3hL15
mScydcZkcg/Nm+KKDgjgKt/4U/V7rf/iD1l8Z40ETN9U8GjAwWfzN27AxCV+q8CP
7rEqr8N6SgvVPXL8mgkQsYbNob/zoUVxN/eaLs19YNAbAC/lRzppJcRlj3T2CGU8
YWFk0wdrnYJUZS2T1ZkzEKcTr3qC/EJwM/RozAtdSkqbVmrWwNTp5Ve591vFYR8s
GsOPUxFNVuf7pFKRElQfrS2GpvVu6FaQUUWnE6xk0MGMLeXWJ89JqP3P/cnoZDD9
HCm+gUUuR+hkXdEJmziMaqUxJ0KOK2ODkuNWeE0Z4KhiS0QFrscX4KX3YK6vatTe
dM8zl1zHockBkJRaGRBN1uS5ySK8yR8OZYoldxiUDxeOxL3yNkcXCBKNE2grC2v0
AcP1GKsTM02z3lx7FRsOz42KXOv8M6VIEO/RBb9JGy3jQYWSGA+QJx83nh7hqnIM
zDx9XHDBdetMqn7X6x+QwCzU7jDe+p2tJ5ndUd5EKpsdiqH5THEgAu0Vsec20SQ+
Y0wUtQeoPmU181X2yXkBuAXsC+fs2fv4nu+JDCk4bMVqJ17dgJh0jABk2eY9OStQ
SZV4AHnqL/GMgU+JIU32HZkkCG7sBauKCdML15VLq1evQIoO5MA+9rzbZthhGibQ
RkXGVanzyXWprMV+Yt2ZAeXqdNHEPMvEf6RVkaSuGz3cd2b7PxtIfyCiUVj6C/T+
ebKHo3pf6xNfnL9lzDOsokVkjVwc9dqPiqz0Lv4CfDLigMOfVqOLKKG7/EteoANB
hdbhAXQIVnQmf22JVY8mtzfAzkNfvyyF+Xm6YvQJVTWDBRJSzt6xxrNUiEI=
=aLKF
-----END PGP SIGNATURE-----
--- End Message ---