Your message dated Wed, 24 Jan 2024 21:50:07 +0000 with message-id <[email protected]> and subject line Bug#309198: fixed in firehol 3.1.7+ds-3 has caused the Debian Bug report #309198, regarding Define a special action when stopping the firewall to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 309198: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=309198 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: firehol Version: 1.231-0.hs.2 Severity: wishlist Tags: patch I'm running the firewall on my PC connected to the router to the internet. So shutting down my firewall I want all network traffic to an from the internet blocked. Current situation is, that shutting done the firewall nothing is blocked. The firehol script itself can do this if you're starting the firewall with a different script. So I think doing what I want is possible by changing the /etc/init.d/firehol script in following manner: Index: debian/init.d/firehol =================================================================== --- 3256bbfc992f28cd6bb45a4b6da88fd4b86db78f/debian/init.d/firehol (mode:100644) +++ 3ba75d236e914b19ce2bfcd41a53ea8a8329bad2/debian/init.d/firehol (mode:100644) @@ -4,6 +4,13 @@ test -x /sbin/firehol || exit 0 +# default +STOP_ACTION="stop" + +[ -r /etc/default/firehol ] && . /etc/default/firehol + +[ "$START_FIREHOL" = "NO" ] && exit 0 + set -e COMMAND="$1" @@ -19,7 +26,7 @@ ;; stop) echo -n "Stopping iptables firewall: FireHOL ..." - /sbin/firehol stop "$@" + /sbin/firehol $STOP_ACTION "$@" if [ $? = 0 ]; then echo "done." fi; For defining the special action, I defined a /etc/default/firehol script: Index: debian/firehol.default =================================================================== --- /dev/null (tree:3256bbfc992f28cd6bb45a4b6da88fd4b86db78f) +++ 3ba75d236e914b19ce2bfcd41a53ea8a8329bad2/debian/firehol.default (mode:100644) @@ -0,0 +1,7 @@ +# starting firewall? YES or NO +START_FIREHOL=NO + +# action if stopping +# STOP_ACTION="panic" +STOP_ACTION="/etc/firehol/firehol-stop.conf start" + Additionally the /etc/default/firehol should be defined in the debian/rules script. Whith these additions it is possible to configure the firewall in my way, without disturbing other usages. Perhaps it's possible to extend the current of firehol. Thanks, Stefan -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (400, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=de_DE.UTF-8@euro, LC_CTYPE=de_DE.UTF-8@euro (charmap=UTF-8) Versions of packages firehol depends on: ii bash 2.05b-26 The GNU Bourne Again SHell ii bc 1.06-8 The GNU bc arbitrary precision cal ii iproute 20041019-3 Professional tools to control the ii iptables 1.2.11-8 Linux kernel 2.4+ iptables adminis ii net-tools 1.60-4 The NET-3 networking toolkit -- no debconf information
--- End Message ---
--- Begin Message ---Source: firehol Source-Version: 3.1.7+ds-3 Done: Jerome Benoit <[email protected]> We believe that the bug you reported is fixed in the latest version of firehol, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jerome Benoit <[email protected]> (supplier of updated firehol package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 24 Jan 2024 21:34:39 +0000 Source: firehol Architecture: source Version: 3.1.7+ds-3 Distribution: unstable Urgency: medium Maintainer: Jerome Benoit <[email protected]> Changed-By: Jerome Benoit <[email protected]> Closes: 309198 536362 976014 993322 1050664 Changes: firehol (3.1.7+ds-3) unstable; urgency=medium . * Debianization - introduce a START_FIREHOL=AUTO scheme that allows one to handle firehol with a third-party like ifupdown (Closes: #993322, #536362, #309198); - firehol.NEWS, concisely introduce the START_FIREHOL=AUTO scheme; - firehol.README.Debian, describe the START_FIREHOL=AUTO scheme; - material to handle firehol via the ifupdown tools, introduce; - d/firehol.init, d/p/debianization-source-etc_default.patch, set explicitly the START_FIREHOL=NO scheme as the default scheme (inconsistency fix) (Closes: 976014); - contrib/ipset-apply.sh, now part of firehol-tools (Closes: #1050664); - d/control: - firehol-{,tools-}doc, fireqos-doc, add Multi-Arch: foreign, thanks to Jelmer Vernooij <[email protected]>; - debhelper, migrate to debhelper-compat (=13); - Standards-Version, bump to 4.6.2 (scripts under /usr/libexec); - Dependencies over lsb-base, remove; - firehol scripts, now under the /usr/libexec hierarchy; - d/copyright: - copyright year tuples, refresh. Checksums-Sha1: b371cc7f7b2a51b01ab7da50b7a42557a2aaa5f5 3185 firehol_3.1.7+ds-3.dsc 580c0ddd4220d328cea46f0596d739784d1985ed 26892 firehol_3.1.7+ds-3.debian.tar.xz e9e7959a9868aa673df15af04ba4c72d5a3740ef 6730 firehol_3.1.7+ds-3_source.buildinfo Checksums-Sha256: 3c54a742d6bc7b9dd22657b5d694c45499764957328b55931d2d5e3ccbf67716 3185 firehol_3.1.7+ds-3.dsc be0fc0a6547b2f3c1119d6e68800191b3d210fc91ef79d43ead39bac7837ab8a 26892 firehol_3.1.7+ds-3.debian.tar.xz 5cb0d1118101a8c90563ef0900b96a49ee26807bc335a373cc5fb3ff43bcaf55 6730 firehol_3.1.7+ds-3_source.buildinfo Files: 9906500647106f560c7ca29f2e35830f 3185 net optional firehol_3.1.7+ds-3.dsc 75aaae5eda23e44df5651c2c41e87d9c 26892 net optional firehol_3.1.7+ds-3.debian.tar.xz 67262df579d85e758305378f2b49b57c 6730 net optional firehol_3.1.7+ds-3_source.buildinfo -----BEGIN PGP SIGNATURE----- iQRJBAEBCgAzFiEEriiuFXEN/x2H5adiP5IZpn82xosFAmWxg2sVHGNhbGN1bHVz QHJlem96ZXIubmV0AAoJED+SGaZ/NsaLEmAgALlOVBerQdc5/pCLUAGekcBvRqcs pORTAS/T8D89H+y7sPTGcRr6ZpWfxX5rZHrGv/MyM5HkuuePFv0gAzx3BWFYafB7 Z6H+De+z1cQYN78VfBeQvu0eRbunUsovCeaQ9ZEyQoMSXIwR0m/YuZSK51xGydew y8rDPtjKFtgYT6faJ2O8tc8FNy3Y3fd8lve0Efcrubd7qCI0Gf3BSyeGtwQMXm2d 1FFEZv3TunBcC8HvY3K2fxpNri/q1AezZrZNnEwf/IguWurx7f+RUYHmVjNeYrfy xyra5VTNtgG+k+cg1IBful44iZhqxUJHKetMEbWG3JG9+Svd2+w2U5LA8L0ox5F6 uRhnrBT3W4WrcDjg2JDK/MCSkzhDk3rovM3IteaCeJJCfR0fgI9CslUKaupkAaLr Q3yatSdSssaYQym5RtwrYD3YsVCpL6o7mPH7/V59IZ123ZMa9obOk0AaVJnLF25p /Y443UNrS1rLnDGJ2P3MJlGCvF9139YEbf8nEVtOQkOD8k1nNFMh7nCM+kmVHTet TcZOn5gFKEmzetz4sU4HcmZ+sZ2UlL/TenHpf3vlS8hx6dOTGcQ8mxbRveiMUiZN SamGv8v/vG/tLaoQpnvr1XPv9PYjBZRbKWCGdPvEOVJUWdZGfeHjzVQR5wda3AEW jkn6QZa2O/TRj4wb85ifSD5wjiMjqqzLOCVe9Ck8LRzs7VbXWsz+EJiaPr0vJH+E TfFhJgtFsmOY0NIpNDcr7TcIDzNkecin502fx2V8ZnwBUohxOrCib199yAwqOv1w M1epLKrm2IwQDlUuc//6cle+CL72MZAxDEC886NoxvmHZ+Hex/jBD5TNj7bkveIz IFXQCNLVkAHO+1LXND70MOlY8vQ9QQao/X2vJcd6EpSa+9uZRaa9rBbUYNDZGzs9 md1/DlOoW9zvAv9zcYDS7bAL08JUBgbgxEgBO+cbdmqe8f1R9iyaz1BwFhLWiPrS d6HIrs9ztX+pIld1SyHeQ7/AywNWRhEwGfuLpe6dpMkEdTXwKxmXI4kMUciBXpGL qx8DGnWQ++LsCYY3nhimW+Vu/XKIn4e18OMzgm8dVIHmR0A6gcRB4Sug/GAjxhHg 5SvNLfaEmlMzt4ibk18VwewRsEI+ufpk6Edlw9E2weA08FePEVX2o1idX0MZI+Xa TosgaM5ojl0U3pt9UjmGagQ9xTjdLPAo3fT+7DaQ+nvbDMemUFOvp2bUyaVUaqv0 TZhKq2c7ahgS+UgTKz7npRkKHuAsmkNicA78xDw5PrdivSH7JQ8kKEOYuMEJq9zr NUJiTwdolMUTzLiXiDZsZJ3jngtXhD8STclqqmFoECbT6yzB4uQ4dNShXOk= =Qesv -----END PGP SIGNATURE-----
--- End Message ---
