Package: firehol
Version: 3.1.8+ds-1
Severity: important
Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate ***
* What led up to the situation?
A distribution upgrade from bookworm to trixie.
* What exactly did you do (or not do) that was effective (or
ineffective)?
I looked at several config files but couldn't find anything wrong. I
contacted Jerome, and he suggested submitting this bug report.
* What was the outcome of this action?
Remains to be seen, this is only the first submission of a bug report. I
searched the web first but seem to be the only one with this issue.
* What outcome did you expect instead?
I hope my problem can be solved.
*** End of the template - remove these template lines ***
-- System Information:
Debian Release: 13.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 6.18.0 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages firehol depends on:
ii firehol-common 3.1.8+ds-1
ii init-system-helpers 1.69~deb13u1
Versions of packages firehol recommends:
ii fireqos 3.1.8+ds-1
Versions of packages firehol suggests:
ii firehol-doc 3.1.8+ds-1
ii firehol-tools 3.1.8+ds-1
pn ulogd2 <none>
-- Configuration Files:
/etc/default/firehol changed:
START_FIREHOL=YES
WAIT_FOR_IFACE=""
FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT=0
/etc/firehol/firehol.conf changed:
version 6
interface4 eth0 ethernet
protection strong
policy drop
client all accept
server smtp accept src 192.168.1.1
server syslog accept src 192.168.1.1
server all reject src 192.168.1.1 dst 224.0.0.1
server all reject dst 192.168.1.255
server all reject dst 255.255.255.255
server all reject dst 224.0.0.251
server ssh accept src 192.168.1.20
server ssh accept src 192.168.1.130
server ssh accept src 192.168.1.132
server syslog accept src 192.168.1.131
server all accept src 192.168.1.150
interface4 ipsec+ ipsec
protection strong
policy drop
client all accept
server custom discard udp/9 default accept src 44.148.129.34
interface4 vti+ vti
protection strong
policy drop
client all accept
interface4 tun+ tuntap
protection strong
policy drop
client all accept
interface4 sl0 slip0
client all accept
server all accept src 44.0.0.0/8
/etc/init.d/firehol changed:
PATH=/bin:/usr/bin:/sbin:/usr/sbin
NAME=firehol
DESC="firewall"
SCRIPTNAME=/etc/init.d/$NAME
test -x /usr/sbin/firehol || exit 0
START_FIREHOL=NO
export START_FIREHOL
[ -r /etc/default/firehol ] && set -a && . /etc/default/firehol
. /lib/init/vars.sh
. /lib/lsb/init-functions
VERBOSE=yes
case "$START_FIREHOL" in
NO|no)
START_FIREHOL=NO
;;
AUTO|auto)
START_FIREHOL=AUTO
;;
*)
START_FIREHOL=YES
;;
esac
do_metastart () {
# return
# 0 000 if firewall has been handled
# 1 001 if firewall could not be activated
# 2 010 if firewall is delegated to a third-party
# 4 100 if FireHOL is disabled via /etc/default/firehol
[ "$START_FIREHOL" = "NO" ] && return 4
[ "$START_FIREHOL" = "AUTO" ] && return 2
/usr/sbin/firehol start "$@" > /dev/null 2>&1 || return 1
}
do_start () {
# return
# 0 000 if firewall has been handled
# 1 001 if firewall could not be activated
# 4 100 if FireHOL is disabled via /etc/default/firehol
[ "$START_FIREHOL" = "NO" ] && return 4
/usr/sbin/firehol start "$@" > /dev/null 2>&1 || return 1
}
do_metastop () {
# return
# 0 000 if firewall has been cleaned up properly
# 1 001 if firewall could not be cleaned up properly
# 2 010 if firewall is delegated to a third-party
[ "$START_FIREHOL" = "AUTO" ] && return 2
/usr/sbin/firehol stop > /dev/null 2>&1 || return 1
}
do_stop () {
# return
# 0 000 if firewall has been cleaned up properly
# 1 001 otherwise
/usr/sbin/firehol stop > /dev/null 2>&1 || return 1
}
do_condrestart () {
# return
# 0 000 if firewall has been handled
# 1 001 if firewall could not be activated
# 4 100 if FireHOL is disabled via /etc/default/firehol
[ "$START_FIREHOL" = "NO" ] && return 4
/usr/sbin/firehol condrestart "$@" > /dev/null 2>&1 || return 1
}
COMMAND="$1"
[ "$COMMAND" ] && shift
case "$COMMAND" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_metastart "$@"
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
2) [ "$VERBOSE" != no ] && { log_progress_msg
"delegated to a third-party" ; log_end_msg 0 ; } ;;
4) [ "$VERBOSE" != no ] && { log_progress_msg
"disabled, see /etc/default/firehol" ; log_end_msg 255 ; } ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_metastop
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
2) [ "$VERBOSE" != no ] && { log_progress_msg
"delegated to a third-party" ; log_end_msg 0 ; } ;;
esac
;;
condrestart)
log_daemon_msg "Conditionally restarting $DESC" "$NAME"
do_condrestart "$@"
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ; exit 1 ;;
4) log_progress_msg "disabled, see
/etc/default/firehol" ; log_end_msg 255 ; ;;
esac
;;
restart)
log_daemon_msg "Restarting $DESC" "$NAME"
do_metastart "$@"
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;;
2) log_progress_msg "delegated to a third-party" ;
log_end_msg 0 ; ;;
4) log_progress_msg "disabled, see
/etc/default/firehol" ; log_end_msg 255 ; ;;
esac
;;
force-reload)
log_daemon_msg "Restarting $DESC" "$NAME"
do_start "$@"
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ; exit 1 ;;
4) log_progress_msg "disabled, see
/etc/default/firehol" ; log_end_msg 255 ; ;;
esac
;;
force-start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start "$@"
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
4) [ "$VERBOSE" != no ] && { log_progress_msg
"disabled, see /etc/default/firehol" ; log_end_msg 255 ; } ;;
esac
;;
force-stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
1) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
case "$START_FIREHOL" in
NO)
log_warning_msg "$DESC $NAME disabled via
/etc/default/firehol"
exit 0
;;
AUTO)
log_success_msg "$DESC $NAME delegated via
/etc/default/firehol"
exit 4
;;
YES)
log_success_msg "$DESC $NAME enabled via
/etc/default/firehol"
exit 4
;;
*)
log_success_msg "$DESC $NAME confused by
/etc/default/firehol"
exit 4
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME
{start|stop|condrestart|restart|force-reload|force-start|force-stop|status|helpme|wizard}
[<args>]" >&2
exit 3
;;
esac
:
-- no debconf information
