Package: fwbuilder
Version: 2.1.19-6
Severity: normal
We forward all HTTP traffic to a transparent proxy with antivirus
solution. There are some hosts, that shall not go through the proxy.
The host object includes the netmask of the host. That netmask is used
in the resulting iptables rule. That is wrong. It effectively excludes
the whole network. Example:
$IPTABLES -t nat -N Cid48ABE0AB5666.0
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j Cid48ABE0AB5666.0
$IPTABLES -t nat -A Cid48ABE0AB5666.0 -s 192.168.1.123/24 -j RETURN
$IPTABLES -t nat -A Cid48ABE0AB5666.0 -p tcp -m tcp --dport 80 -j DNAT
--to-destination a.b.c.d:8080
That bug is fixed in squeeze/fwbuilder (3.0.3)
So long,
Aiko
-- System Information:
Debian Release: 5.0
APT prefers stable
APT policy: (650, 'stable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US.utf8 (charmap=UTF-8) (ignored: LC_ALL set to
en_US.utf8)
Shell: /bin/sh linked to /bin/bash
Versions of packages fwbuilder depends on:
ii fwbuilder-common 2.1.19-6 Firewall administration tool GUI (
ii fwbuilder-linux [fwbuilder 2.1.19-6 Firewall Builder policy compiler(s
ii libc6 2.7-18 GNU C Library: Shared libraries
ii libfwbuilder7 [libfwbuilde 2.1.19-1 Firewall Builder API library
ii libgcc1 1:4.3.2-1.1 GCC support library
ii libqt3-mt 3:3.3.8b-5+b1 Qt GUI Library (Threaded runtime v
ii libsnmp15 5.4.1~dfsg-12 SNMP (Simple Network Management Pr
ii libstdc++6 4.3.2-1.1 The GNU Standard C++ Library v3
ii libx11-6 2:1.1.5-2 X11 client-side library
ii libxext6 2:1.0.4-1 X11 miscellaneous extension librar
ii libxml2 2.6.32.dfsg-5 GNOME XML library
ii libxslt1.1 1.1.24-2 XSLT processing library - runtime
fwbuilder recommends no packages.
fwbuilder suggests no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
