I never suggested this was a security vulnerability. Clearly it isn't. I think Julia's frustration is that when reloading the firewall rules after the upgrade she gets a broken firewall and a WARNING message. Is there a way to prevent loading of the rules entirely and preserving the original firewall state in the case of a parsing error? Maybe that's reaching a little; I'm just curious if that might be a good path forward to prevent future updates from blowing away currently running firewalls when the administrator is unaware of configuration file changes (even parser fixes)? This will happen again I'm sure(completely by accident). See the history of bash for more examples(and bash upgrades are generally really clean).
Well, you can simply use the "check-conf" argument to test your configuration prior to actually applying it. Having the firewall falling back to its previous configuration is not possible due to the way it's implemented....
-arno -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
