Hi, to prevent an unnecessarily delay in fixing #594326 I have uploaded 1.9.2.k-3 that only fixes this bug and a bug in debian/control (full diff against current version in squeeze is attached). Please allow this version to transition into testing.
I'm nevertheless awaiting your decision on whether you'd be willing to accept a full upstream bugfix release (see previous messages). Thanks in advance, Michael -- GPG key: 1024D/3144BE0F Michael Hanke http://mih.voxindeserto.de
diff --git a/debian/changelog b/debian/changelog index 27298fd..dac7bf3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +arno-iptables-firewall (1.9.2.k-3) unstable; urgency=low + + * Hosts were open to IPv6 connections, even when the firewall was up + (Closes: #594326). Thanks to Tim Small for reporting. + * Fix typo in debian/control that caused misc:Depends to be dropped. + + -- Michael Hanke <[email protected]> Sat, 28 Aug 2010 10:03:15 -0400 + arno-iptables-firewall (1.9.2.k-2) unstable; urgency=low * Move iproute from recommended to a dependency (Closes: #566117). Thanks to diff --git a/debian/control b/debian/control index 4454f8d..00b0cb9 100644 --- a/debian/control +++ b/debian/control @@ -11,7 +11,7 @@ XS-DM-Upload-Allowed: yes Package: arno-iptables-firewall Architecture: all -Depends: iptables (>=1.2.11), gawk, debconf (>=1.3.22) | cdebconf (>= 0.43), ${misc:Dependsa}, iproute +Depends: iptables (>=1.2.11), gawk, debconf (>=1.3.22) | cdebconf (>= 0.43), ${misc:Depends}, iproute Recommends: lynx, dnsutils Description: single- and multi-homed firewall script with DSL/ADSL support Unlike other lean iptables frontends in Debian, arno-iptables-firewall diff --git a/debian/patches/ipv6_block b/debian/patches/ipv6_block new file mode 100644 index 0000000..407b83a --- /dev/null +++ b/debian/patches/ipv6_block @@ -0,0 +1,30 @@ +From: Arno van Amersfoort <[email protected]> +Subject: Block ipv6 traffic also when the firewall is up. +Origin: upstream, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594326#25 +Bug-Debian: http://bugs.debian.org/594326 +--- a/share/arno-iptables-firewall/environment ++++ b/share/arno-iptables-firewall/environment +@@ -391,7 +391,11 @@ + printf "\033[40m\033[1;31msysctl $@: ($retval) $result\033[0m\n" >&2 + return $retval + fi +- echo "${INDENT}sysctl $@" ++ ++ if [ -n "$result" ]; then ++ echo "${INDENT}$result" ++ fi ++ + return 0 + } + +@@ -424,7 +428,9 @@ + retval=$? + + if [ "$retval" = "0" ]; then +- echo "${INDENT}${sysctl_commandline}" ++ if [ -n "$result" ]; then ++ echo "${INDENT}$result" ++ fi + return 0 + else + printf "\033[40m\033[1;31m${sysctl_commandline}: ($retval) $result\033[0m\n" >&2 diff --git a/debian/patches/series b/debian/patches/series index d61375e..58ef11a 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ +ipv6_block debconf_layer init.d_depfix
