Package: firehol Version: 3.1.7+ds-2 Severity: normal Dear Maintainer,
At each system boot, Firehol takes a full minute to initialise, and makes the boot process hang for some of that time. Looking at the system log (attached), it isn't obvious why Firehol takes just over 1 minute to complete, or why nothing seems to happen between 19:49:40 and 19:50:08, during which a console message is displayed saying that the boot process is waiting for Firehol to finish. The command 'firehol restart' takes very little time to complete once the system is up and running. This indicates that something is wrong at boot time, and that Firehol is presumably waiting for something else to complete. I would have expected Firehol to initialise quickly during boot, and not to hang the boot process. I attach the journalctl output, from Firehol start to Firehol completion: -- System Information: Debian Release: 11.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firehol depends on: ii firehol-common 3.1.7+ds-2 ii init-system-helpers 1.60 ii lsb-base 11.1.0 Versions of packages firehol recommends: ii fireqos 3.1.7+ds-2 Versions of packages firehol suggests: ii firehol-doc 3.1.7+ds-2 pn firehol-tools <none> pn ulogd2 <none> -- Configuration Files: /etc/default/firehol changed: START_FIREHOL=YES WAIT_FOR_IFACE="enp2s0" FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT=0 /etc/firehol/firehol.conf changed: version 6 stewjar=192.168.178.100 local="192.168.178.101 192.168.178.102 192.168.178.103" m2885fw=192.168.178.90 interface4 enp2s0 ethernet # The default policy is DROP. You can be more polite with REJECT. # Prefer to be polite on your own clients to prevent timeouts. policy drop # Protect from the internet. protection strong # The following means that this machine can REQUEST anything via enp2s0. client all accept # Specific services that this machine needs to request via enp2s0. client multicast accept client dhcp accept # Services that this machine offers to local network. server ping accept src "$local" server ssh accept src "$local" server cups accept src "$local" # Samsung M2885FW printer (needs both client and server) # The script 'scanner-enable' must be run after Firehol, to fix # iptables entries to allow SNMP to work properly. client snmp accept dst $m2885fw server snmp accept src $m2885fw server samba accept # The following enp2s0 server ports are not known by FireHOL: # tcp/45485 tcp/49074 tcp/7741 udp/32768 udp/32769 udp/517 udp/518 udp/5353 udp/7741 udp/972 # TODO: If you need any of them, you should define new services. # (see Adding Services at the web site - http://firehol.sf.net). interface usb0 usb policy accept
Aug 30 19:49:07 desktop systemd[1]: Starting Set console font and keymap... Aug 30 19:49:07 desktop systemd[1]: Starting Firehol stateful packet filtering firewall for humans... Aug 30 19:49:07 desktop systemd[1]: Starting Tell Plymouth To Write Out Runtime Data... Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Store a System Token in an EFI Variable being skipped. Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Commit a transient machine-id on disk being skipped. Aug 30 19:49:07 desktop systemd[1]: Received SIGRTMIN+20 from PID 174 (plymouthd). Aug 30 19:49:07 desktop systemd[1]: Finished Tell Plymouth To Write Out Runtime Data. Aug 30 19:49:07 desktop systemd[1]: Finished Set console font and keymap. Aug 30 19:49:07 desktop systemd[1]: Finished Flush Journal to Persistent Storage. Aug 30 19:49:07 desktop systemd[1]: Starting Create Volatile Files and Directories... Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Dispatch Password Requests to Console Directory Watch being skipped. Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped. Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Store a System Token in an EFI Variable being skipped. Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Rebuild Hardware Database being skipped. Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Commit a transient machine-id on disk being skipped. Aug 30 19:49:07 desktop systemd[1]: Condition check resulted in Platform Persistent Storage Archival being skipped. Aug 30 19:49:08 desktop systemd[1]: Finished Create Volatile Files and Directories. Aug 30 19:49:08 desktop systemd[1]: Starting Network Time Synchronization... Aug 30 19:49:08 desktop systemd[1]: Starting Update UTMP about System Boot/Shutdown... Aug 30 19:49:08 desktop systemd[1]: Finished Load AppArmor profiles. Aug 30 19:49:08 desktop systemd[1]: Started Entropy Daemon based on the HAVEGE algorithm. Aug 30 19:49:08 desktop systemd[1]: Finished Update UTMP about System Boot/Shutdown. Aug 30 19:49:08 desktop systemd[1]: Started Network Time Synchronization. Aug 30 19:49:08 desktop systemd[1]: Reached target System Initialization. Aug 30 19:49:08 desktop systemd[1]: Started CUPS Scheduler. Aug 30 19:49:08 desktop systemd[1]: Started Daily Cleanup of Temporary Directories. Aug 30 19:49:08 desktop anacron[721]: Anacron 2.3 started on 2021-08-30 Aug 30 19:49:08 desktop haveged[699]: haveged: ver: 1.9.14; arch: x86; vend: GenuineIntel; build: (gcc 10.2.1 ITV); collect: 128K Aug 30 19:49:08 desktop haveged[699]: haveged: cpu: (L4 VC); data: 32K (L4 V); inst: 32K (L4 V); idx: 24/40; sz: 32154/54019 Aug 30 19:49:08 desktop haveged[699]: haveged: tot tests(BA8): A:1/1 B:1/1 continuous tests(B): last entropy estimate 8.00104 Aug 30 19:49:08 desktop haveged[699]: haveged: fills: 0, generated: 0 Aug 30 19:49:08 desktop systemd[1]: Reached target Paths. Aug 30 19:49:08 desktop systemd[1]: Reached target System Time Set. Aug 30 19:49:08 desktop systemd[1]: Reached target System Time Synchronized. Aug 30 19:49:08 desktop FireHOL[740]: FireHOL started from '/' with: /usr/sbin/firehol start Aug 30 19:49:08 desktop firehol[567]: FireHOL: Saving active firewall to a temporary file... OK Aug 30 19:49:08 desktop systemd[1]: Started Trigger anacron every hour. Aug 30 19:49:08 desktop FireHOL[742]: Saving active firewall to a temporary file started Aug 30 19:49:08 desktop systemd[1]: Started Daily apt download activities. Aug 30 19:49:08 desktop FireHOL[754]: Saving active firewall to a temporary file succeeded Aug 30 19:49:08 desktop systemd[1]: Started Daily apt upgrade and clean activities. Aug 30 19:49:08 desktop FireHOL[755]: Processing file '/etc/firehol/firehol.conf' started Aug 30 19:49:08 desktop systemd[1]: Started Periodic ext4 Online Metadata Check for All Filesystems. Aug 30 19:49:08 desktop systemd[1]: Started Discard unused blocks once a week. Aug 30 19:49:08 desktop systemd[1]: Started Daily rotation of log files. Aug 30 19:49:08 desktop systemd[1]: Started Daily man-db regeneration. Aug 30 19:49:08 desktop systemd[1]: Reached target Timers. Aug 30 19:49:08 desktop systemd[1]: Listening on Avahi mDNS/DNS-SD Stack Activation Socket. Aug 30 19:49:08 desktop systemd[1]: Listening on CUPS Scheduler. Aug 30 19:49:08 desktop systemd[1]: Listening on D-Bus System Message Bus Socket. Aug 30 19:49:08 desktop systemd[1]: Reached target Sockets. Aug 30 19:49:08 desktop systemd[1]: Reached target Basic System. Aug 30 19:49:08 desktop systemd[1]: Starting Accounts Service... Aug 30 19:49:08 desktop systemd[1]: Condition check resulted in Manage Sound Card State (restore and store) being skipped. Aug 30 19:49:08 desktop systemd[1]: Starting Save/Restore Sound Card State... Aug 30 19:49:08 desktop systemd[1]: Started Run anacron jobs. Aug 30 19:49:08 desktop systemd[1]: Starting Avahi mDNS/DNS-SD Stack... Aug 30 19:49:08 desktop systemd[1]: Starting Bluetooth service... Aug 30 19:49:08 desktop anacron[721]: Will run job `cron.daily' in 5 min. Aug 30 19:49:08 desktop systemd[1]: Started Regular background program processing daemon. Aug 30 19:49:08 desktop anacron[721]: Will run job `cron.weekly' in 10 min. Aug 30 19:49:08 desktop sensors[766]: acpitz-acpi-0 Aug 30 19:49:08 desktop sensors[766]: Adapter: ACPI interface Aug 30 19:49:08 desktop sensors[766]: temp1: +27.8°C (crit = +105.0°C) Aug 30 19:49:08 desktop sensors[766]: temp2: +29.8°C (crit = +105.0°C) Aug 30 19:49:08 desktop sensors[766]: coretemp-isa-0000 Aug 30 19:49:08 desktop sensors[766]: Adapter: ISA adapter Aug 30 19:49:08 desktop sensors[766]: Package id 0: +29.0°C (high = +80.0°C, crit = +100.0°C) Aug 30 19:49:08 desktop sensors[766]: Core 0: +26.0°C (high = +80.0°C, crit = +100.0°C) Aug 30 19:49:08 desktop sensors[766]: Core 1: +29.0°C (high = +80.0°C, crit = +100.0°C) Aug 30 19:49:08 desktop sensors[766]: Core 2: +27.0°C (high = +80.0°C, crit = +100.0°C) Aug 30 19:49:08 desktop sensors[766]: Core 3: +26.0°C (high = +80.0°C, crit = +100.0°C) Aug 30 19:49:08 desktop systemd[1]: Started D-Bus System Message Bus. Aug 30 19:49:08 desktop anacron[721]: Jobs will be executed sequentially Aug 30 19:49:08 desktop systemd[1]: Starting Remove Stale Online ext4 Metadata Check Snapshots... Aug 30 19:49:08 desktop cron[725]: (CRON) INFO (pidfile fd = 3) Aug 30 19:49:08 desktop systemd[1]: Condition check resulted in getty on tty2-tty6 if dbus and logind are not available being skipped. Aug 30 19:49:08 desktop cron[725]: (CRON) INFO (Running @reboot jobs) Aug 30 19:49:08 desktop systemd[1]: Starting Initialize hardware monitoring sensors... Aug 30 19:49:08 desktop systemd[1]: Starting Authorization Manager... Aug 30 19:49:08 desktop systemd[1]: Starting System Logging Service... Aug 30 19:49:08 desktop systemd[1]: Starting Self Monitoring and Reporting Technology (SMART) Daemon... Aug 30 19:49:08 desktop systemd[1]: Starting User Login Management... Aug 30 19:49:08 desktop systemd[1]: Starting Disk Manager... Aug 30 19:49:08 desktop smartd[760]: smartd 7.2 2020-12-30 r5155 [x86_64-linux-5.10.0-8-amd64] (local build) Aug 30 19:49:08 desktop systemd[1]: Starting WPA supplicant... Aug 30 19:49:08 desktop smartd[760]: Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org Aug 30 19:49:08 desktop systemd[1]: Finished Save/Restore Sound Card State. Aug 30 19:49:08 desktop avahi-daemon[722]: Found user 'avahi' (UID 109) and group 'avahi' (GID 116). Aug 30 19:49:08 desktop systemd[1]: e2scrub_reap.service: Succeeded. Aug 30 19:49:08 desktop avahi-daemon[722]: Successfully dropped root privileges. Aug 30 19:49:08 desktop systemd[1]: Finished Remove Stale Online ext4 Metadata Check Snapshots. Aug 30 19:49:08 desktop avahi-daemon[722]: avahi-daemon 0.8 starting up. Aug 30 19:49:08 desktop systemd[1]: Reached target Sound Card. Aug 30 19:49:09 desktop smartd[760]: Opened configuration file /etc/smartd.conf Aug 30 19:49:08 desktop systemd[1]: Finished Initialize hardware monitoring sensors. Aug 30 19:49:09 desktop smartd[760]: Drive: DEVICESCAN, implied '-a' Directive on line 21 of file /etc/smartd.conf Aug 30 19:49:09 desktop smartd[760]: Configuration file /etc/smartd.conf was parsed, found DEVICESCAN, scanning devices Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda, type changed from 'scsi' to 'sat' Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], opened Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], WDC WD20EZRX-00D8PB0, S/N:WD-WMC4M0HALFVF, WWN:5-0014ee-059550a5a, FW:80.00A80, 2.00 TB Aug 30 19:49:09 desktop systemd-logind[761]: New seat seat0. Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], found in smartd database: Western Digital Green Aug 30 19:49:09 desktop udisksd[762]: udisks daemon version 2.9.2 starting Aug 30 19:49:09 desktop systemd-logind[761]: Watching system buttons on /dev/input/event2 (Power Button) Aug 30 19:49:09 desktop systemd-logind[761]: Watching system buttons on /dev/input/event1 (Power Button) Aug 30 19:49:09 desktop systemd-logind[761]: Watching system buttons on /dev/input/event0 (AT Translated Set 2 keyboard) Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], is SMART capable. Adding to "monitor" list. Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], state read from /var/lib/smartmontools/smartd.WDC_WD20EZRX_00D8PB0-WD_WMC4M0HALFVF.ata.state Aug 30 19:49:09 desktop smartd[760]: Monitoring 1 ATA/SATA, 0 SCSI/SAS and 0 NVMe devices Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], 12 Currently unreadable (pending) sectors Aug 30 19:49:09 desktop systemd[1]: Started System Logging Service. Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], 5 Offline uncorrectable sectors Aug 30 19:49:09 desktop systemd[1]: Started Self Monitoring and Reporting Technology (SMART) Daemon. Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from 113 to 125 Aug 30 19:49:09 desktop rsyslogd[731]: imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' (fd 3) from systemd. [v8.2102.0] Aug 30 19:49:09 desktop rsyslogd[731]: [origin software="rsyslogd" swVersion="8.2102.0" x-pid="731" x-info="https://www.rsyslog.com"] start Aug 30 19:49:09 desktop smartd[760]: Device: /dev/sda [SAT], state written to /var/lib/smartmontools/smartd.WDC_WD20EZRX_00D8PB0-WD_WMC4M0HALFVF.ata.state Aug 30 19:49:10 desktop bluetoothd[723]: Bluetooth daemon 5.55 Aug 30 19:49:10 desktop systemd[1]: Started User Login Management. Aug 30 19:49:10 desktop dbus-daemon[726]: [system] Successfully activated service 'org.freedesktop.systemd1' Aug 30 19:49:10 desktop systemd[1]: Started Avahi mDNS/DNS-SD Stack. Aug 30 19:49:10 desktop avahi-daemon[722]: Successfully called chroot(). Aug 30 19:49:10 desktop avahi-daemon[722]: Successfully dropped remaining capabilities. Aug 30 19:49:10 desktop avahi-daemon[722]: No service file found in /etc/avahi/services. Aug 30 19:49:10 desktop systemd[1]: Started Bluetooth service. Aug 30 19:49:10 desktop wpa_supplicant[763]: Successfully initialized wpa_supplicant Aug 30 19:49:10 desktop systemd[1]: Started WPA supplicant. Aug 30 19:49:10 desktop systemd[1]: Reached target Bluetooth. Aug 30 19:49:10 desktop bluetoothd[723]: Starting SDP server Aug 30 19:49:10 desktop avahi-daemon[722]: Joining mDNS multicast group on interface lo.IPv6 with address ::1. Aug 30 19:49:10 desktop avahi-daemon[722]: New relevant interface lo.IPv6 for mDNS. Aug 30 19:49:10 desktop avahi-daemon[722]: Joining mDNS multicast group on interface lo.IPv4 with address 127.0.0.1. Aug 30 19:49:10 desktop avahi-daemon[722]: New relevant interface lo.IPv4 for mDNS. Aug 30 19:49:10 desktop avahi-daemon[722]: Network interface enumeration completed. Aug 30 19:49:10 desktop avahi-daemon[722]: Registering new address record for ::1 on lo.*. Aug 30 19:49:10 desktop avahi-daemon[722]: Registering new address record for 127.0.0.1 on lo.IPv4. Aug 30 19:49:10 desktop dbus-daemon[726]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.5' (uid=0 pid=723 comm="/usr/libexec/bluetooth/bluetoothd ") Aug 30 19:49:10 desktop bluetoothd[723]: Bluetooth management interface 1.18 initialized Aug 30 19:49:10 desktop kernel: Bluetooth: BNEP (Ethernet Emulation) ver 1.3 Aug 30 19:49:10 desktop kernel: Bluetooth: BNEP filters: protocol multicast Aug 30 19:49:10 desktop kernel: Bluetooth: BNEP socket layer initialized Aug 30 19:49:10 desktop kernel: NET: Registered protocol family 38 Aug 30 19:49:10 desktop systemd[1]: Starting Hostname Service... Aug 30 19:49:10 desktop dbus-daemon[726]: [system] Successfully activated service 'org.freedesktop.hostname1' Aug 30 19:49:10 desktop systemd[1]: Started Hostname Service. Aug 30 19:49:10 desktop polkitd[730]: started daemon version 0.105 using authority implementation `local' version `0.105' Aug 30 19:49:10 desktop systemd[1]: Started Authorization Manager. Aug 30 19:49:10 desktop systemd[1]: Starting Modem Manager... Aug 30 19:49:10 desktop bluetoothd[723]: profiles/sap/server.c:sap_server_register() Sap driver initialization failed. Aug 30 19:49:10 desktop bluetoothd[723]: sap-server: Operation not permitted (1) Aug 30 19:49:10 desktop accounts-daemon[713]: started daemon version 0.6.55 Aug 30 19:49:10 desktop systemd[1]: Started Accounts Service. Aug 30 19:49:10 desktop systemd[1]: systemd-rfkill.service: Succeeded. Aug 30 19:49:11 desktop udisksd[762]: failed to load module mdraid: libbd_mdraid.so.2: cannot open shared object file: No such file or directory Aug 30 19:49:11 desktop ModemManager[817]: <info> ModemManager (version 1.14.12) starting in system bus... Aug 30 19:49:11 desktop avahi-daemon[722]: Server startup complete. Host name is stewjar.local. Local service cookie is 868304876. Aug 30 19:49:11 desktop udisksd[762]: Failed to load the 'mdraid' libblockdev plugin Aug 30 19:49:11 desktop systemd[1]: Started Modem Manager. Aug 30 19:49:11 desktop systemd[1]: Started Disk Manager. Aug 30 19:49:11 desktop udisksd[762]: Acquired the name org.freedesktop.UDisks2 on the system message bus Aug 30 19:49:13 desktop ModemManager[817]: <info> [base-manager] couldn't check support for device '/sys/devices/pci0000:00/0000:00:1c.2/0000:02:00.0': not supported by any plugin Aug 30 19:49:37 desktop systemd[1]: systemd-fsckd.service: Succeeded. Aug 30 19:49:40 desktop systemd[1]: systemd-hostnamed.service: Succeeded. Aug 30 19:50:08 desktop firehol[567]: FireHOL: Processing file '/etc/firehol/firehol.conf'... OK (209 iptables rules) Aug 30 19:50:08 desktop FireHOL[1412]: Processing file '/etc/firehol/firehol.conf' succeeded with message: 209 iptables rules Aug 30 19:50:08 desktop FireHOL[1423]: Fast activating new firewall started Aug 30 19:50:08 desktop FireHOL[1465]: Runtime WARNING 'This might or might not affect the operation of your firewall.'. Source FIN Aug 30 19:50:08 desktop firehol[567]: FireHOL: Fast activating new firewall... OK Aug 30 19:50:08 desktop FireHOL[1486]: Fast activating new firewall succeeded Aug 30 19:50:08 desktop FireHOL[1497]: Saving activated firewall to '/var/spool/firehol' started Aug 30 19:50:08 desktop firehol[567]: FireHOL: Saving activated firewall to '/var/spool/firehol'... OK Aug 30 19:50:08 desktop FireHOL[1510]: Saving activated firewall to '/var/spool/firehol' succeeded Aug 30 19:50:08 desktop FireHOL[1512]: Successfully activated new firewall from /etc/firehol/firehol.conf. Aug 30 19:50:08 desktop systemd[1]: Finished Firehol stateful packet filtering firewall for humans. Aug 30 19:50:08 desktop systemd[1]: Reached target Network (Pre).