Your message dated Tue, 04 Oct 2011 17:47:18 +0000
with message-id <[email protected]>
and subject line Bug#631424: fixed in arno-iptables-firewall 2.0.0.c-1
has caused the Debian Bug report #631424,
regarding arno-iptables-firewall: Firewall blocks multicast traffic completely
without any configuration option
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
631424: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631424
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: arno-iptables-firewall
Version: 2.0.0.a-2
Severity: important
Tags: upstream
After updating from arno-iptables-firewall 1.9.2.k-4 zeroconf (MDNS) does work
any more. Investigations brought up this set of rules
Chain EXT_MULTICAST_CHAIN (2 references)
pkts bytes target prot opt in out source
destination
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level
6 prefix `AIF:PRIV TCP multicast: '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 level
6 prefix `AIF:PRIV UDP multicast: '
0 0 LOG tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0
level 6 prefix `AIF:UNPRIV TCP multicast: '
0 0 LOG udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1024 limit: avg 6/min burst 2 LOG flags 0 level 6
prefix `AIF:UNPRIV UDP multicast: '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 6
prefix `AIF:ICMP-multicast-request: '
0 0 LOG icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp !type 8 limit: avg 12/hour burst 1 LOG flags 0 level 6
prefix `AIF:ICMP-multicast-other: '
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
which obviously blocks all multicast packets. The configuration files doesn't
offer a way to let in zeroconf traffic (MDNS, UDP Port 5353) again.
With the stable version of the packet it was sufficient to open UDP Port 5353
via debconf.cfg.
Zeroconf is installed and enabled by default on a freshly installed system. So
the firewall should not block it without a remedy to reenable it.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages arno-iptables-firewall depends on:
ii debconf [debconf-2.0] 1.5.39 Debian configuration management sy
ii gawk 1:3.1.7.dfsg-5 GNU awk, a pattern scanning and pr
ii iproute 20110315-1 networking and traffic control too
ii iptables 1.4.10-1 administration tools for packet fi
Versions of packages arno-iptables-firewall recommends:
ii dnsutils 1:9.7.3.dfsg-1+b1 Clients provided with BIND
ii lynx 2.8.8dev.8-1 Text-mode WWW Browser (transitiona
arno-iptables-firewall suggests no packages.
-- debconf information:
arno-iptables-firewall/config-int-nat-net:
arno-iptables-firewall/dynamic-ip: true
arno-iptables-firewall/config-int-net:
arno-iptables-firewall/icmp-echo: false
* arno-iptables-firewall/services-udp: 631 5353
arno-iptables-firewall/title:
* arno-iptables-firewall/config-ext-if: eth0 wlan0
* arno-iptables-firewall/services-tcp:
* arno-iptables-firewall/restart: true
* arno-iptables-firewall/config-int-if:
arno-iptables-firewall/nat: false
* arno-iptables-firewall/debconf-wanted: true
--- End Message ---
--- Begin Message ---
Source: arno-iptables-firewall
Source-Version: 2.0.0.c-1
We believe that the bug you reported is fixed in the latest version of
arno-iptables-firewall, which is due to be installed in the Debian FTP archive:
arno-iptables-firewall_2.0.0.c-1.debian.tar.gz
to
main/a/arno-iptables-firewall/arno-iptables-firewall_2.0.0.c-1.debian.tar.gz
arno-iptables-firewall_2.0.0.c-1.dsc
to main/a/arno-iptables-firewall/arno-iptables-firewall_2.0.0.c-1.dsc
arno-iptables-firewall_2.0.0.c-1_all.deb
to main/a/arno-iptables-firewall/arno-iptables-firewall_2.0.0.c-1_all.deb
arno-iptables-firewall_2.0.0.c.orig.tar.gz
to main/a/arno-iptables-firewall/arno-iptables-firewall_2.0.0.c.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Hanke <[email protected]> (supplier of updated arno-iptables-firewall
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 04 Oct 2011 16:58:03 +0200
Source: arno-iptables-firewall
Binary: arno-iptables-firewall
Architecture: source all
Version: 2.0.0.c-1
Distribution: unstable
Urgency: low
Maintainer: Michael Hanke <[email protected]>
Changed-By: Michael Hanke <[email protected]>
Description:
arno-iptables-firewall - single- and multi-homed firewall script with DSL/ADSL
support
Closes: 631424 633530
Changes:
arno-iptables-firewall (2.0.0.c-1) unstable; urgency=low
.
* New upstream maintenance release. Fixed multicast configuration issue
(Closes: #631424) and updated several plugins.
* Change strict dependency on rsyslogd to 'recommends'. This software can be
used with other syslog daemons. However, out-of-the-box configuration is
currently only provided for rsyslogd -- the default Debian syslog flavor.
(Closes: #633530)
Checksums-Sha1:
5ef3371b065666c7b03658a409724e24939714d3 2011
arno-iptables-firewall_2.0.0.c-1.dsc
0efdfc9ee02bf3a7dc9771cad0d78f938d4b404d 112439
arno-iptables-firewall_2.0.0.c.orig.tar.gz
b1ee06fcbdda4fbf82b45ff783ca6ac6753a34f4 55678
arno-iptables-firewall_2.0.0.c-1.debian.tar.gz
8a984a541b299960e7db957d920cb03c5f1f5fa3 146560
arno-iptables-firewall_2.0.0.c-1_all.deb
Checksums-Sha256:
2b8cc5ca0251d4e14029d9e6463184022d13a1986f4307e04e94c92b9b0fc7ed 2011
arno-iptables-firewall_2.0.0.c-1.dsc
7d93f42b3d98c573afaf4e03a5742da303b39500713967098695ca9d632d899f 112439
arno-iptables-firewall_2.0.0.c.orig.tar.gz
c7903fdb3d9556895a2ec2f9a4ae606394ba25551fef2874a4461c7486215f51 55678
arno-iptables-firewall_2.0.0.c-1.debian.tar.gz
0c109888b68628e0520fb386e8435f6eaf61d264cfcbbb26b797b611f0e261d3 146560
arno-iptables-firewall_2.0.0.c-1_all.deb
Files:
94ed52495daf3b77efa25b2876159986 2011 net optional
arno-iptables-firewall_2.0.0.c-1.dsc
9fb42ec84088b27e5bdebb29d3fe6912 112439 net optional
arno-iptables-firewall_2.0.0.c.orig.tar.gz
be5ae25c115b32a648cbb17609b2b016 55678 net optional
arno-iptables-firewall_2.0.0.c-1.debian.tar.gz
d3dcb5cc5e94ee8af4e8521060dc27e1 146560 net optional
arno-iptables-firewall_2.0.0.c-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJOi0SnAAoJEMBz0ih/+56bc0MQAIWwTvjjLBRmwTRBCcne02hv
xOZ8og4YT2E6LFl5x8TwJR02evZPzsTFKBHdc5cCEVVlf7udWkGaCuekZyPVfMW7
cFMQ5qO5xp1Uo7Q6rTDpXAIf5cBxqVyXrghHl+3IasT5OpoksK7DQwokLhAE1PIq
u8OZFxhsiPSM68JQxliXTk4RNSxG87PWZsulYMGthyO0fwZ1AJYk6LIwsw90KqQU
ajxA0OyqGg6COM+HHSrPvrYDEDHDc6lXgX6ge46y6bUB4w7KNOV83gikrNwqq7bl
gG+5QhY4Q9SwyvLPZvxqwJtY+meuRB1Z3qgUUSbMMrsB5Q5MLIVx7OWxJcRiJdFL
cdjlDWOPDUzop4GdLZ0XnVUfMM9hoiJ2HV5Fp65OaqjFDy/hSkYmCKyvo6gCcbgC
lVvA405IprBrSWQL2JAmt9bAXD7WBqfD7cisnU+HJr/QZZejN0AYHJWHEMUxNdhe
yNgwdnwMA9ph0KwE9MVtHMoIw0xRA1X+fD/1HJrsSZ0iipl8EOEh0f2yF9G5Fd01
mGZLyYgroGpJAGnd0k0xmpJJii6SZyY3RIhLz45vp9nQTY7pnyBdCMd8btOJegZ4
k8EFIZegp8gbIhgBaKTnFOsH2RTOiQBxdZN3zcRC7FH7XX6tCPr+rhvsUC3Do6xM
EcvQqb4AijwGzqagCEf4
=TNIO
-----END PGP SIGNATURE-----
--- End Message ---
