Your message dated Thu, 19 Sep 2019 15:45:29 +0200
with message-id <[email protected]>
and subject line pyroman: new version
has caused the Debian Bug report #811318,
regarding pyroman: Pyroman not started by systemd (included fix).
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
811318: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=811318
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: pyroman
Version: 0.5.0-1
Severity: normal
Dear Maintainer,
Upgrading from previous stable to jessie, I found that the pryoman command was
not called
on startup by systemd.
The issue is easy to see with
$ systemctl cat pyroman
# /lib/systemd/system/pyroman.service
#
# Pyroman Firewall
#
[Unit]
Description=Pyroman firewall
DefaultDependencies=no
After=systemd-modules-load.service network-pre.target
Before=network.target
Wants=network-pre.target
[Service]
Type=oneshot
RemainAfterExit=yes
StandardOutput=syslog
EnvironmentFile=/etc/default/pyroman
ExecStartPre=/bin/sh -c '[ "$PYROMAN_ENABLED" = "y" ]'
ExecStart=/usr/sbin/pyroman --init
[Install]
WantedBy=multi-user.target.wants
The last line WantedBy is not correct since it should be set to
multi-user.target, and I don't think I edited it by any ways.
I have to systemctl disable pyroman && systemctl enable pyroman to make it work
again.
Note: I think that this bug should be tagged as important since on a computer
like the one that use pyroman, not
having it started is a major failure !!!. Anyway, I let the maintainer change
it if needed, because I guess that the initV script
is fully working.
2nd Note: I don't know why the 02_*.py and 05_*.py were not installed nor
notified during the install process. Perhaps because it was
already installed ?
Best regards,
Caeies.
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i586)
Kernel: Linux 3.16.0-4-586
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages pyroman depends on:
ii iptables 1.4.21-2+b1
ii python 2.7.9-1
pyroman recommends no packages.
pyroman suggests no packages.
-- Configuration Files:
/etc/default/pyroman changed [not included]
/etc/pyroman/02_icmp-essentials.py c04ce4a2af6794b2cdd524e3bb09fcab [Errno 2]
No such file or directory: u'/etc/pyroman/02_icmp-essentials.py
c04ce4a2af6794b2cdd524e3bb09fcab'
/etc/pyroman/05_scan_block.py 7c711d1ba7cdf046194dd8e4a762120f [Errno 2] No
such file or directory: u'/etc/pyroman/05_scan_block.py
7c711d1ba7cdf046194dd8e4a762120f'
/etc/pyroman/10_interfaces.py changed [not included]
/etc/pyroman/25_networks.py changed [not included]
-- no debconf information
--- End Message ---
--- Begin Message ---
Hello,
The new version of pyroman should fix the target statement, it now
contains "WantedBy=multi-user.target"
The systemd service *must not* automatically be enabled, because it
needs to be configured first.
Without configuration, it would block all traffic. Many users would
accidentially lock themselves out of their system.
Hence, you need to first configure it, test your configuration with
"pyroman safe", then enable the service by the usual means of enabling
services.
Furthermore, a pretty neat way of using pyroman is just to generate the
rules statically, then load it by other means, such as
iptables-persistent. These users also will not want the systemd service
to be enabled by default.
Regards,
Erich Schubert
--- End Message ---
