Package: iptables Version: 1.8.1-1 Severity: critical Tags: security
Hi. Seems the massive changes in the recent version breaks loading of firewall rules by tools like netfilter-persistent... # journalctl | grep netfilter Oct 25 15:36:55 klenze systemd[1]: Starting netfilter persistent configuration... Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start Oct 25 15:36:55 klenze netfilter-persistent[345]: /usr/share/netfilter-persistent/plugins.d/15-ip4tables: 23: /usr/share/netfilter-persistent/plugins.d/15-ip4tables: /sbin/iptables-restore: not found Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: /usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 127 Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start Oct 25 15:36:55 klenze netfilter-persistent[345]: /usr/share/netfilter-persistent/plugins.d/25-ip6tables: 26: /usr/share/netfilter-persistent/plugins.d/25-ip6tables: /sbin/ip6tables-restore: not found Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: /usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 127 Oct 25 15:36:55 klenze systemd[1]: netfilter-persistent.service: Main process exited, code=exited, status=1/FAILURE Oct 25 15:36:55 klenze systemd[1]: netfilter-persistent.service: Failed with result 'exit-code'. Oct 25 15:36:55 klenze systemd[1]: Failed to start netfilter persistent configuration. I'd assume that all other firewall may also depend on the previous paths names, but haven't checked it. Severity critical, as such rules may easily be crucial for the whole system security. Cheers, Chris. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), LANGUAGE=en_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages iptables depends on: ii libc6 2.27-6 ii libip4tc0 1.8.1-1 ii libip6tc0 1.8.1-1 ii libiptc0 1.8.1-1 ii libmnl0 1.0.4-2 ii libnetfilter-conntrack3 1.0.7-1 ii libnfnetlink0 1.0.1-3+b1 ii libnftnl7 1.1.1-1 ii libxtables12 1.8.1-1 iptables recommends no packages. Versions of packages iptables suggests: ii kmod 25-1 -- no debconf information