Bug#911849: iptables: new version breaks firewall loading

Thu, 25 Oct 2018 06:48:19 -0700 

Package: iptables
Version: 1.8.1-1
Severity: critical
Tags: security


Hi.

Seems the massive changes in the recent version breaks loading of
firewall rules by tools like netfilter-persistent...

# journalctl | grep netfilter
Oct 25 15:36:55 klenze systemd[1]: Starting netfilter persistent 
configuration...
Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: executing 
/usr/share/netfilter-persistent/plugins.d/15-ip4tables start
Oct 25 15:36:55 klenze netfilter-persistent[345]: 
/usr/share/netfilter-persistent/plugins.d/15-ip4tables: 23: 
/usr/share/netfilter-persistent/plugins.d/15-ip4tables: /sbin/iptables-restore: 
not found
Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: 
/usr/share/netfilter-persistent/plugins.d/15-ip4tables exited with return code 
127
Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: executing 
/usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Oct 25 15:36:55 klenze netfilter-persistent[345]: 
/usr/share/netfilter-persistent/plugins.d/25-ip6tables: 26: 
/usr/share/netfilter-persistent/plugins.d/25-ip6tables: 
/sbin/ip6tables-restore: not found
Oct 25 15:36:55 klenze netfilter-persistent[345]: run-parts: 
/usr/share/netfilter-persistent/plugins.d/25-ip6tables exited with return code 
127
Oct 25 15:36:55 klenze systemd[1]: netfilter-persistent.service: Main process 
exited, code=exited, status=1/FAILURE
Oct 25 15:36:55 klenze systemd[1]: netfilter-persistent.service: Failed with 
result 'exit-code'.
Oct 25 15:36:55 klenze systemd[1]: Failed to start netfilter persistent 
configuration.


I'd assume that all other firewall may also depend on the previous paths names,
but haven't checked it.


Severity critical, as such rules may easily be crucial for the whole
system security.


Cheers,
Chris.

-- System Information:
Debian Release: buster/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.18.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages iptables depends on:
ii  libc6                    2.27-6
ii  libip4tc0                1.8.1-1
ii  libip6tc0                1.8.1-1
ii  libiptc0                 1.8.1-1
ii  libmnl0                  1.0.4-2
ii  libnetfilter-conntrack3  1.0.7-1
ii  libnfnetlink0            1.0.1-3+b1
ii  libnftnl7                1.1.1-1
ii  libxtables12             1.8.1-1

iptables recommends no packages.

Versions of packages iptables suggests:
ii  kmod  25-1

-- no debconf information

Reply via email to