Package: firehol
Version: 3.1.6+ds-8
Severity: important
Dear Maintainer,
as-is, the firehol package installs a set of filters that will disable
access to the server. This would not be a problem if the package would
not also immediately start firehol, ie, implement this configuration. I
found that it shouldn't be started, but it definitely is, despite
/etc/defaults/firehol saying "START_FIREHOL=NO".
The effect is that if you install this package on a server, you're
immediately losing contact and have no remedy to fix that.
Suggested fix: Do not enable this service during installation, at least
not on a server, or install a default policy like this:
interface any world
policy accept
Cheers,
Toni
-- System Information:
Debian Release: 10.1
APT prefers stable
APT policy: (550, 'stable'), (500, 'stable-updates'), (500, 'unstable'),
(500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8),
LANGUAGE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firehol depends on:
ii firehol-common 3.1.6+ds-8
ii lsb-base 10.2019051400
Versions of packages firehol recommends:
ii fireqos 3.1.6+ds-8
Versions of packages firehol suggests:
pn firehol-doc <none>
pn firehol-tools <none>
pn ulogd2 <none>
-- Configuration Files:
/etc/firehol/firehol.conf changed [not included]
-- no debconf information
