Package: firehol Version: 3.1.6+ds-8 Severity: important Dear Maintainer,
as-is, the firehol package installs a set of filters that will disable access to the server. This would not be a problem if the package would not also immediately start firehol, ie, implement this configuration. I found that it shouldn't be started, but it definitely is, despite /etc/defaults/firehol saying "START_FIREHOL=NO". The effect is that if you install this package on a server, you're immediately losing contact and have no remedy to fix that. Suggested fix: Do not enable this service during installation, at least not on a server, or install a default policy like this: interface any world policy accept Cheers, Toni -- System Information: Debian Release: 10.1 APT prefers stable APT policy: (550, 'stable'), (500, 'stable-updates'), (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages firehol depends on: ii firehol-common 3.1.6+ds-8 ii lsb-base 10.2019051400 Versions of packages firehol recommends: ii fireqos 3.1.6+ds-8 Versions of packages firehol suggests: pn firehol-doc <none> pn firehol-tools <none> pn ulogd2 <none> -- Configuration Files: /etc/firehol/firehol.conf changed [not included] -- no debconf information