Package: arno-iptables-firewall Version: 1.9.0.b-1 Severity: important Tags: patch
Hello Michael, After the update of your new kind iptables firewall, internal network connections failed :<( with following messages: + /sbin/iptables -A MAC_FILTER -m mac --mac-source '00:14:22:f9:53:a2 00:60:B0:07:0A:AA 00:d0:59:08:65:ca 00:05:5D:6B:DC:4B 00:30:6e:0a:cb:92 00:50:04:1b:2c:17 00:50:5d:6b:dc:4b 00:1e:33:7a:b8:90' -s 0/0 -j RETURN iptables v1.4.2: Bad mac address `00:14:22:f9:53:a2 00:60:B0:07:0A:AA 00:d0:59:08:65:ca 00:05:5D:6B:DC:4B 00:30:6e:0a:cb:92 00:50:04:1b:2c:17 00:50:5d:6b:dc:4b 00:1e:33:7a:b8:90' Try `iptables -h' or 'iptables --help' for more information. After some debuging, I figure out what seems to me a typo in config file and may be another way implement this new filter as per this proposed patch: --- ./etc/arno-iptables-firewall/plugins/mac-address-filter.conf.orig 2009-02-26 09:51:12.000000000 +0000 +++ ./etc/arno-iptables-firewall/plugins/mac-address-filter.conf 2009-03-15 09:15:22.000000000 +0000 @@ -8,7 +8,7 @@ # Specify here the port(s) you want to SSH checks to apply to # ------------------------------------------------------------------------------ -MAC_ADDRESS_IF="$INF_IF" +MAC_ADDRESS_IF="$INT_IF" # Enable logging for not-allowed MAC addresses (if used). # ----------------------------------------------------------------------------- --- ./share/arno-iptables-firewall/plugins/10mac-address-filter.plugin.orig 2009-02-27 20:29:17.000000000 +0000 +++ ./share/arno-iptables-firewall/plugins/10mac-address-filter.plugin 2009-03-15 09:16:41.000000000 +0000 @@ -85,7 +85,8 @@ MCOUNT=0 IFS="$(printf '\n')" - for LINE in `cat "$MAC_ADDRESS_FILE" |sed -e 's|#.*||' -e 's| *$||'`; do + cat "$MAC_ADDRESS_FILE" |sed -e 's|#.*||' -e 's| *$||' | \ + while read LINE; do if [ -n "$LINE" ]; then src_mac="$(echo "$LINE" |awk '{ print $1 }')" src_ip="$(echo "$LINE" |awk '{ print $2 }')" === <> === What's your opinion? Thanks in advance for your kind attention, J. -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.28.7-686 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages arno-iptables-firewall depends on: ii debconf [debconf-2.0] 1.5.26 Debian configuration management sy ii gawk 1:3.1.5.dfsg-4.1 GNU awk, a pattern scanning and pr ii iptables 1.4.2-6 administration tools for packet fi Versions of packages arno-iptables-firewall recommends: ii dnsutils 1:9.5.1.dfsg.P1-1 Clients provided with BIND ii iproute 20090115-1 networking and traffic control too ii lynx 2.8.7dev13-1 Text-mode WWW Browser (transitiona arno-iptables-firewall suggests no packages. -- debconf information: * arno-iptables-firewall/config-int-nat-net: 192.168.248.0/24 * arno-iptables-firewall/dynamic-ip: true * arno-iptables-firewall/config-int-net: 192.168.248.0/24 * arno-iptables-firewall/icmp-echo: false * arno-iptables-firewall/services-udp: arno-iptables-firewall/title: * arno-iptables-firewall/config-ext-if: ppp0 * arno-iptables-firewall/services-tcp: 22 * arno-iptables-firewall/restart: false * arno-iptables-firewall/config-int-if: eth1 * arno-iptables-firewall/nat: true * arno-iptables-firewall/debconf-wanted: true -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org