I finally found out that my /etc/init.d/bastille-firewall isn't identical with the one in the bastille/1:3.0.9-12 package. After installing that file manually, /etc/init.d/bastille-firewall start and stop work fine. restart and reload still show the same error. So it seems that from some point, upgrading of this file didn't work. This machine was first installed with sarge, and subsequently upgraded to etch and to lenny (on 16.02.2009). Because of bug #510884 (ERROR: 'DB5.0' is not a supported operating system) I upgraded bastille to the testing version 1:3.0.9-8 on 19.03.2009, and further: 01.04.2009 1:3.0.9-9 29.04.2009 1:3.0.9-10 24.06.2009 1:3.0.9-12 The bastille package was in state C (unconfigured) since 1:3.0.9-9. There is no /etc/init.d/bastille-firewall.dpkg-dist.
My /etc/init.d/bastille-firewall dates from 01.04.2009, but doesn't correspond to that in 1:3.0.9-9 either. I never edited it before. Here ist its content: #!/bin/sh # # bastille-firewall Load/unload ipchains rulesets # # do not rename this file unless you edit /sbin/bastille-firewall-reset # # chkconfig: 2345 5 98 # description: A firewall/packet-filter script for Linux systems \ # that allows the machine to be used as a gateway system # # $Id: bastille-firewall,v 1.6 2002/02/24 17:19:14 peterw Exp $ # Copyright (c) 1999-2002 Peter Watkins # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # Thanks to David Ranch, Brad A, Don G, and others for their suggestions # # This script is designed to be used as a SysV-style init script. # # It should be run with a "start" argument # 1) as an rc?.d "S" script, _before_ the "network" script # [copy this to /etc/rc.d/init.d/bastille-firewall (or your equivalent of # /etc/rc.d/init.d) and run 'chkconfig -add bastille-firewall' ] # 2) any time an interface is brought up or changed, e.g. # establishing a PPP conection or renewing a DHCP lease # [copy 'bastille-firewall-reset', 'bastille-firewall-schedule' # and 'ifup-local' to /sbin/] # # Normally you Do Not _Ever_ Want to run this with a "stop" argument! # # Note that running this with "stop" will disable the firewall and open # your system to all network traffic; if you make changes to these rules, # apply them by running the script again with a "start" argument. # # ** As of 0.99-beta1, this script merely kicks off the real script, # either /sbin/bastille-ipchains or /sbin/bastille-netfilter # Default is to use the 'ipchains' script, which will load the # ipchains compatibility module if you're using a 2.4 kernel REALSCRIPT=/sbin/bastille-ipchains PATH=/sbin:/bin:/usr/sbin:/usr/bin LOCKDIR=/var/lock/bastille # If using subsys: # LOCKDIR=/var/lock/subsys LOCKFILE=${LOCKDIR}/bastille-firewall # exit function to be called in place of regular Bourne exit clean_exit() { rmdir ${LOCKDIR} 2>/dev/null exit $1 } [ ! -d /var/lock ] && mkdir -m 0755 /var/lock mkdir -m 0700 ${LOCKDIR} 2>/dev/null if [ $? -ne 0 ]; then if [ -n "${BASTILLE_FWALL_QUIET_FAIL}" ]; then exit 0; fi echo "ERROR: bastille-firewall currently being reset or lock is stuck." echo "To un-stick, remove the directory ${LOCKDIR}" exit 1 fi if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then # We are using Linux 2.3 or newer; use the netfilter script if available if [ -x /sbin/bastille-netfilter ]; then REALSCRIPT=/sbin/bastille-netfilter fi fi if [ ! -x ${REALSCRIPT} ]; then echo "ERROR: \"${REALSCRIPT}\" not available!" clean_exit 1 fi ${REALSCRIPT} "$1" bretval=$? # Use "subsys" locks to indicate our status case "$1" in start|restart|reload) if [ $bretval -eq 0 ]; then touch ${LOCKFILE}; fi ;; stop) rm -f ${LOCKFILE} ;; esac clean_exit $bretval -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org