> -----Original Message----- > From: Arno van Amersfoort [mailto:[email protected]] > Sent: Saturday, February 25, 2012 4:14 AM > To: Slade, Zac; [email protected] > Cc: [email protected]; Lonnie Abelbeck > Subject: Re: Bug#658499: arno-iptables-firewall syntax changes > > > > > I never suggested this was a security vulnerability. Clearly it isn't. I > > think > Julia's frustration is that when reloading the firewall rules after the > upgrade she > gets a broken firewall and a WARNING message. Is there a way to prevent > loading of the rules entirely and preserving the original firewall state in > the case > of a parsing error? Maybe that's reaching a little; I'm just curious if that > might > be a good path forward to prevent future updates from blowing away currently > running firewalls when the administrator is unaware of configuration file > changes (even parser fixes)? This will happen again I'm sure(completely by > accident). See the history of bash for more examples(and bash upgrades are > generally really clean). > > Well, you can simply use the "check-conf" argument to test your configuration > prior to actually applying it. Having the firewall falling back to its > previous > configuration is not possible due to the way it's implemented....
Thank you Arno I'll be adding check-conf to my toolbox! I can't speak for Julia, but it appears that you've addressed this bug fully and there is nothing left to gain by keeping it open. Thank you again, Zac Slade
