Bug#615176: firestarter: broken on 2.6.37
On 02/28/2011 11:11 AM, Paul Cupis wrote: On 27/02/11 23:57, QuadCEM wrote: I have attached the iptables output; it seems to be setting rules, but iptables is still allowing all inbound traffic to connect to the machine (even non-established traffic). I think the ACCEPT all -- 0.0.0.0/00.0.0.0/0 is trumping all other rules there. I don't have that rule on my box here. Could you send me the contents of your /etc/firestarter directory so I can load up your local configuration, please? Also, nothing is showing up any longer under 'Active connections'. I'm not sure if this is a related issue or not. I noticed the issues after upgrading to 2.6.37, so I am assuming they are related to the kernel upgrade. I don't think this is related, I think this may have stopped working a few kernel versions ago, or at least become intermittant. Thanks. I upgraded to firestarter 1.0.3-10 and to kernel 2.6.37-2 this afternoon and it seems to be back to normal now ... did you already release a fix for this, or did something in the kernel update take care of it? -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615176: firestarter: broken on 2.6.37
On 01/03/11 09:53, QuadCEM wrote: I upgraded to firestarter 1.0.3-10 and to kernel 2.6.37-2 this afternoon and it seems to be back to normal now ... did you already release a fix for this, or did something in the kernel update take care of it? The -10 version doesn't do anything regarding what configuration firestarter loads/implements. Just to be clear - are you saying that the firewall is now correctly configured (and protecting your machine) or that the Active Connections part of firestarter is now working (or both), please? Regards, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615176: firestarter: broken on 2.6.37
On 03/01/2011 10:59 AM, Paul Cupis wrote: On 01/03/11 09:53, QuadCEM wrote: I upgraded to firestarter 1.0.3-10 and to kernel 2.6.37-2 this afternoon and it seems to be back to normal now ... did you already release a fix for this, or did something in the kernel update take care of it? The -10 version doesn't do anything regarding what configuration firestarter loads/implements. Just to be clear - are you saying that the firewall is now correctly configured (and protecting your machine) or that the Active Connections part of firestarter is now working (or both), please? Regards, Though the Active Connections is not populating still, the important part of firestarter is working again. I only upgraded those two packages, so it must be something related to 37-2 (or just the re-installation of the kernel). It doesn't appear to have been directly related to firestarter then. Thanks again for the help -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615176: firestarter: broken on 2.6.37
On 27/02/11 23:57, QuadCEM wrote: I have attached the iptables output; it seems to be setting rules, but iptables is still allowing all inbound traffic to connect to the machine (even non-established traffic). I think the ACCEPT all -- 0.0.0.0/00.0.0.0/0 is trumping all other rules there. I don't have that rule on my box here. Could you send me the contents of your /etc/firestarter directory so I can load up your local configuration, please? Also, nothing is showing up any longer under 'Active connections'. I'm not sure if this is a related issue or not. I noticed the issues after upgrading to 2.6.37, so I am assuming they are related to the kernel upgrade. I don't think this is related, I think this may have stopped working a few kernel versions ago, or at least become intermittant. Thanks. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615176: firestarter: broken on 2.6.37
On 26/02/11 12:57, Charles Munson wrote: Actually I take that back ... the firewall doesn't appear to be working at all for incoming connections anymore. Even in restrictive mode connections to my services can still be made. Maybe the priority should be raised to critical rather than normal. Can you please provide the output of iptables -nL (as root) once you have started firestarter? I am seeing firestarter create the firewall properly under 2.6.37 as under earlier kernels. Regards, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615176: firestarter: broken on 2.6.37
On 02/27/2011 09:32 PM, Paul Cupis wrote: On 26/02/11 12:57, Charles Munson wrote: Actually I take that back ... the firewall doesn't appear to be working at all for incoming connections anymore. Even in restrictive mode connections to my services can still be made. Maybe the priority should be raised to critical rather than normal. Can you please provide the output of iptables -nL (as root) once you have started firestarter? I am seeing firestarter create the firewall properly under 2.6.37 as under earlier kernels. Regards, I have attached the iptables output; it seems to be setting rules, but iptables is still allowing all inbound traffic to connect to the machine (even non-established traffic). I think the ACCEPT all -- 0.0.0.0/00.0.0.0/0 is trumping all other rules there. Also, nothing is showing up any longer under 'Active connections'. I'm not sure if this is a related issue or not. I noticed the issues after upgrading to 2.6.37, so I am assuming they are related to the kernel upgrade. Thanks, Charles Chain INPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 10.7.0.248 0.0.0.0/0 tcp flags:!0x17/0x02 ACCEPT udp -- 10.7.0.248 0.0.0.0/0 ACCEPT tcp -- 193.48.224.212 0.0.0.0/0 tcp flags:!0x17/0x02 ACCEPT udp -- 193.48.224.212 0.0.0.0/0 ACCEPT tcp -- 193.48.224.116 0.0.0.0/0 tcp flags:!0x17/0x02 ACCEPT udp -- 193.48.224.116 0.0.0.0/0 ACCEPT all -- 0.0.0.0/00.0.0.0/0 LSIudp -- 0.0.0.0/00.0.0.0/0 udp dpt:33434 LSIicmp -- 0.0.0.0/00.0.0.0/0 DROP all -- 0.0.0.0/0255.255.255.255 DROP all -- 0.0.0.0/010.10.255.255 DROP all -- 224.0.0.0/8 0.0.0.0/0 DROP all -- 0.0.0.0/0224.0.0.0/8 DROP all -- 255.255.255.255 0.0.0.0/0 DROP all -- 0.0.0.0/00.0.0.0 DROP all -- 0.0.0.0/00.0.0.0/0 state INVALID LSIall -f 0.0.0.0/00.0.0.0/0 limit: avg 10/min burst 5 INBOUNDall -- 0.0.0.0/00.0.0.0/0 LOG_FILTER all -- 0.0.0.0/00.0.0.0/0 LOGall -- 0.0.0.0/00.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Input' Chain FORWARD (policy DROP) target prot opt source destination LSIudp -- 0.0.0.0/00.0.0.0/0 udp dpt:33434 LSIicmp -- 0.0.0.0/00.0.0.0/0 LOG_FILTER all -- 0.0.0.0/00.0.0.0/0 LOGall -- 0.0.0.0/00.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Forward' Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT tcp -- 10.10.0.1 10.7.0.248 tcp dpt:53 ACCEPT udp -- 10.10.0.1 10.7.0.248 udp dpt:53 ACCEPT tcp -- 10.10.0.1 193.48.224.212 tcp dpt:53 ACCEPT udp -- 10.10.0.1 193.48.224.212 udp dpt:53 ACCEPT tcp -- 10.10.0.1 193.48.224.116 tcp dpt:53 ACCEPT udp -- 10.10.0.1 193.48.224.116 udp dpt:53 ACCEPT all -- 0.0.0.0/00.0.0.0/0 DROP all -- 224.0.0.0/8 0.0.0.0/0 DROP all -- 0.0.0.0/0224.0.0.0/8 DROP all -- 255.255.255.255 0.0.0.0/0 DROP all -- 0.0.0.0/00.0.0.0 DROP all -- 0.0.0.0/00.0.0.0/0 state INVALID OUTBOUND all -- 0.0.0.0/00.0.0.0/0 LOG_FILTER all -- 0.0.0.0/00.0.0.0/0 LOGall -- 0.0.0.0/00.0.0.0/0 LOG flags 0 level 6 prefix `Unknown Output' Chain INBOUND (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED ACCEPT udp -- 0.0.0.0/00.0.0.0/0 state RELATED,ESTABLISHED LSIall -- 0.0.0.0/00.0.0.0/0 Chain LOG_FILTER (5 references) target prot opt source destination Chain LSI (6 references) target prot opt source destination LOG_FILTER all -- 0.0.0.0/00.0.0.0/0 LOGtcp -- 0.0.0.0/00.0.0.0/0 tcp flags:0x17/0x02 limit: avg 1/sec burst 5 LOG flags 0 level 6 prefix `Inbound ' DROP tcp -- 0.0.0.0/00.0.0.0/0 tcp flags:0x17/0x02 LOGtcp -- 0.0.0.0/00.0.0.0/0 tcp flags:0x17/0x04 limit: avg
Bug#615176: firestarter: broken on 2.6.37
Package: firestarter Version: 1.0.3-9 Severity: normal Tags: sid Firestarter does not show active connections on the new kernel, nor does it acknowledge the Drop silently preference. When Drop silently is chosen, the ports are still treated as closed (rather than stealthed). Tried uninstalling, purging program and reinstalling but problems still exist. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (900, 'unstable'), (800, 'testing'), (700, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.37-1-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages firestarter depends on: ii gconf2 2.28.1-6 GNOME configuration database syste ii iptables 1.4.10-1 administration tools for packet fi ii libart-2.0-2 2.3.21-1 Library of functions for 2D graphi ii libatk1.0-01.30.0-1 The ATK accessibility toolkit ii libbonobo2-0 2.24.3-1 Bonobo CORBA interfaces library ii libbonoboui2-0 2.24.3-1 The Bonobo UI library ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libcairo2 1.8.10-6 The Cairo 2D vector graphics libra ii libfontconfig1 2.8.0-2.1 generic font configuration library ii libfreetype6 2.4.4-1 FreeType 2 font engine, shared lib ii libgconf2-42.28.1-6 GNOME configuration database syste ii libglade2-01:2.6.4-1 library to load .glade files at ru ii libglib2.0-0 2.28.1-1 The GLib library of C routines ii libgnome2-02.30.0-1 The GNOME library - runtime files ii libgnomecanvas2-0 2.30.1-1 A powerful object-oriented display ii libgnomeui-0 2.24.3-1 The GNOME libraries (User Interfac ii libgnomevfs2-0 1:2.24.3-2GNOME Virtual File System (runtime ii libgtk2.0-02.20.1-2 The GTK+ graphical user interface ii libice62:1.0.7-1 X11 Inter-Client Exchange library ii liborbit2 1:2.14.18-0.1 libraries for ORBit2 - a CORBA ORB ii libpango1.0-0 1.28.3-1+squeeze1 Layout and rendering of internatio ii libpopt0 1.16-1lib for parsing cmdline parameters ii libsm6 2:1.2.0-1 X11 Session Management library ii libx11-6 2:1.4.1-5 X11 client-side library ii libxml22.7.8.dfsg-2 GNOME XML library ii lsb-base 3.2-27Linux Standard Base 3.2 init scrip ii menu 2.1.44generates programs menu for all me ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime firestarter recommends no packages. Versions of packages firestarter suggests: pn dhcp3-server none (no description available) -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#615176: firestarter: broken on 2.6.37
Actually I take that back ... the firewall doesn't appear to be working at all for incoming connections anymore. Even in restrictive mode connections to my services can still be made. Maybe the priority should be raised to critical rather than normal.