Your message dated Tue, 29 Nov 2011 00:34:21 +0000
with message-id <e1rvbep-0008oo...@franck.debian.org>
and subject line Bug#637796: fixed in iptables-persistent 0.5.3
has caused the Debian Bug report #637796,
regarding iptables-persistent: rules aren't loaded at all
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
637796: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637796
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: iptables-persistent
Version: 0.5.2
Severity: critical
Tags: security
Justification: root security hole
Hi.
Since the most recent upload, rules aren't loaded any more at all:
Wed Aug 17 13:17:07 2011: Mounting local filesystems...done.
Wed Aug 17 13:17:07 2011: Activating swapfile swap...done.
Wed Aug 17 13:17:07 2011: Cleaning up temporary files....
Wed Aug 17 13:17:07 2011: Loading iptables rules... skipping IPv4 (no module
loaded)... skipping IPv6 (no module loaded)...done.
Wed Aug 17 13:17:07 2011: Setting kernel variables ...done.
Wed Aug 17 13:17:07 2011: Cleaning up ifupdown....
Wed Aug 17 13:17:07 2011: Setting up resolvconf...done.
Wed Aug 17 13:17:07 2011: Setting up networking....
Wed Aug 17 13:17:07 2011: Scheme unchanged.
Wed Aug 17 13:17:07 2011: Configuring network interfaces...done.
Not sure why the files you check for are not there at this point.
Marking this as critical, and root sec hole, as it can easily be just this, if
one trusts that certain rules are brought up.
Chris.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-heisenberg (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_DE.utf8, LC_CTYPE=en_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages iptables-persistent depends on:
ii debconf [debconf-2.0] 1.5.41 Debian configuration management sy
ii iptables 1.4.12-1 administration tools for packet fi
ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip
iptables-persistent recommends no packages.
iptables-persistent suggests no packages.
-- Configuration Files:
/etc/init.d/iptables-persistent changed [not included]
/etc/iptables/rules.v4 changed [not included]
/etc/iptables/rules.v6 changed [not included]
-- debconf information:
* iptables-persistent/autosave_v6: false
* iptables-persistent/autosave_v4: false
--- End Message ---
--- Begin Message ---
Source: iptables-persistent
Source-Version: 0.5.3
We believe that the bug you reported is fixed in the latest version of
iptables-persistent, which is due to be installed in the Debian FTP archive:
iptables-persistent_0.5.3.dsc
to main/i/iptables-persistent/iptables-persistent_0.5.3.dsc
iptables-persistent_0.5.3.tar.gz
to main/i/iptables-persistent/iptables-persistent_0.5.3.tar.gz
iptables-persistent_0.5.3_all.deb
to main/i/iptables-persistent/iptables-persistent_0.5.3_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 637...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jonathan Wiltshire <j...@debian.org> (supplier of updated iptables-persistent
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 28 Nov 2011 23:19:39 +0000
Source: iptables-persistent
Binary: iptables-persistent
Architecture: source all
Version: 0.5.3
Distribution: unstable
Urgency: low
Maintainer: Jonathan Wiltshire <j...@debian.org>
Changed-By: Jonathan Wiltshire <j...@debian.org>
Description:
iptables-persistent - boot-time loader for iptables rules
Closes: 637796 637852 645523 650001
Changes:
iptables-persistent (0.5.3) unstable; urgency=low
.
* [09d9ae] Check for loaded modules in postinst (Closes: #637852)
* [521544] Fix Default-Start and Default-Stop fields of the LSB header in
the init script. Thanks to Andreas Rütten (Closes: #650001)
* [d17b2f] Revert checking for loaded modules at startup, as this isn't
necessary in newer versions ip{,6}tables-restore - instead check that there
is a rules file to be loaded. Ensure at least ip{,6}table_filter is loaded
during save (Closes: #637796)
* [71aa52] Tidy formatting and spacing in iptables-persistent.init
* [3fe51a] Debconf translations to Spanish.
Thanks to Francisco Javier Cuadrado (Closes: #645523)
Checksums-Sha1:
957cc452aa0ed5cc595e56dbaffd8ce5954cdd7e 1624 iptables-persistent_0.5.3.dsc
c5666a2a2f1bef58aae98f5cdb5fa9c16fd59655 10879 iptables-persistent_0.5.3.tar.gz
703202bd6dbd912c08e5510fe745da2fbed004de 8666 iptables-persistent_0.5.3_all.deb
Checksums-Sha256:
079add4952fa4f25b18ba302746c3de6818d7e455972811bb798e0a0b2080f3f 1624
iptables-persistent_0.5.3.dsc
3e4de9720efc5cc1e2deabeab13dd0da914ade52098ba97e60ad8ae13583b386 10879
iptables-persistent_0.5.3.tar.gz
4cce0c44e37dc56ad7f5dda5980280422324ed9621c9934fbbf1965292bb6b46 8666
iptables-persistent_0.5.3_all.deb
Files:
5addecdec4a0beca4c52eb3b431a1a6c 1624 admin optional
iptables-persistent_0.5.3.dsc
e15182101dc563d50279dd7334216ea0 10879 admin optional
iptables-persistent_0.5.3.tar.gz
010d3661cb5e5c539ca9f7e44d903ad6 8666 admin optional
iptables-persistent_0.5.3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJO1CQvAAoJEFOUR53TUkxRiJ0P/AtUCun5Vhh7kpo9QuMA6xA1
AJyg7/7aH6zVEDbBPNoBHhOZsg9pNzvYvhdUudgDII+ahTxLuB27vpHBeXoINz+i
5w4tOVphnxZbf9aotl/dTqytjXQYmYK+HCV2RurgpBrz/1IJw3ZgHI/zwWMt7xh1
rUEb2qMr86xHQoxc5RyfrP7vm4ig7L3Vh4bSSCLfKX4xKJyr7SbrkbcKagfJcI11
63U8ZKyUZJkpgMZFUqB9gH4u5XUOMpIMWatM0pQYH4cBgMKsqRFYCtlfRqWssXHY
kLR0iHjiAmdcXeAtAW0MurYZTgvPi5WmiubYzDDakFH0NN8LfASszidWWGOwWlp9
n85zBDOQuC0e8P+Hq95wfmY5ywonbmJzLv7L13Qm1JHclHRm3WVI6Sj7+cBUfuM4
8J7xe1Mu56w4AvBw9KUDQwdNkDYjMwsLCqU549l68RiTsBUjplgX0rmHpaymluCu
H1MLRUPI5DHa13GxohD8ZR6SVelm8s3zULmdvIGkRMMW/HWBy5PCDa3gGjXxbcrm
k1DFrZBI4hC/A7ID+Ob3AI3eD+c37hG3WKY9Uoaad9c5hZDEJUgV4kdKRKlxoa1D
YXpPZyXT7UaaNzjMPv3F2Yd1ylocEo4qt25kPRd1FpXFPQ0xHSJMCQfk3q9460n+
a+TF7YFkB/ym5W+RbncX
=xsVu
-----END PGP SIGNATURE-----
--- End Message ---
