I finally found out that my /etc/init.d/bastille-firewall isn't
identical with the one in the bastille/1:3.0.9-12 package. After
installing that file manually, /etc/init.d/bastille-firewall start
and stop work fine. restart and reload still show the same error.
So it seems that from some point, upgrading of this file didn't work.
This machine was first installed with sarge, and subsequently upgraded
to etch and to lenny (on 16.02.2009). Because of bug #510884 (ERROR:
'DB5.0' is not a supported operating system) I upgraded bastille to the
testing version 1:3.0.9-8 on 19.03.2009, and further:
01.04.2009 1:3.0.9-9
29.04.2009 1:3.0.9-10
24.06.2009 1:3.0.9-12
The bastille package was in state C (unconfigured) since 1:3.0.9-9.
There is no /etc/init.d/bastille-firewall.dpkg-dist.
My /etc/init.d/bastille-firewall dates from 01.04.2009, but doesn't
correspond to that in 1:3.0.9-9 either. I never edited it before. Here
ist its content:
#!/bin/sh
#
# bastille-firewall Load/unload ipchains rulesets
#
# do not rename this file unless you edit /sbin/bastille-firewall-reset
#
# chkconfig: 2345 5 98
# description: A firewall/packet-filter script for Linux systems \
# that allows the machine to be used as a gateway system
#
# $Id: bastille-firewall,v 1.6 2002/02/24 17:19:14 peterw Exp $
# Copyright (c) 1999-2002 Peter Watkins
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
#
# Thanks to David Ranch, Brad A, Don G, and others for their suggestions
#
# This script is designed to be used as a SysV-style init script.
#
# It should be run with a "start" argument
# 1) as an rc?.d "S" script, _before_ the "network" script
# [copy this to /etc/rc.d/init.d/bastille-firewall (or your equivalent
of
# /etc/rc.d/init.d) and run 'chkconfig -add bastille-firewall' ]
# 2) any time an interface is brought up or changed, e.g.
# establishing a PPP conection or renewing a DHCP lease
# [copy 'bastille-firewall-reset', 'bastille-firewall-schedule'
# and 'ifup-local' to /sbin/]
#
# Normally you Do Not _Ever_ Want to run this with a "stop" argument!
#
# Note that running this with "stop" will disable the firewall and open
# your system to all network traffic; if you make changes to these
rules,
# apply them by running the script again with a "start" argument.
#
# ** As of 0.99-beta1, this script merely kicks off the real script,
# either /sbin/bastille-ipchains or /sbin/bastille-netfilter
# Default is to use the 'ipchains' script, which will load the
# ipchains compatibility module if you're using a 2.4 kernel
REALSCRIPT=/sbin/bastille-ipchains
PATH=/sbin:/bin:/usr/sbin:/usr/bin
LOCKDIR=/var/lock/bastille
# If using subsys:
# LOCKDIR=/var/lock/subsys
LOCKFILE=${LOCKDIR}/bastille-firewall
# exit function to be called in place of regular Bourne exit
clean_exit()
{
rmdir ${LOCKDIR} 2>/dev/null
exit $1
}
[ ! -d /var/lock ] && mkdir -m 0755 /var/lock
mkdir -m 0700 ${LOCKDIR} 2>/dev/null
if [ $? -ne 0 ]; then
if [ -n "${BASTILLE_FWALL_QUIET_FAIL}" ]; then exit 0; fi
echo "ERROR: bastille-firewall currently being reset or lock is
stuck."
echo "To un-stick, remove the directory ${LOCKDIR}"
exit 1
fi
if [ -n "$(uname -r | awk -F. ' $1 == 2 && $2 > 2 {print}')" ]; then
# We are using Linux 2.3 or newer; use the netfilter script if
available
if [ -x /sbin/bastille-netfilter ]; then
REALSCRIPT=/sbin/bastille-netfilter
fi
fi
if [ ! -x ${REALSCRIPT} ]; then
echo "ERROR: \"${REALSCRIPT}\" not available!"
clean_exit 1
fi
${REALSCRIPT} "$1"
bretval=$?
# Use "subsys" locks to indicate our status
case "$1" in
start|restart|reload)
if [ $bretval -eq 0 ]; then touch ${LOCKFILE}; fi
;;
stop)
rm -f ${LOCKFILE}
;;
esac
clean_exit $bretval
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
