** Description changed: Binary package hint: firehol ubuntu 9.10 - * /etc/init.d/firehol script is there - * /etc/firehol/firehol.conf is in place + The failure to load with domain names used in the firehol.conf may have + arisen with the network now set up by upstart's native /etc/init + mechanism (instead of with symlinks in/ets/rc?.d) or been present all + the time. - * firehol can be started with "/etc/init.d/firehol start" - (START_FIREHOL in /etc/defaults/firehol is set to yes) and the iptables - are set ok. + However, a proper fix should now be to ship more specific firehol + upstart definitions and config files: - * symlinks in /etc/rc?.d do exist + 1) /etc/init/firehol-prep.conf that stats firehol (before any + network/dns is up) with the corresponding config file /etc/firehol + /firehol-prep.conf (by default just shutting everything down). + + 2) /etc/init/firehol.conf that starts firehol (always after any network + interface is set up) with the regular /etc/firehol/firehol.conf + + + Symtoms (with domain names used like in "client http accept dst archive.ubuntu.com"): + * /etc/init.d/firehol script is there + * /etc/firehol/firehol.conf is in place + * firehol can be started with "/etc/init.d/firehol start" (START_FIREHOL in /etc/defaults/firehol is set to yes) and the iptables are set ok. + * symlinks in /etc/rc?.d do exist However after a reboot: # iptables iptables -L Chain INPUT (policy ACCEPT) - target prot opt source destination + target prot opt source destination Chain FORWARD (policy ACCEPT) - target prot opt source destination + target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
** Description changed: Binary package hint: firehol ubuntu 9.10 - The failure to load with domain names used in the firehol.conf may have arisen with the network now set up by upstart's native /etc/init mechanism (instead of with symlinks in/ets/rc?.d) or been present all the time. However, a proper fix should now be to ship more specific firehol upstart definitions and config files: - 1) /etc/init/firehol-prep.conf that stats firehol (before any + 1) /etc/init/firehol-prep.conf that starts firehol (before any network/dns is up) with the corresponding config file /etc/firehol /firehol-prep.conf (by default just shutting everything down). 2) /etc/init/firehol.conf that starts firehol (always after any network interface is set up) with the regular /etc/firehol/firehol.conf - Symtoms (with domain names used like in "client http accept dst archive.ubuntu.com"): * /etc/init.d/firehol script is there * /etc/firehol/firehol.conf is in place * firehol can be started with "/etc/init.d/firehol start" (START_FIREHOL in /etc/defaults/firehol is set to yes) and the iptables are set ok. * symlinks in /etc/rc?.d do exist However after a reboot: # iptables iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ** Description changed: Binary package hint: firehol ubuntu 9.10 The failure to load with domain names used in the firehol.conf may have arisen with the network now set up by upstart's native /etc/init mechanism (instead of with symlinks in/ets/rc?.d) or been present all the time. - However, a proper fix should now be to ship more specific firehol - upstart definitions and config files: + However, a proper fix should now be to ship firehol with specific + upstart definitions and corresponding config files: 1) /etc/init/firehol-prep.conf that starts firehol (before any network/dns is up) with the corresponding config file /etc/firehol /firehol-prep.conf (by default just shutting everything down). 2) /etc/init/firehol.conf that starts firehol (always after any network interface is set up) with the regular /etc/firehol/firehol.conf Symtoms (with domain names used like in "client http accept dst archive.ubuntu.com"): * /etc/init.d/firehol script is there * /etc/firehol/firehol.conf is in place * firehol can be started with "/etc/init.d/firehol start" (START_FIREHOL in /etc/defaults/firehol is set to yes) and the iptables are set ok. * symlinks in /etc/rc?.d do exist However after a reboot: # iptables iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination -- not started on boot (DNS resolv fails) https://bugs.launchpad.net/bugs/490317 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs