Package: fwsnort Version: 1.6.5-3 Severity: critical Tags: security The #861999 fix adds the following on purging: grep -v FWSNORT /var/lib/fwsnort/fwsnort.save | iptables-restore
Imagine the following: 1. today I install fwsnort and try it 2. later today I uninstall it 3. 2 years later I purge all long-removed packages This would in 2 years set the iptables rules to what they were today before I shortly played with fwsnort. A case could be made for "fwsnort --ipt-flush" in prerm. Or considering that activating any fwsnort rules is not done automatically and that the package should not interfere with what the the admin has done.
