Bug#912624: closed by Jerome Benoit (Bug#912624: fixed in firehol 3.1.6+ds-4)

Sun, 11 Nov 2018 02:09:38 -0800 

On Sun, 11 Nov 2018, Cristian Ionescu-Idbohrn wrote:
> On Sun, 11 Nov 2018, Jerome BENOIT wrote:
> > 
> > Hello, I am sorry to read that.
> > 
> > When you say `This is sysV init, _not_ systemd',
> > do you mean that you run on a Debian box (but not a Devuan box) ?
> 
> This is a Debian sid box with sysV init.
> 
> And I did realize shortly after sending the message bellow that I 
> managed to overwrite the conf-files (both /etc/default/firehol and 
> /etc/firehol/firehol.conf) in the process.
> 
> I'll continue investigation, though.

Repeating the upgrade process I found out that /etc/firehol/firehol.conf 
is _forcebly_ overwritten.  So, that's one bug:

        Installing new version of config file /etc/firehol/firehol.conf ...

I'm asked if I want to keep /etc/default/firehol, though.

The second bug is that the /usr/sbin/firehol has the ip*tables* paths 
hardcoded to /usr/sbin/, but most of those binaries are installed in 
/sbin/ (in the iptables package version I use; see bellow).  Why on 
earth would one hardcode program paths, when /etc/profile sets the 
PATH:

        # /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
        # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).

        if [ "`id -u`" -eq 0 ]; then
          PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
        else
          PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
        fi
        export PATH

and create lots of maintenance problems, I never understood :/  Is the 
PATH variable going away?

Creating these symlinks:

        lrwxrwxrwx 1 root root   20 Nov 11 10:12 ip6tables -> 
../../sbin/ip6tables
        lrwxrwxrwx 1 root root   28 Nov 11 10:16 ip6tables-restore -> 
../../sbin/ip6tables-restore
        lrwxrwxrwx 1 root root   25 Nov 11 10:14 ip6tables-save -> 
../../sbin/ip6tables-save
        lrwxrwxrwx 1 root root   19 Nov 11 10:12 iptables -> ../../sbin/iptables
        lrwxrwxrwx 1 root root   27 Nov 11 10:15 iptables-restore -> 
../../sbin/iptables-restore
        lrwxrwxrwx 1 root root   24 Nov 11 10:15 iptables-save -> 
../../sbin/iptables-save

saved my day ;)

I'm staying with iptables:

        Installed: 1.6.2-1.1

as I do experience problems with:

        Candidate: 1.8.1-2

which _does_ install compatibility symlinks, the other way around.

        iptables (1.8.1-2) unstable; urgency=medium

          * [5edbd6e] iptables: introduce /sbin compatibility symlinks (Closes: 
#911777)

         -- Arturo Borrero Gonzalez <art...@debian.org>  Thu, 25 Oct 2018 
13:27:15 +0200


-- 
Cristian

Reply via email to