Package: shorewall Version: 5.2.3.2-1 Severity: normal File: /lib/systemd/system/shorewall.service
Dear Maintainer, when setting SAFESTOP=1 in /etc/default/shorewall and doing `service shorewall stop`, I'd expect the firewall to be safe-stopped (`shorewall stop`), not cleared (i.e. opened, `shorewall clear`). With sysvinit this works as expected, but in the systemd.service file, the ExecStop action is hard-coded to `shorewall clear`, not respecting the value of the SAFESTOP variable. This could lead to security issues, as the firewall opens unexpectedly. -- System Information: Debian Release: 10.10 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-17-amd64 (SMP w/1 CPU core) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages shorewall depends on: ii bc 1.07.1-2+b1 ii debconf [debconf-2.0] 1.5.71 ii iproute2 4.20.0-2+deb10u1 ii iptables 1.8.2-4 ii lsb-base 10.2019051400 ii perl 5.28.1-6+deb10u1 ii shorewall-core 5.2.3.2-1 Versions of packages shorewall recommends: ii libnetfilter-cthelper0 1.0.0-1+b1 Versions of packages shorewall suggests: ii make 4.2.1-1.2 pn shorewall-doc <none> -- Configuration Files: /etc/default/shorewall changed [not included] /etc/shorewall/conntrack [Errno 13] Keine Berechtigung: '/etc/shorewall/conntrack' /etc/shorewall/params [Errno 13] Keine Berechtigung: '/etc/shorewall/params' /etc/shorewall/shorewall.conf changed [not included] -- debconf information excluded
