Hello David, thanks for the report. We may need more to see what is happening.
Did the same happen with your previous firehol package ? Is you configuration waiting for any iface (see WAIT_FOR_IFACE (/etc/default/firehol)) ? Best wishes, Jerome On 30/08/2021 21:56, David Jarvie wrote:
Package: firehol
Version: 3.1.7+ds-2
Severity: normal
Dear Maintainer,
At each system boot, Firehol takes a full minute to initialise, and makes the
boot process hang for some of that time.
Looking at the system log (attached), it isn't obvious why Firehol takes just
over
1 minute to complete, or why nothing seems to happen between 19:49:40 and
19:50:08, during which a console message is displayed saying that the boot
process is waiting for Firehol to finish.
The command 'firehol restart' takes very little time to complete once the
system is up and running. This indicates that something is wrong at boot time,
and that Firehol is presumably waiting for something else to complete.
I would have expected Firehol to initialise quickly during boot, and not to
hang the boot process.
I attach the journalctl output, from Firehol start to Firehol completion:
-- System Information:
Debian Release: 11.0
APT prefers stable-security
APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages firehol depends on:
ii firehol-common 3.1.7+ds-2
ii init-system-helpers 1.60
ii lsb-base 11.1.0
Versions of packages firehol recommends:
ii fireqos 3.1.7+ds-2
Versions of packages firehol suggests:
ii firehol-doc 3.1.7+ds-2
pn firehol-tools <none>
pn ulogd2 <none>
-- Configuration Files:
/etc/default/firehol changed:
START_FIREHOL=YES
WAIT_FOR_IFACE="enp2s0"
FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT=0
/etc/firehol/firehol.conf changed:
version 6
stewjar=192.168.178.100
local="192.168.178.101 192.168.178.102 192.168.178.103"
m2885fw=192.168.178.90
interface4 enp2s0 ethernet
# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy drop
# Protect from the internet.
protection strong
# The following means that this machine can REQUEST anything via
enp2s0.
client all accept
# Specific services that this machine needs to request via enp2s0.
client multicast accept
client dhcp accept
# Services that this machine offers to local network.
server ping accept src "$local"
server ssh accept src "$local"
server cups accept src "$local"
# Samsung M2885FW printer (needs both client and server)
# The script 'scanner-enable' must be run after Firehol, to fix
# iptables entries to allow SNMP to work properly.
client snmp accept dst $m2885fw
server snmp accept src $m2885fw
server samba accept
# The following enp2s0 server ports are not known by FireHOL:
# tcp/45485 tcp/49074 tcp/7741 udp/32768 udp/32769 udp/517 udp/518
udp/5353 udp/7741 udp/972
# TODO: If you need any of them, you should define new services.
# (see Adding Services at the web site - http://firehol.sf.net).
interface usb0 usb
policy accept
-- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B
OpenPGP_signature
Description: OpenPGP digital signature
