Package: apf-firewall Version: 9.7+rev1-7 Severity: normal Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate *** This is a known bug, and it leads to total system instability: https://github.com/rfxn/advanced-policy-firewall/issues/48 * What led up to the situation? I deployed (apt install apf-firewall) apf-firewall to multiple servers and after changing the configuration, I found the firewall did not have my updates. Update IG__TCP_CPORTS and remove a port. Restart apf (apf -r, or apf -f then apf -s, service restart apf-firewall, systemctl restart apf-firewall) and old rules are are still in IP tables. * What exactly did you do (or not do) that was effective (or ineffective)? I can flush manually as per the github issue: iptables -F, but that broke updates to apf via ansible. Modified the /usr/sbin/apf script to include iptables -F - this broke ansible. * What was the outcome of this action? iptables shows that rules were flushed, but the chains still exist. The default policy is reset. Separate issue: ansible's session is shut down - causing ansible to hang waiting for a response. * What outcome did you expect instead? iptables should drop rules, chains, and reset the default policies *** End of the template - remove these template lines *** -- System Information: Debian Release: 12.7 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-25-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages apf-firewall depends on: ii init-system-helpers 1.65.2 ii iproute2 6.1.0-3 ii iptables 1.8.9-2 ii sysvinit-utils [lsb-base] 3.06-4 ii wget 1.21.3-1+b2 apf-firewall recommends no packages. apf-firewall suggests no packages. -- Configuration Files: /etc/apf-firewall/conf.apf [Errno 13] Permission denied: '/etc/apf-firewall/conf.apf' /etc/apf-firewall/ds_hosts.rules [Errno 13] Permission denied: '/etc/apf-firewall/ds_hosts.rules' /etc/apf-firewall/glob_allow.rules [Errno 13] Permission denied: '/etc/apf-firewall/glob_allow.rules' /etc/apf-firewall/glob_deny.rules [Errno 13] Permission denied: '/etc/apf-firewall/glob_deny.rules' /etc/apf-firewall/sdrop_hosts.rules [Errno 13] Permission denied: '/etc/apf-firewall/sdrop_hosts.rules' /etc/default/apf-firewall changed: RUN="yes" -- no debconf information
