Package: ferm Version: 2.5.1-1.1 Followup-For: Bug #863802 Dear Alex,
The similar problem arises in bookworm. After intensive debugging I found that when ferm starts the (statically configured) network interfaces have no IP address yet. I was forced to override the unit file to get ferm working after boot. > Which is funny. We had a bunch of bugs about ferm starting late where > everyone stated it should be up before the network is up. Should be but it can not. The others say: for security reasons traffic filtering must be functional before the first network packet arrives. That is a laudable conception but unfortunately it is not operable in every situation. The result: the host has no protection at all. > Someone should decide, which is not me. Therefore I don't think this is > grave. Okay, that is ME who decides. :-) Ferm MUST wait the networking to be fully up. A host without protection for half a seconds is far better than an unprotected host. At least README.Debian should discuss this problem and should give a recipe for admins in the same situation. Sorry if I was too pushy. Cheers Gabor -- System Information: Debian Release: 12.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-27-amd64 (SMP w/2 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages ferm depends on: ii debconf 1.5.82 ii init-system-helpers 1.65.2 ii iptables 1.8.9-2 ii perl 5.36.0-7+deb12u1 ii sysvinit-utils [lsb-base] 3.06-4 Versions of packages ferm recommends: ii libnet-dns-perl 1.36-1 ferm suggests no packages. -- Configuration Files: /etc/ferm/ferm.conf [Errno 13] Permission denied: '/etc/ferm/ferm.conf' -- debconf information: * ferm/enable: false
