This has already been fixed upstream. The fix will be in 1.9.0c. Thanks
for reporting it though....
cheers,
Arno
Joel Soete wrote:
Package: arno-iptables-firewall
Version: 1.9.0.b-1
Severity: important
Tags: patch
Hello Michael,
After the update of your new kind iptables firewall, internal network
connections failed :<( with following messages:
+ /sbin/iptables -A MAC_FILTER -m mac --mac-source '00:14:22:f9:53:a2
00:60:B0:07:0A:AA
00:d0:59:08:65:ca
00:05:5D:6B:DC:4B
00:30:6e:0a:cb:92
00:50:04:1b:2c:17
00:50:5d:6b:dc:4b
00:1e:33:7a:b8:90' -s 0/0 -j RETURN
iptables v1.4.2: Bad mac address `00:14:22:f9:53:a2
00:60:B0:07:0A:AA
00:d0:59:08:65:ca
00:05:5D:6B:DC:4B
00:30:6e:0a:cb:92
00:50:04:1b:2c:17
00:50:5d:6b:dc:4b
00:1e:33:7a:b8:90'
Try `iptables -h' or 'iptables --help' for more information.
After some debuging, I figure out what seems to me a typo in config file
and may be another way implement this new filter as per this proposed
patch:
--- ./etc/arno-iptables-firewall/plugins/mac-address-filter.conf.orig
2009-02-26 09:51:12.000000000 +0000
+++ ./etc/arno-iptables-firewall/plugins/mac-address-filter.conf
2009-03-15 09:15:22.000000000 +0000
@@ -8,7 +8,7 @@
# Specify here the port(s) you want to SSH checks to apply to
#
------------------------------------------------------------------------------
-MAC_ADDRESS_IF="$INF_IF"
+MAC_ADDRESS_IF="$INT_IF"
# Enable logging for not-allowed MAC addresses (if used).
#
-----------------------------------------------------------------------------
---
./share/arno-iptables-firewall/plugins/10mac-address-filter.plugin.orig
2009-02-27 20:29:17.000000000 +0000
+++ ./share/arno-iptables-firewall/plugins/10mac-address-filter.plugin
2009-03-15 09:16:41.000000000 +0000
@@ -85,7 +85,8 @@
MCOUNT=0
IFS="$(printf '\n')"
- for LINE in `cat "$MAC_ADDRESS_FILE" |sed -e 's|#.*||' -e 's| *$||'`;
do
+ cat "$MAC_ADDRESS_FILE" |sed -e 's|#.*||' -e 's| *$||' | \
+ while read LINE; do
if [ -n "$LINE" ]; then
src_mac="$(echo "$LINE" |awk '{ print $1 }')"
src_ip="$(echo "$LINE" |awk '{ print $2 }')"
=== <> ===
What's your opinion?
Thanks in advance for your kind attention,
J.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.28.7-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages arno-iptables-firewall depends on:
ii debconf [debconf-2.0] 1.5.26 Debian configuration
management sy
ii gawk 1:3.1.5.dfsg-4.1 GNU awk, a pattern scanning
and pr
ii iptables 1.4.2-6 administration tools for
packet fi
Versions of packages arno-iptables-firewall recommends:
ii dnsutils 1:9.5.1.dfsg.P1-1 Clients provided with BIND
ii iproute 20090115-1 networking and traffic
control too
ii lynx 2.8.7dev13-1 Text-mode WWW Browser
(transitiona
arno-iptables-firewall suggests no packages.
-- debconf information:
* arno-iptables-firewall/config-int-nat-net: 192.168.248.0/24
* arno-iptables-firewall/dynamic-ip: true
* arno-iptables-firewall/config-int-net: 192.168.248.0/24
* arno-iptables-firewall/icmp-echo: false
* arno-iptables-firewall/services-udp:
arno-iptables-firewall/title:
* arno-iptables-firewall/config-ext-if: ppp0
* arno-iptables-firewall/services-tcp: 22
* arno-iptables-firewall/restart: false
* arno-iptables-firewall/config-int-if: eth1
* arno-iptables-firewall/nat: true
* arno-iptables-firewall/debconf-wanted: true
--
Arno van Amersfoort
E-mail : arn...@rocky.eld.leidenuniv.nl
Donations are welcome through Paypal!
---------------------------------------------------------------------------
Arno's (Linux IPTABLES Firewall) Homepage:
http://rocky.eld.leidenuniv.nl
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
