As to my testing 2.0.0C-DEVEL fixes the issue. Sven
Am Freitag, den 01.07.2011, 14:29 +0200 schrieb Arno van Amersfoort: > (I think) I've fixed this issue in 2.0.0c-DEVEL. The upcoming 2.0.0c > will have the fix which can be used downstream. > > -arno > > On 6/23/2011 20:43, S. G. wrote: > > Package: arno-iptables-firewall > > Version: 2.0.0.a-2 > > Severity: important > > Tags: upstream > > > > After updating from arno-iptables-firewall 1.9.2.k-4 zeroconf (MDNS) does > > work > > any more. Investigations brought up this set of rules > > > > Chain EXT_MULTICAST_CHAIN (2 references) > > pkts bytes target prot opt in out source > > destination > > 0 0 LOG tcp -- * * 0.0.0.0/0 > > 0.0.0.0/0 tcp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 > > level > > 6 prefix `AIF:PRIV TCP multicast: ' > > 0 0 LOG udp -- * * 0.0.0.0/0 > > 0.0.0.0/0 udp dpts:0:1023 limit: avg 6/min burst 2 LOG flags 0 > > level > > 6 prefix `AIF:PRIV UDP multicast: ' > > 0 0 LOG tcp -- * * 0.0.0.0/0 > > 0.0.0.0/0 tcp dpts:1024:65535 limit: avg 6/min burst 2 LOG flags 0 > > level 6 prefix `AIF:UNPRIV TCP multicast: ' > > 0 0 LOG udp -- * * 0.0.0.0/0 > > 0.0.0.0/0 udp dpt:1024 limit: avg 6/min burst 2 LOG flags 0 level > > 6 > > prefix `AIF:UNPRIV UDP multicast: ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > > 0.0.0.0/0 icmp type 8 limit: avg 3/min burst 1 LOG flags 0 level 6 > > prefix `AIF:ICMP-multicast-request: ' > > 0 0 LOG icmp -- * * 0.0.0.0/0 > > 0.0.0.0/0 icmp !type 8 limit: avg 12/hour burst 1 LOG flags 0 > > level 6 > > prefix `AIF:ICMP-multicast-other: ' > > 0 0 DROP all -- * * 0.0.0.0/0 > > 0.0.0.0/0 > > > > which obviously blocks all multicast packets. The configuration files > > doesn't > > offer a way to let in zeroconf traffic (MDNS, UDP Port 5353) again. > > > > With the stable version of the packet it was sufficient to open UDP Port > > 5353 > > via debconf.cfg. > > > > Zeroconf is installed and enabled by default on a freshly installed system. > > So > > the firewall should not block it without a remedy to reenable it. > > > > > > > > -- System Information: > > Debian Release: wheezy/sid > > APT prefers testing > > APT policy: (500, 'testing') > > Architecture: amd64 (x86_64) > > > > Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores) > > Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) > > Shell: /bin/sh linked to /bin/dash > > > > Versions of packages arno-iptables-firewall depends on: > > ii debconf [debconf-2.0] 1.5.39 Debian configuration > > management sy > > ii gawk 1:3.1.7.dfsg-5 GNU awk, a pattern scanning > > and pr > > ii iproute 20110315-1 networking and traffic control > > too > > ii iptables 1.4.10-1 administration tools for > > packet fi > > > > Versions of packages arno-iptables-firewall recommends: > > ii dnsutils 1:9.7.3.dfsg-1+b1 Clients provided with BIND > > ii lynx 2.8.8dev.8-1 Text-mode WWW Browser > > (transitiona > > > > arno-iptables-firewall suggests no packages. > > > > -- debconf information: > > arno-iptables-firewall/config-int-nat-net: > > arno-iptables-firewall/dynamic-ip: true > > arno-iptables-firewall/config-int-net: > > arno-iptables-firewall/icmp-echo: false > > * arno-iptables-firewall/services-udp: 631 5353 > > arno-iptables-firewall/title: > > * arno-iptables-firewall/config-ext-if: eth0 wlan0 > > * arno-iptables-firewall/services-tcp: > > * arno-iptables-firewall/restart: true > > * arno-iptables-firewall/config-int-if: > > arno-iptables-firewall/nat: false > > * arno-iptables-firewall/debconf-wanted: true > > > > > > > -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
