Well it does do that:
Restarting Arno's Iptables Firewall...
** WARNING: In Variable NAT_FORWARD_TCP, Rule: "~8888>10.100.__0.117~80"
is ignored.
Feb 06 13:27:41 WARNING: Not all firewall rules are applied.
a.
On 06-Feb-12 12:54, Julia Longtin wrote:
Oh, that makes sense to me... except since it WAS valid syntax, it means
that when it STOPPED being valid syntax, i need a little more warning
than "oh, all your port forwards no longer exist, have a nice day!". I
read debchanges, so at least a warning to sysadmins that the syntax that
used to be valid is no longer valid makes sense to me.
Luckily, there will at least be this thread to guide other sysadmins. I
had to use bash -x to trace through things and discover the 'fix' for my
perfectly 'valid' syntax not working.
Julia Longtin
On Mon, Feb 6, 2012 at 6:17 AM, Arno van Amersfoort
<arn...@rocky.eld.leidenuniv.nl <mailto:arn...@rocky.eld.leidenuniv.nl>>
wrote:
Hello Julia,
Ah you mean that the first WITH the "~" in front of the 8888 used to
be a valid syntax? If so, this was never intended and it certainly
doesn't serve any purpose. The fix is simple, as you already know,
get rid of it ;-), unless I'm missing something here.
cheers,
Arno
On 03-Feb-12 17:25, Julia Longtin wrote:
I mean that going from "NAT_FORWARD_TCP=~8888>10.100.__0.117~80"
causes
the problem. you have the fix correct.
Its possibly my syntax is wrong.. but it used to work this way.
Julia Longtin
On Fri, Feb 3, 2012 at 2:56 PM, Arno van Amersfoort
<arn...@rocky.eld.leidenuniv.__nl
<mailto:arn...@rocky.eld.leidenuniv.nl>
<mailto:arn...@rocky.eld.__leidenuniv.nl
<mailto:arn...@rocky.eld.leidenuniv.nl>>>
wrote:
You mean that "NAT_FORWARD_TCP="8888>10.100.____0.117~80"
causes the
problem and "NAT_FORWARD_TCP="0/0~8888>10.____100.0.117~80"
fixes
that? I tried reproducing it, but I can't get it to fail.
Could you
provide a snippet of the error?
thanks.
Arno
On 03-Feb-12 15:37, Julia Longtin wrote:
Package: arno-iptables-firewall
Version: 2.0.1-1
Severity: important
Dear Maintainer,
After performing an upgrade, i have found that the
format of the
rules expected in firewall.conf have changed.
Instead of accepting a blank source IP, it now requires
a source
IP, or parse_rules fails, and gives a WARNING: rule will be
ignored..
see the '0/0' that has been added to my NAT_FORWARD_TCP
rules.
Julia Longtin
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8
(charmap=locale:
Cannot set LC_CTYPE to default locale: No such file or
directory
locale: Cannot set LC_MESSAGES to default locale: No
such file
or directory
locale: Cannot set LC_ALL to default locale: No such file or
directory
ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages arno-iptables-firewall depends on:
ii debconf [debconf-2.0] 1.5.41
ii gawk 1:3.1.8+dfsg-0.1
ii iproute 20120105-1
ii iptables 1.4.12.2-1
Versions of packages arno-iptables-firewall recommends:
ii dnsutils 1:9.8.1.dfsg.P1-2
ii lynx 2.8.8dev.9-3
ii rsyslog 5.8.6-1
arno-iptables-firewall suggests no packages.
-- Configuration Files:
/etc/arno-iptables-firewall/____firewall.conf changed:
EXT_IF="$DC_EXT_IF"
EXT_IF_DHCP_IP=$DC_EXT_IF_____DHCP_IP
EXTERNAL_DHCP_SERVER=0
EXTERNAL_DHCPV6_SERVER=0
INT_IF="$DC_INT_IF"
INTERNAL_NET="$DC_INTERNAL_____NET"
INTERNAL_NET_ANTISPOOF=1
DMZ_IF=""
DMZ_NET=""
DMZ_NET_ANTISPOOF=1
NAT=$DC_NAT
NAT_INTERNAL_NET="$DC_NAT_____INTERNAL_NET"
NAT_LOCAL_REDIRECT=1
NAT_FORWARD_TCP="0/0~8888>10.____100.0.117~80 \
0/0~8889>10.100.0.88~80 \
0/0~8890>10.100.0.40~80 \
0/0~8891>10.100.0.58~80 \
0/0~8892>10.100.0.100~80 \
0/0~8893>10.100.0.20~80 \
0/0~2280>10.100.0.44~22 \
0/0~2281>10.100.0.75~22 \
0/0~8333>10.100.0.95~8333 "
NAT_FORWARD_UDP=""
NAT_FORWARD_IP=""
INET_FORWARD_TCP=""
INET_FORWARD_UDP=""
INET_FORWARD_IP=""
IP4TABLES="/sbin/iptables"
IP6TABLES="/sbin/ip6tables"
ENV_FILE="/usr/share/arno-____iptables-firewall/environment"
PLUGIN_BIN_PATH="/usr/share/____arno-iptables-firewall/____plugins"
PLUGIN_CONF_PATH="/etc/arno-____iptables-firewall/plugins"
DMESG_PANIC_ONLY=1
MANGLE_TOS=1
SET_MSS=1
TTL_INC=0
USE_IRC=0
LOOSE_FORWARD=0
FORWARD_LINK_LOCAL=0
IPV6_DROP_RH_ZERO=1
RESERVED_NET_DROP=0
DRDOS_PROTECT=0
IPV6_SUPPORT=0
NMB_BROADCAST_FIX=0
COMPILED_IN_KERNEL_MESSAGES=1
DEFAULT_POLICY_DROP=1
TRUSTED_IF=""
IF_TRUSTS=""
CUSTOM_RULES="/etc/arno-____iptables-firewall/custom-____rules"
LOCAL_CONFIG_FILE=""
DISABLE_IPTABLES_BATCH=0
TRACE=0
BLOCKED_HOST_LOG=1
SCAN_LOG=1
POSSIBLE_SCAN_LOG=1
BAD_FLAGS_LOG=1
INVALID_TCP_LOG=0
INVALID_UDP_LOG=0
INVALID_ICMP_LOG=0
RESERVED_NET_LOG=0
FRAG_LOG=1
INET_OUTPUT_DENY_LOG=1
LAN_OUTPUT_DENY_LOG=1
LAN_INPUT_DENY_LOG=1
DMZ_OUTPUT_DENY_LOG=1
DMZ_INPUT_DENY_LOG=1
FORWARD_DROP_LOG=1
LINK_LOCAL_DROP_LOG=1
ICMP_REQUEST_LOG=1
ICMP_OTHER_LOG=1
PRIV_TCP_LOG=1
PRIV_UDP_LOG=1
UNPRIV_TCP_LOG=1
UNPRIV_UDP_LOG=1
IGMP_LOG=1
OTHER_IP_LOG=1
ICMP_FLOOD_LOG=1
FIREWALL_LOG="/var/log/arno-____iptables-firewall"
LOGLEVEL="info"
LOG_HOST_INPUT_TCP=""
LOG_HOST_INPUT_UDP=""
LOG_HOST_INPUT_IP=""
LOG_HOST_OUTPUT_TCP=""
LOG_HOST_OUTPUT_UDP=""
LOG_HOST_OUTPUT_IP=""
LOG_INPUT_TCP=""
LOG_INPUT_UDP=""
LOG_INPUT_IP=""
LOG_OUTPUT_TCP=""
LOG_OUTPUT_UDP=""
LOG_OUTPUT_IP=""
LOG_HOST_INPUT=""
LOG_HOST_OUTPUT=""
SYN_PROT=1
REDUCE_DOS_ABILITY=1
ECHO_IGNORE=0
LOG_MARTIANS=1
IP_FORWARDING=1
IPV6_AUTO_CONFIGURATION=1
ICMP_REDIRECT=0
CONNTRACK=16384
ECN=1
RP_FILTER=1
SOURCE_ROUTE_PROTECTION=1
LOCAL_PORT_RANGE="32768 61000"
DEFAULT_TTL=64
NO_PMTU_DISCOVERY=0
LAN_OPEN_ICMP=1
LAN_OPEN_TCP="21 22 80"
LAN_OPEN_UDP="53 67 69"
LAN_OPEN_IP=""
LAN_DENY_TCP=""
LAN_DENY_UDP=""
LAN_DENY_IP=""
LAN_HOST_OPEN_TCP=""
LAN_HOST_OPEN_UDP=""
LAN_HOST_OPEN_IP=""
LAN_HOST_DENY_TCP=""
LAN_HOST_DENY_UDP=""
LAN_HOST_DENY_IP=""
LAN_INET_OPEN_ICMP=1
LAN_INET_OPEN_TCP=""
LAN_INET_OPEN_UDP=""
LAN_INET_OPEN_IP=""
LAN_INET_DENY_TCP=""
LAN_INET_DENY_UDP=""
LAN_INET_DENY_IP=""
LAN_INET_HOST_OPEN_TCP=""
LAN_INET_HOST_OPEN_UDP=""
LAN_INET_HOST_OPEN_IP=""
LAN_INET_HOST_DENY_TCP=""
LAN_INET_HOST_DENY_UDP=""
LAN_INET_HOST_DENY_IP=""
DMZ_OPEN_ICMP=1
DMZ_OPEN_TCP=""
DMZ_OPEN_UDP=""
DMZ_OPEN_IP=""
DMZ_HOST_OPEN_TCP=""
DMZ_HOST_OPEN_UDP=""
DMZ_HOST_OPEN_IP=""
INET_DMZ_OPEN_ICMP=0
INET_DMZ_OPEN_TCP=""
INET_DMZ_OPEN_UDP=""
INET_DMZ_OPEN_IP=""
INET_DMZ_DENY_TCP=""
INET_DMZ_DENY_UDP=""
INET_DMZ_DENY_IP=""
INET_DMZ_HOST_OPEN_TCP=""
INET_DMZ_HOST_OPEN_UDP=""
INET_DMZ_HOST_OPEN_IP=""
INET_DMZ_HOST_DENY_TCP=""
INET_DMZ_HOST_DENY_UDP=""
INET_DMZ_HOST_DENY_IP=""
DMZ_INET_OPEN_ICMP=1
DMZ_INET_OPEN_TCP=""
DMZ_INET_OPEN_UDP=""
DMZ_INET_OPEN_IP=""
DMZ_INET_DENY_TCP=""
DMZ_INET_DENY_UDP=""
DMZ_INET_DENY_IP=""
DMZ_INET_HOST_OPEN_TCP=""
DMZ_INET_HOST_OPEN_UDP=""
DMZ_INET_HOST_OPEN_IP=""
DMZ_INET_HOST_DENY_TCP=""
DMZ_INET_HOST_DENY_UDP=""
DMZ_INET_HOST_DENY_IP=""
DMZ_LAN_OPEN_ICMP=0
DMZ_LAN_HOST_OPEN_TCP=""
DMZ_LAN_HOST_OPEN_UDP=""
DMZ_LAN_HOST_OPEN_IP=""
FULL_ACCESS_HOSTS=""
BROADCAST_TCP_NOLOG=""
HOST_OPEN_TCP=""
HOST_OPEN_UDP=""
HOST_OPEN_IP=""
HOST_OPEN_ICMP=""
HOST_DENY_TCP=""
HOST_DENY_UDP=""
HOST_DENY_IP=""
HOST_DENY_ICMP=""
HOST_DENY_TCP_NOLOG=""
HOST_DENY_UDP_NOLOG=""
HOST_DENY_IP_NOLOG=""
HOST_DENY_ICMP_NOLOG=""
HOST_REJECT_TCP=""
HOST_REJECT_UDP=""
HOST_REJECT_TCP_NOLOG=""
HOST_REJECT_UDP_NOLOG=""
DENY_TCP_OUTPUT=""
DENY_UDP_OUTPUT=""
DENY_IP_OUTPUT=""
HOST_DENY_TCP_OUTPUT=""
HOST_DENY_UDP_OUTPUT=""
HOST_DENY_IP_OUTPUT=""
OPEN_ICMP=$DC_OPEN_ICMP
OPEN_ICMPV6=1
OPEN_TCP="$DC_OPEN_TCP"
OPEN_UDP="$DC_OPEN_UDP"
OPEN_IP=""
DENY_TCP=""
DENY_UDP=""
DENY_TCP_NOLOG=""
DENY_UDP_NOLOG=""
REJECT_TCP=""
REJECT_UDP=""
REJECT_TCP_NOLOG=""
REJECT_UDP_NOLOG=""
BLOCK_HOSTS=""
BLOCK_HOSTS_BIDIRECTIONAL=1
-- debconf information:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_GB.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
locale: Cannot set LC_CTYPE to default locale: No such
file or
directory
locale: Cannot set LC_MESSAGES to default locale: No
such file
or directory
locale: Cannot set LC_ALL to default locale: No such file or
directory
* arno-iptables-firewall/config-____int-nat-net: 10.100.0/24
172.16.0/24
* arno-iptables-firewall/____dynamic-ip: true
* arno-iptables-firewall/config-____int-net: 10.100.0/24
172.16.0/24
* arno-iptables-firewall/icmp-____echo: true
* arno-iptables-firewall/____services-udp: 53
arno-iptables-firewall/title:
* arno-iptables-firewall/config-____ext-if: eth0
* arno-iptables-firewall/____services-tcp: 22 53 80
* arno-iptables-firewall/____restart: true
* arno-iptables-firewall/config-____int-if: eth1 br0
* arno-iptables-firewall/nat: true
* arno-iptables-firewall/____debconf-wanted: true
-- debsums errors found:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_GB.UTF-8"
are supported and installed on your system.
perl: warning: Falling back to the standard locale ("C").
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
