Your message dated Sat, 03 Nov 2012 12:30:27 +0000
with message-id <50950e63.3050...@debian.org>
and subject line Not a bug
has caused the Debian Bug report #682612,
regarding /sbin/ip6tables-multi: Cannot restore ip6tables, fails at Commit line
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
682612: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=682612
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: iptables
Version: 1.4.8-3
Severity: grave
File: /sbin/ip6tables-multi
Tags: security ipv6
Justification: user security hole
I have the following file /etc/ip6tables.firewall.rules
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A FORWARD -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A OUTPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp6-port-unreachable
-A FORWARD -j REJECT --reject-with icmp6-port-unreachable
COMMIT
Then I run:
sudo ip6tables-restore < /etc/ip6tables.firewall.rules
And I get:
ip6tables-restore: line 18 failed
Any idea how to fix this?
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-042stab057.1 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages iptables depends on:
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libnfnetlink0 1.0.0-1 Netfilter netlink library
iptables recommends no packages.
iptables suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am closing this bug as I couldn't reproduce it and it seems to be an
issue with the VM configuration from OPs provider.
cheers from the Dublin BSP,
Ulrich
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJQlQ5gAAoJEASq5bOX8aqsV8cP/3Gd7GFA/ql0RTgITN/SBGSv
wE6O78JJ0Tp26z6u9/84jmtmZCk3csWYzJIxJyYBtJ17ZO1uhzMiNpHoMPnPuZue
JhQoAAY+xvkErp16JY3kj3VOCzeRdzIAAN90PvkxyNpBTwpcVbUtnjVqEUCLfX/g
gQlm8Y6ffftoo6MA7e/XKnLz2+o0pUqPg90M3spvCjBeZl78sSM7+GuGPxfe7w81
F7cK/ihddKqNXLA0ICuod0PdJa+tAF91TvxEwMUKvwm9D3rih+IimWJZ8aPQlAy7
O1FqbAeFoT4Cix6zH+gXDLSDcrh4i1uD8DRnyoB0JEQ/mVGvi+Ns0qEWKHpe7Bsd
seN8SJ72Lif7BFAXrGcHx67B7r+hujf8bC6XJIDEs2dvMyoAV4fWDw19I+gT3uUf
yAxaiGRD5TPRLmleODtP/cYFwBd04HrNSuqkXcrXTLfUjgrYx/aqR6j4vbmwAYUn
TedYDGjmfb3HXCrw7UyVzVwznHuHD4Eoa6nuqQZ/mOpZKFKGS1SHO2f8Do3wz8+y
C5Jor8f9ByaAax9+Rbgy20RrQoljac64Vzg/9a8Pdw08vFvLMxY+u5RA0bB855nP
BwSyVvuGX3PHsbcBYKEr5KtBUCUD0b5mKFETB7yBYY8X16NuynlvbspYvdEh+cEp
JIqyqNk70HFPppPDldfq
=ITgk
-----END PGP SIGNATURE-----
--- End Message ---
