Bug#862485: fwsnort mustn't set iptables rules when purged

2017-05-14 Thread Axel Beckert
Axel Beckert wrote: > Point taken. Will move that line (or an "fwsnort --ipt-flush") into a > (to be created) prerm and do another QA upload. (Unless you're already > onto it. Feel free to do that.) Unfortunately "fwsnort --ipt-flush" only flushes the chains but does not remove the chains: # ip

Bug#862485: fwsnort mustn't set iptables rules when purged

2017-05-13 Thread Axel Beckert
Control: tag -1 + confirmed - moreinfo Hi Adrian, Adrian Bunk wrote: > > > Tags: security > > > > I also disagree with this tag. > > messing up the iptables setup at an unexpected time can have bad > consequences. bad != security > > > A case could be made for "fwsnort --ipt-flush" in prerm.

Processed: Re: Bug#862485: fwsnort mustn't set iptables rules when purged

2017-05-13 Thread Debian Bug Tracking System
Processing control commands: > tag -1 + confirmed - moreinfo Bug #862485 [fwsnort] fwsnort mustn't set iptables rules when purged Added tag(s) confirmed. Bug #862485 [fwsnort] fwsnort mustn't set iptables rules when purged Removed tag(s) moreinfo. -- 862485: http://bugs.debian.org/cgi-bin/bugrep

Processed: Re: Bug#862485: fwsnort mustn't set iptables rules when purged

2017-05-13 Thread Debian Bug Tracking System
Processing control commands: > severity -1 serious Bug #862485 [fwsnort] fwsnort mustn't set iptables rules when purged Severity set to 'serious' from 'important' -- 862485: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862485 Debian Bug Tracking System Contact ow...@bugs.debian.org with prob

Bug#862485: fwsnort mustn't set iptables rules when purged

2017-05-13 Thread Axel Beckert
Control: tag -1 + moreinfo Control: severity -1 important Hi Adrian, Adrian Bunk wrote: > Severity: critical I think that's overly exaggerated. > Tags: security I also disagree with this tag. > The #861999 fix adds the following on purging: > grep -v FWSNORT /var/lib/fwsnort/fwsnort.save |

Processed: Re: Bug#862485: fwsnort mustn't set iptables rules when purged

2017-05-13 Thread Debian Bug Tracking System
Processing control commands: > tag -1 + moreinfo Bug #862485 [fwsnort] fwsnort mustn't set iptables rules when purged Added tag(s) moreinfo. > severity -1 important Bug #862485 [fwsnort] fwsnort mustn't set iptables rules when purged Severity set to 'important' from 'critical' -- 862485: http://

Bug#862485: fwsnort mustn't set iptables rules when purged

2017-05-13 Thread Adrian Bunk
Package: fwsnort Version: 1.6.5-3 Severity: critical Tags: security The #861999 fix adds the following on purging: grep -v FWSNORT /var/lib/fwsnort/fwsnort.save | iptables-restore Imagine the following: 1. today I install fwsnort and try it 2. later today I uninstall it 3. 2 years later I purge