SRU proposal - Impact on users: Major, bug stops firehol from working, and locks down the system it is applied on. Only way to fix it is to stop firehol, or apply one of the fudgy work-arounds, on console, which is painful if you don't have a serial console, and the server is 200 miles away... (Yes, done this.)
Development Branch fix: Removed quotes around one variable. From the upstream changelog: BASH 3.2 support. The problem is in array variables. For some reason, an empty array member in BASH 3.1 produces no iptables arguments, but in BASH 3.2 an empty array member produces an empty iptables argument which breaks iptables. Debdiff attached directly above *should* cover the patch required. Reproduction / Test Case: > Install firehol > Start firehol (firehol start) > Failure Regression potential is limited. However, if it does occur, would likley lock down systems to which it happens on. (Those systems on which firehol has been fudged to work. ) ** Description changed: Bug is caused by the move to bash 3.2, upstream has been fixed. http://sourceforge.net/tracker/index.php?func=detail&aid=1607442&group_id=58425&atid=487692 + + Reproduction / Test Case: + > Install firehol + > Start firehol ("firehol start" in terminal) + > Watch failure ---- When starting firehol during boot in feisty I have lots of messages like this one in /var/log/boot (running upstart): Jan 5 00:32:46 rcS: * Starting Firewall firehol ESC[80G Jan 5 00:32:46 rcS:Jan 5 00:32:46 rcS: * Starting Firewall firehol ESC[80G Jan 5 00:32:46 rcS: Jan 5 00:32:46 rcS: -------------------------------------------------------------------------------- Jan 5 00:32:46 rcS: ERROR : # 1. Jan 5 00:32:46 rcS: WHAT : A runtime command failed to execute (returned error 2). Jan 5 00:32:46 rcS: SOURCE : line 20 of /etc/firehol/firehol.conf Jan 5 00:32:46 rcS: COMMAND : /sbin/iptables -t filter -A out_world_all_c1 -m state '' --state NEW\,ESTABLISHED -j ACCEPT Jan 5 00:32:46 rcS: OUTPUT : Jan 5 00:32:46 rcS: Jan 5 00:32:46 rcS: Jan 5 00:32:46 rcS: Jan 5 00:32:46 rcS: Jan 5 00:32:46 rcS: -------------------------------------------------------------------------------- Running this command manually as root gives the following error message: root> /sbin/iptables -t filter -A out_world_all_c1 -m state '' --state NEW\,ESTABLISHED -j ACCEPT Bad argument `' Try `iptables -h' or 'iptables --help' for more information. -- firehol locks down Feisty & Gusty systems https://bugs.launchpad.net/bugs/78017 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
