Package: ferm Version: 2.1-4 Severity: important
Upgrade to 2.1-4 dies with an error about stopping ferm. The firewall is left running, but the ferm scripts are already in place and future manual or automatic operations fail with the message "Died at /usr/sbin/ferm line 1719".
By commenting out that line in /usr/sbin/ferm I can get a slightly more useful, but still incorrect error message about mis-matched "}". The actual problem turned out to be the config block was starting with "domain (ip ip6) table filter {...}" to specify rules shared by both IPv4 and IPv6 firewalls.
This "domain (ip ip6)" syntax appears not to be a problem when used in the main ferm.conf file, and is valid. But the new version errors out with the above problems when it is used in a sub-include file.
Workaround was to cut-n-paste a blocks of config file into "domain ip ..." and "domain ip6 ..." blocks. Or to move the domain stanza outside the include file. Both of which can be problematic when the config files are under different administrative jurisdictions or automatically generated.
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
