Your message dated Fri, 02 Sep 2016 10:07:52 +0000
with message-id <[email protected]>
and subject line Bug#829640: fixed in iptables-persistent 1.0.4+nmu1
has caused the Debian Bug report #829640,
regarding netfilter-persistent loads firewall rules too late
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
829640: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829640
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: netfilter-persistent
Severity: grave
X-Debbugs-CC: [email protected]
Tags: security
Dear maintainer,
there is a security issue with the netfilter-persistent systemd service. [1]
netfilter-persistent orders itself before the wrong target. Should be
'Before=network-pre.target'.
The systemd manual is quite clear on network.target and
network-pre.target. [2]
Credits for finding this bug go to rustybird. [3] [4] (I am only
seconding and reporting it.)
(Using severity grave as this could pose a security risk, i.e. the
firewall getting up too late.)
Cheers,
Patrick
[1]
https://anonscm.debian.org/cgit/collab-maint/iptables-persistent.git/tree/systemd/netfilter-persistent.service
[2] https://www.freedesktop.org/software/systemd/man/systemd.special.html
[3] https://github.com/rustybird
[4] https://github.com/rustybird/corridor/issues/8#issuecomment-230266161
--- End Message ---
--- Begin Message ---
Source: iptables-persistent
Source-Version: 1.0.4+nmu1
We believe that the bug you reported is fixed in the latest version of
iptables-persistent, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
gustavo panizzo <[email protected]> (supplier of updated iptables-persistent
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 21 Aug 2016 13:05:39 +0800
Source: iptables-persistent
Binary: netfilter-persistent iptables-persistent
Architecture: source
Version: 1.0.4+nmu1
Distribution: unstable
Urgency: low
Maintainer: Jonathan Wiltshire <[email protected]>
Changed-By: gustavo panizzo <[email protected]>
Description:
iptables-persistent - boot-time loader for netfilter rules, iptables plugin
netfilter-persistent - boot-time loader for netfilter configuration
Closes: 829640
Changes:
iptables-persistent (1.0.4+nmu1) unstable; urgency=low
.
[ Jonathan Wiltshire ]
* Update debhelper to compat level 9
* Standards version 3.9.6 no changes needed.
* Re-tab plugins/15-ip4tables and plugins/25-ip6tables
.
[ gustavo panizzo ]
* Non-maintainer upload.
* Starts netfilter-persistent service before network-pre.target,
as suggested by systemd upstream. Thanks to Patrick Schleizer
(Closes: #829640).
Checksums-Sha1:
d261ca75c073a15d6381bd041cd032dfb6c296b2 1722
iptables-persistent_1.0.4+nmu1.dsc
ddb634ea23b0345faaf04e9b0b5893f67e7b5a9a 13876
iptables-persistent_1.0.4+nmu1.tar.xz
Checksums-Sha256:
174ba7cc8879e58951766ea1715932a12f5796aca12f8260ca37c5f008f325f9 1722
iptables-persistent_1.0.4+nmu1.dsc
fb626fe7d44427c12bebb90511a537f6cedd16ea70f2d062cc50e1d1547c125e 13876
iptables-persistent_1.0.4+nmu1.tar.xz
Files:
9789dc91569ff3a271651a99cd545487 1722 admin optional
iptables-persistent_1.0.4+nmu1.dsc
80c8b49809ce22ece64bcbbed3a9107e 13876 admin optional
iptables-persistent_1.0.4+nmu1.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJXvAsHAAoJEPNPCXROn13ZPxcP/0UgWZqjr3O70bZ1kqV8wr+S
ZAwFjzzq+llq/LFTptD8z6zBrvdrGE420yr3W1Xg/gFK5bdSWm1mfrwu4WmAUA0x
P7QkbjmQU51y6N1/4LllBW24DlRh4ZCSvoJHL/IWJDALutPepHG758cddN87ZKOG
U36xlyYa2RMMdWMo0avRV5g+EyPB4rSoB+j2JcYgfioi0+ISWH06NPtvGQDAXdWn
NVmmbxLwnPL9xIg+TcGRoLgQQiI+13wuUSkYHbiOp2GAPrfj79TAoi4+FK2GPxNZ
S6vACBGrMPsB53V/NmCb/lrF1r/JgO6O/jdQqbnJzBvZV/0dKmsrY8TZ28euiIdL
UOPU/6Y8sxkYWwFXYSZVrgjnzNAmYbdTc7M+Y1zF8lPds4YDHOhFDeQYX0WJskH0
WNfwc9lSW7JLl6Kbpnhyop4lBRrLDULtQU3buR+Z1n9Or8tj7ue8bf3Sq+EKeXlF
qoylVAZKL7rLvgrSXN4pVrtEevUzGaSXHmirhVSpbD1eA9EW1SFV8BvZY8JS1bJW
Wls+R1Ka17ZZb3rmQM3Yq0Kt00eHquWPa356+tEq5J2w6rSVtPwbLxPVyssaIt+2
t8Fpy1+2Lv1CAtqT4XdbXd51et2bfrtxBwjx3bEdJkpl3dYPGqULNEqyhYO4ed4K
vRwI1qkMwonjg8GHe/ev
=7aCW
-----END PGP SIGNATURE-----
--- End Message ---
