[gutsy] /etc/network/if-up.d/50firestarter exited with return code 2

Problem is the same on Debian Sid :)

Stopping the Firestarter firewall....
Starting the Firestarter firewall... failed!
run-parts: /etc/network/if-up.d/50firestarter exited with return code 2

This is supposed to be fixed in Debian unstable now

firestarter (1.0.3-6ubuntu1) gutsy; urgency=low

  * Merge from Debian Unstable, Ubuntu remaining changes: (LP: #132039)
    + Adhere to DebianMaintainerField
    + debian/rules: call [ ! -f Makefile ] || $(MAKE) distclean instead of
      -$(MAKE) distclean
    + 11_desktop_file.dpatch: updated to make desktop-file-validate happy.

firestarter (1.0.3-6) unstable; urgency=low

  * Recover lsb-base dependancy lost in last update.
  * Remove 'Application' category from desktop file, add trailing semicolon.
  * Remove old code from preinst (replace with empty/default version)
  * Replace postinst with updated version.
  * Update menu file for new menu policy.
  * Add LSB keyword section to initscript.
  * Change initscript to run at S65, not 'defaults'.
  * Do not use invoke-rc.d in ppp/ifupdown scripts, call initscript directly
    (closes: #438732).
  * Copy patch from Ubuntu to launch web browser as non-root user - thanks
    go to the author of the Ubuntu patch
     - fixup docs patch appropriately

 -- Lionel Le Folgoc <email address hidden> Fri, 31 Aug 2007 19:22:27 +0200

I still seem to get this problem, though it's happening when I try and install firestarter. This is on a Tribe 5? gutsy straight install, updated by update manager to stay current.

sudo apt-get install firestarter
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  dhcp3-server
The following NEW packages will be installed:
  firestarter
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/403kB of archives.
After unpacking 1999kB of additional disk space will be used.
Selecting previously deselected package firestarter.
(Reading database ... 140308 files and directories currently installed.)
Unpacking firestarter (from .../firestarter_1.0.3-6ubuntu1_i386.deb) ...
Setting up firestarter (1.0.3-6ubuntu1) ...
Firewall script saved as /etc/firestarter/firewall
Adding Firestarter startup hook to /etc/dhclient-exit-hooks
 * Stopping the Firestarter firewall... [ OK ]
 * Starting the Firestarter firewall... [fail]
invoke-rc.d: initscript firestarter, action "restart" failed.

I can confirm This. I'm having the same problem. The error message occurs at boot time and the firewall does not start for me at all. I've had to shut down my test server because there is no firewall running, leaving all the open ports are left vulnerable. This error started occuring after upgrading from Fiesty to gutsy on 3rd October 2007.

I can confirm this, though my firewall seems to be working as usual, I see this message on boot. Using Gutsy beta.

I confirm this too:
run-parts: /etc/network/if-up.d/50firestarter exited with return code 2

I keep having this error in the official gutsy release.

Firestarter works ok though when I start it.

I have the same problem. One thing to note, if I understand firestarter correctly, it is simply an interface to view and change the rules that the ipchains firewall uses - and if it is not running, it does not mean your firewall is not running - it just means that you cannot use the firestarter gui to make changes or view the current policy. Isn't that correct?

I can confirm too...it's interesting that this is assigned to low priority when a normal user wants to know they have a running firewall and this might be one of those "ahhhh" and runs from linux for newbs. : ( It doesn't appear this would be too hard to fix either. But heah, it's free and once the system is up firestarter runs...whenever it's not not detecting the interface device and refusing to start. : ( Anybody else notice that it will focus on an interface that you're not using for the internet and then refuse to work? It's fixable from within the gui...but would be scary for someone who wants to type papers and e-mail.

Oh yeah: thanks for the work Ubuntu Team. : )

OK. So I will write what's happening.

Everybody, look inside yours "/etc/rcS.d" directory - which priority have "networking" and which "firestarter"? At my system it is respectively 40 and 65.
It means that first "/etc/init.d/networking" is running and with that "/etc/network/if-up.d/50firestarter" which contains "/etc/init.d/firetarter restart".
So, "networking" scripts trying to restart "firestarter daemon" but it is not loaded yet - so it exits with "return code 2".
After that feew tings is loaded and then "firestarter" is loading from system wide "rc.d".

Dirty hack for this is either to change loading priority of "networking" to above 65 (which is not wise since it is "device" and these should be loaded at least to 40 priority position) or to change loading priority of "firestarter" below|to 40 (I don't know if it is wise since not every devices and filesystems are set and running at the time).

Dirty hack 1:
sudo update-rc.d -f networking remove
sudo update-rc.d networking S 70 .

or

Dirty hack 2:
sudo update-rc.d -f firestarter remove
sudo update-rc.d firestarter S 40 .

Or, it will be better to edit "/etc/network/if-up.d/50firestarter" form this:
[code]
#! /bin/sh

/etc/init.d/firestarter restart
[/code]

to this:
[code]
#! /bin/sh

if [ "$(/etc/init.d/firestarter status | grep running)" ]; then /etc/init.d/firestarter restart;
else /etc/init.d/firestarter start; fi
exit 0
[/code]

I like dk75s , i would have done it very similar, but i will wait for the update now.

after various tests i don't think this has anything to do with /etc/init.d/firestarter being run twice
rather with with partitions not mounted yet.

In my case it is /var where /etc/firestarter/firestarter.sh stores e.g. /var/lock/firestarter (see e.g. line 180)

what ever i do the first run of firestarter after boot or after installing (after being purged) it allways "exits with state 2"

So... the problem is that networking is starting before filesystem is up and running (and Firestarter with it).

yes and no

yes:
I have made it impossible for firestarter to get called twice during bootup and still got the error

no:
that wouldn't explain, why someone gets it also when installing firstarter (since then all partitions are mounted allready - supposedly)

[gutsy] /etc/network/if-up.d/50firestarter exited with return code 2

I still have this annoying problem on all my production gutsy servers, on one of them I can't get my nx session until a session is opened and firestarter started (?!)...

Waiting a real fix, what is the best dirty hack to apply ?

Hi guys..

I am ubuntu newbie ...and I was facing same problem of firestarter exited with return code 2 during bootup...
I tried a couple of things and realized that it happens only when 50firestarter is launched for interface 'lo' which is for loopback.
so I did this in the 50firestarter file:
----------------------------------------------------------
 #! /bin/sh

# quit if we're called for the loopback
if [ "$IFACE" = lo ]; then
        exit 0
fi

/etc/init.d/firestarter restart
----------------------------------------------------------

and now it does not show me this error. I do not know the reason, but I think it is safe as 'lo' is the first interface that gets initialized on my Ubuntu, so I assume firstarter will get restarted anyway once other interfaces are up... :)

Can anyone explain why it errors out for 'lo' ?

I am likewise experiencing this bug on my home PC, which is running Ubuntu 8.04. Upon reading the post by Sanyam located just above this post, I decided to insert the 'dirty hack' that Sanyam described into the 50firestarter file on my home PC.

To open the 50firestarter file for the purpose of editing it, I used the following shell command,

sudo gedit /etc/network/if-up.d/50firestarter

After saving my edit, I rebooted my PC and there was no change. Considering that no improvement resulted from Sanyam's dirty hack, I decided to remove the edit that I had pasted into my 50firestarter file.

While waiting for a solution to be discovered for the lack of persistence of the firestarter 1.0.3 program running on Ubuntu 8.04, perhaps my best option is to use a different firewall program for my home PC.

I agree with John, whenever the network interface name is not available, Firestarter fails. There is a dialogue under "Settings -> Auto started applications" in the GUI of XUbuntu. If Firestarter is only enabled there, it might work, as the networking interfaces should be available by the time the GUI starts up. Maybe not the safest choice when seconds count.

Ok, seems that I have the same problem in Ubuntu Hardy Heron.

Firestarter hangs up in the system boot, and when X starts reports me an error "no wireless interface found", so... I have to remove firestarter to do a "normal" start.

I have the files S40networking and S65 Firestarter... so firestarter starts up after networking, isn't it?

Anyway... I decided to use another firewall until problem is solved.

In Hardy is ufw already (ufw is a middleman between IPTABLES and user - like Firestarter, but it's shell command tool) and with gufw (GUI - Gnome ufw) it's really nice. I've tested it on 8.10 thought, but it should be gufw for Hardy too (I've seen it with Polish edition 8.04.1 so search for gufw at GetDeb or so...)

Hi again,

This is what I did- Let Firestarter start under my runlevel 2 to start on boot, but changed the code in /etc/if-up.d/Sxfirestarter to only start if there is a runlevel available. Thus, it doesn't start here on boot up, but it still starts when bringing the network up on a running system. It also starts up again after system hibernation. On my laptop I now get a red "Fail" at times during startup, but it may be the wireless which is not ready yet? The lock file is then still there though, and the gui shows when running "sudo firestarter status". On a virtual machine, this solution seems to work without any sign of failure (to me).

The changes:

/etc/network/if-down.d/S50firestarter:
<code>
#! /bin/sh

if [ -f /var/lock/firestarter ]
then
        /etc/init.d/firestarter stop
fi

exit 0

</code>

/etc/network/if-up.d/S50firestarter:
<code>
#! /bin/sh

if [ -f /var/lock/firestarter ]
then
        /etc/init.d/firestarter restart
else
# do not start here when system is booting - start at /etc/rc.x
        check_runlevel=`runlevel`
        if [ "$check_runlevel" != "N" ] && [ "$check_runlevel" != "unknown" ]
        then
                /etc/init.d/firestarter start
                echo "$check_runlevel"
        fi
fi

exit 0

</code>

/etc/rc2.d/S50firestarter:
<code>
#! /bin/sh

/etc/init.d/firestarter start

exit 0

</code>

I have the same issue on my Dell Latitude D620 with Ubuntu Intrepid 8.10 all patches applied.

I modified
/etc/network/if-down.d/50firestarter
/etc/network/if-up.d/50firestarter
(no 'S' before 50 in the filenames on my system)

as suggested by Johan.

The error:
run-parts: /etc/nework/if-up.d/50firestarter exited with return code 2

does not happen anymore, but the is a red "fail" later when the boot process tries to start Firestarter.

I could not modify the
/etc/rc2.d/S50firestarter
file because it is named S20firestarter and cointains many lines of code instead of just #! /bin/sh...

There is clearly a massive misconception as to what this bug is and what the effects are.
If either external or internal interface is down Firestarter does not start or discontinues operating.
The firewall shuts down leaving the box exposed on the Internet or local lan depending on the interface. This is a vulnerability. We could easily stack this right next to the openssl vulnerability in ubuntu's fine list of achievements over the last 6 months and yet it still has a low priority appended to it... ridiculous...
This bug needs to go into a CVE I can see a lot of potential people effected by this.

I think I've been hited by this bug, too. Firestarter do not start automatically on startup the system, supposedly it should starts when eth0 is brought up. Also when I try
- sudo ifup eth0
or
- sudo ifdown eth0
I can see the "return code 2" message and firestarter does not start.
On the other hand, executing directly
- sudo /etc/init.d/firestarter start
starts firestarter without any error.

Googling a little I have found a quite simple workaround that works for me. I have just reinstalled the firestarter package:
- sudo apt-get install --reinstall firestarter

This supposedly should do nothing at all (install the same version of the package that is already installed) but the fact is that the problem vanishes after this.

Perhaps there is some other package, the installation or upgrading of which somehow breaks firestarter configuration (??) that is restored reinstalling firestarter.

Good luck!

Firestarter aren't supported by Ubuntu devs anymore so I doub't that it will be resolved or gain high priority.
UFW is right now supported and recommended by Ubuntu devs and it have no such trouble.

This package has been removed from Ubuntu. Closing all related bugs.