Ubuntu
firehol package

init.d script not supporting option "status"

Bug #185978 reported by Erik Holst Trans
10
Affects Status Importance Assigned to Milestone
firehol (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: firehol

The init.d script that calls firehol needs to be able to return the status in the same way other init scripts do it.

The options below are supported by the firehol scipt itself.

 //----------------------------snip---------------------------------------------

start to activate the firewall configuration.

                        The configuration is expected to be found in
                        /etc/firehol/firehol.conf

        try to activate the firewall, but wait until
                        the user types the word "commit". If this word
                        is not typed within 30 seconds, the previous
                        firewall is restored.

        stop to stop a running iptables firewall.
                        This will allow all traffic to pass unchecked.

        restart this is an alias for start and is given for
                        compatibility with /etc/init.d/iptables.

        condrestart will start the firewall only if it is not
                        already active. It does not detect a modified
                        configuration file.

        status will show the running firewall, as in:
                        /sbin/iptables -nxvL | /usr/bin/less

        panic will block all IP communication.

        save to start the firewall and then save it to the
                        place where /etc/init.d/iptables looks for it.

                        Note that not all firewalls will work if
                        restored with:
                        /etc/init.d/iptables start

        debug to parse the configuration file but instead of
                        activating it, to show the generated iptables
                        statements.

        explain to enter interactive mode and accept configuration
                        directives. It also gives the iptables commands
                        for each directive together with reasoning.

        helpme or to enter a wizard mode where FireHOL will try
        wizard to figure out the configuration you need.
                        You can redirect the standard output of FireHOL to
                        a file to get the config to this file.

        <a filename> a different configuration file.
                        If not other argument is given, the configuration
                        will be "tried" (default = try).
                        Otherwise the argument next to the filename can
                        be one of 'start', 'debug' and 'try'.

See original description

Related branches

lp:debian/firehol
Erik Holst Trans (eht-it-trans)
description: updated
description: updated
Revision history for this message
Johnathon (kirrus) wrote :

Confirming & Assigning to MOTU

Changed in firehol:
assignee: nobody → motu
status: New → Confirmed
Revision history for this message
Johnathon (kirrus) wrote :

Thanks for your bug report. I think that this is a wishlist priority bug.
I've seen this in my own experience & use of firehol, hence confirmation.

Revision history for this message
Miguel Ruiz (mruiz) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

I'll start this task during the next week. Mathias Gug will guide me trough the process.

Cheers!

Changed in firehol:
assignee: motu → mruiz
status: Confirmed → In Progress
Revision history for this message
Johnathon (kirrus) wrote :

Any luck with this one Miguel?

Miguel Ruiz (mruiz)
Changed in firehol:
assignee: mruiz → nobody
status: In Progress → Incomplete
Johnathon (kirrus)
Changed in firehol:
status: Incomplete → Confirmed
Revision history for this message
ceg (ceg) wrote :

The init script should handle/pass on the status option as expected from an init script. For the other options howeverver, calling the firehol script directly seems just all right.

# firehol panic

ceg (ceg)
description: updated
summary: - The rcS.d script for firehol is missing some options
+ init.d script not supporting option "status"
Revision history for this message
ceg (ceg) wrote :

howto at: https://wiki.ubuntu.com/InitScriptStatusActions

Revision history for this message
ceg (ceg) wrote :

status could check if current iptables match those firehol generates from its configuration ("firehol debug") else dispay the diff.

Revision history for this message
Mahyuddin Susanto (udienz) wrote :

I think Erick want to show current iptables and not pid file based in /proc. I try to read about firehol. and please try this debdiff, hope it works

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package firehol - 1.296-1

---------------
firehol (1.296-1) unstable; urgency=low

  * New maintainer (Closes: #660524).
  * New upstream version (Closes: #607785):
    - Removed depedency to get-iana.sh and to RESERVED_IPS
      (Closes: #583176, #565737, #574458, #598324, #455754, #536609, #558288),
      thanks to Cristian Ionescu-Idbohrn <email address hidden>
      (#536609), to Adrian Bridgett <email address hidden> (#583176);
    - Updated documentations (Closes: #571727);
    - Improved kernel modules management (Closes: #610249);
    - Simplified quoting in log prefix (Closes: #443051) (LP: #253843);
    - Passive FTP fix (Closes: #563655), thanks to Toni Mueller
      <email address hidden>;
    - Minor improvements and fixes.
  * Update to source format 3.0 (quilt).
  * Bump debhelper build-dep to >= 9.
  * Bump Standards Version to 3.9.4.
  * Rewrite debian/rules:
    - use dh sequencer with minimal external Makefile.
  * Revisit debian/control.
  * Add empty but commented watch file.
  * Correct manpages.
  * Remove RESERVED_IPS as it is no more mandatory, nevertheless
    /usr/share/doc/firehol/examples contains an updated minimal version.
  * Move get-iana.sh to /usr/share/doc/firehol/examples
    as RESERVED_IPS is no more mandatory.
  * Render /etc/init.d/firehol independ from /usr tree.
  * Add `status' option support to /etc/init.d/firehol (LP: #185978).
  * Convert debian/copyright to DEP-5 format.
  * Conform debian/patches/ patches to DEP-3 format.
  * Generate now temporary directory with mktemp (Closes: #496424),
    thanks to Phil Whineray for pointing to it.
  * Now plainly use iproute (Red Hat Bugzilla: #784520),
    thanks to Phil Whineray for hardening the original RedHat patch.
  * Temporary files are now left behind in case of error (Closes: #703341),
    thanks to Phil Whineray who backported the sanewall patch to FireHOL.
  * `panic' option has been rationalized (Closes: #536675),
    thanks to Andrew Schulman and Phil Whineray.
  * Standard patch naming scheme (Closes: #705731), thanks to
    Jari Aalto <email address hidden>.
  * Whitespace cleanup, thanks to Jari Aalto <email address hidden>.

 -- Jerome Benoit <email address hidden> Sat, 20 Apr 2013 07:06:57 +0000

Changed in firehol (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.