Bug#862485: fwsnort mustn't set iptables rules when purged

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#862485: fwsnort mustn't set iptables rules when purged
From: Adrian Bunk <bunk@debian.org>
Date: Sat, 13 May 2017 17:03:14 +0300
Message-id: <[🔎] 149468419444.453.5347700095890788448.reportbug@localhost>
Reply-to: Adrian Bunk <bunk@debian.org>, 862485@bugs.debian.org

Package: fwsnort
Version: 1.6.5-3
Severity: critical
Tags: security

The #861999 fix adds the following on purging:
  grep -v FWSNORT /var/lib/fwsnort/fwsnort.save | iptables-restore

Imagine the following:
1. today I install fwsnort and try it
2. later today I uninstall it
3. 2 years later I purge all long-removed packages

This would in 2 years set the iptables rules to what they
were today before I shortly played with fwsnort.


A case could be made for "fwsnort --ipt-flush" in prerm.

Or considering that activating any fwsnort rules is not done
automatically and that the package should not interfere with
what the the admin has done.

Reply to:

Follow-Ups:
- Bug#862485: fwsnort mustn't set iptables rules when purged
  - From: Axel Beckert <abe@debian.org>
- Processed: Re: Bug#862485: fwsnort mustn't set iptables rules when purged
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#862485: fwsnort mustn't set iptables rules when purged
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Processed: Re: Bug#862485: fwsnort mustn't set iptables rules when purged
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Bug#862485: marked as done (fwsnort mustn't set iptables rules when purged)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#770369: bug fix for i386
Next by Date: Bug#862485: fwsnort mustn't set iptables rules when purged
Previous by thread: Bug#770369: bug fix for i386
Next by thread: Bug#862485: fwsnort mustn't set iptables rules when purged
Index(es):
- Date
- Thread