Bug#862485: fwsnort mustn't set iptables rules when purged
Axel Beckert wrote:
> Point taken. Will move that line (or an "fwsnort --ipt-flush") into a
> (to be created) prerm and do another QA upload. (Unless you're already
> onto it. Feel free to do that.)
Unfortunately "fwsnort --ipt-flush" only flushes the chains but does
not remove the chains:
# iptables -L -v -n
Chain INPUT (policy ACCEPT 34 packets, 6672 bytes)
pkts bytes target prot opt in out source destination
22598 17M FWSNORT_INPUT all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 FWSNORT_FORWARD all -- !lo * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 34 packets, 2568 bytes)
pkts bytes target prot opt in out source destination
22777 1488K FWSNORT_OUTPUT all -- * !lo 0.0.0.0/0 0.0.0.0/0
Chain FWSNORT_FORWARD (1 references)
pkts bytes target prot opt in out source destination
Chain FWSNORT_FORWARD_ESTAB (0 references)
pkts bytes target prot opt in out source destination
Chain FWSNORT_INPUT (1 references)
pkts bytes target prot opt in out source destination
Chain FWSNORT_INPUT_ESTAB (0 references)
pkts bytes target prot opt in out source destination
Chain FWSNORT_OUTPUT (1 references)
pkts bytes target prot opt in out source destination
Chain FWSNORT_OUTPUT_ESTAB (0 references)
pkts bytes target prot opt in out source destination
So a little bit more is needed in prerm to properly clean up: First
remove the remaining references to FWSNORT_* chains, then delete all
FWSNORT_* chains.
Regards, Axel
--
,''`. | Axel Beckert <abe@debian.org>, http://people.debian.org/~abe/
: :' : | Debian Developer, ftp.ch.debian.org Admin
`. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5
`- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDE
Reply to: