Bug#861999: marked as done (fwsnort: Doesn't remove firewall rules on package purge)

To: Axel Beckert <abe@debian.org>
Subject: Bug#861999: marked as done (fwsnort: Doesn't remove firewall rules on package purge)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 07 May 2017 12:09:13 +0000
Message-id: <[🔎] handler.861999.D861999.149415864217385.ackdone@bugs.debian.org>
References: <E1d7Kuu-000EOI-R8@fasolo.debian.org> <[🔎] 87ziepcaf6.fsf@c-cactus.ontheroad.deuxchevaux.org>

Your message dated Sun, 07 May 2017 12:04:00 +0000
with message-id <E1d7Kuu-000EOI-R8@fasolo.debian.org>
and subject line Bug#861999: fixed in fwsnort 1.6.5-3
has caused the Debian Bug report #861999,
regarding fwsnort: Doesn't remove firewall rules on package purge
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
861999: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861999
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: fwsnort: Doesn't remove firewall rules on package purge
From: Axel Beckert <abe@debian.org>
Date: Sun, 07 May 2017 10:56:29 +0200
Message-id: <[🔎] 87ziepcaf6.fsf@c-cactus.ontheroad.deuxchevaux.org>

Package: fwsnort
Version: 1.6.5-1
Severity: important

Hi,

while working on the recent RC bug in fwsnort (#860164) I noticed that
all the firewall rules created by fwsnort are not removed upon purging
the package.

But since the package does not create them automatically and they're
only created if the program is actually used as intented, I think it's
less severe than e.g. piuparts reporting leftover files after purge.

On a first glance, simply calling "fwsnort --ipt-revert" in prerm
suffices, but then again, /usr/sbin/fwsnort might be no more there, if
the package was already removed, but not purged. Luckily, when looking
what this option actually does, I noticed that it boils down to the very
simple oneliner:

  grep -v FWSNORT /var/lib/fwsnort/fwsnort.save | iptables-restore

So I'll add this to the postrm script before deleting the fwsnort.save
file, calling it only if that file exists.

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (980, 'unstable-debug'), (600, 'testing'), (111, 'buildd-unstable'), (111, 'buildd-experimental'), (110, 'experimental'), (105, 'experimental-debug')
Architecture: amd64
 (x86_64)

Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fwsnort depends on:
ii  debconf [debconf-2.0]   1.5.60
ii  iptables                1.6.0+snapshot20161117-6
ii  libiptables-parse-perl  1.6-1
ii  libnet-rawip-perl       0.25-2+b3
ii  libnetaddr-ip-perl      4.079+dfsg-1+b1
pn  perl:any                <none>

Versions of packages fwsnort recommends:
pn  snort-rules-default  <none>

fwsnort suggests no packages.

-- debconf information:
* fwsnort/download: true

--- End Message ---

--- Begin Message ---

To: 861999-close@bugs.debian.org
Subject: Bug#861999: fixed in fwsnort 1.6.5-3
From: Axel Beckert <abe@debian.org>
Date: Sun, 07 May 2017 12:04:00 +0000
Message-id: <E1d7Kuu-000EOI-R8@fasolo.debian.org>

Source: fwsnort
Source-Version: 1.6.5-3

We believe that the bug you reported is fixed in the latest version of
fwsnort, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 861999@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Axel Beckert <abe@debian.org> (supplier of updated fwsnort package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 07 May 2017 11:47:15 +0200
Source: fwsnort
Binary: fwsnort
Architecture: source all
Version: 1.6.5-3
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Description:
 fwsnort    - Snort-to-iptables rule translator
Closes: 861999
Changes:
 fwsnort (1.6.5-3) unstable; urgency=medium
 .
   * QA upload.
   * Remove all fwsnort generated firewall rules upon purge.
     (Closes: #861999)
   * Fix debian/copyright syntax by using a separate License stanza.
Checksums-Sha1:
 d7845ee054c60e4a81c676e93e7f43b9559aabc6 1888 fwsnort_1.6.5-3.dsc
 7ca9da025b6794f3a0faedb31bd4677a8a15816d 7924 fwsnort_1.6.5-3.debian.tar.xz
 67e54cd52df50163a8eae224889a43158e1d4d94 62060 fwsnort_1.6.5-3_all.deb
 2db89200abef0d09e37f397e99500722738e9823 5516 fwsnort_1.6.5-3_amd64.buildinfo
Checksums-Sha256:
 e913fa4c0e8fae5acfbf579025ca85eb5c0f677f8197509c7c6e4201add48d65 1888 fwsnort_1.6.5-3.dsc
 28fa98ccbe2fd0401cffa3e14167a1aedb82004fa40a9dba2741948b3f71576e 7924 fwsnort_1.6.5-3.debian.tar.xz
 99debb305840597f9ced731e59a84433eab0858f76fdea648cf2ff331357aeae 62060 fwsnort_1.6.5-3_all.deb
 9cbb181e20ffce834859c24882e09f66b359043584181796c93617121be0392d 5516 fwsnort_1.6.5-3_amd64.buildinfo
Files:
 9144c4a4d47bf29203da5c0ea22deee1 1888 admin optional fwsnort_1.6.5-3.dsc
 0aff9b4c2b12e445ac2381bd7224d50e 7924 admin optional fwsnort_1.6.5-3.debian.tar.xz
 a9d3fce05727df4d9ee68b34809da9c1 62060 admin optional fwsnort_1.6.5-3_all.deb
 4a56da207a27fa1bc5fc4667f6b1c808 5516 admin optional fwsnort_1.6.5-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAlkO9sQACgkQa+Zjx1o1
yXXaNRAAut/LI1p3tORVOxkNsdYmmVHXHxhgVft+Qi2SodfK00xqGIZtFcup4OY+
EJYTl/dh/1OXKYDSQh2siLjGvHAub0Uj+mobWqsSOdSJRCpkdsNxT8CNjmL4behJ
mYwQx6Xv9WVt9Y9vFf9agaQ15mUZ3F/54/EZNYeT106c6l1gZB4/62g3kNVw6bVz
G+UNUH+KBVlWKQhezlhpwipPpHVPsxE3WYvu7FMPYhtwpwuqW1WD9BtgTsYHowaw
xs4nrJ6lcafOkYOCoTbnKBB3e8BPoXfLCoq1gdLs1xas+UZHqrJqNxrOAmrNs5gD
OYA1MFb9ONl3AUiLBQ/C2FyrpKQBlh3hQU6U7c86AQrZUhlecB9SLZZId9M4/ouZ
3mal4OgS5lFXLfX55Ig2q5dsPO4X+32k2rOCEQhZxu/sUzhYr55Ztu/yUcXy76gc
ixo3EWGuhNKA9pGPhXqwCTUahARFFyfWNb5PndYsK7ZuWWFs4Sb3GOMYW7h6ZEFE
8SvBQHQ0D1J+a/zReBJq7rCSPnV7743gvapX4wqOcED+G1KW6+sPqsO+lXXV1Yv6
uSzRk8OJcbFgNT6P5Kl9Zu36p4HLhKmSq3dEDHDega1tWRBAej8bjHJkdJ0H2+kN
f5yQM/knmFUYHcBukug2CZ7m6MvN5Yoz1Kx3+l6KETJQHu1FP7g=
=0EoG
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#861999: fwsnort: Doesn't remove firewall rules on package purge
  - From: Axel Beckert <abe@debian.org>

Prev by Date: Processing of fwsnort_1.6.5-3_amd64.changes
Next by Date: fwsnort_1.6.5-3_amd64.changes ACCEPTED into unstable
Previous by thread: Bug#861999: fwsnort: Doesn't remove firewall rules on package purge
Next by thread: Bug#861736:
Index(es):
- Date
- Thread