Re: firewall

To: debian-security@lists.debian.org
Subject: Re: firewall
From: Nathan E Norman <nnorman@micromuse.com>
Date: Mon, 10 Sep 2001 14:36:50 -0500
Message-id: <[🔎] 20010910143650.E15723@micromuse.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 863d5uriwd.fsf@potato.vegetable.org.uk>
References: <[🔎] Pine.SOL.4.31.0109101203410.21149-100000@strauss.udel.edu> <[🔎] 86g09vqaou.fsf@potato.vegetable.org.uk> <[🔎] 20010910182739.A23525@rhamphoryncus.dyndns.org> <[🔎] 863d5uriwd.fsf@potato.vegetable.org.uk>

On Mon, Sep 10, 2001 at 07:38:10PM +0100, Tim Haynes wrote:
> Adam Olsen <rhamph@d2dc.net> writes:
> 
> > > It should be sufficient to do
> > >         update-rc.d -f portmap remove
> > >         update-rc.d -f lpd remove
> > >         update-rc.d -f bind remove
> > 
> > As an aside, I did this with proftpd, but when I upgrade the install
> > scripts restart it. Is there a proper way way to deal with this? Is there
> > some debian policy relating to it?
> 
> No real answer from me, but I've noticed this too - whenever I `apt-get
> dist-upgrade' and get a new version of a package, it starts the services
> required. Don't like it. I really want to be able to specify otherwise.

If you read the manpage for update-rc.d, you'll note that it says 

  If any files /etc/rcrunlevel.d/[SK]??name already exist then
  update-rc.d does nothing.  This is so that the system administrator
  can rearrange the  links,  provided that  they  leave  at  least one
  link remaining, without having their configuration overwritten.

So, to leave a service installed but not starting, you need to leave
at least one K link.

if you're saying "hey, that's not intuitive", you're right.  See 

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=67095&repeatmerged=yes

for more discussion.

Incidentally, debian has another daemon issue ... whether daemons
should start immediately after installation.  This is in fact why the
above problem happens ... since no start/stop links are found, it's
assumed that this is a new installation of the daemon, so it's started
for you.  However, many would like the ability to prevent daemons from
automatically starting after installation even if this is a new
install.

There's been much discussion on d-devel about this problem, and how to
solve it.  While it's clear most everyone agrees it's a problem, I
don't know that consensus has been reached on how to solve it.

HTH,

-- 
Nathan Norman - Staff Engineer | A good plan today is better
Micromuse Ltd.                 | than a perfect plan tomorrow.
mailto:nnorman@micromuse.com   |   -- Patton

Attachment: pgp5tHyldrYYN.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: firewall
  - From: Adam Olsen <rhamph@d2dc.net>

References:
- Re: firewall
  - From: Rishi L Khan <rishi@UDel.Edu>
- Re: firewall
  - From: Tim Haynes <usenet@stirfried.vegetable.org.uk>
- Re: firewall
  - From: Adam Olsen <rhamph@d2dc.net>
- Re: firewall
  - From: Tim Haynes <debian@stirfried.vegetable.org.uk>

Prev by Date: Re: Listening Ports
Next by Date: open ports
Previous by thread: Re: firewall
Next by thread: Re: firewall
Index(es):
- Date
- Thread