[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: libprocps3 procps update this morning causing shorewall/iptables routing problems.


On Thursday 24 May 2018 06:01 PM, Jonathan Wiltshire wrote:
> (CC because I'm not sure whether you're subscribed)
> 
> On 23/05/18 11:36, Luke Hall wrote:>>> This morning a number of our
> jessie firewall servers received these updates.
>>>>
>>>> 2018-05-23 06:53:20,879 INFO Allowed origins are:
>>>> ['origin=Debian,codename=jessie,label=Debian-Security']
>>>> 2018-05-23 06:53:23,120 INFO Packages that will be upgraded: libprocps3
>>>> procps
>>>> 2018-05-23 06:53:23,121 INFO Writing dpkg log to
>>>> '/var/log/unattended-upgrades/unattended-upgrades-dpkg.log'
>>>> 2018-05-23 06:53:24,836 INFO All upgrades installed
>>>>
>>>> Those machines, all running shorewall 4.6.4.3-2 and the 3.16.0-4-amd64
>>>> kernel stopped routing traffic through to hosts behind them and we found
>>>> it necessary to restart shorewall for this to resume. I will do some
>>>> further debugging this morning but I'm wondering if this affected anyone
>>>> else.
> 
> Do you have a stray 'net.ipv4.ip_forward=0' or similar in
> /etc/sysctl{.conf,.d}?
> 
> We also saw one instance of this problem, because the sysctls were
> reloaded during the update and so forwarding became disabled. Restarting
> shorewall of course fixes this by setting ip_forward back to 1.
> 
> All our other machines without ip_forward=0 in the configuration were
> unaffected.
> 
> 

Do you think it is a regression in recent upload of procps in
oldstable-security ?

--abhijith
Reply to: