Debian Bug report logs - #219686
lokkit does not start on bootup

version graph

Package: iptables; Maintainer for iptables is Laurence J. Lane <ljlane@debian.org>; Source for iptables is src:iptables.

Reported by: Faheem Mitha <faheem@email.unc.edu>

Date: Sat, 8 Nov 2003 01:48:05 UTC

Severity: critical

Tags: patch, security

Fixed in version iptables/1.2.11-4

Done: Steve Langasek <vorlon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Chris Lawrence <lawrencc@debian.org>:
Bug#219686; Package lokkit. Full text and rfc822 format available.

Acknowledgement sent to Faheem Mitha <faheem@email.unc.edu>:
New Bug report received and forwarded. Copy sent to Chris Lawrence <lawrencc@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Faheem Mitha <faheem@email.unc.edu>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: lokkit does not start on bootup
Date: Fri, 07 Nov 2003 20:44:41 -0500
Package: lokkit
Version: 0.50.22-4
Severity: normal

For reasons that are not clear to me, lokkit does not start on bootup. I
have to run 

/etc/init.d/lokkit start

to get it to boot. 

The runlevel links are present as expected, so this is puzzling.

-- System Information:
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux Chrestomanci 2.4.21.030909 #1 Tue Sep 9 22:57:14 EDT 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages lokkit depends on:
ii  iptables                      1.2.8-4    IP packet filter administration to
ii  libc6                         2.3.2-9    GNU C Library: Shared libraries an
ii  libnewt0.51                   0.51.4-18  Not Erik's Windowing Toolkit - tex
ii  libpopt0                      1.7-2      lib for parsing cmdline parameters
ii  slang1a-utf8                  1.4.9-2    The S-Lang programming library wit

-- no debconf information




Information forwarded to debian-bugs-dist@lists.debian.org, Chris Lawrence <lawrencc@debian.org>:
Bug#219686; Package lokkit. Full text and rfc822 format available.

Acknowledgement sent to Anssi Porttikivi <app@iki.fi>:
Extra info received and forwarded to list. Copy sent to Chris Lawrence <lawrencc@debian.org>. Full text and rfc822 format available.

Message #10 received at 219686@bugs.debian.org (full text, mbox):

From: Anssi Porttikivi <app@iki.fi>
To: 219686@bugs.debian.org
Subject: Something to do with iptables/netfilter related modules initializations
Date: Tue, 10 Aug 2004 23:39:55 +0300
I am running Sarge and I have the exact same syndrome. I noticed that it 
has something to do with ip_tables modules initialization. Manually 
adding one extra "iptables -L" or "modprobe ip_tables" in the beginning 
of the /etc/default/lokkit solves it, but is overwritten by your next 
"lokkit"....

On the other hand, fiddling with numbering of /etc/rcX.d S-scripts does 
not help.



Information forwarded to debian-bugs-dist@lists.debian.org, Chris Lawrence <lawrencc@debian.org>:
Bug#219686; Package lokkit. Full text and rfc822 format available.

Acknowledgement sent to Anssi Porttikivi <app@iki.fi>:
Extra info received and forwarded to list. Copy sent to Chris Lawrence <lawrencc@debian.org>. Full text and rfc822 format available.

Message #15 received at 219686@bugs.debian.org (full text, mbox):

From: Anssi Porttikivi <app@iki.fi>
To: 219686@bugs.debian.org
Subject: So the proper manual fix as now is to add ip_tables to /etc/modules
Date: Fri, 13 Aug 2004 15:11:53 +0300
Come to think of it, the proper manual fix as now is to add ip_tables to 
/etc/modules. That way the loading of ip_tables kernel module is not 
dependent on the lokkit settings or possible re-installations.




Information forwarded to debian-bugs-dist@lists.debian.org, Chris Lawrence <lawrencc@debian.org>:
Bug#219686; Package lokkit. Full text and rfc822 format available.

Acknowledgement sent to Mikko Rapeli <mikko.rapeli@iki.fi>:
Extra info received and forwarded to list. Copy sent to Chris Lawrence <lawrencc@debian.org>. Full text and rfc822 format available.

Message #20 received at 219686@bugs.debian.org (full text, mbox):

From: Mikko Rapeli <mikko.rapeli@iki.fi>
To: 219686@bugs.debian.org
Cc: debian-firewall@lists.debian.org, netfilter-devel@lists.netfilter.org
Subject: a small bug in iptables.c and ip6tables.c get_modprobe()
Date: Thu, 14 Oct 2004 02:53:42 +0300
[Message part 1 (text/plain, inline)]
Hello,

This #219686 Lokkit bug in Debian is not actually a Lokkit bug but an iptables
bug, heh. Firewall or other scripts should not have to load iptables 
modules since iptables the executable can do it for them. strace and gdb
showed - after some head scratching - why an 'iptables -L' or 
'iptables -N foo' loaded the modules but 'iptables -N RH-Lokkit-0-50-INPUT' 
did not.

Attached patches fixes this in iptables 1.2.9, which is now in Debian
testing, and they also apply to the latest 1.2.11 from netfilter.org.

I'm not on the Cc'd lists, so could you please Cc me in if you reply,
thanks.

-Mikko
[iptables_modprobe_fix.patch (text/plain, attachment)]
[ip6tables_modprobe_fix.patch (text/plain, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Chris Lawrence <lawrencc@debian.org>:
Bug#219686; Package lokkit. Full text and rfc822 format available.

Acknowledgement sent to Martin Schulze <joey@infodrom.org>:
Extra info received and forwarded to list. Copy sent to Chris Lawrence <lawrencc@debian.org>. Full text and rfc822 format available.

Message #25 received at 219686@bugs.debian.org (full text, mbox):

From: Martin Schulze <joey@infodrom.org>
To: Mikko Rapeli <mikko.rapeli@iki.fi>
Cc: 219686@bugs.debian.org, debian-firewall@lists.debian.org, netfilter-devel@lists.netfilter.org
Subject: Re: a small bug in iptables.c and ip6tables.c get_modprobe()
Date: Tue, 26 Oct 2004 16:09:31 +0200
Mikko Rapeli wrote:
> Hello,
> 
> This #219686 Lokkit bug in Debian is not actually a Lokkit bug but an iptables
> bug, heh. Firewall or other scripts should not have to load iptables 
> modules since iptables the executable can do it for them. strace and gdb
> showed - after some head scratching - why an 'iptables -L' or 
> 'iptables -N foo' loaded the modules but 'iptables -N RH-Lokkit-0-50-INPUT' 
> did not.
> 
> Attached patches fixes this in iptables 1.2.9, which is now in Debian
> testing, and they also apply to the latest 1.2.11 from netfilter.org.

Thanks a lot Mikko!  This problem has been assigned CAN-2004-0986.

-- 
Testing? What's that? If it compiles, it is good, if it boots up, it is perfect.

Please always Cc to me when replying to me on the lists.



Bug reassigned from package `lokkit' to `iptables'. Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. Full text and rfc822 format available.

Tags added: patch, security, sarge, sid, patch Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. Full text and rfc822 format available.

Severity set to `critical'. Request was from Martin Schulze <joey@infodrom.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, ljlane@debian.org (Laurence J. Lane):
Bug#219686; Package iptables. Full text and rfc822 format available.

Acknowledgement sent to Frank Lichtenheld <djpig@debian.org>:
Extra info received and forwarded to list. Copy sent to ljlane@debian.org (Laurence J. Lane). Full text and rfc822 format available.

Message #36 received at 219686@bugs.debian.org (full text, mbox):

From: Frank Lichtenheld <djpig@debian.org>
To: 219686@bugs.debian.org
Subject: Patch
Date: Fri, 29 Oct 2004 21:27:16 +0200
[Message part 1 (text/plain, inline)]
hi.

I've prepared a complete upload from the patch given in the bug report.
Will there be an upload soon, or should we NMU this?

Gruesse,
-- 
Frank Lichtenheld <djpig@debian.org>
www: http://www.djpig.de/
[iptables.219686.patch (text/plain, attachment)]

Reply sent to ljlane@debian.org (Laurence J. Lane):
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Faheem Mitha <faheem@email.unc.edu>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #41 received at 219686-close@bugs.debian.org (full text, mbox):

From: ljlane@debian.org (Laurence J. Lane)
To: 219686-close@bugs.debian.org
Subject: Bug#219686: fixed in iptables 1.2.11-4
Date: Sun, 31 Oct 2004 22:17:03 -0500
Source: iptables
Source-Version: 1.2.11-4

We believe that the bug you reported is fixed in the latest version of
iptables, which is due to be installed in the Debian FTP archive:

iptables-dev_1.2.11-4_i386.deb
  to pool/main/i/iptables/iptables-dev_1.2.11-4_i386.deb
iptables_1.2.11-4.dsc
  to pool/main/i/iptables/iptables_1.2.11-4.dsc
iptables_1.2.11-4.tar.gz
  to pool/main/i/iptables/iptables_1.2.11-4.tar.gz
iptables_1.2.11-4_i386.deb
  to pool/main/i/iptables/iptables_1.2.11-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 219686@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laurence J. Lane <ljlane@debian.org> (supplier of updated iptables package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 31 Oct 2004 18:56:52 -0500
Source: iptables
Binary: iptables iptables-dev
Architecture: source i386
Version: 1.2.11-4
Distribution: unstable
Urgency: medium
Maintainer: Laurence J. Lane <ljlane@debian.org>
Changed-By: Laurence J. Lane <ljlane@debian.org>
Description: 
 iptables   - Linux kernel 2.4+ iptables administration tools
 iptables-dev - development files for iptable's libipq and libiptc
Closes: 219686
Changes: 
 iptables (1.2.11-4) unstable; urgency=medium
 .
   * Closes: #219686, CAN-2004-0986, modprobe load error, reported by
     Faheem Mitha, fixed by upstream. Thanks. (modprobe.patch)
   * added missing upstream changelogs
Files: 
 acef4fe44cde0d44eb089145cd6e2f00 551 net important iptables_1.2.11-4.dsc
 7cb10a7314bad2d647638e357dbe7393 1318677 net important iptables_1.2.11-4.tar.gz
 bf31e96a96e60d9675f56e0cef971df8 379346 net important iptables_1.2.11-4_i386.deb
 858ad72b2a6ec851021633ede5be8028 125718 devel optional iptables-dev_1.2.11-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBhaeFxJBkNlXToekRAg3+AJ4siofeBxhNU9kEEF51DvopTagUWwCcC/Gc
LKFmn5xc2PdinkIkICtDt0Y=
=4HPy
-----END PGP SIGNATURE-----




Bug reopened, originator not changed. Request was from Adrian Bunk <bunk@stusta.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: sid Request was from Adrian Bunk <bunk@stusta.de> to control@bugs.debian.org. Full text and rfc822 format available.

Tags removed: sarge Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug closed, send any further explanations to Faheem Mitha <faheem@email.unc.edu> Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 21:54:02 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.