Christoph Anton Mitterer
2011-Aug-17 12:16 UTC
[Secure-testing-team] Bug#638449: iptables-persistent: rules aren''t loaded at all
Package: iptables-persistent Version: 0.5.2 Severity: critical Tags: security Justification: root security hole Hi. Since the most recent upload, rules aren''t loaded any more at all: Wed Aug 17 13:17:07 2011: Mounting local filesystems...done. Wed Aug 17 13:17:07 2011: Activating swapfile swap...done. Wed Aug 17 13:17:07 2011: Cleaning up temporary files.... Wed Aug 17 13:17:07 2011: Loading iptables rules... skipping IPv4 (no module loaded)... skipping IPv6 (no module loaded)...done. Wed Aug 17 13:17:07 2011: Setting kernel variables ...done. Wed Aug 17 13:17:07 2011: Cleaning up ifupdown.... Wed Aug 17 13:17:07 2011: Setting up resolvconf...done. Wed Aug 17 13:17:07 2011: Setting up networking.... Wed Aug 17 13:17:07 2011: Scheme unchanged. Wed Aug 17 13:17:07 2011: Configuring network interfaces...done. Not sure why the files you check for are not there at this point. Marking this as critical, and root sec hole, as it can easily be just this, if one trusts that certain rules are brought up. Chris. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, ''unstable'') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-heisenberg (SMP w/2 CPU cores; PREEMPT) Locale: LANG=en_DE.utf8, LC_CTYPE=en_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages iptables-persistent depends on: ii debconf [debconf-2.0] 1.5.41 Debian configuration management sy ii iptables 1.4.12-1 administration tools for packet fi ii lsb-base 3.2-27 Linux Standard Base 3.2 init scrip iptables-persistent recommends no packages. iptables-persistent suggests no packages. -- Configuration Files: /etc/init.d/iptables-persistent changed [not included] /etc/iptables/rules.v4 changed [not included] /etc/iptables/rules.v6 changed [not included] -- debconf information: * iptables-persistent/autosave_v6: false * iptables-persistent/autosave_v4: false