Kees de Jong
2011-07-29 11:23:08 UTC
Hi,
I've been trying to file a bug report trough the bug report tool of
Debian. But without a succes.
So I'll just inform you all about this bug since I do want to inform you
about it.
I'm sorry this isn't the proper method, but bugreport isn't cooperative
with my SMTP for some reason.
I've discovered that fwsnort generates a small but significant syntax
error when this iptable rule is present: # ICMP echo request
$IPTABLES -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
The below fwsnort rule is generated which makes 'iptables-persistent'
crash on boot, which in turn boots Debian without a firewall.
-A FWSNORT_INPUT -p icmp -m icmp --icmp-type 8 -m string --hex-string"|
0102030405060708090a0b0c0d0e0f|" --algo bm --to 74 -m comment --comment
"sid:2100369; msg:GPL ICMP_INFO PING BayRS Router;
classtype:misc-activity; reference:arachnids,438; rev:7; FWS:1.5;" -j
LOG --log-prefix "[11] SID2100369 " --log-ip-options
The right syntax should be: --hex-string "|
0102030405060708090a0b0c0d0e0f|"
It's a small syntax error, I'm sorry I don't have the time to fix this
bug. I hope I've given enough information to you to fix this problem.
In the mean time this can be fixed by editing the saved iptable
configuration in /etc/iptables/rules.v4
To display some helpful debugging information you can run: #
iptables-restore < /etc/iptables/rules.v4
This will inform you of the line where this syntax error is. Then edit
it accordingly with your favorite text editor.
--
Kind regards,
Kees de Jong
De informatie opgenomen in dit bericht kan vertrouwelijk
zijn en is uitsluitend bestemd voor de
geadresseerde(n).
Indien u dit bericht onterecht ontvangt, wordt u
verzocht de inhoud niet te gebruiken en de afzender
direct te informeren door het bericht te retourneren.
--
The information contained in this message may be
confidential and is intended to be exclusively for the
addressee(s).
Should you receive this message unintentionally, please
do not use the contents herein and notify the sender
immediately by return e-mail.
I've been trying to file a bug report trough the bug report tool of
Debian. But without a succes.
So I'll just inform you all about this bug since I do want to inform you
about it.
I'm sorry this isn't the proper method, but bugreport isn't cooperative
with my SMTP for some reason.
I've discovered that fwsnort generates a small but significant syntax
error when this iptable rule is present: # ICMP echo request
$IPTABLES -A OUTPUT -p icmp --icmp-type 8 -j ACCEPT
The below fwsnort rule is generated which makes 'iptables-persistent'
crash on boot, which in turn boots Debian without a firewall.
-A FWSNORT_INPUT -p icmp -m icmp --icmp-type 8 -m string --hex-string"|
0102030405060708090a0b0c0d0e0f|" --algo bm --to 74 -m comment --comment
"sid:2100369; msg:GPL ICMP_INFO PING BayRS Router;
classtype:misc-activity; reference:arachnids,438; rev:7; FWS:1.5;" -j
LOG --log-prefix "[11] SID2100369 " --log-ip-options
The right syntax should be: --hex-string "|
0102030405060708090a0b0c0d0e0f|"
It's a small syntax error, I'm sorry I don't have the time to fix this
bug. I hope I've given enough information to you to fix this problem.
In the mean time this can be fixed by editing the saved iptable
configuration in /etc/iptables/rules.v4
To display some helpful debugging information you can run: #
iptables-restore < /etc/iptables/rules.v4
This will inform you of the line where this syntax error is. Then edit
it accordingly with your favorite text editor.
--
Kind regards,
Kees de Jong
De informatie opgenomen in dit bericht kan vertrouwelijk
zijn en is uitsluitend bestemd voor de
geadresseerde(n).
Indien u dit bericht onterecht ontvangt, wordt u
verzocht de inhoud niet te gebruiken en de afzender
direct te informeren door het bericht te retourneren.
--
The information contained in this message may be
confidential and is intended to be exclusively for the
addressee(s).
Should you receive this message unintentionally, please
do not use the contents herein and notify the sender
immediately by return e-mail.