Closed arjhun closed 10 years ago
Did you try running it manually from the commandline as well? And mind posting the output of 'ifconfig' ?
a.
On 01-Dec-13 15:04, arjhun wrote:
I started getting an error when starting my firewall.
Arno's Iptables Firewall Script v2.0.0c Platform: Linux 3.8.0-32-generic i686 WARNING: External interface eth0 does NOT exist (yet?) WARNING: External interface tun0 does NOT exist (yet?)
My interfaces are are up and running.
When I isolate the check_interfaces and run a simple test it returns 1 not 0.
When I check
sudo bash -x /usr/sbin/arno-iptables-firewall restart 2>&1 grep check_interface it shows
|+ check_interface eth0
- check_interface tun0 |
here is my full verbose output of a restart:
[40m[1;32mArno's Iptables Firewall Script v2.0.0c[0m Platform: Linux 3.8.0-32-generic i686 [40m[1;31mWARNING: External interface tun0 does NOT exist (yet?)[0m Stopping (user) plugins... SSH Brute-Force Protection plugin v1.1a Checking/probing Iptables modules: Loaded kernel module ip_tables. Loaded kernel module nf_conntrack. Loaded kernel module nf_conntrack_ftp. Loaded kernel module xt_conntrack. Loaded kernel module xt_limit. Loaded kernel module xt_state. Loaded kernel module xt_multiport. Loaded kernel module iptable_filter. Loaded kernel module iptable_mangle. Loaded kernel module ipt_REJECT. Loaded kernel module ipt_LOG. Loaded kernel module xt_TCPMSS. Loaded kernel module xt_DSCP. Loaded kernel module iptable_nat. Module check done... Setting the kernel ring buffer to only log panic messages to the console Configuring general kernel parameters: Setting the max. amount of simultaneous connections to 16384 Configuring kernel parameters: Disabling send redirects Enabling protection against source routed packets Enabling packet forwarding Setting some kernel performance options Enabling reduction of the DoS'ing ability Enabling anti-spoof with rp_filter Enabling SYN-flood protection via SYN-cookies Disabling the logging of martians Disabling the acception of ICMP-redirect messages Setting default TTL=64 Disabling ECN (Explicit Congestion Notification) Enabling kernel support for dynamic IPs Enabling PMTU discovery Flushing route table Kernel setup done... Initializing firewall chains Setting all default policies to DROP while "setting up firewall rules" IPv4 mode selected but IPv6 available, DROP all IPv6 packets Using loglevel "info" for syslogd
Setting up firewall rules:
Enabling setting the maximum packet size via MSS Enabling mangling TOS Logging of stealth scans (nmap probes etc.) enabled Logging of packets with bad TCP-flags enabled Logging of INVALID TCP packets disabled Logging of INVALID UDP packets disabled Logging of INVALID ICMP packets disabled Logging of fragmented packets enabled Logging of access from reserved addresses enabled Reading custom rules from /etc/arno-iptables-firewall/custom-rules Checking for (user) plugins in /usr/share/arno-iptables-firewall/plugins... SSH Brute-Force Protection plugin v1.1a Loaded kernel module xt_recent. Allowing bypass of SSH protection checks for: malevich Protecting TCP port(s): 22 Loaded 1 plugin(s)... Setting up external(INET) INPUT policy Logging of ICMP flooding enabled Enabling support for DHCP-assigned-IP (DHCP client) Logging of explicitly blocked hosts enabled Logging of denied local output connections enabled Packets will NOT be checked for private source addresses Allowing ANYHOST for TCP port(s): 80 Allowing ANYHOST for TCP port(s): 21 Allowing ANYHOST for TCP port(s): 22 Allowing ANYHOST for TCP port(s): 1194 Allowing ANYHOST for TCP port(s): 8112 Allowing ANYHOST for TCP port(s): 4040 Allowing ANYHOST for TCP port(s): 10000 Allowing ANYHOST for TCP port(s): 53 Allowing ANYHOST for TCP port(s): 137 Allowing ANYHOST for TCP port(s): 138 Allowing ANYHOST for TCP port(s): 139 Allowing ANYHOST for TCP port(s): 443 Allowing ANYHOST for TCP port(s): 445 Allowing ANYHOST for TCP port(s): 631 Allowing ANYHOST for TCP port(s): 58846 Allowing ANYHOST for TCP port(s): 873 Allowing ANYHOST for TCP port(s): 17500 Allowing ANYHOST for TCP port(s): 6566 Allowing ANYHOST for TCP port(s): 50000:50200 Allowing ANYHOST for TCP port(s): 8094 Allowing ANYHOST for TCP port(s): 4444 Allowing ANYHOST for TCP port(s): 23423 Allowing ANYHOST for TCP port(s): 8895 Allowing ANYHOST for TCP port(s): 8228 Allowing ANYHOST for UDP port(s): 80 Allowing ANYHOST for UDP port(s): 21 Allowing ANYHOST for UDP port(s): 22 Allowing ANYHOST for UDP port(s): 1194 Allowing ANYHOST for UDP port(s): 8112 Allowing ANYHOST for UDP port(s): 4040 Allowing ANYHOST for UDP port(s): 10000 Allowing ANYHOST for UDP port(s): 53 Allowing ANYHOST for UDP port(s): 137 Allowing ANYHOST for UDP port(s): 138 Allowing ANYHOST for UDP port(s): 139 Allowing ANYHOST for UDP port(s): 443 Allowing ANYHOST for UDP port(s): 445 Allowing ANYHOST for UDP port(s): 631 Allowing ANYHOST for UDP port(s): 58846 Allowing ANYHOST for UDP port(s): 873 Allowing ANYHOST for UDP port(s): 17500 Allowing ANYHOST for UDP port(s): 6566 Allowing ANYHOST for UDP port(s): 50000:50200 Allowing ANYHOST for UDP port(s): 8094 Allowing ANYHOST for UDP port(s): 4444 Allowing ANYHOST for UDP port(s): 1900 Allowing ANYHOST for UDP port(s): 8228 Allowing ANYHOST to send IPv4 ICMP-requests (ping) Logging of possible stealth scans enabled Logging of (other) packets to PRIVILEGED TCP ports enabled Logging of (other) packets to PRIVILEGED UDP ports enabled Logging of (other) packets to UNPRIVILEGED TCP ports enabled Logging of (other) packets to UNPRIVILEGED UDP ports enabled Logging of IGMP packets enabled Logging of dropped ICMP-request(ping) packets enabled Logging of dropped other ICMP packets enabled Logging of other IP protocols (non TCP/UDP/ICMP/IGMP) packets enabled Setting up external(INET) OUTPUT policy Applying external(INET) policy to interface: eth0 (without an external subnet specified) Applying external(INET) policy to interface: tun0 (without an external subnet specified) Security is LOOSENED for external interface(s) in the FORWARD chain! Logging of dropped FORWARD packets enabled
Dec 01 15:03:04 [40m[1;32mAll firewall rules applied.[0m
— Reply to this email directly or view it on GitHub https://github.com/arno-iptables-firewall/aif/issues/5.
Arno van Amersfoort E-mail : arnova@rocky.eld.leidenuniv.nl
Arno's (Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
Oh and please provide the output of "ip -o link show" as well.
a.
On 01-Dec-13 15:04, arjhun wrote:
I started getting an error when starting my firewall.
Arno's Iptables Firewall Script v2.0.0c Platform: Linux 3.8.0-32-generic i686 WARNING: External interface eth0 does NOT exist (yet?) WARNING: External interface tun0 does NOT exist (yet?)
My interfaces are are up and running.
When I isolate the check_interfaces and run a simple test it returns 1 not 0.
When I check
sudo bash -x /usr/sbin/arno-iptables-firewall restart 2>&1 grep check_interface it shows
|+ check_interface eth0
- check_interface tun0 |
here is my full verbose output of a restart:
[40m[1;32mArno's Iptables Firewall Script v2.0.0c[0m Platform: Linux 3.8.0-32-generic i686 [40m[1;31mWARNING: External interface tun0 does NOT exist (yet?)[0m Stopping (user) plugins... SSH Brute-Force Protection plugin v1.1a Checking/probing Iptables modules: Loaded kernel module ip_tables. Loaded kernel module nf_conntrack. Loaded kernel module nf_conntrack_ftp. Loaded kernel module xt_conntrack. Loaded kernel module xt_limit. Loaded kernel module xt_state. Loaded kernel module xt_multiport. Loaded kernel module iptable_filter. Loaded kernel module iptable_mangle. Loaded kernel module ipt_REJECT. Loaded kernel module ipt_LOG. Loaded kernel module xt_TCPMSS. Loaded kernel module xt_DSCP. Loaded kernel module iptable_nat. Module check done... Setting the kernel ring buffer to only log panic messages to the console Configuring general kernel parameters: Setting the max. amount of simultaneous connections to 16384 Configuring kernel parameters: Disabling send redirects Enabling protection against source routed packets Enabling packet forwarding Setting some kernel performance options Enabling reduction of the DoS'ing ability Enabling anti-spoof with rp_filter Enabling SYN-flood protection via SYN-cookies Disabling the logging of martians Disabling the acception of ICMP-redirect messages Setting default TTL=64 Disabling ECN (Explicit Congestion Notification) Enabling kernel support for dynamic IPs Enabling PMTU discovery Flushing route table Kernel setup done... Initializing firewall chains Setting all default policies to DROP while "setting up firewall rules" IPv4 mode selected but IPv6 available, DROP all IPv6 packets Using loglevel "info" for syslogd
Setting up firewall rules:
Enabling setting the maximum packet size via MSS Enabling mangling TOS Logging of stealth scans (nmap probes etc.) enabled Logging of packets with bad TCP-flags enabled Logging of INVALID TCP packets disabled Logging of INVALID UDP packets disabled Logging of INVALID ICMP packets disabled Logging of fragmented packets enabled Logging of access from reserved addresses enabled Reading custom rules from /etc/arno-iptables-firewall/custom-rules Checking for (user) plugins in /usr/share/arno-iptables-firewall/plugins... SSH Brute-Force Protection plugin v1.1a Loaded kernel module xt_recent. Allowing bypass of SSH protection checks for: malevich Protecting TCP port(s): 22 Loaded 1 plugin(s)... Setting up external(INET) INPUT policy Logging of ICMP flooding enabled Enabling support for DHCP-assigned-IP (DHCP client) Logging of explicitly blocked hosts enabled Logging of denied local output connections enabled Packets will NOT be checked for private source addresses Allowing ANYHOST for TCP port(s): 80 Allowing ANYHOST for TCP port(s): 21 Allowing ANYHOST for TCP port(s): 22 Allowing ANYHOST for TCP port(s): 1194 Allowing ANYHOST for TCP port(s): 8112 Allowing ANYHOST for TCP port(s): 4040 Allowing ANYHOST for TCP port(s): 10000 Allowing ANYHOST for TCP port(s): 53 Allowing ANYHOST for TCP port(s): 137 Allowing ANYHOST for TCP port(s): 138 Allowing ANYHOST for TCP port(s): 139 Allowing ANYHOST for TCP port(s): 443 Allowing ANYHOST for TCP port(s): 445 Allowing ANYHOST for TCP port(s): 631 Allowing ANYHOST for TCP port(s): 58846 Allowing ANYHOST for TCP port(s): 873 Allowing ANYHOST for TCP port(s): 17500 Allowing ANYHOST for TCP port(s): 6566 Allowing ANYHOST for TCP port(s): 50000:50200 Allowing ANYHOST for TCP port(s): 8094 Allowing ANYHOST for TCP port(s): 4444 Allowing ANYHOST for TCP port(s): 23423 Allowing ANYHOST for TCP port(s): 8895 Allowing ANYHOST for TCP port(s): 8228 Allowing ANYHOST for UDP port(s): 80 Allowing ANYHOST for UDP port(s): 21 Allowing ANYHOST for UDP port(s): 22 Allowing ANYHOST for UDP port(s): 1194 Allowing ANYHOST for UDP port(s): 8112 Allowing ANYHOST for UDP port(s): 4040 Allowing ANYHOST for UDP port(s): 10000 Allowing ANYHOST for UDP port(s): 53 Allowing ANYHOST for UDP port(s): 137 Allowing ANYHOST for UDP port(s): 138 Allowing ANYHOST for UDP port(s): 139 Allowing ANYHOST for UDP port(s): 443 Allowing ANYHOST for UDP port(s): 445 Allowing ANYHOST for UDP port(s): 631 Allowing ANYHOST for UDP port(s): 58846 Allowing ANYHOST for UDP port(s): 873 Allowing ANYHOST for UDP port(s): 17500 Allowing ANYHOST for UDP port(s): 6566 Allowing ANYHOST for UDP port(s): 50000:50200 Allowing ANYHOST for UDP port(s): 8094 Allowing ANYHOST for UDP port(s): 4444 Allowing ANYHOST for UDP port(s): 1900 Allowing ANYHOST for UDP port(s): 8228 Allowing ANYHOST to send IPv4 ICMP-requests (ping) Logging of possible stealth scans enabled Logging of (other) packets to PRIVILEGED TCP ports enabled Logging of (other) packets to PRIVILEGED UDP ports enabled Logging of (other) packets to UNPRIVILEGED TCP ports enabled Logging of (other) packets to UNPRIVILEGED UDP ports enabled Logging of IGMP packets enabled Logging of dropped ICMP-request(ping) packets enabled Logging of dropped other ICMP packets enabled Logging of other IP protocols (non TCP/UDP/ICMP/IGMP) packets enabled Setting up external(INET) OUTPUT policy Applying external(INET) policy to interface: eth0 (without an external subnet specified) Applying external(INET) policy to interface: tun0 (without an external subnet specified) Security is LOOSENED for external interface(s) in the FORWARD chain! Logging of dropped FORWARD packets enabled
Dec 01 15:03:04 [40m[1;32mAll firewall rules applied.[0m
— Reply to this email directly or view it on GitHub https://github.com/arno-iptables-firewall/aif/issues/5.
Arno van Amersfoort E-mail : arnova@rocky.eld.leidenuniv.nl
Arno's (Linux IPTABLES Firewall) Homepage: http://rocky.eld.leidenuniv.nl
Hi Arno,
I added ifconfig to the 'check_interface' function in 'eviroment'.
arjen@giver:~$ sudo arno-iptables-firewall start
Arno's Iptables Firewall Script v2.0.0c
-------------------------------------------------------------------------------
Platform: Linux 3.8.0-32-generic i686
eth0 Link encap:Ethernet HWaddr 1c:6f:65:b7:fb:6e
inet addr:192.168.1.109 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::1e6f:65ff:feb7:fb6e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69541107 errors:0 dropped:226 overruns:0 frame:0
TX packets:91859856 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54367631337 (54.3 GB) TX bytes:98703534341 (98.7 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:673687 errors:0 dropped:0 overruns:0 frame:0
TX packets:673687 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:788507850 (788.5 MB) TX bytes:788507850 (788.5 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:230253 errors:0 dropped:0 overruns:0 frame:0
TX packets:423596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:14072643 (14.0 MB) TX bytes:497868696 (497.8 MB)
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.23.0.18 P-t-P:172.23.0.17 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:26544 errors:0 dropped:155 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:3803462 (3.8 MB)
WARNING: External interface eth0 does NOT exist (yet?)
eth0 Link encap:Ethernet HWaddr 1c:6f:65:b7:fb:6e
inet addr:192.168.1.109 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::1e6f:65ff:feb7:fb6e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69541109 errors:0 dropped:226 overruns:0 frame:0
TX packets:91859860 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:54367631538 (54.3 GB) TX bytes:98703537907 (98.7 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:673687 errors:0 dropped:0 overruns:0 frame:0
TX packets:673687 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:788507850 (788.5 MB) TX bytes:788507850 (788.5 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:230254 errors:0 dropped:0 overruns:0 frame:0
TX packets:423607 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:14072683 (14.0 MB) TX bytes:497872440 (497.8 MB)
tun1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:172.23.0.18 P-t-P:172.23.0.17 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:26544 errors:0 dropped:155 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:3803462 (3.8 MB)
WARNING: External interface tun0 does NOT exist (yet?)
Checking/probing Iptables modules:
Loaded kernel module ip_tables.
...
Dec 01 22:17:28 All firewall rules applied.
And here is the output of ip -o link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN \ link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000\ link/ether 1c:6f:65:b7:fb:6e brd ff:ff:ff:ff:ff:ff
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100\ link/none
4: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100\ link/none
I'm at a loss here. I don't even know if this message will effect code execution down the line, thanks in advance....
Arjen Klaverstijn
The WARNING: is only that, but clearly something is not correct...
For completeness, what is the output of:
ip -o link show | cut -d':' -f2
We previously have seen situations like this where a bug in coreutils (seq) caused an issue.
Lonnie
Oke so I thought I'd found the problem. The result of the cut command (but also awk -F '[:]' '{print $2}'
) resulted into lines with a leading whitespace:
lo
eth0
tun0
tun1
so I first piped the ip -o command through tr -d ' '
that seemingly resulted in clean lines, changed it in code, but to no avail :-(
That output looks fine, the leading space is expected. What is your default shell ?
ls -l /bin/sh
-and try-
interface="tun0" ; echo "${interface%@*}" (should be: tun0)
it returned tun0
$ ls -l /bin/sh
/bin/sh -> dash
output of that function, obviously local_interfaces are empty, the problem must be within the trace or ip wrapper functions
+ echo 'Dec 02 19:23:16 ** Restarting Arno'\''s Iptables Firewall v2.0.0c **'
+ echo '** Restarting Arno'\''s Iptables Firewall v2.0.0c **'
+ logger -t firewall -p kern.info
+ start_restart
++ uname -s -r -m
+ echo 'Platform: Linux 3.8.0-32-generic i686'
+ config_check
+ '[' -z 'eth0 tun0' ']'
+ IFS=' ,'
+ for interface in '$EXT_IF'
+ check_interface eth0
+ local interface 'IFS= '
++ ip -o link show
++ trace /sbin/ip -o link show
++ '[' -n /tmp/aif-trace.20131202-19:23:16 ']'
++ cut -d: -f2
++ sed 's/^: //'
+ local interfaces=
+ unset IFS
+ return 1
+ printf '\033[40m\033[1;31mWARNING: External interface eth0 does NOT exist (yet?)\033[0m\n'
[40m[1;31mWARNING: External interface eth0 does NOT exist (yet?)[0m
+ for interface in '$EXT_IF'
+ check_interface tun0
+ local interface 'IFS= '
++ ip -o link show
++ tr -d ' '
++ '[' -n /tmp/aif-trace.20131202-19:23:16 ']'
++ cut -d: -f2
++ sed 's/^: //'
+ local interfaces=
+ unset IFS
+ return 1
+ printf '\033[40m\033[1;31mWARNING: External interface tun0 does NOT exist (yet?)\033[0m\n'
[40m[1;31mWARNING: External interface tun0 does NOT exist (yet?)[0m
+ IFS=' ,'
+ IFS=' ,'
+ IFS=' ,'
+ IFS=' ,'
+ for eif in '$EXT_IF'
+ for eif in '$EXT_IF'
+ IFS=' ,'
+ for eif in '$EXT_IF'
+ '[' eth0 = lo -o eth0 = 127.0.0.1 ']'
+ for eif in '$EXT_IF'
+ '[' tun0 = lo -o tun0 = 127.0.0.1 ']'
+ IFS=' ,'
If you edit "/usr/sbin/arno-iptables-firewall" 1st line
Does the problem go away ?
Lonnie
Sorry lonnie, it doesn't work. I allready tried that. I'll fiddle some more this week let you know if I can find the issue. I just know that it's because of something that I misconfigured, but maybe we can learn something from the warnings I get. Thanks for the the help guys so far!!!
Btw, AIF, is just the best. My dad started using it when we got ISDN, I think he even contributed some code back then. :smile:
Also, double check your check_interface() function in the /usr/share/arno-iptables-firewall/environment script, it should look like this:
# Check existance of an interface check_interface() { local interface IFS=' ' local interfaces="$(ip -o link show | cut -d':' -f2)" unset IFS for interface in $interfaces; do case "$1" in # Wildcard interface? *+) if [ "${1%+}" = "${interface%%[0-9]*}" ]; then return 0 fi ;; *) if [ "${1}" = "${interface%@*}" ]; then return 0 fi ;; esac done # Interface not found return 1 }
Possibly if bash works, your dash might prefer
local interfaces interfaces="$(ip -o link show | cut -d':' -f2)"
Lonnie
Hi Arjen,
I was able to reproduce your problem, it only occurs when you set TRACE=1
So there are 3 possibly fixes:
1) Set in your firewall.conf
TRACE=0
2) change in environment
@@ -1506,7 +1506,7 @@ { local interface IFS=' ' - local interfaces="$(ip -o link show | cut -d':' -f2)" + local interfaces="$($IP -o link show | cut -d':' -f2)" unset IFS for interface in $interfaces; do
3) change in environment
@@ -653,7 +653,7 @@ ################### ip() { - trace $IP "$@" + $IP "$@" }
Personally I have never found the TRACE "feature" useful, and if Arno decided to remove it I would not complain. :-)
There is another place that $IP is used instead of ip to work around this trace problem.
Then again, this problem only occurs if TRACE=1
Lonnie
Hey great! It does work now. Well I think most people don't touch the trace option anyways like I did (mysteriously). Otherwise there would have been problems with it in the past. Anyways, thanks for all the help. A firewall without warnings just makes me feel a lot better, even though everything a firewall should do worked fine.
I haven't used it either to be honest, I don't really care if it stays or leaves as long as it doesn't break anything (like it does now).
@lonnie: Why does the trace() function cause this problem? Is it the sed parsing inside trace() ? If you want to rip out trace() go ahead btw. :)
-arno
On 02/12/13 21:56, arjhun wrote:
Hey great! It does work now. Well I think most people don't touch the trace option anyways like I did (mysteriously). Otherwise there would have been problems with it in the past. Anyways, thanks for all the help. A firewall without warnings just makes me feel a lot better, even though everything a firewall should do worked fine.
— Reply to this email directly or view it on GitHub https://github.com/arno-iptables-firewall/aif/issues/5#issuecomment-29656617.
This has been fixed in master... closing.
I started getting an error when starting my firewall.
My interfaces are are up and running.
When I isolate the check_interfaces and run a simple test it returns 1 not 0.
When I check
it shows
here is my full verbose output of a restart: