Hi Team Mageia, When I try to change settings into drakfirewall (with the GUI), it ask me to install shorewall and shorewall-ipv6, at every turn. Can you fix this ? Thanks. Reproducible: Steps to Reproduce:
This is per design
CC: (none) => thierry.vignaudSource RPM: drak-firewall => drakx-net
With shorewall-ipv6 installed, drakfirewall is not updating /etc/shorewall/rules.drakx. If I uninstall shorewall-ipv6, and then run drakfirewall, rules.drakx does get updated, but shorewall-ipv6 also gets reinstalled.
CC: (none) => davidwhodgins
Should probably add, like most people in North America, my router and isp are still ipv4 only.
(In reply to Dave Hodgins from comment #2) > With shorewall-ipv6 installed, drakfirewall is not updating > /etc/shorewall/rules.drakx. > > If I uninstall shorewall-ipv6, and then run drakfirewall, rules.drakx does > get updated, but shorewall-ipv6 also gets reinstalled. it does say it's saved BUT i tried to do the following thin and it did not work so the firewall might be still be up. I wanted to play movies on my tv from my computer through wireless network and as such i have installed mediatomb, rygel and coherence. None worked. I disabled the firewall through interactive firewall interface, i added port 1900 of mediatomb through advanced settings in the same window. Still did not work. What i did to work: systemctl stop ip6tables.service It worked. So i assume although i went and disable the firewall through interactive interface the firewall was still up. I was asked if my ISP use ipv6 or 4 ... i think 4 but i am not sure. i will ask them ... or if anyone knows IINET Australia
CC: (none) => litcanu
Any news on this? The only way I have found to access a freshly installed mga3 i586 install over ssh is to uninstall shorewall completely. All my other installations (x86_64) have been continually updated cauldron machines (now switched to 3 repos) and these do not have shorewall-ipv6 installed and work fine. Running the mcc -> security -> firewall seems to require shorewall-ipv6 and asks to install it, yet shorewall-ipv6 is not a require of shorewall.
CC: (none) => zen25000
*** Bug 10290 has been marked as a duplicate of this bug. ***
CC: (none) => denis.robel
I see this too. If shorewall-ipv6 is not installed, then drakfirewall will install it and make the requested changes to the configuration. If shorewall-ipv6 is already installed, then the configuration changes are not made. Workaround is to uninstall shorewall-ipv6 before altering the firewall config.
CC: (none) => derekjenn
The problem appears to be because the line in drakfirewall.pm $do_pkgs->ensure_files_are_installed([ [ qw(shorewall shorewall) ], [ qw(shorewall-ipv6 shorewall6) ] ], $::isInstall) or return; returns NULL if all the packages are installed and so drakfirewall exits. Revision 5290 in do_pkgs.pm appears to be the cause of the NULL return. http://svnweb.mageia.org/soft/drakx/trunk/perl-install/do_pkgs.pm?r1=4647&r2=5290
Created attachment 4108 [details] patch do_pkgs.pm to return true if packages are installed This patch works for me if anyone would like to try it out.
Keywords: (none) => PATCHSource RPM: drakx-net => drakx-net drakxtools-15.54-1.mga3.src.rpm
(In reply to Derek Jennings from comment #9) > Created attachment 4108 [details] > patch do_pkgs.pm to return true if packages are installed > > This patch works for me if anyone would like to try it out. Yes seems to work OK, however when setting "Everything (no firewall)" there is a long (1 min.) blank screen. After the rm below:- rm '/etc/systemd/system/multi-user.target.wants/shorewall.service' Clearing Shorewall.... Processing /etc/shorewall/stop ... Processing /etc/shorewall/tcclear ... Running /sbin/iptables-restore... Processing /etc/shorewall/stopped ... Processing /etc/shorewall/clear ... done.
>Yes seems to work OK, however when setting "Everything (no firewall)" there is a >long (1 min.) blank screen. After the rm below:- Yes. I see that too. I think it is a separate issue. I will take a look at it and raise a new bug report if it is.
Barry. Yes, the long delay after disabling the firewall is a separate issue. It only happens the first time the firewall is enabled and then disabled, unless shorewall6 is enabled again. To reproduce the failure I did #drakfirewall #enable the firewall #systemctl stop shorewall6.service #systemctl start shorewall6.service #drakfirewall #disable the firewall Then there will be the long delay. If I run drakfirewall in the perl debugger it works so it is probably a race condition.
I would use 1 instead of true but the patch looks correct apart from that
CC: (none) => pterjan
Same as Pascal, "return 1 if !@not_installed" would be better (the function already returns 1 at the end).
CC: (none) => mageia
CC: (none) => rjpatrick19
CC: (none) => jeffrobinsSAE
This bug is fixed in Cauldron thanks to Derek's patch. Version 15.55 was also submitted to MGA3 testing as this bug also affects MGA3. PROCEDURE for QA : - try to change firewall settings in mcc - re-open drakfirewall : settings were not saved - install drakxtools-backend-15.55, settings should be saved
Status: NEW => ASSIGNEDCC: (none) => lists.jjorgeVersion: Cauldron => 3Assignee: bugsquad => qa-bugsWhiteboard: (none) => has_procedure
Suggested advisory: ======================== Updated drakxtools packages fix drakfirewall behaviour: Mageia Control Center did not apply firewall settings. This update fixes it. ======================== Updated packages in core/updates_testing: ======================== drakx-finish-install-15.55-1.mga3.x86_64.rpm drakxtools-15.55-1.mga3.x86_64.rpm drakxtools-backend-15.55-1.mga3.x86_64.rpm drakxtools-curses-15.55-1.mga3.x86_64.rpm drakxtools-http-15.55-1.mga3.x86_64.rpm harddrake-15.55-1.mga3.x86_64.rpm harddrake-ui-15.55-1.mga3.x86_64.rpm Source RPMs: drakxtools-15.55-1.mga3.src.rpm
It works for me now !
*** Bug 10460 has been marked as a duplicate of this bug. ***
the new drakxtools package was created from the cauldron svn and not from a branch, please assign back when it's done
Assignee: qa-bugs => bugsquad
(In reply to Manuel Hiebel from comment #19) > the new drakxtools package was created from the cauldron svn and not from a > branch, please assign back when it's done You're right, I forgot the branching. Done, with a subrel 1 : drakxtools-15.55-1.1.mga3.src.rpm
Assignee: bugsquad => qa-bugs
seems you branched from after cauldron, maybe make a new package with what done by Nicolas ? (or we will have other change)
Whiteboard: has_procedure => has_procedure feedback
(In reply to Manuel Hiebel from comment #21) > seems you branched from after cauldron, maybe make a new package with what > done by Nicolas ? > (or we will have other change) What is "done by Nicolas"? I branched from cauldron because there was no branch for 3.
(In reply to José Jorge from comment #22) > > seems you branched from after cauldron, maybe make a new package with what > > done by Nicolas ? > > (or we will have other change) Sorry, now I have seen my error. I thought latest cauldron had no changes since MGA3 release. I will make a new package from Nicolas's branch.
So sorry for the mess, I am learning. So it is now 15.54.1 version : Suggested advisory: ======================== Updated drakxtools packages fix drakfirewall behaviour: Mageia Control Center did not apply firewall settings. This update fixes it. ======================== Updated packages in core/updates_testing: ======================== drakx-finish-install-15.54.1-1.mga3.x86_64.rpm drakxtools-15.54.1-1.mga3.x86_64.rpm drakxtools-backend-15.54.1-1.mga3.x86_64.rpm drakxtools-curses-15.54.1-1.mga3.x86_64.rpm drakxtools-http-15.54.1-1.mga3.x86_64.rpm harddrake-15.54.1-1.mga3.x86_64.rpm harddrake-ui-15.54.1-1.mga3.x86_64.rpm Source RPMs: drakxtools-15.54.1-1.mga3.src.rpm
Whiteboard: has_procedure feedback => has_procedure
Testing complete on Mageia 3 i586 and x86_64. Could someone from the sysadmin team push the srpm drakxtools-15.54.1-1.mga3.src.rpm from Mageia 3 Core Updates Testing to Core Updates. Advisory: Updated drakxtools packages fix drakfirewall saving of changes. Mageia Control Center did not apply changes to firewall settings, when the shorewall-ipv6 package was already installed. This update fixes it. https://bugs.mageia.org/show_bug.cgi?id=9941
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
(In reply to Dave Hodgins from comment #25) > Testing complete on Mageia 3 i586 and x86_64. > > Could someone from the sysadmin team push the srpm > drakxtools-15.54.1-1.mga3.src.rpm > from Mageia 3 Core Updates Testing to Core Updates. Huh? I could not submit it!
http://mirrors.kernel.org/mageia/distrib/3/x86_64/media/core/updates_testing/drakxtools-15.55-1.1.mga3.x86_64.rpm And from http://pkgsubmit.mageia.org/ drakxtools-15.55-1.1.mga3 zezinho 19 hours ago 3 core/updates_testing uploaded 1 minute Looks like I have the wrong srpm Unvalidating the update, till this is sorted out.
Keywords: validated_update => (none)Whiteboard: has_procedure MGA3-64-OK MGA3-32-OK => has_procedure
Please remove the feedback whiteboard entry, and list the correct srpm to test, when ready.
Comment 24 lists everything, and the submit is done, so please test.
This is not fixed for me x86_64, sorry José Firewall setting changes are not preserved when shorewall-ipv6 is installed.
It's fixed for me I installed this packages : 1 [13:11:51] adrien@superlinux: ~ $ rpm -qa --last | grep drak harddrake-ui-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST harddrake-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST drakxtools-curses-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST drakxtools-backend-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST drakxtools-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST But now, this packages are not in update_testing repository.
I second comment #30 and (almost) comment #31; drakxtools-15.54.1-1.mga3 (from updates_testing) does NOT solve the problem, but drakxtools-15.55-2.mga3 (built from the cauldron spec) DOES solve it.
CC: (none) => dan
CC: litcanu => (none)
[root@x3v ~]# rpm -q -i drakxtools-backend|grep Source Source RPM : drakxtools-15.54.1-1.mga3.src.rpm [root@x3v ~]# head -n 76 /usr/lib/libDrakX/do_pkgs.pm |tail -n 1 return if !@not_installed; The patch as not been applied.
(In reply to Adrien D from comment #31) > It's fixed for me I installed this packages : > > 1 [13:11:51] adrien@superlinux: ~ $ rpm -qa --last | grep drak > harddrake-ui-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST > harddrake-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST > drakxtools-curses-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST > drakxtools-backend-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST > drakxtools-15.55-1.mga3.x86_64 mer. 12 juin 2013 21:54:10 CEST > > > But now, this packages are not in update_testing repository. Yes, that was an error I did. Please test again removing 15.55 packages. I applied everything but the patch in 15.54.1, so did a new release 2 with THE patch. I am sorry for the time you all lost on this. Suggested advisory: ======================== Updated drakxtools packages fix drakfirewall behaviour: Mageia Control Center did not apply firewall settings. This update fixes it. ======================== Updated packages in core/updates_testing: ======================== drakx-finish-install-15.54.1-2.mga3.x86_64.rpm drakxtools-15.54.1-2.mga3.x86_64.rpm drakxtools-backend-15.54.1-2.mga3.x86_64.rpm drakxtools-curses-15.54.1-2.mga3.x86_64.rpm drakxtools-http-15.54.1-2.mga3.x86_64.rpm harddrake-15.54.1-2.mga3.x86_64.rpm harddrake-ui-15.54.1-2.mga3.x86_64.rpm Source RPMs: drakxtools-15.54.1-2.mga3.src.rpm
Testing complete mga3 64 Firewall settings are now preserved. It doesn't affect bug 10301 though sadly.
Whiteboard: has_procedure => has_procedure mga3-64-ok
Testing complete mga3 32, following procedure from comment 15. Validating update, thanks. To the sysadmins: please push the update from core/updates_testing to core/updates in Mageia 3. Thanks in advance. See comment 34 for RPMs, SRPM and advisory.
Keywords: (none) => validated_updateWhiteboard: has_procedure mga3-64-ok => has_procedure mga3-64-ok mga3-32-ok
Testing complete on Mageia release 3 (Official) for x86_64, for it's Ok too.
CC: (none) => geiger.david68210
http://svnweb.mageia.org/advisories/9941.adv?view=markup ready to push.
http://advisories.mageia.org/MGAA-2013-0035.html
Status: ASSIGNED => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)