[Firewall] EXT_IF error msg

Michael Hanke michael.hanke at gmail.com
Wed Oct 11 01:15:57 MDT 2006


On Tue, Oct 10, 2006 at 01:06:56PM -0500, Porcia Silvia wrote:
> 10.10.06
> On 8.10 I did an apt-get upgrade and one of the upgrades was Arno's  
> firewall the one where the config file is moved to  
> /etc/arno-iptables-firewall/firewall.conf I'm running one computer with  
> Debian Sid an Zyxel ADSL modem that connects to a Lynksis Ethernet pci  
> card. I'm assigned an IP address from the ISP.
> IN the installation dialog I installed the maintainers config file
> On reboot a red error messages said EXT_IF was empty or not activated..
> In VI the config file shows EXT_IF="$DC_EXT_IF" and  
> EXT_IFDHCP_IP_="$DC_EXT_IF_DHCP_IP both 'readable' i.e. not commented out.
> These are the only lines in config or conf that appear to represent a clue  
> to the error message at boot. Should they read something else and why  
> isn't the script being read?
This is perfectly right if you choose to handle the firewall config with

First, using Debian tools you should never loose any config file. Your
old config should be present in
/etc/arno-iptables-firewall/firewall.conf.dpkg-old (or something like
this). If this is not the case, this is a grave bug. Please report this 
ASAP if this is the case.

Second, if you have manged your firewall config with debconf before the
upgrade as well then this behavior should also not occur. I would be
interested if you can reproduce the bug, so I can fix it in the package.

And last, in any case you should solve your problem by doing:

dpkg-reconfigure -plow arno-iptables-firewall

This will ask you whether you want debconf to configure your firewall
and some more questions. Finally you can restart the firewall and
everything should be fine.

However, if you do not want to use debconf for your config then you can
simply replace everything in the config file as you wish (or better
according to Arnos docs). This is perfectly ok. The debconf layer is a
completely optional addition to Arnos scripts.

You only have to remember your decision for the next upgrade. Dpkg will
detect any changes you have made to the config file and will ask you
whether you want to keep the modified version or a fresh maintainer
version (This is exactly the question you had to answer recently). If
you choose the maintainer version -- as you did -- then your old config is
moved asided. If you keep the old config, you risk to break your setup
in case Arno has made significant changes in the config file layout (as
he did between 1.8.6 and 1.8.8). You could use a tool like 'kompare' to
easily display the differences between any two config versions and move
them to the current firewall.conf (this is what I do).

If you have a fairly simple setup you could try using debconf. Debconf
will care about the config modifications by itself and you do not have
to inspect the config manually -- I do that for you ;)

Hope this helps.



GPG key:  1024D/3144BE0F Michael Hanke
ICQ: 48230050

More information about the Firewall mailing list