[Firewall] [BUG] Gentoo: "your kernel is rather old (<2.6.24)"

Simón simon at simonbcn.net
Fri Dec 2 12:09:40 CET 2011


This is the init script installed by your install script:
#!/bin/sh
#
# chkconfig: 2345 11 89
# description: init.d script for Arno's iptables firewall

### BEGIN INIT INFO
# Provides:          arno-iptables-firewall
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs $remote_fs $network
# Default-Start:     S
# Default-Stop:      0 6
# Short-Description: Setup iptables firewall configuration
### END INIT INFO

############################################################################################
# You should put this script in eg. "/etc/init.d/" 
.                                       #
# Furthermore make sure it's executable! -> "chmod 700" or "chmod +x" 
it                   #
# If you want to run it upon boot, either add an entry in your 
"/etc/rc.d/rc.local" or        #
# (for eg. Debian) in "/etc/rcS.d/" create a symlink to the 
arno-iptables-firewall script  #
# ("ln -s /etc/init.d/arno-iptables-firewall script 
S99-arno-iptables-firewall script").   #
############################################################################################

PATH=/bin:/usr/bin:/sbin:/usr/sbin
PROGRAM="/usr/local/sbin/arno-iptables-firewall"

# Be verbose(1)?:
VERBOSE="1"

test -x $PROGRAM || exit 0

if [ "$VERBOSE" = "0" ]; then
   case "$1" in
     start)
       echo "Starting Arno's Iptables Firewall..."
     ;;

     stop)
       echo "Stopping Arno's Iptables Firewall..."
     ;;

     restart)
       echo "Restarting Arno's Iptables Firewall..."
     ;;

     force-reload)
       echo "(Forced) reloading Arno's Iptables Firewall..."
     ;;

     status)
       $PROGRAM $*
       exit $?
     ;;

     *)
       $PROGRAM
       exit 1
     ;;
   esac

   # Call firewall script:
   result=`$PROGRAM $*`
   retval=$?
else
   $PROGRAM $*
   retval=$?
fi

# Return value:
exit $retval

It works If I execute manually (/etc/init.d/arno-iptables-firewall 
start) but when I restart the system, Gentoo doesn't recognize this init 
script and it's ignored.
The correct init script is:

#!/sbin/runscript

opts="${opts} stats help reload"

LOCATION=$(which arno-iptables-firewall) || exit 0

depend() {
   before net
   use logger
}


start() {
   ebegin "Loading Firewall..."
   ${LOCATION} start
   eend $? "WARNING: Failed to load Firewall"
}

stop() {
   ebegin "Stopping Firewall..."
   ${LOCATION} stop
   eend $? "WARNING: Failed to stop Firewall"
}

restart() {
   ebegin "Restarting Firewall..."
   ${LOCATION} restart
   eend $? "WARNING: Failed to restart Firewall"
}

stats() {
   ebegin "Firewall Status..."
   ${LOCATION} status
   eend $? "Failed to show status"
}

reload() {
   ebegin "Reloading Blackholes..."
   ${LOCATION} reload
   eend $? "WARNING: Failed to reload"
}

help() {
   ebegin "Options"
   echo "start                        = Start Firewall"
   echo "stop                         = Stop Firewall(set default 
policies to accept)"
   echo "restart                      = Restart Firewall"
   echo "reload                       = Reload blocked hosts(blackhole) 
file & mac address file"
   echo "stats                        = Shows Firewall Full Status"
   echo "help                         = Shows this message"
   echo "status                       = Shows rc-update status"
   echo "Remember: arno-iptables-firewall status [-t {table}][chain] for 
flexible status"
   eend $?
}

The curious thing is that this init script is in Arno's package but it 
isn't installed.
Regards.

El 02/12/11 12:00, Arno van Amersfoort escribió:
> Mind explaining the exact issue? In principle the install script 
> should handle all SysV systems properly, so I'm wondering why it fails 
> for Gentoo...
>
> a.
>
> On 02-Dec-11 11:54, Simón wrote:
>> Ok, I've installed the beta version and it works.
>> Another problem is the init script. The installer installs an init
>> script invalid for Gentoo. It should detect the guest SO and to install
>> the correct init script.
>> Regards.
>>
>> El 02/12/11 11:45, Arno van Amersfoort escribió:
>>> This has a known problem and has been resolved in the latest-beta 
>>> build.
>>>
>>> On 02-Dec-11 11:30, Simón wrote:
>>>> When I start Arno's Firewall, it shows this warning:
>>>>
>>>> Arno's Iptables Firewall Script v2.0.0c
>>>> ------------------------------------------------------------------------------- 
>>>>
>>>>
>>>>
>>>> WARNING: IPv6 support is enabled but your kernel is rather old
>>>> (<2.6.24)! This *could* cause problems...
>>>> Platform: Linux 3.0.4-hardened-r4 x86_64
>>>>
>>>> I use Gentoo with kernel 3.0.4-hardened-r4.
>>>> _______________________________________________
>>>> Firewall mailing list
>>>> Firewall at rocky.eld.leidenuniv.nl
>>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>>> http://rocky.eld.leidenuniv.nl
>>>>
>>> _______________________________________________
>>> Firewall mailing list
>>> Firewall at rocky.eld.leidenuniv.nl
>>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>>> Arno's (Linux IPTABLES Firewall) Homepage:
>>> http://rocky.eld.leidenuniv.nl
>> _______________________________________________
>> Firewall mailing list
>> Firewall at rocky.eld.leidenuniv.nl
>> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
>> Arno's (Linux IPTABLES Firewall) Homepage:
>> http://rocky.eld.leidenuniv.nl
>>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl


More information about the Firewall mailing list