Summary: | net-firewall/shorewa-perl-4.09 mishandles "logmartians" | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Boney McCracker <brendlerjg> |
Component: | Current packages | Assignee: | Gentoo Netmon project <netmon> |
Status: | VERIFIED UPSTREAM | ||
Severity: | minor | CC: | rentorbuy |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Boney McCracker
2008-02-29 08:02:16 UTC
CC'ing maintainer. (In reply to comment #0) > shorewall-perl is not handling the "log_martians" option of its "interfaces" > configuration file as described in man page (shorewall-interfaces(5)) and the > release notes (/usr/share/doc/shorewall-<ver>/releasenotes.txt.bz2). Observed > using release 4.09 (net-firewall/shorewall-perl-4.09-r1). brendlerjg, have you reported this upstream? If not, then it would be great if you could subscribe to the Shorewall mailing list and post your findings there so that the developers can release a fix as this doesn't seem to be Gentoo-specific. Thanks (In reply to comment #2) > have you reported this upstream? No, I expected we probably had a central point of contact for each application for passing such things upstream. It definitely does not seem to be a Gentoo problem. But I'll be happy to do so, provided nobody tells me this is bogus (I'm a new Shorewall user, so it's quite possible I just don't know what I'm talking about). :) (In reply to comment #3) > No, I expected we probably had a central point of contact for each application > for passing such things upstream. It definitely does not seem to be a Gentoo > problem. You are partially correct. We are interested in bug reports even for upstream issues but maintainer can ask you to report bug upstream too. There is no duplication: we have this error in our distribution - so we have the bug, but maintainer is not a package developer and is not capable to fix all the problems for all the packages he/she maintains, so we ask upstream for help either by ourselves or ask our users to spend a little bit more time and report bug upstream too. General and the best way to proceed with such bugs is to report them both here and upstream. After that add the URL to upstream bug report inside URL field and keep this bug open until it is fixed in portage tree. This way helps us to be aware about bugs in software we maintain and really in some case could be good starting point to find help and to check that the behavior you experience is actually bug and not misconfiguration on your side or similar. More importantly, this way allows us to propagate fixes in our tree without waiting for next upstream release (consider kde/gnome releases which are scheduled...). So yes, please, report bugs in our bugzilla and keep them open until they are fixed. But, please, to help us even more it's better if you report bug you experience upstream too: sometimes it's hard to reproduce your problem for us, sometimes maintainer is a bit busy so he/she asks you to go ahead and contact upstream yourself and finally you'll better answer additional questions from upstream ;) At the end we are community distribution so we live with help from our users. > But I'll be happy to do so, provided nobody tells me this is bogus (I'm a new > Shorewall user, so it's quite possible I just don't know what I'm talking > about). :) Sorry I do not use shorewall-perl so I didn't tried to reproduce/check that this is really a problem but reading your explanation it seems like that. Bottom line: the best way to proceed (and help us to maintain packages) is to report bug here and upstream and add URL to official bug report here and keep this bug open until it is fixed in our tree. So once you'll report upstream, consider filling URL here and reopening this bug. HTH Okay, thanks for the feedback. I joined the shorewall-users mailing list and reported it earlier this afternoon. In "man shorewall.conf" there's a note on logmartians: LOG_MARTIANS=[Yes|No|Keep] If set to Yes or yes, sets /proc/sys/net/ipv4/conf/all/log_mar- tians and /proc/sys/net/ipv4/conf/default/log_martians to 1. De- fault is No which sets both of the above to zero. If you do not enable martian logging for all interfaces, you may still enable it for individual interfaces using the logmartians interface op- tion in shorewall-interfaces <shorewall-interfaces.html> (5). The value Keep is only allowed under Shorewall-perl. It causes Shorewall to ignore the option. If the option is set to Yes, then martians are logged on all interfaces. If the option is set to No, then martian logging is disabled on all interfaces except those specified in shorewall-interfaces <shorewall-interfaces.html> (5). If the behavior is not as described here then I'm sure that the Shorewall developers will be glad to investigate your report. That was exactly the problem. I had overlooked setting: LOG_MARTIANS=Keep This produces the expected behavior. Thank you, and I apologize for the unnecessary report. |