Summary: | net-firewall/firehol-1.273-r1 : Missing kernel config checks | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Phil Koenig <Borkenkaefer> |
Component: | New packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | tomk |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Phil Koenig
2010-03-22 21:29:23 UTC
The problem is not with bash, the problem is that you need extra kernel options enabled. With the default firehol config you need the following built in: CONFIG_NETFILTER_XT_MATCH_LIMIT CONFIG_NETFILTER_XT_MATCH_STATE Also to prevent the warnings when starting these two need to be enabled as modules (you will still get the warning if they are built-in): CONFIG_NF_NAT_FTP CONFIG_NF_NAT_IRC These are all found in: Networking support | Networking options | Network packet filtering framework (Netfilter) | Core Netfilter Configuration So the bug here is that the check in the ebuild for the kernel options should also include these ones. Firehol also needs CONFIG_NETFILTER_XT_MATCH_OWNER for some firewalls, specifically when forwarding web requests to squid transparently. +*firehol-1.273-r2 (02 Apr 2012) + + 02 Apr 2012; Pacho Ramos <pacho@gentoo.org> + +files/firehol-1.273-log-output.patch, +firehol-1.273-r2.ebuild: + Add missing kernel checks (#310797 by Phil Koenig, Tom Knight, Tyler + Montbriand), use static and fixed RESERVED_IPS file (#332135 by Richard Gray), + handle errors better (#332507 by Tyler Montbriand). + |