Summary: | Security issue:Failed syslog-ng restart (bad config) will stop iptables but not restart iptables | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | mike.hadjimichael |
Component: | Current packages | Assignee: | Mr. Bones. (RETIRED) <mr_bones_> |
Status: | RESOLVED INVALID | ||
Severity: | minor | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
mike.hadjimichael
2005-02-11 16:33:16 UTC
What firewall script are you using? I think it's a bug in the firewall script that is causing this issue. I'm not using any particular firewall package. Just a set of IPTABLES rules. These are installed by the /etc/init.d/iptables start script. Something about the /etc/init.d/syslog-ng restart script calls the iptables save script, and then the iptables stop script. I'm not familiar enough with the init.d scripting language to find it exactly. I believe that if it was a bug in the firewall script (iptables start?) then there would be some indication that it was running and failing, but as best I can tell, syslog-ng restart is not even attempting to restart iptables (as it usually does in the normal case). The need logger in iptables is the reason. I think it probably should be use logger. I made the following change in /etc/init.d/iptables depend() { before net # need logger use logger } After restarting both services to make sure that depencies caches were up-to-date, this seems to have fixed the problem. I guess that since iptables needed a logger, killing the logger left iptables down. That's not fail-safe! Thanks. file a new bug at iptables please. This isn't a syslog-ng issue. Thanks. |