Project

General

Profile

Bug #11933

ferm does not start

Added by bertagaz about 3 years ago. Updated about 3 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
Category:
-
Target version:
Start date:
11/16/2016
Due date:
% Done:

30%

Feature Branch:
bugfix/11933-fix-ferm-startup
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Might be that we're hit by #11786#note-38, as ferm fails iptables complains about unknown options.

Loading the xt_owner kernel module is enough to fix that.

Nov 16 14:56:50 localhost.localdomain ferm[326]: Starting Firewall: fermiptables-restore v1.6.0: owner: Bad value for "--uid-owner" option: "amnesia" 
Nov 16 14:56:50 localhost.localdomain ferm[326]: Error occurred at line: 14
Nov 16 14:56:50 localhost.localdomain ferm[326]: Try `iptables-restore -h' or 'iptables-restore --help' for more information.
Nov 16 14:56:50 localhost.localdomain ferm[326]: Failed to run /sbin/iptables-restore
Nov 16 14:56:50 localhost.localdomain ferm[326]: ip6tables-restore v1.6.0: owner: Bad value for "--uid-owner" option: "amnesia" 
Nov 16 14:56:50 localhost.localdomain ferm[326]: Error occurred at line: 8
Nov 16 14:56:50 localhost.localdomain ferm[326]: Try `ip6tables-restore -h' or 'ip6tables-restore --help' for more information.
Nov 16 14:56:50 localhost.localdomain ferm[326]: Failed to run /sbin/ip6tables-restore
Nov 16 14:56:50 localhost.localdomain ferm[326]: Firewall rules rolled back.
Nov 16 14:56:50 localhost.localdomain ferm[326]:  failed!

Related issues

Duplicates Tails - Bug #7018: Fails to setup firewall rules at early boot stage Resolved 04/03/2014

History

#1 Updated by bertagaz about 3 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 30
  • Feature Branch set to bugfix/11933-fix-ferm-startup

Added a simple patch that should solve this. Let's test it a bit.

#2 Updated by intrigeri about 3 years ago

  • Duplicates Bug #7018: Fails to setup firewall rules at early boot stage added

#3 Updated by intrigeri about 3 years ago

  • Status changed from In Progress to Duplicate

The UID problem should be fixed in #7018. But the xt_owner trick might be better, if it fixes the problem. Did you build an ISO? The problem only occurs during early boot, before live-config as run, so testing in an already booted system is not useful.

#4 Updated by intrigeri about 3 years ago

FTR the "amnesia" user does not exist when ferm is started initially, which explains the error message.

Also available in: Atom PDF