Recently, I upgraded us from Firewall Builder 3.x.x to 4.0.0.   When I updated the first host , it locked me out of the  machine and I had to  run the script manually from the console.  I thought it might have been a fluke, so I tried it again at a later time.  It did the same thing.  The installer worked fine before the update to version 4.  The machine  that  Firewall Builder is running from has not changed.

Below is a copy of what appeard on Firewall Builder before it locked me out:

--BEGIN

Summary:

* Running as user : tnolen

* Firewall name : myhost.mydomain.com

* Installer uses user name : tnolen

* Management address : myhost.mydomain.com

* Platform : iptables

* Host OS : linux24

* Loading configuration from file /home/tnolen/myhostfw.fwb

Installation plan:

Copy file: /home/tnolen/myhost.mydomain.com.fw --> /home/tnolen/tmp/myhost.mydomain.com.fw

Copy data file: myhostfw.fwb --> /home/tnolen/tmp/

Run script

echo '--**--**--';

chmod +x /home/tnolen/tmp/myhost.mydomain.com.fw;

sudo -S /home/tnolen/tmp/myhost.mydomain.com.fw && echo 'Policy activated'

Copying /home/tnolen/myhost.mydomain.com.fw -> myhost.mydomain.com:/home/tnolen/tmp/myhost.mydomain.com.fw

Running command '/usr/bin/fwbuilder -Y -q /home/tnolen/myhost.mydomain.com.fw tnolen@myhost.mydomain.com:/home/tnolen/tmp/myhost.mydomain.com.fw'

SSH session terminated, exit status: 0

Copying myhostfw.fwb -> myhost.mydomain.com:/home/tnolen/tmp/

Running command '/usr/bin/fwbuilder -Y -q /home/tnolen/myhostfw.fwb tnolen@myhost.mydomain.com:/home/tnolen/tmp/'

SSH session terminated, exit status: 0

Running command '/usr/bin/fwbuilder -X -t -t -v -l tnolen myhost.mydomain.com

echo '--**--**--';

chmod +x /home/tnolen/tmp/myhost.mydomain.com.fw;

sudo -S /home/tnolen/tmp/myhost.mydomain.com.fw && echo 'Policy activated'

'

OpenSSH_5.3p1 Debian-3ubuntu3, OpenSSL 0.9.8k 25 Mar 2009

debug1: Reading configuration data /etc/ssh/ssh_config

debug1: Applying options for *

debug1: Connecting to myhost.mydomain.com [10.42.101.196] port 22.

debug1: Connection established.

debug1: identity file /home/tnolen/.ssh/identity type -1

debug1: identity file /home/tnolen/.ssh/id_rsa type -1

debug1: identity file /home/tnolen/.ssh/id_dsa type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.1p1 Debian-5

debug1: match: OpenSSH_5.1p1 Debian-5 pat OpenSSH*

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu3

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-ctr hmac-md5 none

debug1: kex: client->server aes128-ctr hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'myhost.mydomain.com' is known and matches the RSA host key.

debug1: Found key in /home/tnolen/.ssh/known_hosts:108

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey

debug1: Next authentication method: publickey

debug1: Offering public key: /home/tnolen/.ssh/id_rsa

debug1: Server accepts key: pkalg ssh-rsa blen 149

debug1: Authentication succeeded (publickey).

debug1: channel 0: new [client-session]

debug1: Requesting no-more-sessions@openssh.com

debug1: Entering interactive session.

debug1: Sending environment.

debug1: Sending command:

echo '--**--**--';

chmod +x /home/tnolen/tmp/myhost.mydomain.com.fw;

sudo -S /home/tnolen/tmp/myhost.mydomain.com.fw && echo 'Policy activated'

Logged in

--**--**--

[sudo] password for tnolen:

Activating firewall script generated Mon May 17 09:22:17 2010 by tnolen

Running prolog script

# Removing ip address: eth0 10.42.101.197/28

# Adding ip address: eth0:1 10.42.101.197/28

SIOCSIFFLAGS: Cannot assign requested address

# Removing ip address: eth0:1 10.42.101.196/28

SIOCSIFFLAGS: Cannot assign requested address

--END


Obviously the "Cannot assign requested address" is the issue.  However, this issue was not present with the 3.x series.   Can anyone offer any insights as to what changed and what I need to change?


Trey Nolen