I have installed an up-to-date version of vuurmuur 0.8 on debian stretch.
What seems to happened, is for a deny rule for FTP, when the PREROUTING tables are initiated, iptables refuses to add the rules (that's what I understand)
I tried to open ticket through the trac interface but Akismet refuses my ticket several times "SPAM detection..." (and Environment don't have cnx properties...), therefore, here comme the info:
----------------------------------------------------------------------------------------------------------------------------------------------------------------
The installed version
# hostnamectl
Operating System: Debian GNU/Linux 9 (stretch)
Kernel: Linux 3.2.0-4-amd64
Architecture: x86-64
--------------------------------------------------------------------------------
# vuurmuur -V
Vuurmuur 0.8 (using libvuurmuur 0.8)
Copyright (C) 2002-2019 Victor Julien et al--------------------------------------------------------------------------------
# sha1sum vuurmuur_0.8-1stretch1_amd64.deb
50ec5cf7fb968c4f10b0ee8e31d3f69ff847de60 vuurmuur_0.8-1stretch1_amd64.deb
----------------------------------------------------------------------------------------------------------------------------------------------------------------What is happening--------------------------------------------------------------------------------
# cat rules.conf | grep -i ftp
RULE=";Drop service ftp from internet.wan to firewall options comment=\"/!\ error in vuurmuur\""--------------------------------------------------------------------------------
# cat vuurmuur-kFWPBu.failed | grep -i ftp
-A PREROUTING -i eth0 -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d xxx.yyy.zzz.www/255.255.255.255 --dport 21 -m connmark --mark 0 -j CT --helper ftp--------------------------------------------------------------------------------
# vuurmuur -b | grep -i ftp | head
# rule 13: Drop service ftp from internet.wan to firewall options comment="/!\ error in vuurmuur"
/sbin/iptables -t raw -A PREROUTING -i eth0 -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d xxx.yyy.zzz.www/255.255.255.255 --dport 21 -m connmark --mark 0 -j CT --helper ftp--------------------------------------------------------------------------------
# /sbin/iptables -t raw -A PREROUTING -i eth0 -s 0.0.0.0/0.0.0.0 --sport 1024:65535 -d xxx.yyy.zzz.www/255.255.255.255 --dport 21 -m connmark --mark 0 -j CT --helper ftp
iptables v1.6.0: unknown option "--sport"
Try `iptables -h' or 'iptables --help' for more information.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello,
I have installed an up-to-date version of vuurmuur 0.8 on debian stretch.
What seems to happened, is for a deny rule for FTP, when the PREROUTING tables are initiated, iptables refuses to add the rules (that's what I understand)
I tried to open ticket through the trac interface but Akismet refuses my ticket several times "SPAM detection..." (and Environment don't have cnx properties...), therefore, here comme the info:
Thanks for your report. I've fixed it in the git master:
https://github.com/inliniac/vuurmuur/pull/34
I'll try to figure out the akismet thing too.