Bug #7018: Fails to setup firewall rules at early boot stage

Bug #7018

Fails to setup firewall rules at early boot stage

Added by intrigeri 2014-04-03 11:46:17 . Updated 2017-01-24 20:47:56 .

Status:

Resolved

Priority:

Elevated

Assignee:

Category:

Target version:

Tails 2.10

Start date:

2014-04-03

Due date:

% Done:

100%

Feature Branch:

bugfix/7018-firewall-initial-setup

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

Description

ferm fails to apply the firewall rules at early boot, since the amnesia user was not created yet and we use uid matching. Luckily, we apply it as soon as a network interface gets up. Still, to avoid losing the race, we should have ferm load another, simpler and stricter, set of firewall rules at this time: blocking everything would be a bit safer.

Subtasks

Related issues

Has duplicate Tails - ~~Bug #11933~~: ferm does not start

Duplicate

2016-11-16

History

#1 Updated by BitingBird 2015-04-10 14:47:54

This ticket has priority elevated since a year. Should it be a hole in the roof?

#2 Updated by intrigeri 2015-04-14 13:00:45

> This ticket has priority elevated since a year. Should it be a hole in the roof?

I think so, yes.

#3 Updated by BitingBird 2015-04-14 15:40:32

Target version set to Hole in the Roof

#4 Updated by intrigeri 2016-06-10 04:26:23

A simpler way to fix that would be to s/uid-owner amnesia/uid-owner 1000/ in ferm.conf.

#5 Updated by intrigeri 2016-11-16 14:35:47

Status changed from Confirmed to In Progress
Assignee set to intrigeri
Target version changed from Hole in the Roof to Tails_2.9.1
% Done changed from 0 to 10
Feature Branch set to bugfix/7018-firewall-initial-setup

This bug breaks the test suite on Stretch, so let’s fix it properly, and while I’m at it why not fix it in Tails 2.x as well.

#6 Updated by intrigeri 2016-11-16 15:28:22

has duplicate ~~Bug #11933~~: ferm does not start added

#7 Updated by intrigeri 2016-11-16 17:01:27

Assignee changed from intrigeri to anonym
% Done changed from 10 to 50
QA Check set to Ready for QA

Works for me on Stretch and Jessie. Merged into feature/stretch already, but that was a Hole in the Roof so IMO it’s worth getting it into 2.8 as well.

#8 Updated by anonym 2016-11-25 15:28:11

Target version changed from Tails_2.9.1 to Tails 2.10

I was gonna merge it for 2.9, but skipped it since the branch is based on devel. Whatever. :)

#9 Updated by anonym 2016-11-28 17:20:06

Status changed from In Progress to Fix committed
Assignee deleted (~~anonym~~)
% Done changed from 50 to 100
QA Check changed from Ready for QA to Pass

#10 Updated by anonym 2017-01-24 20:47:56

Status changed from Fix committed to Resolved