Page MenuHomePhabricator
Create Task
Maniphest T68

use /etc/network/if-pre-up.d/ instead of /etc/network/interfaces to load Whonix's firewall
Closed, ResolvedPublic
Actions

Description

Debian bug #700811: interface comes up even if a script in /etc/network/if-pre-up.d/ fails has been fixed.

It would be better to drop Whonix-Workstation's (optional) and Whonix-Gateway's firewall load hook in /etc/network/if-pre-up.d/ than doing what we're doing right now (using pre-up in /etc/network/interfaces). This would make /etc/network/interfaces cleaner, easier to port and more difficult for users to remove pre-up from /etc/network/interfaces and shoot their own feet.

We have to wait until Debian Jessie gets stable, because this bug ix not fixed in Debian Wheezy.

Details

Impact
Needs Triage

Event Timeline

JasonJAyalaP created this task.Jan 13 2015, 11:12 PM
JasonJAyalaP raised the priority of this task from to Normal.
JasonJAyalaP updated the task description. (Show Details)
JasonJAyalaP added projects: Whonix, enhancement, security, usability.
JasonJAyalaP added subscribers: Patrick, troubadour, JasonJAyalaP.
Patrick added a project: Debian version 8 codename Jessie.Jan 13 2015, 11:19 PM
Patrick added a project: Whonix 11.May 23 2015, 1:12 PM
Patrick set Impact to Needs Triage.
Patrick added subscribers: nrgaway, HulaHoop.
Herald added a subscriber: WhonixQubes. · View Herald TranscriptMay 23 2015, 1:12 PM
Patrick claimed this task.May 23 2015, 1:31 PM
Patrick changed the task status from Open to Review.May 23 2015, 1:50 PM

Removed 'pre-up /usr/bin/whonix_firewall', because /etc/network/if-pre-up.d to load the firewall, because of a Debian upstream bug interface comes up even if a script in /etc/network/if-pre-up.d/ fails http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. - https://phabricator.whonix.org/T68:

Made package more standalone. Requiring 'pre-up /usr/bin/whonix_firewall' in /etc/network/interfaces is no longer necessary. Added etc/network/if-pre-up.d/30_whonix_firewall to load the firewall, because of a Debian upstream bug 'interface comes up even if a script in /etc/network/if-pre-up.d/ fails' http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700811 was fixed. - https://phabricator.whonix.org/T68:

HulaHoop added a comment.May 23 2015, 2:27 PM

Can firewalld help here? https://packages.debian.org/jessie/firewalld

Patrick added a comment.May 23 2015, 3:06 PM
In T68#4883, @HulaHoop wrote:

Can firewalld help here? https://packages.debian.org/jessie/firewalld

There is currently no problem that needs to be solved.

Patrick closed this task as Resolved.May 24 2015, 2:35 PM

Done, tested and functional in Whonix 11.0.0.2.0-developers-only.

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer