Friday, August 30, 2013

'Firehol' Updates

Recently, I've been working on various software projects. One of them has involved integrating 'firehol' (a firewall management system) into a larger project of mine (more details later). Even though it is clear that the project was fairly mature it hasn't really been kept up to date of late. One of the main problems in my situation was the automated building of 'RPM' and 'DEB' packages. Digging through the various configuration files it was obvious that there some things that needed changing.

The first alterations required included the '.spec' file located in the root directory of the uncompressed archive. The 'COPYRIGHT' tag has to be changed to become the 'LICENSE' tag, a 'cheat' to get around the versioning problem when building the RPM is to change the line containing '#Source: %{name}-%{version}.tar.bz2' to 'Source: %{name}-1.tar.bz2'. This is required due to the way in which the tarball is dealth with at build time.
####Start Quote from .spec file####
Summary: An easy to use but powerfull iptables stateful firewall
Name: firehol
Version: 1
Release: 0
#Version: 1.273
#Release: rh7up
#Copyright: GPL
License: GPL
Group: Applications/Internet
#Source: %{name}-%{version}.tar.bz2
Source: %{name}-1.tar.bz2
####End Quote from .spec file####

Another problem is that it's still looking for a particular file called 'check-iana.sh' in the 'buildrpm.sh' script. You can either manually create the file to or else delete all references of this file from all relevant build files.

Several of the checking/scanning mechanisms in the 'get-iana.sh' file need to be re-examined. The obvious problems include the address from which the file is extracted, the mechanism which is used to parse this particular file (a rough approximation is given below but it should be given further review as my work is a quick hack to get things working), and also a file which is supposed to be generated '/etc/firehol/RESERVED_IPS' but isn't (via 'get-iana.sh'. It may simply be a case at examining the file further and working on it). The required changes are outlined below. The lines which are commented out represent the original content. The lines which aren't represent the altered files.

####Start Quote from get-iana.sh file####
#IPV4_ADDRESS_SPACE_URL="http://www.iana.org/assignments/ipv4-address-space"
IPV4_ADDRESS_SPACE_URL="http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt"

#wget -O - --proxy=off "${IPV4_ADDRESS_SPACE_URL}" |\
#        egrep "^[0-9]+/[0-9]+.*${IANA_RESERVED}"  |\
#        egrep -vi "${IANA_IGNORE}"                |\
#        cut -d ' ' -f 1                           |\

wget -O - --proxy=off "${IPV4_ADDRESS_SPACE_URL}"  |\
        egrep "^\ {1,}[0-9]+/[0-9]+.*"             |\
        egrep "(RESERVED|UNALLOCATED)"             |\
        egrep -vi "Multicast"                      |\
        sed 's/   //'                              |\
        cut -f1 -d ' '                             |\
####End Quote from get-iana.sh####

NOTE - the maintainer of the project has been contacted but has thus far not responded to any communication. The file involved is 'firehol-1.273.tar.bz2' downloaded from, http://en.sourceforge.jp/projects/sfnet_firehol/releases/ with the following MD5 checksum, 'cbbe1ba21cf44955827d5c906a55aa21'. For those who are lazy, I've uploaded updated files to:
https://sites.google.com/site/dtbnguyen/firehol-1-0.noarch.rpm,
57455222f6e5d8840bbf019751ade88b
https://sites.google.com/site/dtbnguyen/firehol_1-1_all.deb,
cd083ffa6285ccfc6661f41d78a74da9
https://sites.google.com/site/dtbnguyen/

Life in Vietnam 2, Data Recovery Work, and More

This is a continuation of my other post: http://dtbnguyen.blogspot.com/2017/04/life-in-vietnam-prophetspre-cogs-12-and.html - more Yo...