000webhost

Web hosting

Friday, August 30, 2013

'Firehol' Updates

Recently, I've been working on various software projects. One of them has involved integrating 'firehol' (a firewall management system) into a larger project of mine (more details later). Even though it is clear that the project was fairly mature it hasn't really been kept up to date of late. One of the main problems in my situation was the automated building of 'RPM' and 'DEB' packages. Digging through the various configuration files it was obvious that there some things that needed changing.

The first alterations required included the '.spec' file located in the root directory of the uncompressed archive. The 'COPYRIGHT' tag has to be changed to become the 'LICENSE' tag, a 'cheat' to get around the versioning problem when building the RPM is to change the line containing '#Source: %{name}-%{version}.tar.bz2' to 'Source: %{name}-1.tar.bz2'. This is required due to the way in which the tarball is dealt with at build time.
####Start Quote from .spec file####
Summary: An easy to use but powerfull iptables stateful firewall
Name: firehol
Version: 1
Release: 0
#Version: 1.273
#Release: rh7up
#Copyright: GPL
License: GPL
Group: Applications/Internet
#Source: %{name}-%{version}.tar.bz2
Source: %{name}-1.tar.bz2
####End Quote from .spec file####

Another problem is that it's still looking for a particular file called 'check-iana.sh' in the 'buildrpm.sh' script. You can either manually create the file to or else delete all references of this file from all relevant build files.

Several of the checking/scanning mechanisms in the 'get-iana.sh' file need to be re-examined. The obvious problems include the address from which the file is extracted, the mechanism which is used to parse this particular file (a rough approximation is given below but it should be given further review as my work is a quick hack to get things working), and also a file which is supposed to be generated '/etc/firehol/RESERVED_IPS' but isn't (via 'get-iana.sh'. It may simply be a case at examining the file further and working on it). The required changes are outlined below. The lines which are commented out represent the original content. The lines which aren't represent the altered files.

####Start Quote from get-iana.sh file####
#IPV4_ADDRESS_SPACE_URL="http://www.iana.org/assignments/ipv4-address-space"
IPV4_ADDRESS_SPACE_URL="http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt"

#wget -O - --proxy=off "${IPV4_ADDRESS_SPACE_URL}" |\
#        egrep "^[0-9]+/[0-9]+.*${IANA_RESERVED}"  |\
#        egrep -vi "${IANA_IGNORE}"                |\
#        cut -d ' ' -f 1                           |\

wget -O - --proxy=off "${IPV4_ADDRESS_SPACE_URL}"  |\
        egrep "^\ {1,}[0-9]+/[0-9]+.*"             |\
        egrep "(RESERVED|UNALLOCATED)"             |\
        egrep -vi "Multicast"                      |\
        sed 's/   //'                              |\
        cut -f1 -d ' '                             |\
####End Quote from get-iana.sh####

NOTE - the maintainer of the project has been contacted but has thus far not responded to any communication. The file involved is 'firehol-1.273.tar.bz2' downloaded from, http://en.sourceforge.jp/projects/sfnet_firehol/releases/ with the following MD5 checksum, 'cbbe1ba21cf44955827d5c906a55aa21'. For those who are lazy, I've uploaded updated files to:
firehol-1-0.noarch.rpm,
57455222f6e5d8840bbf019751ade88b
dtbnguyen/firehol_1-1_all.deb,
cd083ffa6285ccfc6661f41d78a74da9
https://sites.google.com/site/dtbnguyen/

- as usual thanks to all of the individuals and groups who purchase and use my goods and services

Saving Money (without Sacrificing), Random Stuff, and More

- use price matching when you can to get an extra discount. Note, a lot of companies advertise low prices just to get you through the door. ...