Because IANA now use (quite reasonably) an xml layout from which RESERVED_IPS is built, the get-iana.sh script supplied with the firehol ebuild doesn't work any more. If you delve far enough on the firehol web site, http://firehol.sourceforge.net/ , you can find a revised get-iana.sh, but it's output isn't right for the current firehol ebuild and format of the RESERVED_IPS file. I've attached a little Perl script of my own that outputs the required information to stdout and thus it's a simple matter to update RESERVED_IPS, like this:- # mv /etc/firehol/RESERVED_IPS /etc/firehol/RESERVED_IPS.old # get-iana.pl > /etc/firehol/RESERVED_IPS # firehol restart For the sake of comparison, I've also attached the latest get-iana.sh script scavenged from the firehol site, although it's not really suitable for the current firehol ebuild.
Created attachment 242315 [details] Perl version suitable for creating RESERVED_IPS
Created attachment 242317 [details] Bash script get-iana.sh - NOT suitable for the current firehol, supplied for reference
Created attachment 297205 [details] get-iana python version i'm rolling with the python version of get_iana right now, seems to be working fine. it probably came off [1], but it was too long ago to remember for sure. [1]: http://www.evardsson.com/blog/2010/06/28/fix-for-firehol-get-iana-script/
We are using latest upstream release, not sure why they don't provide a fixed script for their latest version or release a new version including the fix :S
Created attachment 303655 [details] RESERVED_IPS file Just touch this file from time to time to stop firehol complaining about the file being too old.
This file shouldn't change (and hasn't changed for months now) because all the available IPv4 space has been allocated.
Can you provide an updated ebuild with needed changes to fix this? Thanks a lot (I am not familiar at all with this, I am simply trying to get orphan packages a bit "maintained" ;))
I wish I could, Pacho, but I'm not a developer. I would need to be a recognised developer in order to have the appropriate access - I have thought about doing this, but haven't got around to it because it sounds a bit of an ordeal. As the the problem in-hand, I don't actually know (except in the vaguest outline) how ebuilds work, so I wouldn't know what to change. That said, if a developer were to pick this up, all he need do is supply the current RESERVED_IPS file because it won't change now that the IPv4 address space is exhausted.
Looks like firehol doesn't install /etc/firehol/RESERVED_IPS, it seems to be generated by firehol when running (not at installation time)... The way to go looks to use either get-iana.py script or patch .sh script :-/, does that python script from: http://www.evardsson.com/blog/2010/06/28/fix-for-firehol-get-iana-script/ still work for you? Do you have found any patches for .sh script?
Humble apologies, I dropped the ball on this one. Sorry for the delay getting back to you. Writing up a bug report elsewhere reminded me of this issue. I must confess I wrote the Perl script and it solved my problem, so I haven't bothered messing with any other possible solutions. With hindsight, my own solution is a bit crappy - there are much more elegant ways of parsing an XML file in Perl than my reinvention of the wheel approach. That said, it does the job. I think that given that the IPv4 space has been entirely allocated now, this file (/etc/firehol/RESERVED_IPS) should never change again. It depends a bit on how the powers that be decide to play things as things gradually shift to IPv6. Personally, I doubt that the IPv4 space will be maintained, and will just die a natural death in due course. On this basis, there's not much point in pursuing this matter. I don't think that it will be possible to maintain the IPv6 space in the same manner (because it's so huge), so again, there's no point in giving any more energy to this matter. If it were upto me, I'd tweak the package such that RESERVED_IPS is provided as per the attachment above by default since it's done with being changed now - a get-iana script of any sort is obsolete anyway. I don't know if others agree; but I'd close this one out. One could devote time to it, but there's really no point any more.
+*firehol-1.273-r2 (02 Apr 2012) + + 02 Apr 2012; Pacho Ramos <pacho@gentoo.org> + +files/firehol-1.273-log-output.patch, +firehol-1.273-r2.ebuild: + Add missing kernel checks (#310797 by Phil Koenig, Tom Knight, Tyler + Montbriand), use static and fixed RESERVED_IPS file (#332135 by Richard Gray), + handle errors better (#332507 by Tyler Montbriand). +
People in bug 410643 says the following script works fine, can you check? http://firehol.cvs.sourceforge.net/viewvc/firehol/firehol/get-iana.sh?revision=1.14
*** Bug 410643 has been marked as a duplicate of this bug. ***
(In reply to comment #12) > People in bug 410643 says the following script works fine, can you check? > http://firehol.cvs.sourceforge.net/viewvc/firehol/firehol/get-iana. > sh?revision=1.14
