[Firehol-support] [ANNOUNCE] FireHOL 2.0.0-rc.1 released

Thu Sep 18 21:57:38 BST 2014

Hello Chris,

On 18/09/14 21:52, Chris Francy wrote:
> I am looking at the
> [changelog](http://metadata.ftp-master.debian.org/changelogs//main/f/firehol/firehol_2.0.0~rc.1+ds-1_changelog)
> for the the version in [experimental
> repository](https://packages.debian.org/experimental/firehol) today
> and I saw this note.
> 
>   * Debianization:
> and fireqos-doc;
>      - firehol has been moved from /sbin to /usr/sbin for consistency

I did the move because I realised that it was an illusion to keep firehol
in /sbin given that the firehol script uses a large amount of utilities
that are in /usr/bin ot /usr/sbin

> 
> This particular entry concerns me.  I believe the firehol binary was
> in `/sbin` because network comes up before `/usr` is mounted, this is
> to accommodate systems where /usr is nfs mounted, which is permitted
> per the FHS.  Souldn't I be able to expect the firewall should be able
> to function even if `/usr` cannot be mounted?

I am agree, but my understanding is that if /usr is not mounted then
firehol cannot fully work.

> 
> Seeing this also encouraged me to go look at the /etc/init.d/firehol
> and I see it has `# Default-Start: 2 3 4 5`.  I had expected to see `#
> Default-Start: S`.
> 
> Another common firewall package shorewall leaves the main binaries in
> /sbin, and starts in the single user runlevel.

After a quick look, it appears that shorewall has material in /usr/share:
is it again an illusion ?

> 
> Chris Francy
> 
> P.S.  I believe Jerome Benoit, the Debian maintainer, is subscribed
> here, but should I also add a bug to the Debian bugtracker for this?

Feel free to do so; it might be related to #536362 .

Best wishes,
Jerome

> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
> 