[Firehol-support] Dynamic hosts (eg no-ip) and fail2ban

Jason Harris jason at unifiedthought.com
Mon Dec 14 12:32:55 GMT 2015

Thanks Phil!

I didn’t know about checkinstall. It looks to be very useful! 

I got a deb package up for the iprange install… however for the firehol install it seems checkinstall had some problems? This might be a little off topic but I get:

root at testfiretwo:/tmp/firehol.git# sudo checkinstall make install


This package will be built according to these values: 

0 -  Maintainer: [ root at testfiretwo ]
1 -  Summary: [ firehol 3.0.0 install package ]
2 -  Name:    [ firehol.git ]
3 -  Version: [ 3.0.0 ]
4 -  Release: [ 1 ]
5 -  License: [ GPL ]
6 -  Group:   [ checkinstall ]
7 -  Architecture: [ amd64 ]
8 -  Source location: [ firehol.git ]
9 -  Alternate source location: [  ]
10 - Requires: [  ]
11 - Provides: [ firehol.git ]
12 - Conflicts: [  ]
13 - Replaces: [  ]

Enter a number to change any of them or press ENTER to continue: 

Installing with make install...

========================= Installation results ===========================
Making install in sbin
make[1]: Entering directory '/tmp/firehol.git/sbin'
make[2]: Entering directory '/tmp/firehol.git/sbin'
 /bin/mkdir -p '/usr/sbin'
 /usr/bin/install -c firehol fireqos link-balancer update-ipsets vnetbuild '/usr/sbin'
 /bin/mkdir -p '/usr/lib/firehol'
 /usr/bin/install -c -m 644 functions.common.sh '/usr/lib/firehol'
make[2]: Leaving directory '/tmp/firehol.git/sbin'
make[1]: Leaving directory '/tmp/firehol.git/sbin'
Making install in etc
make[1]: Entering directory '/tmp/firehol.git/etc'
make[2]: Entering directory '/tmp/firehol.git/etc'
make[2]: Nothing to be done for 'install-exec-am'.
 /bin/mkdir -p '/etc/firehol'
 /usr/bin/install -c -m 644 firehol.conf.example fireqos.conf.example '/etc/firehol'
 /bin/mkdir -p '/etc/firehol/services'
 /usr/bin/install -c -m 644 bittorrent.conf.example '/etc/firehol/services'
make[2]: Leaving directory '/tmp/firehol.git/etc'
make[1]: Leaving directory '/tmp/firehol.git/etc'
Making install in examples
make[1]: Entering directory '/tmp/firehol.git/examples'
make[2]: Entering directory '/tmp/firehol.git/examples'
make[2]: Nothing to be done for 'install-exec-am'.
 /bin/mkdir -p '/usr/share/doc/firehol/examples'
/bin/mkdir: cannot create directory ‘/usr/share/doc/firehol’: No such file or directory
Makefile:411: recipe for target 'install-examplesDATA' failed
make[2]: *** [install-examplesDATA] Error 1
make[2]: Leaving directory '/tmp/firehol.git/examples'
Makefile:481: recipe for target 'install-am' failed
make[1]: *** [install-am] Error 2
make[1]: Leaving directory '/tmp/firehol.git/examples'
Makefile:426: recipe for target 'install-recursive' failed
make: *** [install-recursive] Error 1

****  Installation failed. Aborting package creation.

Cleaning up...OK


root at testfiretwo:/tmp/firehol.git# 


But although a tiny bit of a pain. This means I / others could create a deb file fairly easy and then deploy this in production without all the other developer baggage!


> On Dec 14, 2015, at 8:52 AM, Phil Whineray <phil at firehol.org> wrote:
> Hi Jason
> On Sat, Dec 12, 2015 at 07:02:58PM +0100, Jason Harris wrote:
>> Ok. I got around to having some time this weekend. To build this (on latest debian jessie) in addition to your listed build steps you also need:
>>   apt-get install autoconf build-essential curl ipset
>> This is kind of disappointing since it loads a bunch of gunk onto a production node, (i.e. some 200MB’s of stuff just to get the small firehol firewall. I guess I could remove most of this after the build process… Still this is not so nice for eg ansible,chef, puppet, saltstack, etc which are used to provision vm’s.)
> This will mostly be down to build-essential, required to build iprange,
> I expect. 
> iprange really needs packaging by the distros before there will be a low
> overhead version. Where the scripts of firehol are easily packaged for
> any platform, binary programs should generally be compiled to the
> correct environment and certainly to the correct arch. That limits what
> we can do from here.
> Thanks for perservering, though. Until iprange is packaged, here are
> a few thoughts:
> Docker (package docker.io in jessie-backports [1]) seems to me a great
> way to keep a clean production system but build binaries with
> dependencies. I never heard of that use until I read Julia Evans'
> post [2].
> When I'm creating .deb files for programs without them I use
> checkinstall [3].
> Cheers
> Phil
> [1] https://packages.debian.org/jessie-backports/docker.io
> [2] http://jvns.ca/blog/2015/11/09/docker-is-amazing/
> [3] https://packages.debian.org/jessie/checkinstall

More information about the Firehol-support mailing list