[Firehol-support] firehol extra tools

Jerome BENOIT g6299304p at rezozer.net
Fri Jan 1 02:33:12 CET 2016


Hello Costa:

Thanks for your prompt reply.

Currently the debian pacakges for firehol is split into two packages:
firehol and fireqos.

For practical reasons, I have already add firehol-common,
and I am on my way to add vnetbuild .

This splitting approach sound reasonable to me because firehol, fireqos,
and vnetbuild have clearly different objectives. Of course, the package
firehol-common is meant to contain common material, so far only
functions.common.sh .

On the other hand, packages cannot be atomize ad infinitum.

Right now, I am wondering whether or not these extra tools might be put
in the firehol-common package. I was on the edge to introduce a firehol-tools
(or something) package, but it begins to get ridiculous.
What do you think ?

Thanks,
Jerome


On 01/01/16 02:17, Tsaousis, Costa wrote:
> I have to add that update-ipsets depends on iprange and uses it (like
> firehol does) to optimize the ipsets loaded in kernel for maximum
> performance.
> 
> update-ipsets also makes sure that IP lists downloaded from internet
> sources (it download everything from the maintainers sites), are
> parsed in such a way that no code injection is possible, and kernel
> updates are atomic, meaning that for every ipset kernel update either
> it succeeds and the new ipset is loaded, or it fails and the old ipset
> is left untouched - the ipset is never empty - not even for a
> nanosecond.
> 
> Costa
> 
> 
> On Fri, Jan 1, 2016 at 3:10 AM, Tsaousis, Costa <costa at tsaousis.gr> wrote:
>> link-balancer is a tool that allows to setup and maintain multiple
>> concurrently active, balanced gateways (default or any other kind). It
>> tries to fill the gap that the standard linux tools (like iproute2) do
>> not address (for example, when there is a balanced gateway setup and
>> one of them is lost, the whole gateway route is lost - it also allows
>> you to setup some kind of inheritance among routing tables).
>>
>> So, it is a tool that complements both firehol and fireqos, but is
>> independent of them. Currently firehol, fireqos and link-balancer
>> share only custom mark definitions (defined in firehol, saved in
>> /var/cache/firehol and loaded/used by fireqos and link-balancer - this
>> is only used to reference marks by name - the admin can define marks
>> by number to avoid this dependency).
>>
>> update-ipsets is again a standalone tool. It can complement any
>> firewall, not only firehol. It allows downloading and unifying third
>> party IP lists (the admin can configure more IP lists sources too) and
>> can update ipsets in kernel for any firewall (this is not firehol
>> specific - it will update ipsets in kernel for any netfilter ipset
>> based firewall).
>>
>> Costa
>>
>>
>> On Fri, Jan 1, 2016 at 2:25 AM, Jerome BENOIT <g6299304p at rezozer.net> wrote:
>>> Hello List:
>>>
>>> On 30/12/15 07:10, Tsaousis, Costa wrote:
>>>> Excellent!
>>>> Thank you.
>>>
>>> You are welcome.
>>>
>>>>
>>>> On Wed, Dec 30, 2015 at 7:18 AM, Jerome BENOIT <g6299304p at rezozer.net> wrote:
>>>>> Hello Forum:
>>>>>
>>>>> I am please to announce that iprange is reaching Debian Sid.
>>>>> For now the package is in the NEW queue [1],
>>>>> while the git debian material is available a Alioth [2].
>>>>>
>>>>> Now I will focus on refreshing the debian material for firehol and its friends.
>>>
>>> My current understanding is that update-ipsets is a tool meant to be used with firehol .
>>> Concerning link-balancer , is it meant to be used with firehol ? or fireqos ?
>>>
>>> Thanks in advance,
>>> Jerome
>>>
>>>
>>>
>>>
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Jerome
>>>>>
>>>>>
>>>>> [1] https://ftp-master.debian.org/new/iprange_1.0.2%2Bds-1.html
>>>>> [2] https://anonscm.debian.org/cgit/collab-maint/iprange.git/
>>>>> _______________________________________________
>>>>> Firehol-support mailing list
>>>>> Firehol-support at lists.firehol.org
>>>>> http://lists.firehol.org/mailman/listinfo/firehol-support


More information about the Firehol-support mailing list