Package: firehol
Version: 1.231-7
Severity: normal
Tags: patch
Hi,
As firehol tutorial said, I have created an example configuration file using
"/etc/init.d/firehol helpme > firehol.conf".
However, that configuration file have some errors.
I think these errors are only present in Debian's firehol, not present in
original firehol script.
1) "/etc/init.d/firehol helpme" command outputs "Starting firehol wizard:\n" to
STDOUT,
thus a file created by "/etc/init.d/firehol helpme > firehol.conf" contains
"Starting firehol wizard:\n" at line 1.
The text "Starting firehol wizard:\n" should be output to STDERR (or remove
log_daemon_msg "Starting $NAME wizard" from /etc/init.d/firehol).
2) "/etc/init.d/firehol helpme" (actually /usr/sbin/firehol-wizard) outputs
empty shebang("#!").
/usr/sbin/firehol-wizard puts "#!${FIREHOL_FILE}\n" at first,
but FIREHOL_FILE variable is not defined and will puts just "#!\n" line.
FIREHOL_FILE variable is only defined in /sbin/firehol.
Additionally, I have found one more small error in /sbin/firehol.
Starting /sbin/firehol without arguments, it shows many help messages.
In that help message, no entries shown after "FireHOL supports the following
services (sorted by name):".
The services are read from /sbin/firehol as follow (Note: $me refers
"/sbin/firehol"):
# The simple services
${CAT_CMD} "${me}" |\
${GREP_CMD} -e "^server_.*_ports=" |\
${CUT_CMD} -d '=' -f 1 |\
${SED_CMD} "s/^server_//" |\
${SED_CMD} "s/_ports\$//"
It found no services since all service definitions have moved to
/lib/firehol/firehol.
So that above commands should be changed like following:
# The simple services
${CAT_CMD} "${FIREHOL_LIB}" |\
${GREP_CMD} -e "^server_.*_ports=" |\
${CUT_CMD} -d '=' -f 1 |\
${SED_CMD} "s/^server_//" |\
${SED_CMD} "s/_ports\$//"
I have attached a patch to fix these problem.
Regards,
Morita Sho
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18.8mytest (SMP w/1 CPU core)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages firehol depends on:
ii bash 3.1dfsg-8 The GNU Bourne Again SHell
ii iproute 20061002-4 Professional tools to control the
ii iptables 1.3.6.0debian1-5 administration tools for packet fi
ii net-tools 1.60-17 The NET-3 networking toolkit
Versions of packages firehol recommends:
ii curl 7.16.2-3 Get a file from an HTTP, HTTPS or
ii module-init-tools 3.3-pre4-2 tools for managing Linux kernel mo
ii wget 1.10.2-2 retrieves files from the web
-- no debconf information
diff -ur firehol-1.231.orig/debian/init.d/firehol
firehol-1.231/debian/init.d/firehol
--- firehol-1.231.orig/debian/init.d/firehol 2007-05-16 01:54:11.000000000
+0900
+++ firehol-1.231/debian/init.d/firehol 2007-05-16 01:53:11.000000000 +0900
@@ -36,7 +36,7 @@
log_end_msg 0
;;
helpme)
- log_daemon_msg "Starting $NAME wizard"
+ log_daemon_msg "Starting $NAME wizard" 1>&2
/usr/sbin/firehol-wizard
;;
restart|force-reload)
diff -ur firehol-1.231.orig/firehol-wizard.sh firehol-1.231/firehol-wizard.sh
--- firehol-1.231.orig/firehol-wizard.sh 2007-05-16 01:54:11.000000000
+0900
+++ firehol-1.231/firehol-wizard.sh 2007-05-16 01:53:11.000000000 +0900
@@ -339,7 +339,7 @@
EOF
-echo >&2 "${FIREHOL_FILE} helpme >/tmp/firehol.conf"
+echo >&2 "/etc/init.d/firehol helpme >/tmp/firehol.conf"
echo >&2
echo >&2
@@ -398,7 +398,7 @@
echo >&2
#Create the head of the config-file:
-echo "#!${FIREHOL_FILE}"
+echo "#!/sbin/firehol"
echo "#
------------------------------------------------------------------------------"
echo "# This feature is under construction -- use it with care."
echo "# *** NEVER USE THIS CONFIG AS-IS ***"
diff -ur firehol-1.231.orig/firehol.sh firehol-1.231/firehol.sh
--- firehol-1.231.orig/firehol.sh 2007-05-16 01:54:11.000000000 +0900
+++ firehol-1.231/firehol.sh 2007-05-16 01:56:43.000000000 +0900
@@ -336,14 +336,14 @@
(
# The simple services
- ${CAT_CMD} "${me}" |\
+ ${CAT_CMD} "${FIREHOL_LIB}" |\
${GREP_CMD} -e "^server_.*_ports=" |\
${CUT_CMD} -d '=' -f 1 |\
${SED_CMD} "s/^server_//" |\
${SED_CMD} "s/_ports\$//"
# The complex services
- ${CAT_CMD} "${me}" |\
+ ${CAT_CMD} "${FIREHOL_LIB}" |\
${GREP_CMD} -e "^rules_.*()" |\
${CUT_CMD} -d '(' -f 1 |\
${SED_CMD} "s/^rules_/(*) /"
