Re: firehol as a target for volatile
On Tue, Aug 29, 2006 at 05:11:49PM +0200, Martin Zobel-Helas wrote:
> Hi Stephen,
>
> On Tue, Aug 29, 2006 at 02:33:38PM +0100, Stephen Gran <sgran@debian.org> wrote:
>
> > This one time, at band camp, Alexander Wirt said:
> > > Hi folks,
> > >
> > > firehol, a frontend for iptables, includes some a variable of reserved IPs.
> > > These IPs are provided by the IANA [1] unfortunatly there ranges are not as
> > > stable as I would wish, they change from time to time. As firehol can block
> > > that comes from reserved networks it gets into trouble if these data is
> > > outdated. I had some reports in the BTS (#357250) that reported real world
> > > package loss due to that problem. As I don't think this should be targeted by
> > > stable uploads volatile seems to be the right place for me. The change would
> > > only be a oneliner (replace the old ranges with the new ones). If nobody has
> > > objections I would provide provide an updated package to volatile.
> >
> > Actually, a simple one line change seems reasonably appropriate for a
> > stable point release to me. Aba, zobel, what do you think?
> mh, these IP ranges are in what we define "volatile data". :)
If this is a bogon list, then this is a recurring issue that comes up for a number
of packages (for example sendmail had such a list at one time which was removed
due to the maintenance dificulty, ISTR an NIDS or pen-testing app which also
had one, and I had a conversation with another firewall author about this not
so long ago)
It would be nice if there could be a single volatile data package for this,
although I realise that making that work with the various packages might be
more work than it's worth, and is not in any case a short-term solution.
Regards,
Paddy
--
Perl 6 will give you the big knob. -- Larry Wall
Reply to: