Re: firehol as a target for volatile

To: debian-volatile@lists.debian.org
Subject: Re: firehol as a target for volatile
From: Stephen Gran <sgran@debian.org>
Date: Wed, 30 Aug 2006 14:18:26 +0100
Message-id: <[🔎] 20060830131826.GA4766@www.lobefin.net>
In-reply-to: <[🔎] 20060830110912.GE30631@cobalt0.panici.net>
References: <[🔎] 20060827164537.GG10947@formorer.de> <[🔎] 20060829133338.GB384@www.lobefin.net> <[🔎] 20060829151149.GP15020@frigg.ftbfs.de> <[🔎] 20060830110912.GE30631@cobalt0.panici.net>

This one time, at band camp, paddy said:
> On Tue, Aug 29, 2006 at 05:11:49PM +0200, Martin Zobel-Helas wrote:
> > Hi Stephen,
> > 
> > On Tue, Aug 29, 2006 at 02:33:38PM +0100, Stephen Gran <sgran@debian.org> wrote:
> > 
> > > This one time, at band camp, Alexander Wirt said:
> > > > Hi folks, 
> > > > 
> > > > firehol, a frontend for iptables, includes some a variable of reserved IPs.
> > > > These IPs are provided by the IANA [1] unfortunatly there ranges are not as
> > > > stable as I would wish, they change from time to time. As firehol can block
> > > > that comes from reserved networks it gets into trouble if these data is
> > > > outdated. I had some reports in the BTS (#357250) that reported real world
> > > > package loss due to that problem. As I don't think this should be targeted by
> > > > stable uploads volatile seems to be the right place for me. The change would
> > > > only be a oneliner (replace the old ranges with the new ones). If nobody has
> > > > objections I would provide provide an updated package to volatile. 
> > > 
> > > Actually, a simple one line change seems reasonably appropriate for a
> > > stable point release to me.  Aba, zobel, what do you think?
> > mh, these IP ranges are in what we define "volatile data". :)
> 
> If this is a bogon list, then this is a recurring issue that comes up for a number
> of packages (for example sendmail had such a list at one time which was removed 
> due to the maintenance dificulty, ISTR an NIDS or pen-testing app which also
> had one, and I had a conversation with another firewall author about this not
> so long ago)  
> 
> It would be nice if there could be a single volatile data package for this, 
> although I realise that making that work with the various packages might be 
> more work than it's worth, and is not in any case a short-term solution.

Actually, there are scripts floating around that download the current
bogon list.  Making a small package that cron's this and just having
everyone else parse and use the list might be the simplest.  That
doesn't even have to go in volatile, unless the website changes url
or something.
-- 
 -----------------------------------------------------------------
|   ,''`.                                            Stephen Gran |
|  : :' :                                        sgran@debian.org |
|  `. `'                        Debian user, admin, and developer |
|    `-                                     http://www.debian.org |
 -----------------------------------------------------------------

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- firehol as a target for volatile
  - From: Alexander Wirt <formorer@debian.org>
- Re: firehol as a target for volatile
  - From: Stephen Gran <sgran@debian.org>
- Re: firehol as a target for volatile
  - From: Martin Zobel-Helas <zobel@ftbfs.de>
- Re: firehol as a target for volatile
  - From: paddy <paddy@panici.net>

Prev by Date: Re: firehol as a target for volatile
Previous by thread: Re: firehol as a target for volatile
Index(es):
- Date
- Thread