Discussion:
[Shorewall-users] Are the Shorewall 5 rpms okay to use on this newer distribution?
l***@tutanota.com
2016-06-19 16:22:12 UTC
Permalink
I use the Opensuse distribution.

The firewall software that is included is not good for my use.  I would like
to make a switch to Shorewall.

I see that the packages for Shorewall version 5 are not made for it in the
Opensuse repositories any longer.  Only for version 4.

I read in the documentations

    http://shorewall.net/download.htm#Sites

that the

    "If you run a SuSE, Linux PPC, Trustix or TurboLinux distribution with a
2.4 or 2.6 kernel, you can use the standard RPM version (note: the RPM should
also work with other distributions that store init scripts in /etc/init.d and
that include chkconfig or insserv)."

On the Opensuse machines I have are more modern kernels, versions 4.1+ &
4.6+.

Also it is using systemd startup now, not the init.d scripts any longer.

Are the Shorewall RPMs that I can find in here

    http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9

okay, including the systemd files and etc, for this more modern distro?
Tom Eastep
2016-06-19 20:09:17 UTC
Permalink
Post by l***@tutanota.com
I use the Opensuse distribution.
The firewall software that is included is not good for my use. I
would like to make a switch to Shorewall.
I see that the packages for Shorewall version 5 are not made for it
in the Opensuse repositories any longer. Only for version 4.
I read in the documentations
http://shorewall.net/download.htm#Sites
that the
"If you run a SuSE, Linux PPC, Trustix or TurboLinux distribution
with a 2.4 or 2.6 kernel, you can use the standard RPM version
(note: the RPM should also work with other distributions that store
init scripts in /etc/init.d and that include chkconfig or
insserv)."
On the Opensuse machines I have are more modern kernels, versions
4.1+ & 4.6+.
Also it is using systemd startup now, not the init.d scripts any longer.
Are the Shorewall RPMs that I can find in here
http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9
<http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9/>
okay, including the systemd files and etc, for this more modern distro?
Unfortunately, no.

- -Tom

- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
l***@tutanota.com
2016-06-19 21:24:26 UTC
Permalink
Post by Tom Eastep
Post by l***@tutanota.com
Are the Shorewall RPMs that I can find in here
http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9>>
<>> http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9>> >
okay, including the systemd files and etc, for this more modern distro?
Unfortunately, no.
Okay , so are there other possibilities for RPMs?  Or another way to do it on
this distrobution?

Or is it not supported on this distribution any longer? 
Tom Eastep
2016-06-20 22:34:09 UTC
Permalink
Post by l***@tutanota.com
Are the Shorewall RPMs that I can find in here
http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9
<http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9
<http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9/>>
okay, including the systemd files and etc, for this more modern distro?
Unfortunately, no.
Okay , so are there other possibilities for RPMs? Or another way
to do it on this distrobution?
Or is it not supported on this distribution any longer?
You can certainly install it from the tarballs.

When you run configure (or configure.pl), you will need to:

- - Set SERVICEDIR to the directory where the .service files are to be
installed.
- - Set INITFILE=
- - Set PERLLIBDIR to the directory where the Shorewall/* Perl modules
are to be installed.

For 5.0.10, I will update the .rpm to make similar changes.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Bruno Friedmann
2016-06-27 14:49:36 UTC
Permalink
Post by Tom Eastep
Post by l***@tutanota.com
Are the Shorewall RPMs that I can find in here
http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9>>
<>> http://www.shorewall.net/pub/shorewall/5.0/shorewall-5.0.9>> >
okay, including the systemd files and etc, for this more modern distro?
Unfortunately, no.
Okay , so are there other possibilities for RPMs? Or another way to do it
on this distrobution?
Or is it not supported on this distribution any longer?
If you are at the stage of building it from zero, why not trying to branch
the existing package on OBS, try to update it, and submit it back
to the repository ?

It was my intention to continue to develop it and keep shorewall up to date
on openSUSE, but still until now, my free time was too short ;-)
--
Bruno Friedmann
Ioda-Net Sàrl www.ioda-net.ch
Bareos Partner, openSUSE Member, fsfe fellowship
GPG KEY : D5C9B751C4653227
irc: tigerfoot
l***@tutanota.com
2016-06-27 15:37:17 UTC
Permalink
Post by Bruno Friedmann
If you are at the stage of building it from zero, why not trying to branch
the existing package on OBS, try to update it, and submit it back
to the repository ?
Becuase for me the firewall package is a high priority and important to be an
official maintained one.  I need to have a package to depend on.  I think it
may be true for others also.

Shorewall project is very excellent in maintenance.  The discussions and bug
fixing are very alive!  So it is obvious that the Shorewall project holds the
shorewall application in high priority.

For Opensuse although it is the distribution I use for now the shorewall
application does not seem a priority to the project.  It is not an official
package for a long time.  I think there was never even one version 5 ?

With these new packages from Tom Eastep there is now something official that
has high priority focus.  I will learn and test them and provide the feedback
here.

If it becomes as I truly hope the accepted practice to make these rpms inside
the Shorewall project, I do not see the advantage of doing it separately in a
nonofficial 'home' project at Opensuse.
Bruno Friedmann
2016-06-28 08:21:17 UTC
Permalink
Post by l***@tutanota.com
Post by Bruno Friedmann
If you are at the stage of building it from zero, why not trying to branch
the existing package on OBS, try to update it, and submit it back
to the repository ?
Becuase for me the firewall package is a high priority and important to be
an official maintained one. I need to have a package to depend on. I
think it may be true for others also.
Shorewall project is very excellent in maintenance. The discussions and bug
fixing are very alive! So it is obvious that the Shorewall project holds
the shorewall application in high priority.
For Opensuse although it is the distribution I use for now the shorewall
application does not seem a priority to the project. It is not an official
package for a long time. I think there was never even one version 5 ?
With these new packages from Tom Eastep there is now something official that
has high priority focus. I will learn and test them and provide the
feedback here.
If it becomes as I truly hope the accepted practice to make these rpms
inside the Shorewall project, I do not see the advantage of doing it
separately in a nonofficial 'home' project at Opensuse.
It was not question about making it available in "home" project.
The idea is to have it inside the main oss repository but for that
the procedure is, branch actual 4.x version in server:security
update it, submit it back to server:security
it will then move to Factory and Tumbleweed, we can eventually even
think about making an update for Leap.

We will always welcome contributions.
--
Bruno Friedmann
Ioda-Net Sàrl www.ioda-net.ch
Bareos Partner, openSUSE Member, fsfe fellowship
GPG KEY : D5C9B751C4653227
irc: tigerfoot
Tom Eastep
2016-06-28 16:59:36 UTC
Permalink
Post by Bruno Friedmann
Post by l***@tutanota.com
Post by Bruno Friedmann
If you are at the stage of building it from zero, why not
trying to branch the existing package on OBS, try to update it,
and submit it back to the repository ?
Becuase for me the firewall package is a high priority and
important to be an official maintained one. I need to have a
package to depend on. I think it may be true for others also.
Shorewall project is very excellent in maintenance. The
discussions and bug fixing are very alive! So it is obvious that
the Shorewall project holds the shorewall application in high
priority.
For Opensuse although it is the distribution I use for now the
shorewall application does not seem a priority to the project.
It is not an official package for a long time. I think there was
never even one version 5 ?
With these new packages from Tom Eastep there is now something
official that has high priority focus. I will learn and test
them and provide the feedback here.
If it becomes as I truly hope the accepted practice to make these
rpms inside the Shorewall project, I do not see the advantage of
doing it separately in a nonofficial 'home' project at Opensuse.
It was not question about making it available in "home" project.
The idea is to have it inside the main oss repository but for that
the procedure is, branch actual 4.x version in server:security
update it, submit it back to server:security it will then move to
Factory and Tumbleweed, we can eventually even think about making
an update for Leap.
We will always welcome contributions.
And I prefer to have contributors maintain distribution-specific
packages rather than having them included in the releases from
shorewall.net.

- -Tom
- --
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
Loading...