You are not logged in.
Hello,
Ubuntu hardy introduces a new firewall ufw (Uncomplicated Firewall).
It's a tool for host-based iptables firewall configuration. This tool should provide an easy to use interface to the user, as well as support package integration and dynamic-detection of open ports.
It strikes me that this can make a good high level solution for configuring iptables on arch. It's very similar to the way network is set up with ethtool. What is your thoughts on this? I'm actually asking if this would be a solution that could be implemented to arch core, not to forget that it will be highly maintained, thus reduce the work for the arch team.
https://wiki.ubuntu.com/UbuntuFirewall
Last edited by hardframed (2008-02-10 20:10:33)
With a linux system, you can smell the victory.
With a arch system, you can taste it.
Offline
Here's a pkgbuild:
# Unfinished - need to replace /etc/init.d/ufw
pkgname=ufw
pkgver=0.16
pkgrel=1
pkgdesc="Ubuntu's Uncomplicated Firewall"
arch=(i686 x86_64)
# http://packages.ubuntu.com/hardy/ucf
url="https://launchpad.net/ufw"
license=('GPL')
depends=('iptables>=1.3.3' 'python>=2.5')
source=(http://archive.ubuntu.com/ubuntu/pool/main/u/ufw/ufw_${pkgver}.tar.gz)
md5sums=('cb077dca1cecd41e49b151c4ca5cc947')
build() {
cd ${startdir}/src/ufw-${pkgver} || return 1
python ./setup.py install --root=$startdir/pkg/ || return 1
# Docs
mkdir -p $startdir/pkg/usr/share/doc/$pkgname
install -m644 -t $startdir/pkg/usr/share/doc/$pkgname/ README* TODO || return 1
}
Offline
Hi,
I have tried running ufw on Arch but there seems to be a dependency missing. When compiling from source or using this PKGBUILD ufw installs fine but fails starting due to the following missing file referred by in the init script:
. /lib/lsb/init-functions
from what I can tell it is a default script providing a logging mechanism for ubuntu or something. Removing the sourcing of this file does not helps because it seems to refer to the functions used in the init script like "log_failure_msg"
ufw seems like a nice CLI addition for quickly setting up a firewall without the need for a large GUI solution but a bit more userfriendly then iptables.
stefan.
"root# su - bofh"
OS: F10_x64, Arch, Centos5.3, RHEL4.7, RHEL5.3
Desktop Hardware: Dell Precision M65 laptop, core2duo, 2gb, 80gb 7200rpm
Registered linux user #459910 since 1998
Offline
I suppose you already know about fireHOL? Just a thought. ufw sounds nice though. iptables is not only complicated (to the average joe), it's also dangerous if you don't know what you're doing....
"Your beliefs can be like fences that surround you.
You must first see them or you will not even realize that you are not free, simply because you will not see beyond the fences.
They will represent the boundaries of your experience."
SETH / Jane Roberts
Offline
In Ubuntu, /lib/lsb/init-functions is part of the package lsb-base.
Offline
well i got it working by just adding init-functions from the lsb-base source to /lib/lsb
http://archive.ubuntu.com/ubuntu/pool/m … tu1.tar.gz
i will try to whip it up in an updated pkg-build when i have the time. so far installing it from source with the init-functions in place does the trick. i must say that ufw works pretty nice, I know my way around iptables but this does simplify things and without a cumbersome GUI, I'd say it is rather KISS of ubuntu to have implemented this. I am sure ubuntu users will start to complain about the CLI and that for 8.10 they will have a GUI but for me a "ufw allow ssh" seems really elegant.
stefan
"root# su - bofh"
OS: F10_x64, Arch, Centos5.3, RHEL4.7, RHEL5.3
Desktop Hardware: Dell Precision M65 laptop, core2duo, 2gb, 80gb 7200rpm
Registered linux user #459910 since 1998
Offline
Does it play nice wit moblock?
Offline
Does it play nice wit moblock?
haven't tested myself but from what I know of moblock (peerguardianish host blocking) here shouldn't be any reason why it would not, it is merely a simple CLI interface for good-old-iptables, so if i the end you will just get your old-school iptables rules back just in a more easy way to enter them.
stefan
Last edited by stefan1975 (2008-05-12 13:54:06)
"root# su - bofh"
OS: F10_x64, Arch, Centos5.3, RHEL4.7, RHEL5.3
Desktop Hardware: Dell Precision M65 laptop, core2duo, 2gb, 80gb 7200rpm
Registered linux user #459910 since 1998
Offline
well i got it working by just adding init-functions from the lsb-base source to /lib/lsb
http://archive.ubuntu.com/ubuntu/pool/m … tu1.tar.gz
i will try to whip it up in an updated pkg-build when i have the time. so far installing it from source with the init-functions in place does the trick. i must say that ufw works pretty nice, I know my way around iptables but this does simplify things and without a cumbersome GUI, I'd say it is rather KISS of ubuntu to have implemented this. I am sure ubuntu users will start to complain about the CLI and that for 8.10 they will have a GUI but for me a "ufw allow ssh" seems really elegant.
stefan
You mind to tell me how to fix what is missing?
Better, do I have to install LSB?
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
We have LSB 1.4-4 in AUR.
Offline
You mind to tell me how to fix what is missing?
Better, do I have to install LSB?
no you do not have to install LSB. there may be a more elegant way of fixing this, but at least it works as follows:
1) download lsb ubuntu package
2) tar zxvf lsb.tar.gz
3) look up file init-functions in sub folder of extracted source package for lsb
4) sudo mkdir /lib/lsb
5) cp init-functions /lib/lsb
6) download and install ufw from source
7) with the init-functions in place you are all set and can run it just fine
this does not mean it "integrates" with Arch like in /etc/rc.d and can just be started like a daemon in /etc/rc.conf (yet).
stefan
"root# su - bofh"
OS: F10_x64, Arch, Centos5.3, RHEL4.7, RHEL5.3
Desktop Hardware: Dell Precision M65 laptop, core2duo, 2gb, 80gb 7200rpm
Registered linux user #459910 since 1998
Offline
We have LSB 1.4-4 in AUR.
i tried that, but i do believe it did not provide /lib/lsb/init-functions
stefan
"root# su - bofh"
OS: F10_x64, Arch, Centos5.3, RHEL4.7, RHEL5.3
Desktop Hardware: Dell Precision M65 laptop, core2duo, 2gb, 80gb 7200rpm
Registered linux user #459910 since 1998
Offline
SpookyET wrote:We have LSB 1.4-4 in AUR.
i tried that, but i do believe it did not provide /lib/lsb/init-functions
stefan
Well, what if I make a package only for LSB's init-functions, and then submit it to AUR?
That would make a practical solution...
there:
# Contributor: LTSmash <lord.ltsmash@gmail.com>
pkgname=init-functions
pkgver=3.2
pkgrel=1
pkgdesc="Functions used at init time by the Linux Stadard Base"
arch=(i686 x86_64)
url="www.linuxbase.org"
license=('GPL')
install=
source=(http://archive.ubuntu.com/ubuntu/pool/main/l/lsb/lsb_3.2-4ubuntu1.tar.gz)
md5sums=('c77e0f6649fd01645b919cf41f25d366')
build() {
cd $srcdir/lsb-$pkgver
mkdir -p $startdir/pkg/lib/lsb
cp $pkgname $startdir/pkg/lib/lsb/$pkgname
}
Easier impossible
EDIT: Corrected the PKGBUILD.
Last edited by LTSmash (2008-05-17 22:42:01)
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
Neah. It's rubbish. We either package LSB 3.2, or we do not.
Offline
Neah. It's rubbish. We either package LSB 3.2, or we do not.
This is just a workaround for installing the ufw, we aren't trying to use the LSB... so your comment is out of site.
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
I did update a little bit the UFW PKGBUILD since the other posted here doesn't works anymore:
# Contributor: LTSmash <lord.ltsmash@gmail.com>
pkgname=ufw
pkgver=0.16.2
pkgrel=1
pkgdesc="Ubuntu's Uncomplicated Firewall"
arch=(i686 x86_64)
url="https://launchpad.net/ufw"
license=('GPL')
depends=('iptables>=1.3.3' 'python>=2.5')
source=(http://archive.ubuntu.com/ubuntu/pool/main/u/ufw/ufw_${pkgver}.tar.gz)
md5sums=('833cc7452e1118f1fa37c3d065ddf66a')
build() {
cd ${startdir}/src/ufw-${pkgver} || return 1
python ./setup.py install --root=$startdir/pkg/ || return 1
#Docs
mkdir -p $startdir/pkg/usr/share/doc/$pkgname
install -m644 -t $startdir/pkg/usr/share/doc/$pkgname/ README* TODO || return 1
}
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
I did update a little bit the UFW PKGBUILD since the other posted here doesn't works anymore:
# Contributor: LTSmash <lord.ltsmash@gmail.com> pkgname=ufw pkgver=0.16.2 pkgrel=1 pkgdesc="Ubuntu's Uncomplicated Firewall" arch=(i686 x86_64) url="https://launchpad.net/ufw" license=('GPL') depends=('iptables>=1.3.3' 'python>=2.5') source=(http://archive.ubuntu.com/ubuntu/pool/main/u/ufw/ufw_${pkgver}.tar.gz) md5sums=('833cc7452e1118f1fa37c3d065ddf66a') build() { cd ${startdir}/src/ufw-${pkgver} || return 1 python ./setup.py install --root=$startdir/pkg/ || return 1 #Docs mkdir -p $startdir/pkg/usr/share/doc/$pkgname install -m644 -t $startdir/pkg/usr/share/doc/$pkgname/ README* TODO || return 1 }
Hum, I already noticed that this won't work.
The setup.py somehow makes the executable to look for itself in the selected installation root, so the code MUST be patched to work correctly with pacman.
I'm looking forward to know how they package ufw for Ubuntu without experiencing this problem...
NOTE:
The error is this:
[root@LTS-Arch ufw]# ufw status
ERROR: uid is 0 but '/home/ltsmash/PKGBUILDS/ufw/pkg/etc/default/ufw' is owned by 501
NOTE: I didn't execute ufw from /home/ltsmash/PKGBUILDS/ufw/pkg/etc/default/ufw
Last edited by LTSmash (2008-05-18 21:32:28)
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
I filled a bug in launchpad so that they make ufw portable (hope so):
https://bugs.launchpad.net/ufw/+bug/231770
It would be great however if someone made a patch and submited it.
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
I filled a bug in launchpad so that they make ufw portable (hope so):
https://bugs.launchpad.net/ufw/+bug/231770
It would be great however if someone made a patch and submited it.
It is portable. That's the point of LSB. We're at fault.
Offline
LTSmash wrote:I filled a bug in launchpad so that they make ufw portable (hope so):
https://bugs.launchpad.net/ufw/+bug/231770
It would be great however if someone made a patch and submited it.
It is portable. That's the point of LSB. We're at fault.
Well, using LSB means to use RPM, so I guess that's stupid.
However, the problem this time isn't if we support LSB or not, but how to package ufw for Arch having found a workaround for the LSB's deps.
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
SpookyET wrote:LTSmash wrote:I filled a bug in launchpad so that they make ufw portable (hope so):
https://bugs.launchpad.net/ufw/+bug/231770
It would be great however if someone made a patch and submited it.
It is portable. That's the point of LSB. We're at fault.
Well, using LSB means to use RPM, so I guess that's stupid.
However, the problem this time isn't if we support LSB or not, but how to package ufw for Arch having found a workaround for the LSB's deps.
Full LSB compliance, yes. But, there are degrees of LSB support. RPM is just a package format. Whether it's tar.gz, tar.bz2, rar, zip, rpm, deb, .exe, it does not matter, it's what you do with them, that's where pacman excels, not because of the tar.gz.
Offline
Let me put it to you this way, debs suck from the dev point of view. They are praised because Synaptic/aptitude/apt-get are awesome. They are good from the user point of view. But, if you had to make one, you would throw yourself of the nearest bridge. RPM creation is similar to pacman packages. I'd take RPM over deb any day. Just use apt with rpm or smart. They are fine. Because of the complicated matter of debs, converting stuff from debian is a bitch.
Offline
Let me put it to you this way, debs suck from the dev point of view. They are praised because Synaptic/aptitude/apt-get are awesome. They are good from the user point of view. But, if you had to make one, you would throw yourself of the nearest bridge. RPM creation is similar to pacman packages. I'd take RPM over deb any day. Just use apt with rpm or smart. They are fine. Because of the complicated matter of debs, converting stuff from debian is a bitch.
But what does this has to do with making ufw work with Arch?
I have already told you, I don't care about having LSB in Arch or not, but I care about having ufw...
And the discussion about RPM's vs. DEB vs. pkg.tar.gz is completly out of site (at least that's what I think)
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline
I can patch setup.py. The way they get around that problem is by using fakeroot a little more advanced than the way we use fakeroot. The install script never sees the full path on ubuntu.
Last edited by SpookyET (2008-05-19 00:25:53)
Offline
I can patch setup.py
Will you?
Proud Ex-Arch user.
Still an ArchLinux lover though.
Currently on Kubuntu 9.10
Offline