| View previous topic :: View next topic |
| Author |
Message |
Matteo Azzali
Retired Dev
Joined: 23 Sep 2004
Posts: 1133
|
 Posted: Mon Dec 12, 2005 12:38 pm Post subject: kmyfirewall-1.0.ebuild |
 |
|
WARNING: This program still has some issue (see the end of my post).
I just writed a patch and an ebuild:
/usr/local/portage/net-firewall/kmyfirewall/files/kmyfirewall-1.0_gentoo_multiport.diff:
| Code: |
diff -ruN kmyfirewall-1.0_old/kmyfirewall/ruleoptionplugins/protocol_option/kmfruleoption_protocol_option.xml kmyfirewall-1.0/kmyfirewall/ruleoptionplugins/protocol_option/kmfruleoption_protocol_option.xml
--- kmyfirewall-1.0_old/kmyfirewall/ruleoptionplugins/protocol_option/kmfruleoption_protocol_option.xml 2005-12-11 16:55:16.000000000 +0100
+++ kmyfirewall-1.0/kmyfirewall/ruleoptionplugins/protocol_option/kmfruleoption_protocol_option.xml 2005-12-11 13:37:54.000000000 +0100
@@ -9,10 +9,10 @@
<option guiName="Dest. Port:" command="--destination-port" />
</ruleoptiondefinition>
<ruleoptiondefinition name="udp_multiport_opt" guiName="UDP Multiport">
+ <option guiName="" command="--match multiport" />
- <option guiName="" command="-p udp --match multiport" />
<option guiName="Src. Ports:" command="--source-ports" />
<option guiName="Dest. Ports:" command="--destination-ports" />
+ <option guiName="Equal. Ports:" command="--ports" />
- <option guiName="Equal. Ports:" command="--equal-ports" />
</ruleoptiondefinition>
<ruleoptiondefinition name="tcp_opt" guiName="Protocol TCP">
<option guiName="" command="-p tcp" />
@@ -22,10 +22,10 @@
<option guiName="TCP Option:" command="--tcp-option" />
</ruleoptiondefinition>
<ruleoptiondefinition name="tcp_multiport_opt" guiName="TCP Multiport">
+ <option guiName="" command="--match multiport" />
- <option guiName="" command="-p tcp --match multiport" />
<option guiName="Src. Ports:" command="--source-ports" />
<option guiName="Dest. Ports:" command="--destination-ports" />
+ <option guiName="Equal. Ports:" command="--ports" />
- <option guiName="Equal. Ports:" command="--equal-ports" />
</ruleoptiondefinition>
<ruleoptiondefinition name="icmp_opt" guiName="Match ICMP">
<option guiName="" command="-p icmp" />
|
/usr/local/portage/net-firewall/kmyfirewall/kmyfirewall-1.0.ebuild:
| Code: |
# Copyright 1999-2005 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
inherit kde eutils
DESCRIPTION="Graphical KDE iptables configuration tool"
HOMEPAGE="http://kmyfirewall.sourceforge.net/"
SRC_URI="mirror://sourceforge/kmyfirewall/${PN}-1.0.tar.bz2"
SLOT="0"
LICENSE="GPL-2"
KEYWORDS="~x86 ~sparc ~alpha ~ppc ~amd64"
IUSE=""
RDEPEND="net-firewall/iptables"
need-kde 3
S=${WORKDIR}/${PN}-1.0
src_unpack() {
kde_src_unpack
epatch ${FILESDIR}/${P}_gentoo_multiport.diff
}
|
Even with the patch this program is still not 100% perfect, I had 2 glitches:
1 ) Care of the loopback rule (Unconfirmed bug, probably inexistant): I was specifying a rule called LOOPBACK
in the INPUT chain that allowed for packets with source 127.0.0.1 , and somewhat this rules
wasn't saved/reloaded. I fixed calling the rule "Ritorna" and checking also for lo interface
(redundant since there is the ANTISPOOF chain, but this one saved fine). Care here since
if you have loopback blocked you can have nasty slowdowns (even in kwrite if you are using spellchecking...)
2 ) Logging rule : logging chains dropped packets (without a rule, in Edit Chain dialog) gived me some
issues for the logging prefix, it seems that's not saved correctly. As a workaround I disabled chain logging inside
Edit Chain and created a rule for loggin everything in the end of the chain, just before the chain target.
SOLVED: little patch below
Anything else seems to work fine, but there wasn't a desktop entry installed for the program, I added an entry
in menu->system that loads kmyfirewall and checked "runs as another user" (leaving blank the field means running as root,
kdesu will ask for password.)
_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/
Last edited by Matteo Azzali on Wed Dec 14, 2005 11:07 pm; edited 2 times in total |
|
| Back to top |
|
 |
Vanquirius
Retired Dev
Joined: 14 Jun 2002
Posts: 1297
Location: Ethereal plains
|
| Posted: Mon Dec 12, 2005 6:25 pm Post subject: |
|
|
I just added kmyfirewall-1.0 to the tree for bug 115149.
Have you contacted upstream about your patch?
_________________
Hello. |
|
| Back to top |
|
|
Matteo Azzali
Retired Dev
Joined: 23 Sep 2004
Posts: 1133
|
| Posted: Tue Dec 13, 2005 12:43 am Post subject: |
|
|
I contacted developers that are now in the process of evaluating.
I don't know if this was just ~x86 iptables syntax-bug (Imho isn't)
or distro-specific , only my patched version works better here (allowing
multiport rules on latest unstable baselayout and iptables). I'll add a bugreport
to the ebuild too.
_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/ |
|
| Back to top |
|
|
Vanquirius
Retired Dev
Joined: 14 Jun 2002
Posts: 1297
Location: Ethereal plains
|
| Posted: Tue Dec 13, 2005 1:38 am Post subject: |
|
|
Okies, please CC me in the bug (vanquirius@gentoo.org). 
_________________
Hello. |
|
| Back to top |
|
|
Matteo Azzali
Retired Dev
Joined: 23 Sep 2004
Posts: 1133
|
| Posted: Tue Dec 13, 2005 3:07 pm Post subject: |
|
|
I did another patch for this app, this solves the issue with chain-edit -> logging ,
I told you I like a lot this app? (I'll explain why and how when I''l find a bit of time to add an howto).
Developer of this app just worked hard, it's semi-perfect except for these little "distraction" issues,
and I like to define rules in a way really similar to iptables (& tiny-firewall/jetico personal firewall for win).
I'll not post in bugreport for now since I'm tracking the other 2 issues I found, I hope to bugreport all 3 in a row,
but I'll post here instead just to not forget or for anyone needing it ....
kmyfirewall-1.0_chainlog.diff
| Code: |
diff -ruN kmyfirewall-1.0_old/kmyfirewall/core/iptchain.cpp kmyfirewall-1.0/kmyfirewall/core/iptchain.cpp
--- kmyfirewall-1.0_old/kmyfirewall/core/iptchain.cpp 2005-12-13 15:52:51.000000000 +0100
+++ kmyfirewall-1.0/kmyfirewall/core/iptchain.cpp 2005-12-11 13:37:53.000000000 +0100
@@ -432,7 +432,7 @@
log_prefix = curr.toElement().attribute( "prefix" );
if( !log_prefix.isEmpty() )
+ m_log_prefix = log_prefix;
- m_log_prefix = log_burst;
}
curr = curr.nextSibling();
}
|
_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/ |
|
| Back to top |
|
|
Matteo Azzali
Retired Dev
Joined: 23 Sep 2004
Posts: 1133
|
| Posted: Tue Dec 13, 2005 3:42 pm Post subject: |
|
|
another little fix
Little fix for Kmenu entry:
1) add a voice (kmenu/system/kmyfirewall) using kmenuedit
2) choose command kmyfirewall
3) choose icon kmyfirewall
4) check "run as another user" and leave empty the field (this will start it in kdesu).
I can't find a way to automatically solve this bug in the ebuild ..... 
_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/ |
|
| Back to top |
|
|
Matteo Azzali
Retired Dev
Joined: 23 Sep 2004
Posts: 1133
|
| Posted: Wed Dec 14, 2005 11:11 pm Post subject: |
|
|
Just my last note here, then I'll try to write an howto:
1) Loopback bug unconfirmed (probably a wrong report).
2) Chain logging bug fixed and patch committed.
3) Multiport bug fixed and patch committed, already in portage.
4) Menu entry bug seems being intentional since users need to choose
if load kmyfirewall as user (and specify root password when needed) or
directly run as root with kdesu.
_________________
Every day a new distro comes to birth. Every day a distro "eats" another.
If you're born distro, no matter what, start to run.
---- http://www.linuxprinting.org/ ---- http://tuxmobil.org/ |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
