Request for Review: ebtables
Chris Ricker
kaboom at oobleck.net
Fri Jul 1 15:29:18 UTC 2005
On Sat, 18 Jun 2005, Tom 'spot' Callaway wrote:
> ebtables: Ethernet Bridge frame table administration tool
>
> Ethernet bridge tables is a firewalling tool to transparantly filter
> network traffic passing a bridge. The filtering possibilities are
> limited to link layer filtering and some basic filtering on higher
> network layers.
>
> The ebtables tool can be used together with the other Linux filtering
> tools, like iptables. There are no known incompatibility issues.
>
> SPEC: http://www.auroralinux.org/people/spot/review/ebtables.spec
> SRPM:
> http://www.auroralinux.org/people/spot/review/ebtables-2.0.6-3.src.rpm
>
> The package has been tested on FC3 x86_64, and FC4 x86/ppc.
>
> Quite small, should be a quick review.
Some changes to the spec:
* missing PreReq for /sbin/chkconfig and /sbin/service
* change %postun to
if [ $1 -ge 1 ]
/sbin/service ebtables condrestart > /dev/null 2>&1 ||:
fi
* might want to change /sbin to %{_sbindir} (since everything else is
macro'ed)
* "transparantly" is usually spelled "transparently" ;-)
* I'd maybe change the %summary to something like "Tool for administering
Linux kernel Ethernet frame filtering capabilities" (not that that's
really short enough for a summary -- it should be something that says
more about ebtables being the user-space admin for a kernel filter /
firewall for frames I think). Maybe also indicate in the %description
that this is administration of a kernel feature as well (just so it's
clear that kernel support is required, etc)
* the init script uses several config files that aren't included /
%ghost'ed in the package:
/etc/sysconfig/ebtables.filter
/etc/sysconfig/ebtables.nat
/etc/sysconfig/ebtables.broute (see below for this one)
As for the init script,
* sometimes references /etc/sysconfig/ebtables.route, sometimes references
/etc/sysconfig/ebtables.broute. I think all of these should be broute
* rpmlint says
E: ebtables incoherent-subsys /etc/rc.d/init.d/ebtables $prog
(because no lockfile defined)
A few of those are blockers, but nothing too serious....
later,
chris
More information about the fedora-extras-list
mailing list