Request for Review: ebtables

Chris Ricker kaboom at oobleck.net
Fri Jul 1 15:29:18 UTC 2005 

On Sat, 18 Jun 2005, Tom 'spot' Callaway wrote:

> ebtables: Ethernet Bridge frame table administration tool
> 
> Ethernet bridge tables is a firewalling tool to transparantly filter
> network traffic passing a bridge. The filtering possibilities are
> limited to link layer filtering and some basic filtering on higher
> network layers.
> 
> The ebtables tool can be used together with the other Linux filtering
> tools, like iptables. There are no known incompatibility issues.
> 
> SPEC: http://www.auroralinux.org/people/spot/review/ebtables.spec
> SRPM:
> http://www.auroralinux.org/people/spot/review/ebtables-2.0.6-3.src.rpm
> 
> The package has been tested on FC3 x86_64, and FC4 x86/ppc.
> 
> Quite small, should be a quick review.


Some changes to the spec:

* missing PreReq for /sbin/chkconfig and /sbin/service

* change %postun to
	if [ $1 -ge 1 ]
		/sbin/service ebtables condrestart > /dev/null 2>&1 ||:
	fi

* might want to change /sbin to %{_sbindir} (since everything else is 
  macro'ed)

* "transparantly" is usually spelled "transparently" ;-)

* I'd maybe change the %summary to something like "Tool for administering 
Linux kernel Ethernet frame filtering capabilities" (not that that's 
really short enough for a summary -- it should be something that says 
more about ebtables being the user-space admin for a kernel filter /
firewall for frames I think). Maybe also indicate in the %description
that this is administration of a kernel feature as well (just so it's
clear that kernel support is required, etc)

* the init script uses several config files that aren't included / 
%ghost'ed in the package:
	/etc/sysconfig/ebtables.filter
	/etc/sysconfig/ebtables.nat
	/etc/sysconfig/ebtables.broute (see below for this one)


As for the init script,

* sometimes references /etc/sysconfig/ebtables.route, sometimes references 
/etc/sysconfig/ebtables.broute. I think all of these should be broute

* rpmlint says

E: ebtables incoherent-subsys /etc/rc.d/init.d/ebtables $prog

(because no lockfile defined)


A few of those are blockers, but nothing too serious....

later,
chris

More information about the fedora-extras-list mailing list