Your message dated Mon, 12 Aug 2013 21:08:51 +0000 with message-id <[email protected]> and subject line Bug#719054: fixed in pyroman 0.5.0~beta1-1 has caused the Debian Bug report #719054, regarding pyroman: Support IPSec protocols (ESP and AH) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 719054: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719054 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: pyroman Version: 0.4.6-4 Severity: important Tags: upstream patch There is currently no easy way to add "esp" and "ah" protocols in a rule because the protocols are not recognized by pyroman. This patch allows the following "add_service" definition: add_service("ipsec", dports="esp ah") and if used in a rule like: allow(client="host1", server="vpnhost", service="ipsec") will generate the rules properly. I'm reporting the bug against what's installed on this system, but it should apply to the latest version in SVN. -- System Information: Debian Release: 6.0.1 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Versions of packages pyroman depends on: ii iptables 1.4.8-3 administration tools for packet fi ii python 2.6.6-3+squeeze7 interactive high-level object-orie ii python-support 1.0.10 automated rebuilding support for P pyroman recommends no packages. pyroman suggests no packages. -- no debconf informationdiff --git a/pyroman/port.py b/pyroman/port.py index 1883f218..28d8acb0 100644 --- a/pyroman/port.py +++ b/pyroman/port.py @@ -45,7 +45,7 @@ class Port: """ # Split and verify syntax of statement - preg = re.compile("^(?:([a-z0-9\-]+|[0-9]+(?:\:[0-9]+)?)(?:/))?(tcp|udp|icmp|icmpv6|ipv6-icmp)$") + preg = re.compile("^(?:([a-z0-9\-]+|[0-9]+(?:\:[0-9]+)?)(?:/))?(tcp|udp|esp|ah|icmp|icmpv6|ipv6-icmp)$") # verify port range prreg = re.compile("^([0-9]+:)?[0-9]+$") @@ -66,7 +66,7 @@ class Port: self.proto = m.group(2) # if it's a named port, verify it's resolveable... - if not self.prreg.match(self.port) and self.proto in ["udp", "tcp"]: + if self.proto in ["udp", "tcp"] and not self.prreg.match(self.port): try: socket.getservbyname(self.port, self.proto) except socket.error: @@ -105,6 +105,9 @@ class Port: return "--icmpv6-type " + self.port else: return "" + elif self.proto in ("esp", "ah"): + # no port for ESP and AH + return "" else: raise PyromanException("Unknown protocol: %s" % self.proto) diff --git a/pyroman/service.py b/pyroman/service.py index 3f4d8d51..64aaf44f 100644 --- a/pyroman/service.py +++ b/pyroman/service.py @@ -93,7 +93,7 @@ class Service: f1 = dp.get_filter_proto() + " " f2 = sp.get_filter_port(dir1) f3 = dp.get_filter_port(dir2) - if f2 != "" or f3 != "": + if f1.strip() or f2 != "" or f3 != "": result.append( f1 + " " + f2 + " " + f3 ) for i in self.include:
--- End Message ---
--- Begin Message ---Source: pyroman Source-Version: 0.5.0~beta1-1 We believe that the bug you reported is fixed in the latest version of pyroman, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Erich Schubert <[email protected]> (supplier of updated pyroman package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Mon, 12 Aug 2013 21:52:56 +0200 Source: pyroman Binary: pyroman Architecture: source all Version: 0.5.0~beta1-1 Distribution: unstable Urgency: low Maintainer: Erich Schubert <[email protected]> Changed-By: Erich Schubert <[email protected]> Description: pyroman - Very fast firewall configuration tool Closes: 715248 719054 Changes: pyroman (0.5.0~beta1-1) unstable; urgency=low . * Let's call this a beta release. No negative feedback on the alpha for a year, but as this includes new functionality (IPSec) I want to give this version some extra time. * Merge patch to support IPSec by Wil Tan (Closes: #719054) * Skip "ah" protocol for IPv6. You would need to use the header match! * Use dh-systemd for better systemd support (Closes: #715248) * Drop patch hotfix-nat.patch, included in new SVN checkout. * Some minor packaging cleanups (empty dir) * Update to standards 3.9.4 * Use machine-readable copyright information format Checksums-Sha1: a37511ce8491ad73116d29f592444aa5e2172796 1276 pyroman_0.5.0~beta1-1.dsc 318aab1177dafb841a1d333c2ada228605198032 31147 pyroman_0.5.0~beta1.orig.tar.gz 4f09643e60945d20b3a539d4cc74038b3d848aa7 6632 pyroman_0.5.0~beta1-1.debian.tar.gz c51ff4f45a7618faa9f4db34e5f007a0d5c37e64 35908 pyroman_0.5.0~beta1-1_all.deb Checksums-Sha256: ff95bd6a8cfb78854bd2e54482d6085ca7859848fafe26b3d52ecbce1a3e4e37 1276 pyroman_0.5.0~beta1-1.dsc 4785d0f46693bc40c4086bf9d3c94f828a55fd76d3b1ffd004448b9739acc1dc 31147 pyroman_0.5.0~beta1.orig.tar.gz fc48f8885093601cb3b89068df1a7320dddee0d4013b5704d8d8d7dc9b0c2a5b 6632 pyroman_0.5.0~beta1-1.debian.tar.gz 6e599a370e574c3eca9b919b41d2180d0a5a83b35ef2d2acb410bb6982e8d528 35908 pyroman_0.5.0~beta1-1_all.deb Files: dff99be9814a328b9ae0a6aab7cb5240 1276 admin optional pyroman_0.5.0~beta1-1.dsc 643fbdfcb1997020319bc8f5f5731d94 31147 admin optional pyroman_0.5.0~beta1.orig.tar.gz 344cc5af8ab800e7df9da298bb549129 6632 admin optional pyroman_0.5.0~beta1-1.debian.tar.gz 509578b86f7fbbf342d8b0620335265f 35908 admin optional pyroman_0.5.0~beta1-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iEYEARECAAYFAlIJRHgACgkQntB470s6E1wEaQCfYw+Suxeo0mQMguil3a+ubjDN tqsAoIYitqL4GierjZlTHJeIwG+BTKML =5ln3 -----END PGP SIGNATURE-----
--- End Message ---

