[Pdx-pm] anyone using IPTables::IPv4?
Roderick A. Anderson
raanders at acm.org
Fri Jun 2 08:58:41 PDT 2006
Michael Rasmussen wrote:
> Chris Dawson wrote:
>
>>Is anyone on this list using the iptables interface for perl? Or,
>>anyone who prefers just shelling out to the iptables binary? If you
>>have preferences, I would like to hear them.
Well I've been thinking of getting fut installed on the systems that
currently use 'denyhosts.py'
This was the kick I needed so I tried. IPTables::IPv4 fails to install
on two Fedora Core systems -- 1 and 4. Most ( all? ) of the tests fail.
I attempted using perl -MCPAN -e shell.
I doubt installing from the tarball will have better results.
> I am. I implemented it as a point of pride, "Real Men Don't Shell Out When
> They Have a Module To Use," kind of thing.
Typically I try ( for awhile anyway ) to beat the process into
submission using a brute force method. This hurts! So what would be a
_more sophisticated_ procedure to get this done?
FYI the start of the tests looks like this
make[1]: Leaving directory `/root/.cpan/build/IPTables-IPv4-0.98/modules'
PERL_DL_NONLAZY=1
IPT_MODPATH=/root/.cpan/build/IPTables-IPv4-0.98/modules /usr/bin/perl
"-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib',
'blib/arch')" t/*.t
t/00save_current_ruleset....Useless use of a variable in void context at
/root/.cpan/build/IPTables-IPv4-0.98/blib/lib/IPTables/IPv4.pm line 5.
Use of uninitialized value in <HANDLE> at
/root/.cpan/build/IPTables-IPv4-0.98/blib/lib/IPTables/IPv4/Toplevel.pm
line 50.
readline() on unopened filehandle at
/root/.cpan/build/IPTables-IPv4-0.98/blib/lib/IPTables/IPv4/Toplevel.pm
line 50.
Use of uninitialized value in ref-to-glob cast at
/root/.cpan/build/IPTables-IPv4-0.98/blib/lib/IPTables/IPv4/Toplevel.pm
line 52.
skipped
all skipped: no reason given
And ends like this
Failed Test Stat Wstat Total Fail Failed List of Failed
-------------------------------------------------------------------------------
t/01simple_manip.t 1 256 14 27 192.86% 1-14
t/03admin.t 1 256 45 89 197.78% 1-45
t/03modules.t 1 256 11 21 190.91% 1-11
t/04append.t 1 256 20 39 195.00% 1-20
t/05insert.t 1 256 28 55 196.43% 1-28
t/07flush.t 1 256 9 17 188.89% 1-9
t/08replace.t 1 256 10 19 190.00% 1-10
t/14badtarget.t 1 256 7 13 185.71% 1-7
t/15manyrules.t 1 256 29 57 196.55% 1-29
t/16manyrules2.t 1 256 20 39 195.00% 1-20
t/18rename.t 1 256 17 33 194.12% 1-17
t/19listports.t 1 256 7 13 185.71% 1-7
t/24delete.t 1 256 19 37 194.74% 1-19
t/56speed.t 1 256 7 13 185.71% 1-7
t/59numberproto.t 1 256 2 3 150.00% 1-2
2 tests skipped.
Failed 15/17 test scripts, 11.76% okay. 245/245 subtests failed, 0.00% okay.
make: *** [test_dynamic] Error 255
/usr/bin/make test -- NOT OK
Running make install
make test had returned bad status, won't install without force
I have my big stick out and I'm going to use it for a bit longer. If
anyonw has suggestions or ideas please let me know.
Rod
--
>
> Both can work, the iptables interface is arguably more trouble than it's worth
> - for instance you need to go to the iptables API documentation to understand
> how to do some things. On my todo list is proving out a suspected memory leak in it.
>
> You may recall my PLUG AT presentation from February, the iptables interface
> was the thing that "didn't work". After that talk I did complete (and correct,
> and debug) the program I talked about that night. The same program that had
> been working in a shell-out-to-the-binary method for over a year.
>
More information about the Pdx-pm-list
mailing list