update-ipsets

[sereeds]

It appears the "update-ipsets" script is not included in this package: https://github.com/firehol/packages/releases/download/2017-10-14-1440/firehol-3.1.5-1.el7.centos.noarch.rpm

I have both the latest packages for CentOS7 iprange and firehol installed. I tried to just copy over the update-ipsets.sh script, but it complains that iprange is not installed. Iprange and firehol working great, but can't get the update-ipsets working.

Is there a way I could get manually install the "update-ipsets" script for CentOS? And could you please include it in the next packages. Thank you.

[sereeds]

I think I figured out how to manually install/use the update-ipsets.sh script. I copied the script from git to: /usr/libexec/firehol/3.1.5/update-ipsets.sh

I noticed that it looks in: /usr/libexec/firehol/3.1.5/install.config

I changed this line: IPRANGE_CMD="" to: IPRANGE_CMD="/usr/sbin/iprange"

I had the same problem with "unzip". I had to install the unzip package, then change the "install.config" file to point it to unzip.

I think the script is working now.

[johnramsden]

@philwhineray Would it be possible to enable update-ipsets? It seems to be disabled in the build spec for RPMs. Is there a reason it's disabled? I could do the same workaround as mentioned above, but if it could just be enabled that would be ideal so that I wouldn't need manual intervention after installing.

[philwhineray]

I can't remember if there's a specific reason, sorry. Might be to prevent people having to install iprange (I think update-upsets is the only program that requires it).

You're welcome to give enabling it a go, and if it works I'll pull the change and push a release. The instructions for building are in the top-level readme, section "Building outside Travis".