Macros and actions in Shorewall 3.0

With Shorewall 2.x (the last of which was Shorewall 2.4), “actions” were provided to automatically create rules for common protocols, such as ping and SSH. For example, you could write in /etc/shorewall/rules: AllowPing net fw AllowSSH net fw These two rules would allow both ping and SSH from the zone net (typically, the Internet) to the zone fw (your firewall).

In Shorewall 3.x, this has changed somewhat. If you were using the various “Allow” actions before, they are no longer available. They’ve been replaced with something called “macros.” Available macros are in listed in /usr/share/shorewall/. You’d write the above now as: Ping/ACCEPT net fw SSH/ACCEPT net fw


Trying to emulate mod_gunzip with Apache 2 Filters

The situation: I have gzipped content stored on an Apache 2 web server. Specifically, HTML files–they are stored in this manner to save disk space. For clients that can handle on-the-fly decompression of such files, I want the files to be sent verbatim; for clients that cannot, I want the content decompressed and sent to these clients.

mod_gunzip by Helge Oldach is an Apache 1 module made for dealing with stored gzip files. It can negotiate with a client what kind of encoding it can accept, and send the appropriate compressed or non-compressed version. Unfortunetely, at this time, this module is only available for Apache 1.

Helge Oldach notes that it should be possible to create the equivalent mod_gunzip functionality using only Apache 2 filters. To an extent, yes. I’ve done so:

ExtFilterDefine gunzip mode=output cmd="/bin/gunzip"

SetOutputFilter gunzip

This won’t do the sophisticated (well, at least more sophisticated than the Apache 2 runtime configuration directives will allow) negotiation that mod_gunzip can do, watching for certain clients and combinations of headers.

So, I’m stuck. I’ve a project I had been working on for school that involves HTML reports, collectively, that can be as large as 1.3 GB. Compressing each file with gzip decreases the collective size down to 300 MB, while still allowing the files to be viewed in most modern web browsers (apparently, at the time of this writing, this does NOT include Apple’s Safari (which happens to be used by several of my professors), though Konqueror/KHTML works fine).

Note to self: port mod_gunzip to Apache 2.

Installing Java 2 on Debian, The Debian Way

I can never remember how to install Java on Debian, so here’s my version on how to do it the Debian Way (TM).

Download the Sun Java 2 Runtime environment or Development Kit from Sun’s Java site. The file you download should have a “.bin” extension. Then install:

apt-get install java-package fakeroot

java-package is a set of Debian scripts for creating your own Debian-ized Java package. fakeroot lets you run certain programs as root, such as the Debian package creation process. After these are installed, run:

fakeroot make-jpkg jdk-.bin sudo dpkg -i sun-j2sdk.deb

The first creates a Debian package from the Sun binary installer, while the second installs the created Debian package.

This will fulfill all Java dependencies in Debian, something you would not get if you installed Java via some other method. It’s also the “official” Java, as opposed to using something like Blackdown, and makes you less reliant on having to rely on other people for packaging. For example, I used this to create my own AMD64 64-bit Java package.


Subscribe to Samat Says RSS