Endian Firewall Extra Add-on Packages

These are packages and add-ons that provide functionality not currently available in the official Endian Community ISOs. If there is a package you are particularly interested in, I have an EFW 2.1.2 development box, so email me and I’ll see if I can port and package it for you (no promises, and only as my free time permits). If there is a current RedHat SRPM or tar ball, it generally is relatively straightforward to create an Endian RPM from it.

apcupsd

Missing from EFW is a tool to monitor a UPS and automatically shutdown the firewall when the power has failed. To remedy this I have packaged apcupsd for Endian. These RPMs have been tested with EFW 2.1.1 and EFW 2.1.2 (but should work with EFW 2.0 and 2.1 also).

• Patch to adapt apcupsd-3.14.1.tar.gz to work with EFW
• apcupsd-3.14.1-endian1.i386.rpm
• apcupsd-3.14.1-endian1.src.rpm

Remember that after installing the RPM you need to review the configuration files in /etc/apcupsd/ to adapt them to your own needs and the particulars of your hardware.

Squid Custom ACLs

Users often want to implement more complex access rules for the web proxy servers than the EFW GUI permits. The solution to this is to write custom ACLs for Squid (the proxy engine in EFW). Patricio Bruna has figured out how to do this. Reading the code in advproxy.cgi Patricio realized that Endian obeys two files: /var/efw/proxy/custom-acl.conf and /var/efw/proxy/custom-acl-allow.conf (this is not mentioned in the EFW documentation). The first file defines the ACLs and the second file declares the rules (i.e., the “http_access” lines).

Patricio then created the appropriate web pages so that you can access these files from the EFW GUI. More specifically, he created an additional sub-menu called “Advanced ACL” in the HTTP page of Endian’s Proxy tab. Selecting this sub-menu provides a web page that allows you to specify ACLs and rules (“http_access”) that Squid will use.

What I’ve done is package Patricio’s contribution into an RPM to make it trivial to install:

• endian_2.1.2_squid_custom_ACL-1.0-1.noarch.rpm
• endian_2.1.2_squid_custom_ACL-1.0-1.src.rpm

acpid

If you are like me, you are running EFW Community Edition on an ordinary (perhaps slightly older) PC that is running “headless” (no monitor or keyboard). To shut it down or re-boot it for whatever reason, I have to bring up EFW’s web interface on another computer and use the GUI to do it. I’d much prefer to simply hit the power button on the PC and have it trigger a shutdown. That is exactly what acpid will do. I’ve taken acpid (as produced by Tim Hockin), configured it to trigger a system shutdown whenever the power button is pressed, and packaged the whole thing into an RPM.

• Patch to adapt acpid-1.0.6.tar.gz to work with EFW
• acpid-1.0.6-endian1.i386.rpm
• acpid-1.0.6-endian1.src.rpm

While this package is configured only to trigger a shutdown when the power button is pressed, you can configure any other actions you desire (all the capabilities of acpid are available to you.

igormt@alumni.caltech.edu