Topic: Cannot set the EPEL repo to install ipset

[ghorst352]

I am currently trying to install the EPEL Repo so I can install ipset on SME Server 8.   However, I cannot seem to get this installed correctly as I do not show the repo in the list when I run "yum repolist".

I followed the instructions here -> http://wiki.contribs.org/Epel but the repo does not show up.

I have done the following:

yum clean all

/sbin/e-smith/db yum_repositories set epel repository \
Name 'Epel - EL5' \
BaseUrl 'http://download.fedoraproject.org/pub/epel/5/$basearch' \
MirrorList 'http://mirrors.fedoraproject.org/mirrorlist?repo=epel-5&arch=$basearch' \
EnableGroups no \
GPGCheck yes \
GPGKey http://download.fedora.redhat.com/pub/epel/RPM-GPG-KEY-EPEL \
Visible no \
status disabled

signal-event yum-modify

Tried "yum --enablerepo=epel search ...." and nothing.

The repo does not show up? Any advice is welcomed. 

[TerryF]

Looks like there have been some directory changes..

GPGKey now

GPGKey http://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL

You should raise a bug on the documentation

[newburns]

Please mark as SOLVED, wiki has been updated to include the new GPG Key url

[piran]

Not fully SOLVED, there's no ipset in the epel repository:
http://dl.fedoraproject.org/pub/epel/5/i386/repoview/index.html

[CharlieBrady]

Not fully SOLVED, there's no ipset in the epel repository:
http://dl.fedoraproject.org/pub/epel/5/i386/repoview/index.html

You can find one here. I assume you also need kmod-ipset.

http://flexbox.sourceforge.net/centos/5/i386/

[guest22]

I am currently trying to install the EPEL Repo so I can install ipset on SME Server 8.

I didn't know what ipset was, so I googled it and found this http://www.linuxjournal.com/content/advanced-firewall-configurations-ipset

Always new things to learn

[piran]

Ditto;-) My researching records some more useful information:
http://www.linuxjournal.com/content/advanced-firewall-configurations-ipset
http://daemonkeeper.net/781/mass-blocking-ip-addresses-with-ipset/
http://snowman.net/projects/ipt_recent/
https://wiki.archlinux.org/index.php/Ipset
http://ipset.netfilter.org/ipset.man.html
http://ipset.netfilter.org/iptables.man.html
http://www.netfilter.org

I believe ipset may resolve a local situation whereby
the increasing (some 10,000+) rules in iptables now
causes some three minutes of restart delay with the
INPUT chain in iptables. My hardware is reasonably
suitable and I can't expect ever more advanced
hardware to always be the workaround/solution.

Has ipset been installed into SME8 before?
Does installing or using ipset break things?

[piran]

>>Has ipset been installed into SME8 before?
Perhaps the lack of feedback indicates no?

>>Does installing or using ipset break things?
I put the testing server back together again, for old
time's sake, and ran about 180MB of updates into it.
After running...

Code: [Select]

# wget http://flexbox.sourceforge.net/centos/5/i386/ipset-4.5-1.el5.i686.rpm
# wget http://flexbox.sourceforge.net/centos/5/i386/kmod-ipset-4.5-1.2.6.18_238.9.1.el5.i686.rpm
# yum localinstall *.rpm...there were no unresolved dependencies and rebooted.
The test server made it past boot (eg no kernel panic)
through to the console and a test ping back to SME HQ.
Best I could I manage as it's quite old kit.
Did the same with the production server but opted for...

Code: [Select]

wget http://flexbox.sourceforge.net/centos/5/i386/kmod-ipset-PAE-4.5-1.2.6.18_238.9.1.el5.i686.rpm...as dmesg on that box shows it starts with 'PAE'.

Nothing seems broken so far but I haven't managed to
get ipset operating properly as it's functionality relies
on the 'set' matching module in iptables... Apparently
our edition of iptables is without the set shared object.
I looked with MC and it really isn't in there so SME8 is
perfectly correct. The flexbox download area does have
its 'own' version of iptables... but it's got an older number.
I've made up some suitable ipsets but, until ipset can
reference the (missing) set module in iptables, cannot
really continue.

Ipset documentation is quite confusing, contains errors
and with difficult-to-read English language. Makes it
hard for me to work out if I'm not doing it right, haven't
interpreted the documentation properly enough or even
whether the MAN is in error. Actually there are errors:-/
I think I could work it all out and sustainably run with it -
if it actually worked... but it doesn't work so that's it.
Disappointing.

With respect to 'The Furture' elsewhere I expect all
things developery are now off to fight their halves of the
imminent Holy SME Wars. Hasn't been the best of days.
Time to file for my pension... Damn, looks like the UK Gov.
just took THAT away. And the rain it raineth... still. Time
for some cocoa - g'night - tomorrow's GOT to be better?

PostEdit: clarified... unclear documentation is that of ipset

[piran]

New Feature Request filed...
http://bugs.contribs.org/show_bug.cgi?id=7206

[piran]

...New Feature Request refused.
It seems that iptables (sans the necessary 'set' module)
didn't come with the necessary and so won't be fixed.