Techno, tech, and life

Author: Jason

I love technology, and have been involved with it for over thirty years. I'm a IT manager, a seasoned network, storage, Unix and virtualisation guy. I love to code (mmm, sweet sweet Python), and I django, SQLalchemy, Eve and pytest when I'm behaving. I'm also a DJ, and photographer.

Firewall Builder (fwbuilder) and fwbedit tricks

So I’m a huge fan of fwbuilder, having been a security guy for many years, and having been spoilt by Checkpoint’s SmartDashboard GUI (one of the few things they do well).

Up until recently, I’ve not really needed a GUI for firewall management as we did most firewalling via the CP boxes.  Now, with the advent of having to admin over 150 (and growing) Linux VMs, and the iptables instances therein, fwbuilder fits the bill perfectly.

Great design

One of the best things about fwbuilder is its use of XML for configuration files.  This means all sorts of useful fun can be had when bulk changes are needed.  Still, XML can be hard at the best of times, due to the multi-line structure of it — a topic for another day of hackery.

Bulk import/discovery

fwbuilder has a few options in this regard, and I ended up using SNMP, so that the interfaces themselves (and names) are also brought in.  The other option was a painful import of the iptables save/restore stuff, but that would have still meant manual, or automated hackery, to config interfaces.

The issue is that the imports are left pretty raw; you can’t choose a firewall type, which is the management interface, and so on.  fwbuilder is lacking in this area of bulk change — fwbedit gets you some of the way, but not all of the way.

Good ole sed

I’m a Unix guy; always have been, always will be.  One of my favourite things is regexps, and with that, sed.

Here’s what I used to at least bulk change platform and host_OS on the XML:

sed -ie '/platform="unknown" name="au-/s@platform="unknown"@platform="iptables"@; s@host_OS="unknown"@host_OS="linux24"@' yourconfig.fwb

It’s a little lazy, but does the job, using the unknown text as an anchor.  The part of the pattern matching for au- is just a common starting name for all of our firewalls.

fwbedit

The next issue was bulk-changing the management interface of all the 150+ firewalls.  fwbedit has this capability, but the documentation isn’t the best, hence this blog post.

This format seems to have worked for me:

fwbedit.exe modify -f yourconfig.fwb -o /User/Firewalls/somefirewall -a 0,,1

The syntax for doing modify’s is not all that clear.  The doco says:

modify -f file.fwb -o object -c comment [-a attrs]

Modifies object specified by its full path in the tree or object ID. Object can not be renamed using this operation.
-f file.fwb: data file
-o object: object to be deleted, full path or ID
-c txt:  specify comment for the new object
-a attribute1[,attribute2…]  :  specify attributes that
define parameters of the new object (see below)

A few things here — firstly, the comment argument appears entirely optional, but isn’t indicated thusly via the traditional use of square brackets around it.  Secondly, the attribute stuff is confusing:

-t Interface -a security level,address type (dynamic or unnumbered),management

It doesn’t show here what arguments are mandatory, their format (boolean, “true/false” etc).  After hunting the source, using integers is what seems to work.

Now, with that in mind, we loop over all management interfaces, and set them right:


fwbedit.exe list -f yourconfig.fwb -r -o /FWObjectDatabase/User/Firewalls | grep '.*au-.*/eth0$' | while read id; do fwbedit.exe modify -f yourconfig.fwb -o $id -a 0,,1; done

Here we’re just iterating over the firewalls we’re interested in to get their ID, and then modify accordingly.

I hope this helps someone 🙂

Strawberry Fields 2012

Ah, Strawberry… the little infant baby child of Rainbow, whether it likes that title or not.  I say this because, whether by design or not, the emulation and similarities are there.

Same setup, same layout, same everything.  This isn’t really a bad thing; it just gets boring.  For some unfair reasoning on my part, I always kinda expect it to be different.

Another great weekend overall, sans a few niggling problems that I get into below.  I was mostly excited about the possibility of more techno (as had been hinted), but didn’t seem to catch much, or it didn’t happen as suggested.

I took NO photos… at all.  Brought the kit up, and just totally couldn’t be assed.  Seems to be an emerging pattern for me, and it makes me sad.

It’s how far?!?

The mission up there with good company is a large part of it, and helps with all the anticipation buildup.

So it was the same site, but more expanded camping.  I heard a rumour that it was meant to be somewhere else (read: closer), but that fell through; pity, because the 4+ hour hike really ain’t fun.  That said, it doesn’t bother me, because that’s half the fun of bush doofs, and what I’ve grown up on.  The mission up there with good company is a large part of it, and helps with all the anticipation buildup.

It’s all about the crew

It really is.  It always is.  A good campsite is important; the crew can be a showstopper.  Like recent years, I planned to hookup with the Mikey P crew; I’ve shared a few bushies now with him and different extended crews.

This time around though was extra special — we executed successful CB radio hookupage!  I can’t count the number of times, and ways, I’ve tried to get in touch with peeps… from leaving notes at info tents, to scheduling a time to meet.  They seem to never work, but this time was a success.

The boys ridin' the bus

When we finally met them, after much tail-chasing, we went the rest of the way with the lads on the bonnet of my car… had to be done.

Mikey’s crew were cool… but so, so young.  Or I’m old 😛  For a lot of them, it was their first doof too, which is always rad.

Flaps?!  Wha?!??

Overall, it was a good vibe.  Just not a good spread of people there.  I have a feeling it’s because there is also some occa nats car thing on the same weekend, somewhere past Shepparton… or, things just changing.

First major gripe was a caravan/campervan of tools that brought a genny.  #$^&*@# genny’s!  Ugh!  Why do people bring them to doofs?!?  A complete lack of consideration for their fellow man, that’s what.  Noisy pieces of shit.

A close second to that would have to be mangs playing loud music out of their campsite.  YOU’VE COME TO A MUSIC FESTIVAL!  Why do you insist yours will be better, or welcome by others?!?  I’ll never get this, and it isn’t just at Strewberrys either.  A shit trend that has surfaced in the last three or so years.

“Well show us ya flaps then, slut!”

A friend of mine was telling me that she’d been hit up a few times for sex, which is something that next-to-never happens.  And whilst walking from our site, one classy yokel was heard to shout, “Well show us ya flaps then, slut!” to some random (but hot) girl.

Quality stuff; quality people.

To her credit, the girl responded well with, “Aw how sweet, the first time today I’ve been asked that!”

The coffee, or “hot milk”

The same vendors usually frequent the same bush doofs, and this one is no exception.  The coffee is still shit — hippies think they can make it, even if they get magical big non-hippie machines.  A tip here — a flat white is not a latte.  Latte’s are evil, and should be make illegal for crimes against the bean.

Mikey ain't sure about the sloped Celica bonnet

Thankfully, the other regular place I use and see (also at Rainbow) was better.  Not anything ace, but better.

And I know… how could I snobbily expect a good, Melbourne coffee up there… I’m ok with a shit one, but don’t lug up some beast mega cafe-class machine and then mutilate the beans into something worse than instant!

Food was limited, but awesome.  Really awesome.  That noodle place that has popped up in the last few years was there, and tasty as always.  This time around, there was a burrito place too, and my lord they were good.

Erm, what about the choones?

I have to be honest… I didn’t catch a lot of variance; lots of time listening, just not across a lot of artists.  Whomever was playaround around 11pm on the Friday night was murdering it, awesome tech and psy.

As a well-known local DJ said to me, “it just got a bit club girly toward the end”, or words to that effect.

The big suprise, and standout for me, was James Holden.  I know… Holden, at a bush doof.  For me, it worked.  I was expecting some Summadayze shitass trance, but no, he rocked it for the two-and-a-bit hours of four that I caught.  Like, “the right sounds at the right time that rocked me so much” kinda awesome.  As a well-known local DJ said to me, “it just got a bit club girly toward the end”, or words to that effect.

Neelix, and I think it was Tycho, bored me.  Heard a bit of hype around Neelix, and was disappointed.  Apparently his production is sweet, his DJing not so.  After hearing nice, unique, and more techy stuff through the weekend, hearing boring-ass monotone psy was sad — and I love psy.

If I may…

I’ve been around a while, and to a few parties over the years, and think my opinion here or there is useful.  Here’s my thoughts for the Strawberry organisers…

The bad

  • I know dust is a part of a bush doof, and I actually love it.  But, honestly, take a leaf from the Rainbow crew and hire some water trucks to go around the campsites, spraying water on the road (and indirectly, on people too).  Multiple wins here, mainly stopping all the dust that gets kicked up by dickheads driving their cars around too fast
  • Police the ban on generators better.  Excellent work on having staff all over the place; but make them actually keep an eye out for things you’ve banned — I’m not too sure what else they were doing
  • Pay heed to the grass areas you cut — leave it a bit longer, or cut it shorter.  This sounds lame, but the stuff you cut was thistle-like and nasty… I know, take a rug; we discovered that too late, after picking countless prickles out of our butt cheeks.  For me, part of bush doofs is losing the shoes and going bare foot too
  • “to which she replied, in a smartass tone, “Everyone has friends down there.”

    Tell your parking guiders to be a little more relaxed… we got there around 5pm on the Friday, and were told we couldn’t go “left” which we wanted to, only to finally camp there anyway and it was nowhere near full; dunno what the fuck was up with that.  We said to the girl, “Ah, we’re meeting friends down this way,” to which she replied, in a smartass tone, “Everyone has friends down there.”  Yeah, how about I punchersize your face for free?
  • Rethink the use of LED lighting that spins randomly down into ones face (not from the main stages, but the poles around the dancefloor) — the lighting was awesome, but those LED beasts really, really hurt the eyes, even for a “merely tired and straight” doofer such as myself.  I’m not lighting expert, but I’d bet for those lights, a classic bulb, or a diffuser over LED, would rock it

The good

  • Awesome work on the general fencing off of camping areas, and roads… top stuff!
  • The sound of the stages was top notch… excellently tuned and great, full sound
  • Though the wait to get in was insane, it was still well done considering you have to funnel cars off the main road into cattle runs, funnelling into a single road
  • Great work on the water supply too — always important when it hit 35C+ during the day
  • I so very very much love all the trees.  A lot.  The cover is awesome.  It’s one of the few things I utterly hate about the Rainbow site for the last few years… just a big expanse of tree-less, shade-less paddock.  I really do hope any future sites they choose differentiate here

What?  Home time already?!

That’s how I usually measure a good or bad party… in the bush, in a club, anywhere.  If I’m sad to be leaving, it’s been awesome.  I was long overdue for one, and perhaps that also played a part, but a great weekend overall.

Missed not seeing Guy Tan there, or Rusty, or Pia, or The Petey’s and Christy, and others that I thought I would run into.  Was good to see Stu (part of The Petey crew), and some of Mikey’s friends I knew.

Anyway… Bring on 2013!  And Rainbow in two months!

 

 

Hey… sup…

And so here we finally are!  I’ve finally made the migration over to a decent blogging platform, instead of that horrid pile of mess that Geeklog has become.

Looking forward to blogging again.  I’m so completely over social networking.  I wanted the concept so badly to be cool, but it’s turned out to just be a bag of shit — another excellent example of something being cool, and then humans stepping in and screwing it up by participating.

Expect lots of fascination, shenanigans, and mayhem.  Most probably not though.

 

 

Page 5 of 5

Powered by WordPress & Theme by Anders Norén