File: README.floppyfw

package info (click to toggle)
fwbuilder 2.1.19-6
  • links: PTS, VCS
  • area: main
  • in suites: lenny
  • size: 12,300 kB
  • ctags: 6,141
  • sloc: cpp: 74,889; sh: 3,208; ansic: 8; makefile: 6
file content (73 lines) | stat: -rw-r--r-- 2,214 bytes parent folder | download | duplicates (9) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
 


How to generate firewall script for floppyfw
(http://www.zelow.no/floppyfw/index.html)


1. in Firewall dialog, tab "Firewall", set the following parameters:

  - "Load modules" - OFF
  - "Create virtual addresses for NAT rules" - ON
  - "Use numeric log levels"  - ON


2. download and install rpm "fwbuilder-floppyfw-0.9.7"


3. in "Compile/Install" tab configure full path and name of the
install script "/usr/bin/floppyfw_install.sh". Now you can compile
policy in a usual way using menu Rules->Compile and then install it
to floppyfw floppy using menu Rules->Install. Install script makes
certain checks to verify that floppy you use indeed contains floppyfw
code. Install script depends on mtools package.


4. some useful configuration parameters for floppyfw:

  - activate serial console for kernel boot-time messages and shell:
      in file "config" :  SERIAL_CONSOLE=ttyS0
      in file "syslinux.cfg" add "console=ttyS0,9600" kernel parameters: 

------- file config ----------------------
# Choose the serial port for the console "n" for none.
SERIAL_CONSOLE=ttyS0
------------------------------------------

------- file syslinux.cfg ----------------
default floppyfw
display floppyfw.msg
label floppyfw
  kernel vmlinuz
  append initrd=initrd.gz root=/dev/fd0 console=ttyS0,9600 ether=0,0,0,eth0 ether=0,0,0,eth1
------------------------------------------



  - logging via syslog: 
      in file "config" set USE_SYSLOG=y and add "-R" to log to remote loghost
      
------- file config ----------------------
# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.
#
USE_SYSLOG=y

# This SYSLOG does not use syslogd.conf so we have to set things here.
# Flags:
# Log to /dev/tty3 instead of /var/log/messages which aren't exactly a
# good idea on a ramdisk.
# -O /dev/tty3
# Log to network. host:port
# -R 10.42.42.42:514
# Log to both network and file:
# -L
# --MARK-- 0 is no mark.
# -m 0
# SYSLOG_FLAGS="-m 360 -O /dev/tty3"
SYSLOG_FLAGS="-m 360 -R 10.42.42.4:514"
------------------------------------------

  - do not forget to add rule to the firewall policy to permit sending
    syslog packets from firewall to your loghost