onkelbeh/fwbuilder
1
0
Fork 0
mirror of https://github.com/fwbuilder/fwbuilder synced 2025-06-15 06:37:26 +02:00
Code Issues Releases Wiki Activity
fwbuilder/doc/README.floppyfw
Vadim Kurland fcfedad398 Initial import into v3 branch
2007-12-25 22:25:59 +00:00

74 lines
2.2 KiB
Plaintext
Raw Permalink Blame History

How to generate firewall script for floppyfw
(http://www.zelow.no/floppyfw/index.html)
1. in Firewall dialog, tab "Firewall", set the following parameters:
- "Load modules" - OFF
- "Create virtual addresses for NAT rules" - ON
- "Use numeric log levels" - ON
2. download and install rpm "fwbuilder-floppyfw-0.9.7"
3. in "Compile/Install" tab configure full path and name of the
install script "/usr/bin/floppyfw_install.sh". Now you can compile
policy in a usual way using menu Rules->Compile and then install it
to floppyfw floppy using menu Rules->Install. Install script makes
certain checks to verify that floppy you use indeed contains floppyfw
code. Install script depends on mtools package.
4. some useful configuration parameters for floppyfw:
- activate serial console for kernel boot-time messages and shell:
in file "config" : SERIAL_CONSOLE=ttyS0
in file "syslinux.cfg" add "console=ttyS0,9600" kernel parameters:
------- file config ----------------------
# Choose the serial port for the console "n" for none.
SERIAL_CONSOLE=ttyS0
------------------------------------------
------- file syslinux.cfg ----------------
default floppyfw
display floppyfw.msg
label floppyfw
kernel vmlinuz
append initrd=initrd.gz root=/dev/fd0 console=ttyS0,9600 ether=0,0,0,eth0 ether=0,0,0,eth1
------------------------------------------
- logging via syslog:
in file "config" set USE_SYSLOG=y and add "-R" to log to remote loghost
------- file config ----------------------
# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.
#
USE_SYSLOG=y
# This SYSLOG does not use syslogd.conf so we have to set things here.
# Flags:
# Log to /dev/tty3 instead of /var/log/messages which aren't exactly a
# good idea on a ramdisk.
# -O /dev/tty3
# Log to network. host:port
# -R 10.42.42.42:514
# Log to both network and file:
# -L
# --MARK-- 0 is no mark.
# -m 0
# SYSLOG_FLAGS="-m 360 -O /dev/tty3"
SYSLOG_FLAGS="-m 360 -R 10.42.42.4:514"
------------------------------------------
- do not forget to add rule to the firewall policy to permit sending
syslog packets from firewall to your loghost
Reference in New Issue View Git Blame Copy Permalink