Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > b8f881c2f8c6a4ed7ffcdb5cbad96565 > files > 17

fwbuilder-3.0.7-1mdv2010.0.i586.rpm



How to generate firewall script for floppyfw
(http://www.zelow.no/floppyfw/index.html)


1. in Firewall dialog, tab "Firewall", set the following parameters:

  - "Load modules" - OFF
  - "Create virtual addresses for NAT rules" - ON
  - "Use numeric log levels"  - ON


2. download and install rpm "fwbuilder-floppyfw-0.9.7"


3. in "Compile/Install" tab configure full path and name of the
install script "/usr/bin/floppyfw_install.sh". Now you can compile
policy in a usual way using menu Rules->Compile and then install it
to floppyfw floppy using menu Rules->Install. Install script makes
certain checks to verify that floppy you use indeed contains floppyfw
code. Install script depends on mtools package.


4. some useful configuration parameters for floppyfw:

  - activate serial console for kernel boot-time messages and shell:
      in file "config" :  SERIAL_CONSOLE=ttyS0
      in file "syslinux.cfg" add "console=ttyS0,9600" kernel parameters: 

------- file config ----------------------
# Choose the serial port for the console "n" for none.
SERIAL_CONSOLE=ttyS0
------------------------------------------

------- file syslinux.cfg ----------------
default floppyfw
display floppyfw.msg
label floppyfw
  kernel vmlinuz
  append initrd=initrd.gz root=/dev/fd0 console=ttyS0,9600 ether=0,0,0,eth0 ether=0,0,0,eth1
------------------------------------------



  - logging via syslog: 
      in file "config" set USE_SYSLOG=y and add "-R" to log to remote loghost
      
------- file config ----------------------
# Turning on syslogd and klogd.
# This is a nice thing but will eat CPU which is why it is turned
# off by default.
#
USE_SYSLOG=y

# This SYSLOG does not use syslogd.conf so we have to set things here.
# Flags:
# Log to /dev/tty3 instead of /var/log/messages which aren't exactly a
# good idea on a ramdisk.
# -O /dev/tty3
# Log to network. host:port
# -R 10.42.42.42:514
# Log to both network and file:
# -L
# --MARK-- 0 is no mark.
# -m 0
# SYSLOG_FLAGS="-m 360 -O /dev/tty3"
SYSLOG_FLAGS="-m 360 -R 10.42.42.4:514"
------------------------------------------

  - do not forget to add rule to the firewall policy to permit sending
    syslog packets from firewall to your loghost

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional