- The added line is THIS COLOR.
- The deleted line is THIS COLOR.
Your message?
Notice: To avoid posts by spam, a message body without the word '#FuguIta' is rejected. ~
Please include the word in your message text.
----
#contents
----
#article
**How to port PFFW to FuguIta [#r9e5ee9b]
>[[kaw]] (2022-03-04 (Fri) 18:27:07)~
~
[[PFFW>https://github.com/sonertari/PFFW]] is firewall software running on OpenBSD that continues to be developed by Soner Tari.~
[[PFFW>https://github.com/sonertari/PFFW]] is a firewall management software running on OpenBSD that continues to be developed by Soner Tari.~
PFFW uses OpenBSD's packet filter [[PF>https://www.openbsd.org/faq/pf/index.html]] and provides a web user interface for configuring PF and monitoring PF and OS behavior.~
~
I have ported this PFFW to [[FuguIta LiveUSB>http://fuguita.org]] and would like to introduce the procedure.~
~
''Overview''~
PFFW is available as an ISO image for installation, including OpenBSD itself and related packages, and porting to FuguIta LiveUSB is generally done as follows~
-Install PFFW in the usual way.
-After installation, take out the PFFW-specific parts.
-Run FuguIta LiveUSB and extract the files from PFFW onto FuguIta.
-Modify some files so that PFFW and FuguIta work together.
-Save the modified contents to FuguIta LiveUSB.
>''Install PFFW in the usual way.''~
Refer to the [[PFFW GitHub Page>https://github.com/sonertari/PFFW]] and download the installation image.~
Refer to the ''How to Install section'' of the [[PFFW GitHub Page>https://github.com/sonertari/PFFW]] for instructions on how to install from the downloaded image.~
Installation can be done either on the actual device or on a VM, but it is easier to do it on the actual device because of the network interface settings.~
~
During the initial setup of PFFW, answer ''no'' to the question if you want to use MFS.~
If the system has enough memory, you can mount /var/log as MFS
Enable MFS? [yes] no
MFS /var/log disabled.
FuguIta uses TMPFS, so the same effect can be achieved without MFS.~
~
''After installation, take out the PFFW-specific parts.''~
Next, launch the installed PFFW and archive the PFFW-specific portions.~
pffw# cd /
pffw# tar czf /root/pffw.tar.gz etc usr/local var
Please copy this pffw.tar.gz to another media, another host, etc. so that it can be read from the FuguIta environment you will create later.~
~
''Run FuguIta LiveUSB and extract the files extracted from PFFW onto FuguIta.''~
Run FuguIta LiveUSB, which is the destination of PFFW, in mode 0.
Boot modes:
0: fresh boot - standard mode as a live system
1: fresh boot - less memory, faster boot
(/usr is non-writable, can't pkg_add)
2: fresh boot - works using only RAM
(about 1GB or more of RAM required)
3: boot with retrieving saved files from storage device
or enter passphrase for an encrypted volume
4: boot with retrieving saved files from floppy disk
5: interactive shell for maintenance
-> 0
After booting is complete, extract the files you have just archived.
pffw-fuguita# cd /ram
pffw-fuguita# tar xvzpf pffw.tar.gz
Modify /etc/rc.
pffw-fuguita# cd /etc
pffw-fuguita# patch < /boottmp/etc.rc.diff
Hmm... Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- rc Tue Oct 19 00:11:59 2021
|+++ rc.new Tue Oct 19 00:12:08 2021
--------------------------
Patching file rc using Plan A...
Hunk #1 succeeded at 177.
Hunk #2 succeeded at 377.
Hunk #3 succeeded at 684 (offset 58 lines).
Modify /etc/doas.conf as follows
permit nopass www as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php
permit nopass admin as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php
permit nopass user as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php
permit nopass keepenv root as root
In FuguIta, /var is a symbolic link to /ram/var, and doas will not allow execution with the original contents.~
/var must be changed to /ram/var, which is a realpath.~
~
Merge /etc/rc.shutdown for PFFW and FuguIta.~
pffw-fuguita# cd /etc
pffw-fuguita# mv rc.shutdown rc.shutdown.pffw
pffw-fuguita# cat rc.shutdown.pffw /fuguita/etc/rc.shutdown > rc.shutdown
Uncomment the last line of the merged rc.shutdown.
...snip...
echo will retry after $waitsec seconds...
sleep $waitsec
done )
}
# To re-sync on shutdown. uncomment the following line.
usbfadm_r <== Uncomment this line.
This will cause the file to be saved to the USB flash drive and then shut down after the PFFW exit process is complete.~
~
''Save the modifications to the FuguIta LiveUSB.''~
pffw-fuguita# usbfadm
Welcome to usbfadm.
USB flash drive administration tool for FuguIta
Version/Arch: 7.0/amd64 (FuguIta-7.0-amd64-202202241)
Boot mode: usbflash
Target device: not set
Data saved as: not set
readline capability available
TAB to complete the reserved words
Type ? for help.
? : ? ->target
Searching storage device
Please make sure the device inserted.
Then press ENTER ->
sd0a +sd0d
target device->sd0d
sd0d : ? ->saveas
Name of saved data->pffw
Your data will be saved as ``pffw''.
sd0d : pffw ->sync
Sync current tmpfs as ``pffw'' , OK? [y/N] -> y
copying /ram to /mnt/livecd-config/7.0/amd64/pffw (515360KB approx.):
467MiB 0:00:30 [15.2MiB/s] [==============================> ] 92% ETA 0:00:02
waiting for pax to finish ... syncing ... done.
sd0d : pffw ->quit
Bye bye...
pffw-fuguita#
This completes the porting of PFFW to FuguIta.
pffw-fuguita# shutdown -hp now
When starting up, choose mode 3 and specify the device and save name where the data was saved, and PFFW will start up.~
#ref(PFFW-FuguIta.jpg,wrap,33%)
To automatically specify the device name and save name and start up, please refer to the FuguIta's [[Start Guide>FuguIta/StartGuide#ld09b1eb]].
//
- The PFFW installer is designed to install OpenBSD itself and related packages together, so a computer with PFFW installed becomes a "firewall-only machine" (which is usually fine as a mode of operation). By porting PFFW to #FuguIta, the PFFW environment can be loaded and operated only when necessary. It is also easy to migrate and operate on other hardware. -- [[kaw]] &new{2022-03-05 (Sat) 00:33:56};
#comment
**Desktop environment demo of FuguIta [#j816c1f9]
>[[kaw]] (2022-01-13 (Thu) 23:30:46)~
~
>I have created a desktop environment demo of FuguIta on a trial basis and uploaded it to the "test" directory of [[mirror servers>FuguIta/Download]].~
~
''How to use''~
Download the file FuguIta-7.0-amd64-202201101-demo.img.xz and write it to a USB flash drive with a size of 8GB or more.
xz -dc FuguIta-7.0-amd64-202201101-demo.img.xz | dd of=/dev/rsdXc bs=1m
When you boot from this USB stick, you will get a desktop environment without authentication.~
~
You will need a minimum of 2GB of memory on your PC.~
Installed applications are as follows
>>audacious-4.1p0 emacs-27.2p3-gtk3 evince-40.4-light firefox-95.0.1~
libreoffice-7.2.1.2v0 noto-cjk-2.001 noto-emoji-20200408~
noto-fonts-20171024 pv-1.6.6 rlwrap-0.43p0 rsync-3.2.3p0~
vim-8.2.3456-gtk3 vlc-3.0.14p1 xfce-extras-4.16
>''Technical topics''~
-non interactive boot with noasks file in d partition
-automatic login with [[xenodm>https://man.openbsd.org/xenodm]]
-additional mounting of a partition with /usr/fuguita/etc/fstab.tail file
-automatic network configuration with gennetconfs utility and chnetconf utility (in /etc/rc.local)
- In /etc/rc.shutdown, set ''auto_save_shutdown=Yes'' to automatically save files to a USB stick.&br; #FuguIta -- [[kaw]] &new{2022-01-18 (Tue) 15:23:33};
- The default user is ''demo''. And its password is the same.&br; #FuguIta -- [[kaw]] &new{2022-01-19 (Wed) 14:35:03};
#comment
----
Former articles are at [[FuguIta/BBS/11]].
----
Return to [[Top>Welcome]]