Your message?
Notice: To avoid posts by spam, a message body without the word '#FuguIta' is rejected.
Please include the word in your message text.
kaw (2022-03-04 (Fri) 18:27:07)
PFFW is firewall software running on OpenBSD that continues to be developed by Soner Tari.
PFFW uses OpenBSD's packet filter PF and provides a web user interface for configuring PF and monitoring PF and OS behavior.
I have ported this PFFW to FuguIta LiveUSB and would like to introduce the procedure.
Overview
PFFW is available as an ISO image for installation, including OpenBSD itself and related packages, and porting to FuguIta LiveUSB is generally done as follows
- Install PFFW in the usual way.
- After installation, take out the PFFW-specific parts.
- Run FuguIta LiveUSB and extract the files from PFFW onto FuguIta.
- Modify some files so that PFFW and FuguIta work together.
- Save the modified contents to FuguIta LiveUSB.
Install PFFW in the usual way.
Refer to the PFFW GitHub Page and download the installation image.
Refer to the How to Install section of the PFFW GitHub Page for instructions on how to install from the downloaded image.
Installation can be done either on the actual device or on a VM, but it is easier to do it on the actual device because of the network interface settings.
During the initial setup of PFFW, answer no to the question if you want to use MFS.If the system has enough memory, you can mount /var/log as MFS Enable MFS? [yes] no MFS /var/log disabled.FuguIta uses TMPFS, so the same effect can be achieved without MFS.
After installation, take out the PFFW-specific parts.
Next, launch the installed PFFW and archive the PFFW-specific portions.pffw# cd / pffw# tar czf /root/pffw.tar.gz etc usr/local varPlease copy this pffw.tar.gz to another media, another host, etc. so that it can be read from the FuguIta environment you will create later.
Run FuguIta LiveUSB and extract the files extracted from PFFW onto FuguIta.
Run FuguIta LiveUSB, which is the destination of PFFW, in mode 0.Boot modes: 0: fresh boot - standard mode as a live system 1: fresh boot - less memory, faster boot (/usr is non-writable, can't pkg_add) 2: fresh boot - works using only RAM (about 1GB or more of RAM required) 3: boot with retrieving saved files from storage device or enter passphrase for an encrypted volume 4: boot with retrieving saved files from floppy disk 5: interactive shell for maintenance -> 0After booting is complete, extract the files you have just archived.
pffw-fuguita# cd /ram pffw-fuguita# tar xvzpf pffw.tar.gzModify /etc/rc.
pffw-fuguita# cd /etc pffw-fuguita# patch < /boottmp/etc.rc.diff Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- rc Tue Oct 19 00:11:59 2021 |+++ rc.new Tue Oct 19 00:12:08 2021 -------------------------- Patching file rc using Plan A... Hunk #1 succeeded at 177. Hunk #2 succeeded at 377. Hunk #3 succeeded at 684 (offset 58 lines).Modify /etc/doas.conf as follows
permit nopass www as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php permit nopass admin as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php permit nopass user as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php permit nopass keepenv root as rootIn FuguIta, /var is a symbolic link to /ram/var, and doas will not allow execution with the original contents.
/var must be changed to /ram/var, which is a realpath.
Merge /etc/rc.shutdown for PFFW and FuguIta.pffw-fuguita# cd /etc pffw-fuguita# mv rc.shutdown rc.shutdown.pffw pffw-fuguita# cat rc.shutdown.pffw /fuguita/etc/rc.shutdown > rc.shutdownUncomment the last line of the merged rc.shutdown.
...snip... echo will retry after $waitsec seconds... sleep $waitsec done ) } # To re-sync on shutdown. uncomment the following line. usbfadm_r <== Uncomment this line.This will cause the file to be saved to the USB flash drive and then shut down after the PFFW exit process is complete.
Save the modifications to the FuguIta LiveUSB.pffw-fuguita# usbfadm Welcome to usbfadm. USB flash drive administration tool for FuguIta Version/Arch: 7.0/amd64 (FuguIta-7.0-amd64-202202241) Boot mode: usbflash Target device: not set Data saved as: not set readline capability available TAB to complete the reserved words Type ? for help. ? : ? ->target Searching storage device Please make sure the device inserted. Then press ENTER -> sd0a +sd0d target device->sd0d sd0d : ? ->saveas Name of saved data->pffw Your data will be saved as ``pffw''. sd0d : pffw ->sync Sync current tmpfs as ``pffw'' , OK? [y/N] -> y copying /ram to /mnt/livecd-config/7.0/amd64/pffw (515360KB approx.): 467MiB 0:00:30 [15.2MiB/s] [==============================> ] 92% ETA 0:00:02 waiting for pax to finish ... syncing ... done. sd0d : pffw ->quit Bye bye... pffw-fuguita#This completes the porting of PFFW to FuguIta.
pffw-fuguita# shutdown -hp nowWhen starting up, choose mode 3 and specify the device and save name where the data was saved, and PFFW will start up.
To automatically specify the device name and save name and start up, please refer to the FuguIta's Start Guide.
kaw (2022-01-13 (Thu) 23:30:46)
I have created a desktop environment demo of FuguIta on a trial basis and uploaded it to the "test" directory of mirror servers.
How to use
Download the file FuguIta-7.0-amd64-202201101-demo.img.xz and write it to a USB flash drive with a size of 8GB or more.xz -dc FuguIta-7.0-amd64-202201101-demo.img.xz | dd of=/dev/rsdXc bs=1mWhen you boot from this USB stick, you will get a desktop environment without authentication.
You will need a minimum of 2GB of memory on your PC.
Installed applications are as followsaudacious-4.1p0 emacs-27.2p3-gtk3 evince-40.4-light firefox-95.0.1
libreoffice-7.2.1.2v0 noto-cjk-2.001 noto-emoji-20200408
noto-fonts-20171024 pv-1.6.6 rlwrap-0.43p0 rsync-3.2.3p0
vim-8.2.3456-gtk3 vlc-3.0.14p1 xfce-extras-4.16Technical topics
- non interactive boot with noasks file in d partition
- automatic login with xenodm
- additional mounting of a partition with /usr/fuguita/etc/fstab.tail file
- automatic network configuration with gennetconfs utility and chnetconf utility (in /etc/rc.local)
Former articles are at FuguIta/BBS/11.
Return to Top