Your message?

Notice: To avoid posts by spam, a message body without the word '#FuguIta' is rejected. ~
Please include the word in your message text.
----
#contents
----
#article
**How to port PFFW to FuguIta [#r9e5ee9b]
>[[kaw]] (2022-03-04 (Fri) 18:27:07)~
~
[[PFFW>https://github.com/sonertari/PFFW]] is firewall software running on OpenBSD that continues to be developed by Soner Tari.~
PFFW uses OpenBSD's packet filter [[PF>https://www.openbsd.org/faq/pf/index.html]] and provides a web user interface for configuring PF and monitoring PF and OS behavior.~
~
I have ported this PFFW to [[FuguIta LiveUSB>http://fuguita.org]] and would like to introduce the procedure.~
~
''Overview''~
PFFW is available as an ISO image for installation, including OpenBSD itself and related packages, and porting to FuguIta LiveUSB is generally done as follows~
-Install PFFW in the usual way.
-After installation, take out the PFFW-specific parts.
-Run FuguIta LiveUSB and extract the files from PFFW onto FuguIta.
-Modify some files so that PFFW and FuguIta work together.
-Save the modified contents to FuguIta LiveUSB.

>''Install PFFW in the usual way.''~
Refer to the [[PFFW GitHub Page>https://github.com/sonertari/PFFW]] and download the installation image.~
Refer to the ''How to Install section'' of the [[PFFW GitHub Page>https://github.com/sonertari/PFFW]] for instructions on how to install from the downloaded image.~
Installation can be done either on the actual device or on a VM, but it is easier to do it on the actual device because of the network interface settings.~
~
During the initial setup of PFFW, answer ''no'' to the question if you want to use MFS.~
 If the system has enough memory, you can mount /var/log as MFS
 Enable MFS? [yes] no
 
 MFS /var/log disabled.
FuguIta uses TMPFS, so the same effect can be achieved without MFS.~
~
''After installation, take out the PFFW-specific parts.''~
Next, launch the installed PFFW and archive the PFFW-specific portions.~
 pffw# cd /
 pffw# tar czf /root/pffw.tar.gz etc usr/local var
Please copy this pffw.tar.gz to another media, another host, etc. so that it can be read from the FuguIta environment.~
~
''Run FuguIta LiveUSB and extract the files extracted from PFFW onto FuguIta.''~
Run FuguIta LiveUSB, which is the destination of PFFW, in mode 0.
 Boot modes:
    0: fresh boot - standard mode as a live system
    1: fresh boot - less memory, faster boot
                   (/usr is non-writable, can't pkg_add)
    2: fresh boot - works using only RAM
                   (about 1GB or more of RAM required)
    3: boot with retrieving saved files from storage device
       or enter passphrase for an encrypted volume
    4: boot with retrieving saved files from floppy disk
    5: interactive shell for maintenance
 -> 0
After booting is complete, extract the files you have just archived.
 pffw-fuguita# cd /ram
 pffw-fuguita# tar xvzpf pffw.tar.gz
Modify /etc/rc.
 pffw-fuguita# cd /etc
 pffw-fuguita# patch < /boottmp/etc.rc.diff
 Hmm...  Looks like a unified diff to me...
 The text leading up to this was:
 --------------------------
 |--- rc Tue Oct 19 00:11:59 2021
 |+++ rc.new     Tue Oct 19 00:12:08 2021
 --------------------------
 Patching file rc using Plan A...
 Hunk #1 succeeded at 177.
 Hunk #2 succeeded at 377.
 Hunk #3 succeeded at 684 (offset 58 lines).
Modify /etc/doas.conf as follows
 permit nopass www as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php
 permit nopass admin as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php
 permit nopass user as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php
 permit nopass keepenv root as root
In FuguIta, /var is a symbolic link to /ram/var, and doas will not allow execution with the original contents.~
/var must be changed to /ram/var, which is a realpath.~
~
Merge /etc/rc.shutdown for PFFW and FuguIta.~
 pffw-fuguita# cd /etc
 pffw-fuguita# mv rc.shutdown rc.shutdown.pffw
 pffw-fuguita# cat rc.shutdown.pffw /fuguita/etc/rc.shutdown > rc.shutdown
Uncomment the last line of the merged rc.shutdown.
 ...snip...
           echo will retry after $waitsec seconds...
           sleep $waitsec
       done )
 }
 
 # To re-sync on shutdown. uncomment the following line.
 usbfadm_r    <== Uncomment this line.
This will cause the file to be saved to the USB flash drive and then shut down after the PFFW exit process is complete.~
~
''Save the modifications to the FuguIta LiveUSB.''~
 pffw-fuguita# usbfadm
 
 Welcome to usbfadm.
 USB flash drive administration tool for FuguIta
 
  Version/Arch: 7.0/amd64  (FuguIta-7.0-amd64-202202241)
     Boot mode: usbflash
 Target device: not set
 Data saved as: not set
 
 readline capability available
 TAB to complete the reserved words
 
 Type ? for help.
 
 ? : ? ->target
 
 Searching storage device
 Please make sure the device inserted.
 Then press ENTER ->
 sd0a +sd0d
 target device->sd0d
 
 sd0d : ? ->saveas
 Name of saved data->pffw
 
 Your data will be saved as ``pffw''.
 
 sd0d : pffw ->sync
 
 Sync current tmpfs as ``pffw'' , OK? [y/N] -> y
 
 copying /ram to /mnt/livecd-config/7.0/amd64/pffw (515360KB approx.):
  467MiB 0:00:30 [15.2MiB/s] [==============================>   ] 92% ETA 0:00:02
 waiting for pax to finish ... syncing ... done.
 
 sd0d : pffw ->quit
 
 Bye bye...
 pffw-fuguita#
This completes the porting of PFFW to FuguIta.
 pffw-fuguita# shutdown -hp now
When starting up, choose mode 3 and specify the device and save name where the data was saved, and PFFW will start up.~
#ref(PFFW-FuguIta.jpg,wrap,33%)
To automatically specify the device name and save name and start up, please refer to the FuguIta's [[Start Guide>FuguIta/StartGuide#ld09b1eb]].

//

#comment

**Desktop environment demo of FuguIta [#j816c1f9]
>[[kaw]] (2022-01-13 (Thu) 23:30:46)~
~
>I have created a desktop environment demo of FuguIta on a trial basis and uploaded it to the "test" directory of [[mirror servers>FuguIta/Download]].~
~
''How to use''~
Download the file FuguIta-7.0-amd64-202201101-demo.img.xz and write it to a USB flash drive with a size of 8GB or more.
 xz -dc FuguIta-7.0-amd64-202201101-demo.img.xz | dd of=/dev/rsdXc bs=1m
When you boot from this USB stick, you will get a desktop environment without authentication.~
~
You will need a minimum of 2GB of memory on your PC.~
Installed applications are as follows
>>audacious-4.1p0 emacs-27.2p3-gtk3 evince-40.4-light firefox-95.0.1~
libreoffice-7.2.1.2v0 noto-cjk-2.001 noto-emoji-20200408~
noto-fonts-20171024 pv-1.6.6 rlwrap-0.43p0 rsync-3.2.3p0~
vim-8.2.3456-gtk3 vlc-3.0.14p1 xfce-extras-4.16
>''Technical topics''~
-non interactive boot with noasks file in d partition
-automatic login with [[xenodm>https://man.openbsd.org/xenodm]]
-additional mounting of a partition with /usr/fuguita/etc/fstab.tail file
-automatic network configuration with gennetconfs utility and chnetconf utility (in /etc/rc.local)

- In /etc/rc.shutdown, set ''auto_save_shutdown=Yes'' to automatically save files to a USB stick.&br; #FuguIta -- [[kaw]] &new{2022-01-18 (Tue) 15:23:33};
- The default user is ''demo''. And its password is the same.&br; #FuguIta -- [[kaw]] &new{2022-01-19 (Wed) 14:35:03};

#comment

----
Former articles are at [[FuguIta/BBS/11]].
----
Return to [[Top>Welcome]]

Front page   New Page list Search Recent changes   Help   RSS of recent changes