Your message? Notice: To avoid posts by spam, a message body without the word '#FuguIta' is rejected. ~ Please include the word in your message text. ---- #contents ---- #article **How to port PFFW to FuguIta [#r9e5ee9b] >[[kaw]] (2022-03-04 (Fri) 18:27:07)~ ~ [[PFFW>https://github.com/sonertari/PFFW]] is firewall software running on OpenBSD that continues to be developed by Soner Tari.~ PFFW uses OpenBSD's packet filter [[PF>https://www.openbsd.org/faq/pf/index.html]] and provides a web user interface for configuring PF and monitoring PF and OS behavior.~ ~ I have ported this PFFW to [[FuguIta LiveUSB>http://fuguita.org]] and would like to introduce the procedure.~ ~ ''Overview''~ PFFW is available as an ISO image for installation, including OpenBSD itself and related packages, and porting to FuguIta LiveUSB is generally done as follows~ -Install PFFW in the usual way. -After installation, take out the PFFW-specific parts. -Run FuguIta LiveUSB and extract the files from PFFW onto FuguIta. -Modify some files so that PFFW and FuguIta work together. -Save the modified contents to FuguIta LiveUSB. >''Install PFFW in the usual way.''~ Refer to the [[PFFW GitHub Page>https://github.com/sonertari/PFFW]] and download the installation image.~ Refer to the ''How to Install section'' of the [[PFFW GitHub Page>https://github.com/sonertari/PFFW]] for instructions on how to install from the downloaded image.~ Installation can be done either on the actual device or on a VM, but it is easier to do it on the actual device because of the network interface settings.~ ~ During the initial setup of PFFW, answer ''no'' to the question if you want to use MFS.~ If the system has enough memory, you can mount /var/log as MFS Enable MFS? [yes] no MFS /var/log disabled. FuguIta uses TMPFS, so the same effect can be achieved without MFS.~ ~ ''After installation, take out the PFFW-specific parts.''~ Next, launch the installed PFFW and archive the PFFW-specific portions.~ pffw# cd / pffw# tar czf /root/pffw.tar.gz etc usr/local var Please copy this pffw.tar.gz to another media, another host, etc. so that it can be read from the FuguIta environment you will create later.~ ~ ''Run FuguIta LiveUSB and extract the files extracted from PFFW onto FuguIta.''~ Run FuguIta LiveUSB, which is the destination of PFFW, in mode 0. Boot modes: 0: fresh boot - standard mode as a live system 1: fresh boot - less memory, faster boot (/usr is non-writable, can't pkg_add) 2: fresh boot - works using only RAM (about 1GB or more of RAM required) 3: boot with retrieving saved files from storage device or enter passphrase for an encrypted volume 4: boot with retrieving saved files from floppy disk 5: interactive shell for maintenance -> 0 After booting is complete, extract the files you have just archived. pffw-fuguita# cd /ram pffw-fuguita# tar xvzpf pffw.tar.gz Modify /etc/rc. pffw-fuguita# cd /etc pffw-fuguita# patch < /boottmp/etc.rc.diff Hmm... Looks like a unified diff to me... The text leading up to this was: -------------------------- |--- rc Tue Oct 19 00:11:59 2021 |+++ rc.new Tue Oct 19 00:12:08 2021 -------------------------- Patching file rc using Plan A... Hunk #1 succeeded at 177. Hunk #2 succeeded at 377. Hunk #3 succeeded at 684 (offset 58 lines). Modify /etc/doas.conf as follows permit nopass www as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php permit nopass admin as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php permit nopass user as root cmd /ram/var/www/htdocs/pffw/Controller/ctlr.php permit nopass keepenv root as root In FuguIta, /var is a symbolic link to /ram/var, and doas will not allow execution with the original contents.~ /var must be changed to /ram/var, which is a realpath.~ ~ Merge /etc/rc.shutdown for PFFW and FuguIta.~ pffw-fuguita# cd /etc pffw-fuguita# mv rc.shutdown rc.shutdown.pffw pffw-fuguita# cat rc.shutdown.pffw /fuguita/etc/rc.shutdown > rc.shutdown Uncomment the last line of the merged rc.shutdown. ...snip... echo will retry after $waitsec seconds... sleep $waitsec done ) } # To re-sync on shutdown. uncomment the following line. usbfadm_r <== Uncomment this line. This will cause the file to be saved to the USB flash drive and then shut down after the PFFW exit process is complete.~ ~ ''Save the modifications to the FuguIta LiveUSB.''~ pffw-fuguita# usbfadm Welcome to usbfadm. USB flash drive administration tool for FuguIta Version/Arch: 7.0/amd64 (FuguIta-7.0-amd64-202202241) Boot mode: usbflash Target device: not set Data saved as: not set readline capability available TAB to complete the reserved words Type ? for help. ? : ? ->target Searching storage device Please make sure the device inserted. Then press ENTER -> sd0a +sd0d target device->sd0d sd0d : ? ->saveas Name of saved data->pffw Your data will be saved as ``pffw''. sd0d : pffw ->sync Sync current tmpfs as ``pffw'' , OK? [y/N] -> y copying /ram to /mnt/livecd-config/7.0/amd64/pffw (515360KB approx.): 467MiB 0:00:30 [15.2MiB/s] [==============================> ] 92% ETA 0:00:02 waiting for pax to finish ... syncing ... done. sd0d : pffw ->quit Bye bye... pffw-fuguita# This completes the porting of PFFW to FuguIta. pffw-fuguita# shutdown -hp now When starting up, choose mode 3 and specify the device and save name where the data was saved, and PFFW will start up.~ #ref(PFFW-FuguIta.jpg,wrap,33%) To automatically specify the device name and save name and start up, please refer to the FuguIta's [[Start Guide>FuguIta/StartGuide#ld09b1eb]]. // - The PFFW installer is designed to install OpenBSD itself and related packages together, so a computer with PFFW installed becomes a "firewall-only machine" (which is usually fine as a mode of operation). By porting PFFW to #FuguIta, the PFFW environment can be loaded and operated only when necessary. It is also easy to migrate and operate on other hardware. -- [[kaw]] &new{2022-03-05 (Sat) 00:33:56}; #comment **Desktop environment demo of FuguIta [#j816c1f9] >[[kaw]] (2022-01-13 (Thu) 23:30:46)~ ~ >I have created a desktop environment demo of FuguIta on a trial basis and uploaded it to the "test" directory of [[mirror servers>FuguIta/Download]].~ ~ ''How to use''~ Download the file FuguIta-7.0-amd64-202201101-demo.img.xz and write it to a USB flash drive with a size of 8GB or more. xz -dc FuguIta-7.0-amd64-202201101-demo.img.xz | dd of=/dev/rsdXc bs=1m When you boot from this USB stick, you will get a desktop environment without authentication.~ ~ You will need a minimum of 2GB of memory on your PC.~ Installed applications are as follows >>audacious-4.1p0 emacs-27.2p3-gtk3 evince-40.4-light firefox-95.0.1~ libreoffice-7.2.1.2v0 noto-cjk-2.001 noto-emoji-20200408~ noto-fonts-20171024 pv-1.6.6 rlwrap-0.43p0 rsync-3.2.3p0~ vim-8.2.3456-gtk3 vlc-3.0.14p1 xfce-extras-4.16 >''Technical topics''~ -non interactive boot with noasks file in d partition -automatic login with [[xenodm>https://man.openbsd.org/xenodm]] -additional mounting of a partition with /usr/fuguita/etc/fstab.tail file -automatic network configuration with gennetconfs utility and chnetconf utility (in /etc/rc.local) - In /etc/rc.shutdown, set ''auto_save_shutdown=Yes'' to automatically save files to a USB stick.&br; #FuguIta -- [[kaw]] &new{2022-01-18 (Tue) 15:23:33}; - The default user is ''demo''. And its password is the same.&br; #FuguIta -- [[kaw]] &new{2022-01-19 (Wed) 14:35:03}; #comment ---- Former articles are at [[FuguIta/BBS/11]]. ---- Return to [[Top>Welcome]]