RE: [leaf-devel] New linuxrc mods ready for testing
Charles wrote: Hmm...I like this idea, but why make a symlink from /var/log rather than simply mounting your persistent log device directly to /var/log, instead of the tmpfs ramdisk? Because I wanted to allow to use a directory on an existing partition instead of necessarily requiring a complete partition. Cheers Alex --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] New linuxrc mods ready for testing
Eric wrote: Although I do like the idea of mounting a persistent device for things like logs I see a few serious drawbacks. LEAF is designed, with reason, to run from ram and don't has all the tools/scripts for checking various filesystems. I use a journaling filesystem, of course (ext3). If the filesystem gets corrupted, I'll upload an fsck, I can live with that. What I cannot live with is lost logfiles after a reset performed by a user because Internet access didn't work. Which means log.lrp doesn't help me. Although there are solutions by choosing ext2/3, jfs, vfat and the like and providing special fs-check packages, an option to select a persistant device in the base linuxrc without an user knowing the drawbacks can give strange problems. I basically read here lets not provide this feature, users are too stupid to use it correctly. I'd rather write a recommendation in the doc that journalling filesystems should be used. Note that people who have space to save their logs usually also have space for jfs.o and ext3.o There is always the option to use a loghost to store the LEAF logfiles. And this seems a better option to me. Sure, if you have a loghost available... Cheers Alex --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] New linuxrc mods ready for testing
Charles, I finally have a working update to the /linuxrc script for bering. It seems to be time to try and submit my patch again It allows to use a log_mnt parameter to mount /var/log/ on a persistent partition that is not lost reboots. I use this to save the logs on a DoM. Could you take a look at the support requests 657859 and 658015? You can find the info and patch there. Direct links: http://sourceforge.net/tracker/index.php?func=detailaid=657859group_id=137 51atid=213751 http://sourceforge.net/tracker/index.php?func=detailaid=658015group_id=137 51atid=213751 Cheers Alex --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Re: [Shorewall-users] Feature request for shorewall.lrp
Another thing that we could do is just place all of the config files in /usr/shorewall/share. Steve (and other Leaf users) -- any opinions. Shouldn't it be /etc/shorewall/ rather? I prefer my config in /etc - Alex --- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470alloc_id=3638op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
Mike wrote: A Linux Embedded Appliance Framework delivered in easy-to-use branches. Specific branches target a variety of environments. Anything from enterprise networks and Internet service providers to small office/home office environments are supported. I haven't seen a LEAF branch that targets the enterprise. Some requirements of the enterprise are: - central management for multiple firewalls: Probably best addressed with the FWBuilder support and the LEAF construction kit - Firewalls with many ports (16 is common): Again probably the easiest with FWBuilder - HA clusters/Failover solutions - Central Log management - Multiple users supported Depending on the environment, you'll also want - VPN for roaming users with NAT Traversal and DHCP through the VPN (almost there..) - RADIUS support, SecurID support - dynamic firewall rules with login - trunking, VRRP, HSRP, whatever Considering the feedback on my contributions which are targeted at larger environments (but not large), I don't think many people are interested. People seem to prefer stonegate as a Linux solution. BTW, I have seen stonegate on a FW-500ME, the same appliance box that we use for LEAF. Cheers Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
Linux Embedded Appliance Framework (LEAF) LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN router, Internet border router/firewall, wireless access point (WAP), and telemetry box. (253 characters) I like this one. Except for the Framework; I though that frameworks by definition don't do anything but just provide a framework that can be filled with your work. I wouldn't call LEAF a framework. I'd probably change the description to LAN/WAN/Internet border router/firewall and replace the telemetry box with VPN gateway Linux Embedded Appliance Firewall (LEAF) LEAF is an embedded network appliance framework delivered in branches. Branches are targeted at, but not limited to, the following appliance-oriented tasks: LAN/WAN/Internet border router/firewall, wireless access point (WAP), and VPN gateway. (a bit less than 253 characters) Cheers Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] Project Description Goals
we are talking about goals - some of them has eached, some of them not, but maybe in the future. LEAF works from home office to small office right now stable and with more features a usual user is asking for. We could even close down development and put everything in maintenance mode (only security fixes, providing support, improving docs) and most of LEAF users will be satisfied a long time. There is definitely some useful work that can be done in the management/configuration area und to improve the upgrading process (separate config and data) Even maintenance mode needs quite some work, just to compile new packages from new software releases. I believe moving any branch to support larger environments than small office is a _goal_, though we may fail :), like it is a goal to improve installation and configuration for SOHO users. Moving to larger environments is one thing, but the enterprise is and IMHO will remain beyond the reach of LEAF, because a big firewall has enough space for a current distro. Eventually a fully open source Linux firewall will be ready for the enterprise, probably because a hardware vendor wants to attack the Nokia/Checkpoint Combo. But it will hardly be based on LEAF. Cheers Alex --- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] RE: [leaf-user] ip_conntrack_ftp -find: /proc/19764 No such file or directory
I looked into the corresponding script (/etc/init.d/modutils), the culprit is probably echo -n $module - MODTOLOAD=`find / -name $module.o |sort |sed -n 1p` if [ $MODTOLOAD = ] ;then module=` echo $module | cut -c-8` MODTOLOAD=`find / -name $module.o |sort |sed -n 1p ` fi if [ ! $MODTOLOAD = ] ;then insmod $MODTOLOAD $args fi It starts its search at /, which is probably fine to detect all sorts of modules in the directory tree. This obviously is the part that produces the original error message. Not looking everywhere for modules might break some setups things. Unfortunately, busybox find provides neither -xdev nor -prune to avoid looking in /proc. I suggest just throwing away find's stderr # echo ip_conntrack_irc.o | cut -c-8 This IMHO does not enhance the chance to find the correct module and should be done away with. I agree. I propose echo -n $module - MODTOLOAD=`find / -name $module.o 2/dev/null | head -n 1` if [ ! $MODTOLOAD = ] ;then insmod $MODTOLOAD $args else echo not found fi Discussion: - throw away error messages of find - why the sort? doesn't make sense to me at all. - I prefer head -n 1 to sed -n 1p - forget the search with 8.3 - error reporting --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] The future of Bering
Charles Steinkuehler wrote What about the possability of moving forward with a mixed approach for the next major version? The core system (and most packages) could be compiled against uClibc, while packages that require it are compiled against a newer glibc that would optionally be installed by those with enough room (ie: running from HDD/flash/CD-ROM/etc). I agree that it doesn't make sense to have two Bering distributions targeted at the same hardware. I propose to use Bering-uClibc for small (floppy-based) systems, while moving Bering to a current glibc and targeting it at systems with at least 4M of disk (e.g. flash). This approach would make it easier to compile stuff for Bering, maybe allow to take binaries from other distributions. And at last I could easily build Super-FreeS/WAN ;-) Both distributions (uclibc and glibc) should only have different user space binaries, i.e. they should have the same kernel, package structure, configuration files and scripts. The proposed distributions: Bering-glibcBering-uClibc min. Storage4M (Flash/HDD/CD) Floppy C-Library glibc 2.3 uClibc Devel Environment Standard Distro Special - Alex --- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278alloc_id=3371op=click ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] SCO suit
For those who may or may not be following the SCO suit against IBM for Linux infringement on UNIX code, this may prove to be of interest. The alleged violations concern SMP code and stuff such as JFS. This is normally not present in Bering firewalls. SGI has also had a lawsuit filed by SCO alledging similar source code infringements as what has been filed in the IBM case. SGI not only compared their own code against UNIXware, but also several Linux kernels. All likely violations that were found in 2.4.x kernels appear to have been removed in the 2.4.22 kernel source. SCO are betting their company on these lawsuits. No one has shown a line of actually infringing code. SCO will hardly make a difference between 2.4.20 and 2.4.22 kernel. But they don't have a leg to stand on anyway. - Alex --- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
RE: [leaf-devel] RCDLINKS is LEAF only?
I know what RCDLINKS does, but can anyone tell me briefly is it a special LEAF-only thing, or is it from some other Linux distro, or what? As the RCDLINKS are evaluated by /lib/POSIXness/POSIXness.linuxrouter it seems to be a LRP concept. It is very useful for LEAF, but for a normal distro I would not recommend it, because you have to change /etc/init.d scripts (programs) just to change your runlevels (configuration) and you don't want to mix programs and configuration in the same file. - Alex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] proposed change to LEAF installation guide
Jacques, Eric: Every now and then, the 255 character limit of the kernel comes up. Checking out the documentation, the description of lrpkg.cfg seems only to appear in the boot from CDROM section, a section that many people won't read as it doesn't apply to them. PLUS it implies that the 255 character limit is an isolinux.cfg limitation, which isn't true, it's a kernel limitation (AFAIK) I suggest adding a reference to lrpkg.cfg to section 6.2 Edit the syslinux.cfg file of the installation guide along the lines of: PROPOSED CHANGE to Bering installation guide section 6.2 You can also write the list of packages to a file with the name lrpkg.cfg in the floppy root, i.e. in the same directory as syslinux.cfg. If that file is present, the packages listed in the file will be loaded instead of those listed in the LRP= list. Thus you get the same effect as in the default syslinux.cfg file by writing display syslinux.dpy timeout 0 default linux initrd=initrd.lrp init=/linuxrc rw root=/dev/ram0 \ boot=/dev/fd0u1680:msdos PKGPATH=/dev/fd0u1680 to syslinux.cfg and root,etc,local,modules,iptables,pump,keyboard,shorwall,ulogd,dnscache,weblet To lrpkg.cfg. This can help you get around the 255 character limit of the kernel command line. For a complete description of lrpkg.cfg and its syntax, see link = /bubooting.html#id2892001 section 11.5 of the user's guide /PROPOSED CHANGE - Alex --- This SF.net email is sponsored by: VM Ware With VMware you can run multiple operating systems on a single machine. WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the same time. Free trial click here: http://www.vmware.com/wl/offer/345/0 ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: [leaf-devel] The Debian Almquist Shell
It looks like ash isn't being supported by Debian anymore. They migrated to dash. Has anyone taken a look at it, and what complications would we encounter migrating to it? Aren't they all POSIX shells (ash, bash, dash)? They should use the exact same syntax and run the same scripts. - Alex --- This SF.Net email is sponsored by: INetU Attention Web Developers Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
Re: [leaf-devel] Generating Lists for package description
I think a package description and indexes are essential to get most of the new package repository. I am willing to work on this. Package description file proposal (thread) http://www.mail-archive.com/[EMAIL PROTECTED]/msg04808.html I based my script on this description format already, see the files in my directory. The question is where the .desc files are stored in relation to the packages. I see two possibilities: - Store them in a different CVS tree. Easily retrievable, likely to be ignored when packages are updated - Add them to the packages. More difficult to be retrieved. - How can I find the list of packages and .desc files? Parsing ViewCVS output is probably quite inefficient. These two shell scripts are able to index our current package format. I have examined the scripts already. But where do I run them to index the new CVS package repository? I don't get shell access to cvs.sourceforge.net. Cheers Alex --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Generating Lists for package description
Hi everybody I took the .desc file from earlier attempts to generate package lists and wrote a Perl script to generate a html list. You can check out the files in http://leaf-project.org/devel/alexrh/ mainly http://leaf-project.org/devel/alexrh/allpkgs.html To the .desc file, I added a Distribution: field so it can be indicated which distribution the package is suited for. The Perl script can also be passed a parameter so only packages for a distribution are shown. This is still only very basic. To improve, two basic questions have to be answered: - Where are the .desc files stored in relation to the package? Should they be stored in the package files? - How can I find the list of packages and .desc files? Parsing ViewCVS output is probably quite inefficient. Regards Alex --- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: [leaf-devel] Package Repository
I apologize for the long delay (8+ months) in completing initial population of our packages repository. Project members may commit to the following directories: bin/packages/glibc-2.1 bin/packages/glibc-2.2 bin/packages/uclibc Mike, thanks a lot for your work. I'm starting to dream of a huge webpage containing information about all the packages in the repository; a short description and a status and download link for each applicable distribution, e.g. Package Info Dachstein Bering WISPBering-uClibc ntpdate.lrp ntpdate OK (CVS-link) OK (CVS-link) N/A N/A Obviously (for me at least), this page would be generated from info files for each package. For that, we would have to define an info format and decide whether these info files should be stored in the packages or seperately, e.g. bin/packages/glibc-2.1/ntpdate.info I would volunteer to write the script that generates the webpage once the .info format is defined, preferably in Perl, but I could also do sh. Or PHP, but I think the page is better generated offline, e.g. daily) Comments? Alex --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: [leaf-devel] SF.net Tip of the Week
Mike, Everyone, This breakdown of the url may make things easier to understand. Please let me know if further explanation is necessary. Standard prefix: a href=http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/*checkout*/leaf/ This is the section of the url that refers to your file: devel/guitarlynn/udhcp.lrp Standard section to download current revision as binary: ?rev=HEADamp;content-type=application/octet-stream The name of the download you wish to appear on the website yourfilename/a Could you add this to your CVS Setup guide at http://sourceforge.net/docman/display_doc.php?docid=9960group_id=13751 ? Regards Alex --- This SF.net email is sponsored by: Scholarships for Techies! Can't afford IT training? All 2003 ictp students receive scholarships. Get hands-on training in Microsoft, Cisco, Sun, Linux/UNIX, and more. www.ictp.com/training/sourceforge.asp ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: [leaf-devel] New project member introductions
All new project members, Please post a message introducing yourself to our development community. Here I am: I'm Alex Rhomberg, did an M. Sc in Electronic Engineering and a Ph.D. in Parallel Computing. I'm now working as a security consultant (papers and meetings only) and I'm doing some hands-on work to stay in touch with computers... I come from Zürich, Switzerland (Hi Erich!) My company uses LEAF as Firewall/VPN appliance. We developed and compiled some stuff that I want to make available as soon as I figure out how :-) The things I can upload are: - My LEAF Construction Kit: Some scripts I use to develop and maintain several LEAF firewalls offline (including the automatic resolving of kernel module dependencies :-) - a package for the use of fwbuilder with LEAF Bering - a 2.4.20 Kernel and matching ipsec.lrp package with super-freeswan kb4 and some netfilter patch-o-matic stuff Regards Alex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: [leaf-devel] The future of Bering
We have a package for fwbuilder submitted by Alex Rhomberg in our SF patches area. https://sourceforge.net/projects/fwbuilder Including rules, the fwbuild.lrp package on our firewall eats 3376 bytes. You can hardly beat that :-) However, fwbuilder needs a linux box for the frontend so it is clearly not for everyone Regards Alex --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: [leaf-devel] GRUB and LRP problem
One thing to note is that when I try the install GRUB from floppy, it fails to find (the optional?) fat_stage1_5 even though it's located in /boot/grub/ on the FAT partition, because the file name is cut-off after the eigth character (is there a way around this BTW?). Has anybody used GRUB with a hard drive succesfully? Any help/info would be greatly appreciated. I'm booting with grub, but I'm using ext2 and reiserfs. I had quite some problems with smaller partitions (20MB) on a DoM with different filesystems. So far, ext2 was the only one I tried that worked. Though I might try FAT32, the Problem with FAT could indeed be the missing stage1_5 file. There are people successfully booting LEAF with Grub and LiLO. The DOS trunciation wouldn't happen if the /boot partition is compressed in the initrd.lrp and/or root.lrp. I'm not aware of any of the filesystem in LEAF that isn't compressed in a *.lrp other than the kernel and syslinux. Grub doesn't see a compressed file system. It needs to read the /boot/grub/stage2, /boot/grub/menu.lst, /linux and /initrd.lrp files directly from a filesystem. It could, theoretically, read the stage1_5 files from somewhere else, as those are directly written to tracks on the HD/whatever. - Alex --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: AW: [leaf-devel] Firewall builder
Thanks for creating this package. What LEAF releases/branches did you test it with? Good Question. I tested und used it only with Bering. In any case, a 2.4 kernel is required, as fwbuilder doesn't support ipchains Did you also submit this package to the fwbuilder project? https://sourceforge.net/projects/fwbuilder/ We will. Good idea Cheers Alex --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
AW: [leaf-devel] Using lilo or grub
I think theres a doc on this linked from http://leaf.sourceforge.net/devel/thc I have a lilo.lrp that I can send anyone interested. This is needed because lilo needs to run everytime you back up the initrd.lrp package and whenever you change boot parameters For this reason, I'm planning to switch to grub as soon as I get around to reading the docs, and I'm also planning to document it :-) Regards Alex --- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] linuxrc for mounting /var/log
log_mnt=/dev/somedevice (e.g. log_mnt=/dev/hda2) puts your log files directly in the given partition by mounting it to /var/log before starting syslog log_mnt=/dev/somedevice:/somedir (e.g. log_mnt=/dev/hda2:/logs) puts the log files in the /logs directory on the given partition, by mounting the partition to /logmnt and replacing /var/log with a symbolic link to the directory on that partition An open point for this parameter: There is currently no way you can specify the filesystem, and mount has to auto-select the fs. If wanted to specify the filesystem and supplied a good syntax for specifying, I'd implement it. Separating the fs with a colon as done on other occasion would clash with the use of the colon to specify the directory. - Alex PS: The file is now attached --- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
[leaf-devel] Should I release this?
Hello everbody I have started some work on Bering. For this, I developed some add-ons and scripts that helped me configure the firewalls. If somebody is interested in checking the stuff out, and if there is a place to put it on for download, I could polish it a bit over the holidays and release it. I can offer the following: Please tell me what you'd be interested in. - fwbuilder.lrp + fwbuilder install script We use fwbuilder to generate iptables rule. With the install script, you choose install from the fwbuilder menu and the new rules are installed, and the package is written back to the harddisk. Design your rules locally on a GUI before loading them with one mouseclick! - startup/linuxrc option log_mnt puts the logfiles on a partition or on a directory in a partition if you use big enough media (Harddisk, DoM) so they survive a restart. Check why it crashed! - Bering development kit A bunch of scripts that I used to configure my Bering firewall on a Linux systems and generate all LRPs. I create the Bering root tree so I can edit config files and add modules and the generate LRPs with the new contents including the initrd. Includes a module updater that replaces all modules in the Bering tree after a kernel compile. Roll your own Bering! - repackaged ssh.lrp /sshd.lrp My sshd.lrp contains only server stuff (including sftp-server). ssh.lrp should contain only client stuff, but I didn't need that yet, I installed only server stuff. - Development kit for multiple firewalls (planned) An improvement on the development kit that lets you create a new firewall by only specifying config files that are different that the stock distro, modules and package list and that applies these differences to a clean tree to create a new firewall - Grub/Lilo How-To, lilo.lrp I wanted to use reiserfs and had problems with larger disks with syslinux, so I moved to lilo. Lilo wouldn't load the initrd from the RAID-1 SCSI disk, so I moved to grub, which is great if you can spare the space. Regards Alex Rhomberg --- This SF.NET email is sponsored by: Order your Holiday Geek Presents Now! Green Lasers, Hip Geek T-Shirts, Remote Control Tanks, Caffeinated Soap, MP3 Players, XBox Games, Flying Saucers, WebCams, Smart Putty. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ ___ leaf-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-devel
