Differences between version 21 and predecessor to the previous major change of PerrysFirewallingScript.
Other diffs: Previous Revision, Previous Author, or view the Annotated Edit History
Newer page: | version 21 | Last edited on Tuesday, April 4, 2006 2:44:56 pm | by JamieCurtis | Revert |
Older page: | version 18 | Last edited on Friday, February 25, 2005 4:00:41 pm | by AlastairPorter | Revert |
@@ -1,20 +1,40 @@
- cvs -d
:pserver:anonymous@cvs.sf.net:/cvsroot/wand checkout iptables
+To obtain the latest development copy get the following
:
-Or get the Debian packages from CraigBox (when Hoiho's repository is up, you'll know)
+<verbatim>
+svn co http://source.meta.net.nz/svn/linuxserver-firewall/trunk linuxserver-firewall
+</verbatim>
The firewall logs, and by default, syslog will put this on the screen. You can turn that off using dmesg(8). Specifically, you want to type dmesg -n 1. Or edit /etc/syslog.conf to put all the logging on another console. Firewalls shouldn't have monitors anyway. :)
+
+If you wish to build a debian package for the firewall (one may already exist in a Hoiho repository someday) do the following once you've checked it out as above:
+
+<verbatim>
+ cd linuxserver-firewall
+ svn co http://source.meta.net.nz/svn/linuxserver-firewall/debian/trunk debian
+</verbatim>
+
+----
+!!!How to build and install the package
+
+Use a prebuild debian (or ubuntu) package if you can !
+
+If you can't, once you have got the latest development copy, just run
+<verbatim>
+ make install
+</verbatim>
+This will put things in the following places. By default the configuration lives in <tt>/usr/local/etc/linuxserver-firewall</tt>, the executable in <tt>/usr/local/sbin</tt> and rulsets live in <tt>/usr/local/share/linuxserver-firewall/ruleset.d</tt>
----
!!!How it works
-The main engine is a script called "firewall". When you run it it sets up some chains, and runs each script in "hosts.d/*", then each script in "interfaces.d/*.if". The "ruleset.d/*" directory is used for customised rulesets, the standard scripts come with a whole heap. Theres also a support directory, but this is for internal use and shouldn't be needed.
+The main engine is a script called "<tt>
firewall</tt>
". When you run it it sets up some chains, and runs each script in "<tt>
hosts.d/*</tt>
", then each script in "<tt>
interfaces.d/*.if</tt>
". The "<tt>
ruleset.d/*</tt>
" directory is used for customised rulesets, the standard scripts come with a whole heap. Theres also a support directory, but this is for internal use and shouldn't be needed.
-!!The hosts.d directory
-This is like the interfaces.d directory, except it's not limited per interface. This is useful if you wish to provide rules for all packets on all interfaces (eg: TypeOfService munging) or if you want to have rules that effect a host no matter which interface packets arrive/leave by. This directory doesn't get used much, but the support is there should you want it :)
+!!The <tt>
hosts.d</tt>
directory
+This is like the <tt>
interfaces.d</tt>
directory, except it's not limited per interface. This is useful if you wish to provide rules for all packets on all interfaces (eg: TypeOfService munging) or if you want to have rules that effect a host no matter which interface packets arrive/leave by. This directory doesn't get used much, but the support is there should you want it :)
-!!The interfaces.d directory
-This has one file per interface, the file is named after the interface with ".if" appended to it, for instance "eth0.if". Each file specifies the rules for that interface. ${if} is an environmental variable which holds the current interface name. Several chains exist for each interface:
+!!The <tt>
interfaces.d</tt>
directory
+This has one file per interface, the file is named after the interface with "<tt>
.if</tt>
" appended to it, for instance "<tt>
eth0.if</tt>
". Each file specifies the rules for that interface. ${if} is an environmental variable which holds the current interface name. Several chains exist for each interface:
;${if}-in: Used by all packets entering by this interface for this host only.
;${if}-out: Used by all packets leaving by this interface for this host only.
;${if}-forward-in: Used by packets coming IN this interface that aren't destined for this host itself.
;${if}-forward-out: Used by packets going OUT an interface that aren't originated by this host itself