[Q] is foaf abandoned?
[A] Yes. My i386 build machine died, and I'm almost entierly macppc now. I can't get the utilities I need/want on 1.4M of space. Buy a small harddrive/CF, and suck it up.

I finally have release of my (in)famous Firewall On A Floppy (thanks to Mike Ray for the name). This allows you to create a firewall that is based on a floppy (hence the name), and you can build it from a seperate source tree. Edit the files in [foaf/config] to configure for your system. Make sure you at least edit [foaf/config/etc/pf.conf] because it has bogus entries for IP addresses, and blocks everything. Right now it is mainly for invisible bridging firewalls, but I plan to expand it to be a routing firewall. Uses a serial console (to com0/tty00), if you want to disable that, empty out [foaf/config/etc/boot.conf].

Make sure you have done a `make all install` in [/usr/src/distrib/crunch] before anything. If you have BSDSRCDIR anywhere other than [/usr/src], you will need to edit [foaf/list]. I will fix that eventually.

Serial console is com1, 9600 baud. To disable the serial boot: `vnconfig -v -c svnd0 floppy.fs; mount /dev/svnd0a /mnt; rm /mnt/boot.conf; umount /mnt` Boots directly into ksh.

If your desired network device (or other such device) isn't supported on the default kernel config (FIREWALL), feel free to add your own. Take out devices that you don't use. Have fun :D

To use:
  • Make sure crunchgen is installed properly
  • (as root) make
  • dd if=floppy.fs of=/dev/fd0c bs=32 (writes floppy image to diskette)
    There is also a floppy.iso if you want to burn that directly to a cdrom.


    TODO:
  • add routing capabilities (maybe with nsh)
  • port nsh to FOAF (on hold until I re-organize the build system)
  • get BSDSRCDIR to be respected in [foaf/list]
  • fix pflog0 to be sent over serial (use slip?)
  • test NAT capability
  • fix [cp foaf/config/etc/* $DESTDIR/etc]
  • clean up [foaf/config/etc] files
  • re-do FIREWALL kernel config to be "modular". fully remove pcmcia and scsi options, and re-organize the NIC listings.
  • real docs for FOAF

    Fixed:
  • fix ISO generationNo need to make an image, just burn the (generated) floppy.iso to a cd
  • added the mg editor. You have to manually set the TERM though, and I've had the serial line die on me when I set it to the wrong thing. I'll twiddle with settings and hardcode one that doesn't suck.
  • added dhclient. I don't have any dhcp stuff on my network, so I can't test it
  • chased i386/ELF jump. FOAF is ELF on i386 now
  • make an "/etc" directory for people to add their own files to /etc [foaf/config/] is the place to put them


    Fetch FOAF 0.7 MD5 (foaf-0.7.tar.gz) = 0a672c3963c9002a4d161814f8db1b39


    Old releases: Fetch FOAF 0.6 MD5 (foaf-0.6.tar.gz) = da33869564cc8a266352c8f6e8ba23cc
    Fetch FOAF 0.5 MD5 (foaf-0.5.tar.gz) = 50f53c503388fb9f523aebd10802884e
    Fetch FOAF 0.5.1 MD5 (foaf-0.5.1.tar.gz) = e89f8e2178d34f2b556685bfdefc41e2



    Legal:
    My changes are released under the MIT License. (C) 2002, 2003 Peter Hessler.
    All other licenses and copyright holders remain the same
    Enjoy




    Return to my OpenBSD page.
    Peter Hessler spambox@theapt.org This is a real email address.