Customization
- Build Machine
- release.sh Instructions
- image.sh Instructions
- Customization
- Write Image
- Post Installation
- Known Issues
 | Project Status Please note that this project is no longer active. If you are interested in taking over the code base please let me know. |
Overview
The compact flash bootable image will need to be customized to suit the destination network. This can include configuring network cards, setting packet filter firewall rules or turning services on like ntpd. The two files that will most commonly be changed are /etc/rc and /etc/pf.conf.
Customization
To customize the image, mount the image on the build machine, make changes and umount the image.
To mount the image, type as root from the greenfrog directory:
./image.sh mountImage
The image will be then mounted at /mnt, change to that directory and make any required changes.
When done to unmount the image, type as root from the greenfrog directory:
./image.sh unmountImage
 | Warning Be aware, that although the instructions reference /etc/rc or /etc/pf.conf be sure that you prefix the mount point /mnt so that the image is being modified not the build machine. i.e. /mnt/etc/rc and /mnt/etc/pf.conf |
Customization: /etc/rc
The /etc/rc file is responsible for starting the network and any services when the system starts.
 | Info The provided /etc/rc is for use with a 3 port Soekris 4501 with the following configuration and services running:
|
For details on how and what to customize please see the OpenBSD faqs and sections in /etc/rc starting with # CONFIGURE-POINT.
| Note Unlike the stock OpenBSD system, the /etc/rc.conf and /etc/rc.conf.local are not used for configuration. |
Customization: /etc/pf.conf
The Packet Filter or PF handles all OpenBSD routing and firewalling and is configured through /etc/pf.conf.
The Packet Filter is active by default and will always attempt to load the /etc/pf.conf file at startup.
| Warning If a /etc/pf.conf file is not found during startup, a default 'block all' rule is loaded which will prevent all network traffic from passing through the device. |
The recommended way to install a new pf.conf file is to mount the image and copy the customized pf.conf to /mnt/etc/pf.conf.
Detailed pf.conf instructions are beyond the scope of this document, please see the excellent PF User's Guide .
 | Tip To parse the pf.conf file, eg to test for well formed rules, type on the host: pfctl -nf pf.conf |
Customization: /etc/dhcpd.conf
If your firewall is going to run dhcpd and provide ip addresses for your network, then editing /etc/dhcpd.conf is required to include a valid dns server.
In the code fragment below, replace the XXX.XXX.XXX.XXX with dns server address. This can be your own internal server or it could be provided by your isp, but it must be accessible by the clients of your dhcp server.
...
shared-network LOCAL-NET {
option domain-name "my.domain";
option domain-name-servers XXX.XXX.XXX.XXX;
...
Next Write Image.