Customization (Release 4.1)
- Build Machine (Release 4.1)
- release.sh Instructions (Release 4.1)
- image.sh Instructions (Release 4.1)
- Customization (Release 4.1)
- Write Image (Release 4.1)
- Post Installation (Release 4.1)
- Known Issues (Release 4.1)
 | Project Status Please note that this project is no longer active. If you are interested in taking over the code base please let me know. |
Overview
The compact flash bootable image will need to be customized to suit the destination network. This can include configuring network cards, setting packet filter firewall rules or turning services on like ntpd. The two files that will most commonly be changed are /etc/rc and /etc/pf.conf.
Customization
To customize the image, mount the image on the build machine, make changes and umount the image.
To mount the image using the image.sh script, as root type:./image.sh mountImage
Make changes and when done to unmount the image, as root type:./image.sh unmountImage
Customization: /etc/rc
The /etc/rc file is responsible for starting the network and any services when the device starts.
The provided /etc/rc is for use with a 3 port Soekris 4501 with the following configuration and services running:
- sis0 connected to the internet, ip address assigned by ISP dhcp server
- sis1 internal static ip address for dmz network
- sis2 internal static ip address for private network
- dhcp server running on the private network
- ntpd running to keep the device time accurate
- hostname set to greenfrog
- ip forwarding is enabled
For details on how and what to customize please see the OpenBSD faqs and sections in /etc/rc starting with # EDIT.
Customization: /etc/pf.conf
The PF or Packet Filter is OpenBSDs firewall and is configured through /etc/pf.conf. For details on how to setup pf.conf please see the PF User's Guide.
The recommended way to install a new pf.conf file is to copy it onto the image while mounted in the host computer.
NOTE: If a /etc/pf.conf file is not found during startup, a default 'block all' rule is loaded which will prevent all network traffic from passing through the device.