DOCSLIB.ORG

Firewall Builder 5 User's Guide Firewall Builder 5 User's Guide $Id$ Copyright © 2003-2011 Netcitadel, LLC

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Firewall Builder 5 User's Guide Firewall Builder 5 User's Guide $Id$ Copyright © 2003-2011 Netcitadel, LLC Firewall Builder 5 User's Guide Firewall Builder 5 User's Guide $Id$ Copyright © 2003-2011 NetCitadel, LLC The information in this manual is subject to change without notice and should not be construed as a commitment by NetCitadel LLC. NetCitadel LLC assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual. 1. Introduction ................................................................................................................... 1 1.1. Introducing Firewall Builder ................................................................................... 1 1.2. Overview of Firewall Builder Features ..................................................................... 1 2. Installing Firewall Builder ................................................................................................ 4 2.1. RPM-Based Distributions (Red Hat, Fedora, OpenSUSE, and Others) ............................. 4 2.2. Ubuntu Installation ............................................................................................... 4 2.3. Installing FreeBSD and OpenBSD Ports ................................................................... 5 2.4. Windows Installation ............................................................................................ 5 2.5. Mac OS X Installation .......................................................................................... 5 2.6. Compiling from Source ......................................................................................... 5 3. Definitions and Terms ..................................................................................................... 7 4. Firewall Builder GUI ....................................................................................................... 8 4.1. The Main Window ............................................................................................... 8 4.2. GUI Menu and Tool Bars .................................................................................... 11 4.2.1. File Menu ............................................................................................... 11 4.2.2. Edit Menu ............................................................................................... 12 4.2.3. View Menu ............................................................................................. 12 4.2.4. Object Menu ........................................................................................... 12 4.2.5. Rules Menu ............................................................................................. 13 4.2.6. Tools Menu ............................................................................................. 13 4.2.7. Window Menu ......................................................................................... 14 4.2.8. Help Menu .............................................................................................. 14 4.2.9. Object Context Menu ................................................................................ 14 4.2.10. Tool Bar ............................................................................................... 15 4.3. Object Tree ....................................................................................................... 16 4.3.1. Using Subfolders to Organize Object Tree .................................................... 19 4.3.2. Filtering the Object Tree ............................................................................ 21 4.3.3. Object Attributes in the Tree ...................................................................... 23 4.3.4. Creating Objects ...................................................................................... 23 4.4. Undo and Redo .................................................................................................. 24 4.4.1. Undo Stack ............................................................................................. 25 4.5. Preferences Dialog .............................................................................................. 27 4.6. Working with Multiple Data Files .......................................................................... 33 5. Working with Objects .................................................................................................... 38 5.1. Types of Objects ................................................................................................ 38 5.2. Addressable Objects ............................................................................................ 38 5.2.1. Common Properties of Addressable Objects .................................................. 38 5.2.2. The Firewall Object .................................................................................. 38 5.2.3. The Cluster Object ................................................................................... 51 5.2.4. Editing Rule Set Objects ............................................................................ 56 5.2.5. Interface Object ....................................................................................... 58 5.2.6. IPv4 Address Object ................................................................................. 67 5.2.7. IPv6 Address Object ................................................................................. 69 5.2.8. Attached Network Objects ......................................................................... 71 5.2.9. Physical Address Objects ........................................................................... 73 5.2.10. Host Object ........................................................................................... 76 5.2.11. IPv4 Network Object ............................................................................... 82 5.2.12. IPv6 Network Object ............................................................................... 83 5.2.13. Address Range Object ............................................................................. 84 5.2.14. Address Tables Object ............................................................................. 86 5.2.15. Special-Case addresses ............................................................................ 95 5.2.16. DNS Name Objects ................................................................................. 97 5.2.17. Object Groups ........................................................................................ 99 5.2.18. Dynamic Object Groups ......................................................................... 100 iii Firewall Builder 5 User's Guide 5.3. Service Objects ................................................................................................. 102 5.3.1. IP Service ............................................................................................. 102 5.3.2. ICMP and ICMP6 Service Objects ............................................................. 107 5.3.3. TCP Service .......................................................................................... 109 5.3.4. UDP Service .......................................................................................... 116 5.3.5. User Service .......................................................................................... 118 5.3.6. Custom Service ...................................................................................... 120 5.4. Time Interval Objects ........................................................................................ 123 5.5. Object Keywords .............................................................................................. 125 5.6. Creating and Using a User-Defined Library of Objects ............................................. 128 5.7. Finding and Replacing Objects ............................................................................ 131 6. Network Discovery: A Quick Way to Create Objects ......................................................... 135 6.1. Reading the /etc/hosts file ................................................................................... 136 6.2. Network Discovery ............................................................................................ 141 6.3. Importing Existing Firewall Configurations into Firewall Builder ............................... 157 6.3.1. Importing Existing Firewall Configurations ................................................. 158 6.3.2. iptables Import Example .......................................................................... 161 6.3.3. Information Regarding PF Import .............................................................. 168 7. Firewall Policies .......................................................................................................... 169 7.1. Policies and Rules ............................................................................................. 169 7.2. Firewall Access Policy Rule Sets ......................................................................... 169 7.2.1. Source and Destination ............................................................................ 170 7.2.2. Service ................................................................................................. 171 7.2.3. Interface ................................................................................................ 171 7.2.4. Direction ............................................................................................... 171 7.2.5. Action .................................................................................................
Load more

Recommended publications
  • Linux on the Road
    Linux on the Road Linux with Laptops, Notebooks, PDAs, Mobile Phones and Other Portable Devices Werner Heuser <wehe[AT]tuxmobil.org> Linux Mobile Edition Edition Version 3.22 TuxMobil Berlin Copyright © 2000-2011 Werner Heuser 2011-12-12 Revision History Revision 3.22 2011-12-12 Revised by: wh The address of the opensuse-mobile mailing list has been added, a section power management for graphics cards has been added, a short description of Intel's LinuxPowerTop project has been added, all references to Suspend2 have been changed to TuxOnIce, links to OpenSync and Funambol syncronization packages have been added, some notes about SSDs have been added, many URLs have been checked and some minor improvements have been made. Revision 3.21 2005-11-14 Revised by: wh Some more typos have been fixed. Revision 3.20 2005-11-14 Revised by: wh Some typos have been fixed. Revision 3.19 2005-11-14 Revised by: wh A link to keytouch has been added, minor changes have been made. Revision 3.18 2005-10-10 Revised by: wh Some URLs have been updated, spelling has been corrected, minor changes have been made. Revision 3.17.1 2005-09-28 Revised by: sh A technical and a language review have been performed by Sebastian Henschel. Numerous bugs have been fixed and many URLs have been updated. Revision 3.17 2005-08-28 Revised by: wh Some more tools added to external monitor/projector section, link to Zaurus Development with Damn Small Linux added to cross-compile section, some additions about acoustic management for hard disks added, references to X.org added to X11 sections, link to laptop-mode-tools added, some URLs updated, spelling cleaned, minor changes.
    [Show full text]
  • A Letter to the FCC [PDF]
    Before the FEDERAL COMMUNICATIONS COMMISSION Washington, DC 20554 In the Matter of ) ) Amendment of Part 0, 1, 2, 15 and 18 of the ) ET Docket No. 15­170 Commission’s Rules regarding Authorization ) Of Radio frequency Equipment ) ) Request for the Allowance of Optional ) RM­11673 Electronic Labeling for Wireless Devices ) Summary The rules laid out in ET Docket No. 15­170 should not go into effect as written. They would cause more harm than good and risk a significant overreach of the Commission’s authority. Specifically, the rules would limit the ability to upgrade or replace firmware in commercial, off­the­shelf home or small­business routers. This would damage the compliance, security, reliability and functionality of home and business networks. It would also restrict innovation and research into new networking technologies. We present an alternate proposal that better meets the goals of the FCC, not only ensuring the desired operation of the RF portion of a Wi­Fi router within the mandated parameters, but also assisting in the FCC’s broader goals of increasing consumer choice, fostering competition, protecting infrastructure, and increasing resiliency to communication disruptions. If the Commission does not intend to prohibit the upgrade or replacement of firmware in Wi­Fi ​ ​ devices, the undersigned would welcome a clear statement of that intent. Introduction We recommend the FCC pursue an alternative path to ensuring Radio Frequency (RF) compliance from Wi­Fi equipment. We understand there are significant concerns regarding existing users of the Wi­Fi ​ spectrum, and a desire to avoid uncontrolled change. However, we most strenuously advise against prohibiting changes to firmware of devices containing radio components, and furthermore advise against allowing non­updatable devices into the field.
    [Show full text]
  • Active-Active Firewall Cluster Support in Openbsd
    Active-Active Firewall Cluster Support in OpenBSD David Gwynne School of Information Technology and Electrical Engineering, University of Queensland Submitted for the degree of Bachelor of Information Technology COMP4000 Special Topics Industry Project February 2009 to leese, who puts up with this stuff ii Acknowledgements I would like to thank Peter Sutton for allowing me the opportunity to do this work as part of my studies at the University of Queensland. A huge thanks must go to Ryan McBride for answering all my questions about pf and pfsync in general, and for the many hours working with me on this problem and helping me test and debug the code. Thanks also go to Theo de Raadt, Claudio Jeker, Henning Brauer, and everyone else at the OpenBSD network hackathons who helped me through this. iii Abstract The OpenBSD UNIX-like operating system has developed several technologies that make it useful in the role of an IP router and packet filtering firewall. These technologies include support for several standard routing protocols such as BGP and OSPF, a high performance stateful IP packet filter called pf, shared IP address and fail-over support with CARP (Common Address Redundancy Protocol), and a protocol called pfsync for synchronisation of the firewalls state with firewalls over a network link. These technologies together allow the deployment of two or more computers to provide redundant and highly available routers on a network. However, when performing stateful filtering of the TCP protocol with pf, the routers must be configured in an active-passive configuration due to the current semantics of pfsync.
    [Show full text]
  • Pf3e Index.Pdf
    INDEX Note: Pages numbers followed by f, n, priority-based queues, 136–145 or t indicate figures, notes, and tables, match rule for queue assignment, respectively. 137–138 overview, 134–135 Symbols performance improvement, 136–137 # (hash mark), 13, 15 queuing for servers in DMZ, ! (logical NOT) operator, 42 142–144 setting up, 135–136 A on FreeBSD, 135–136 on NetBSD, 136 Acar, Can Erkin, 173 on OpenBSD, 135 ACK (acknowledgment) packets transitioning to priority and class-based bandwidth allocation, queuing system, 131–133 139–140 anchors, 35–36 HFSC algorithm, 124, 126, 142 authpf program, 61, 63 priority queues, 132, 137–138 listing current contents of, 92 two-priority configuration, loading rules into, 92 120–121, 120n1 manipulating contents, 92 adaptive.end value, 188 relayd daemon, 74 adaptive firewalls, 97–99 restructuring rule set with, 91–94 adaptive.start value, 188 tagging to help policy routing, 93 advbase parameter, 153–154 ancontrol command, 46n1 advskew parameter, 153–154, 158–159 antispoof tool, 27, 193–195, 194f aggressive value, 192 ARP balancing, 151, 157–158 ALTQ (alternate queuing) framework, atomic rule set load, 21 9, 133–145, 133n2 authpf program, 59–63, 60 basic concepts, 134 basic authenticating gateways, class-based bandwidth allocation, 60–62 139–140 public networks, 62–63 overview, 135 queue definition, 139–140 tying queues into rule set, 140 B handling unwanted traffic, 144–145 bandwidth operating system-based queue actual available, 142–143 assignments, 145 class-based allocation of, 139–140 overloading to
    [Show full text]
  • Network Devices Configuration Guide for Packetfence Version 6.5.0 Network Devices Configuration Guide by Inverse Inc
    Network Devices Configuration Guide for PacketFence version 6.5.0 Network Devices Configuration Guide by Inverse Inc. Version 6.5.0 - Jan 2017 Copyright © 2017 Inverse inc. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License". The fonts used in this guide are licensed under the SIL Open Font License, Version 1.1. This license is available with a FAQ at: http:// scripts.sil.org/OFL Copyright © Łukasz Dziedzic, http://www.latofonts.com, with Reserved Font Name: "Lato". Copyright © Raph Levien, http://levien.com/, with Reserved Font Name: "Inconsolata". Table of Contents About this Guide ............................................................................................................... 1 Other sources of information ..................................................................................... 1 Note on Inline enforcement support ................................................................................... 2 List of supported Network Devices ..................................................................................... 3 Switch configuration .......................................................................................................... 4 Assumptions ............................................................................................................
    [Show full text]
  • Freebsd and Netbsd on Small X86 Based Systems
    FreeBSD and NetBSD on Small x86 Based Systems Dr. Adrian Steinmann <[email protected]> Asia BSD Conference in Tokyo, Japan March 17th, 2011 1 Introduction Who am I? • Ph.D. in Mathematical Physics (long time ago) • Webgroup Consulting AG (now) • IT Consulting Open Source, Security, Perl • FreeBSD since version 1.0 (1993) • NetBSD since version 3.0 (2005) • Traveling, Sculpting, Go AsiaBSDCon Tutorial March 17, 2011 in Tokyo, Japan “Installing and Running FreeBSD and NetBSD on Small x86 Based Systems” Dr. Adrian Steinmann <[email protected]> 2 Focus on Installing and Running FreeBSD and NetBSD on Compact Flash Systems (1) Overview of suitable SW for small x86 based systems with compact flash (CF) (2) Live CD / USB dists to try out and bootstrap onto a CF (3) Overview of HW for small x86 systems (4) Installation strategies: what needs special attention when doing installations to CF (5) Building your own custom Install/Maintenance RAMdisk AsiaBSDCon Tutorial March 17, 2011 in Tokyo, Japan “Installing and Running FreeBSD and NetBSD on Small x86 Based Systems” Dr. Adrian Steinmann <[email protected]> 3 FreeBSD for Small HW Many choices! – Too many? • PicoBSD / TinyBSD • miniBSD & m0n0wall • pfSense • FreeBSD livefs, memstick • NanoBSD • STYX. Others: druidbsd, Beastiebox, Cauldron Project, ... AsiaBSDCon Tutorial March 17, 2011 in Tokyo, Japan “Installing and Running FreeBSD and NetBSD on Small x86 Based Systems” Dr. Adrian Steinmann <[email protected]> 4 PicoBSD & miniBSD • PicoBSD (1998): Initial import into src/release/picobsd/ by Andrzej Bialecki <[email protected]
    [Show full text]
  • IP Filter - TCP/IP Firewall/NAT Software
    IP Filter - TCP/IP Firewall/NAT Software IP Filter Current version: 5.1.0 Next release status Patches for last release What's new ? Click here! Mailing list ? Send mail to [email protected] with "subscribe ipfilter" in the body of the mail. What is it ? IPFilter is a software package that can be used to provide network address translation (NAT) or firewall services. To use, it can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required. To see an overview of how IP Filter fits into the overall picture of TCP/IP with your kernel and the order in which the various phases of packet processing is done, click here. The IPFilter FAQ by Phil Dibowitz! It comes as a part of the following operating systems: FreeBSD-current (post 2.2) NetBSD-current (post 1.2) xMach Solaris 10 Open Solaris http://coombs.anu.edu.au/~avalon/ip-filter.html (1 of 7)19.2.2011 •. 14:01:49 IP Filter - TCP/IP Firewall/NAT Software It has been tested and run on: Solaris/Solaris-x86 2.3 - 9 SunOS 4.1.4 - 4.1.4 NetBSD 1.0 - 1.4 FreeBSD 2.0.0 - 2.2.8 BSD/OS-1.1 - 4 IRIX 6.2, 6.5 OpenBSD 2.0 - 3.5 Linux(*) 2.4 - 2.6 HP-UX 11.00 Tru64 5.1a AIX 5.3 ML05 QNX 6 Port * - It has been tested and shown to work on RedHat 9.0, SuSE 9.1 and will, in general work with 2.4 and 2.6 kernels.
    [Show full text]
  • Técnicas E Ferramentas De Código Aberto Para Combate Ao Spam
    UNIVERSIDADE DE CAXIAS DO SUL DEPARTAMENTO DE INFORMATICA´ CURSO DE BACHARELADO EM CIENCIAˆ DA COMPUTAC¸ AO˜ T´ecnicase Ferramentas de C´odigo Aberto Para Combate ao Spam por JERONIMO CLEBERSON ZUCCO Projeto de Diploma¸c˜ao Prof. Ms. Edgar Athayde Meneghetti Orientador Caxias do Sul, julho de 2005. 2 “I’m doing a (free) operating system (just a hobby, won’t be big and professional like gnu) for 386(486) AT clones.” — Linus Benedict Torvalds, when he launched Linux 3 Agradecimentos Agrade¸coa minha fam´ılia,minha m˜aeRosa e minha irm˜aFabiana, que tanto insistiram e incentivaram para a minha conclus˜aodo curso. Agrade¸cotamb´emao meu falecido pai, por ter me dado condi¸c˜oesde estudo que me trouxeram at´eaqui. A Elisˆangela,pelo seu afeto e carinho, al´emde sua compreens˜aoquando tive que ficar afastado para a realiza¸c˜aodo trabalho. Ao meu orientador Edgar Meneghetti, que sempre demonstrou confian¸cana minha capacidade e me ajudou em algumas decis˜oescruciais para realiza¸c˜aodo trabalho. Agrade¸cotamb´emao meu amigo Delcino Picinin pela sua grande ajuda no caminho das pedras do mundo LATEX. Aos professores do Departamento de Inform´aticada UCS, em especial Ricardo Dornelles, Vanius Gava, Andr´eMartinotto, Heitor Strogulsky e Alex Pellin, pelos ensinamentos e apoio sempre quando precisei. Ao amigo Fernando Reginatto, que me ajudou na corre¸c˜aodo trabalho. Aos meus colegas de trabalho e amigos, que de uma forma ou outra me ajudaram e fazem parte da minha vida. Agrade¸cotamb´em`atodos os desenvolvedores de software livre, que com prazer realizam o seu trabalho e compartilham o seu conhecimento, dando oportunidade `a pessoas como eu de encontrar a sua voca¸c˜ao.
    [Show full text]
  • HP-UX Ipfilter Version A.03.05.13 Administrator's Guide
    HP-UX IPFilter Version A.03.05.13 Administrator’s Guide HP-UX 11i v3 January 2007 HP Networking Manufacturing Part Number : 5991-7705 E0107 United States © Copyright 2001-2007 Hewlett-Packard Development Company, L.P. Legal Notices The information in this document is subject to change without notice. Hewlett-Packard makes no warranty of any kind with regard to this manual, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. Hewlett-Packard shall not be held liable for errors contained herein or direct, indirect, special, incidental, or consequential damages in connection with the furnishing, performance, or use of this material. Warranty A copy of the specific warranty terms applicable to your Hewlett-Packard product and replacement parts can be obtained from your local Sales and Service Office. U.S. Government License Proprietary computer software. Valid license from HP required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. Copyright Notice © Copyright 2001–2007 Hewlett-Packard Development Company, L.P. All rights reserved. Reproduction, adaptation, or translation of this document without prior written permission is prohibited, except as allowed under the copyright laws. Trademark Notices UNIX® is a registered trademark of The Open Group. ii Contents Preface: About This Document 1. Installing and Configuring HP-UX IPFilter Overview of HP-UX IPFilter Installation . 3 Installation and Configuration Checklist . 3 Step 1: Checking HP-UX IPFilter Installation Prerequisites .
    [Show full text]
  • Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix
    Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian
    [Show full text]
  • Comparing Embedded Linux Build Systems and Distros
    Comparing embedded Linux build systems and distros Drew Moseley Solutions Architect Mender.io Session overview ● Review of embedded Linux development challenges. ● Define build system and criteria. ● Discuss a few popular options. ● Give me an opportunity to learn about some of the other tools. Goal: Help new embedded Linux developers get started About me Drew Moseley Mender.io ○ 10 years in Embedded Linux/Yocto development. ○ Over-the-air updater for Embedded Linux ○ Longer than that in general Embedded Software. ○ Open source (Apache License, v2) ○ Project Lead and Solutions Architect. ○ Dual A/B rootfs layout (client) [email protected] ○ Remote deployment management (server) https://twitter.com/drewmoseley https://www.linkedin.com/in/drewmoseley/ ○ Under active development https://twitter.com/mender_io Challenges for Embedded Linux Developers Hardware variety Storage Media Software may be maintained in forks Cross development Initial device provisioning Simple Makefiles don't cut it (anymore) Facts: ● These systems are huge ● Dependency Hell is a thing ● Builds take a long time ● Builds take a lot of resources ● Embedded applications require significant customization ● Developers need to modify from defaults Build System Defined _Is_ _Is Not_ ● Mechanism to specify and build ● An IDE ○ Define hardware/BSP ● A Distribution components ● A deployment and provisioning ○ Integrate user-space tool applications; including custom ● An out-of-the-box solution code ● Need reproducibility ● Must support multiple developers ● Allow for parallel
    [Show full text]
  • Presentación De Openwrt Por Jorge Vargas En
    OPENWRT POR JORGE VARGAS OPENWRT Distribución de linux para dispositivos embebidos Proviene de Linksys WRT54G Empezo en el 2004 OPENWRT Los nombres de las versiones son bebidas alcoholicas: White Russian Kamikaze Backre Attitude Adjustment Barrier Breaker Chaos Calmer Designated Driver OPENWRT El espacio de usuario es ash, uClibc o musl, y busybox con muchos scripts en lua Manejador de paquetes opkg Unied Conguration Interface (UCI) Conguras todo en un solo lugar - /etc/cong Puedes usar un editor de texto, CLI o GUI Sencillo hacer backups de tu conguracion PROYECTOS SIMILARES DD-WRT Tomato LibreCMC DebianWRT CONTRAS DD-WRT: Es muy dicil realizar contribuciones. Tomato: La licencia de la interfaz de usuario es restrictiva. LibreCMC: OpenWrt sin blobs binarios. DebianWRT: Es Debian. PROFUNDIZANDO Bootloader Arquitecturas Memoria Flash BOOTLOADER En dispositivos embebidos, un "bootloader" inicializa el hardware y luego carga el kernel. Bootloader -> Kernel. Comparado con una PC, que es BIOS -> Grub -> Kernel Das U-Boot (GPL) es el bootloader mas comun BOOTLOADER Los fabricantes tienden a modicar el bootloader Limites de tamano de kernel arbitrarios Valores magicos necesitan estar presentes en el kernel Requieren un formato de rmware especial No soportan ELF Ver http://wiki.openwrt.org/doc/techref/bootloader ARQUITECTURAS La mayoria de los routers son de arquitectura MIPS Tienen una buena relacion rendimiento/costo/poder Tambien soporta ARM, PowerPC y x86 Ver https://dev.openwrt.org/wiki/platforms MEMORIA FLASH Maneja dos formatos principalmente: SquashFS JFFS2 SQUASHFS SquashFS es un sistema de archivos de solo lectura comprimido con LZMA En este tipo de imagen, OpenWrt guarda todo el sistema en una partion de SquashFS, y usa una particion JFFS2 para sobreponer cambios JFFS2 JFFS2 es de lectura/escritura y tambien esta comprimido con LZMA, pero SquashFS es 20-30% mas pequeno SQUASHFS En mi opinion, usar la imagen de SquashFS es la mejor opcion ya que utiliza ambos sistemas de archivos, lo que te permite hacer un "factory reset" COMO EMPEZAR 1.
    [Show full text]