In <[EMAIL PROTECTED]>, Christoph Kukulies wrote:
> On Wed, Feb 23, 2000 at 11:42:14AM +0100, Martin Cracauer wrote:
> > The thing is bootet from floppy and is a pure filtering router, no
> > NAT, no applications/server, no proxies (which is suicide on a
> > firewall anyway).
>
> Would be interesting to tell how you managed to produce a bootable floppy
> with the subsequent scripting that starts the OS and all that.
This setup is still 2.2.8-stable as the same thing done with 3.x will
not fit onto the floppy. It was done before PicoBSD, otherwise I would
have based by work on that.
Basically, a small and kzip'ed kernel and needed stuff are put into a
1.44 MB file that is disklabeled and newfs'd as a BSD FFS.
The trick I used is that I have a custom `init` binary, which looks at
getpid() and argv[0] and depending on that bahaves like:
- init
- df
- login (against md5'ed passwd stored in binary)
- dmesg
- a simple more
- sleep
- route
You can hardlink it to these names and it will then get its intended
behaviour from argv[0]. To save inodes, you may also choose the
behaviour by switches to the name 'init' (which behaves like a real
init only when it is pid 1).
The advantage is of course that you have just one binary, this saves a
lot of space, especially when you don't want shared libraries.
Other stuff on the floppy are telnet, ls, /bin/sh, ifconfig, tcpdump
and ipfw in maximaum stripped versions and with many #ifdef's turned
off. Some of that is compressed, after evaluating advantages and
disadvantages.
I am not allowed to post the whole setup here, because if contains
much of our network achitekture.
However, I planned to switch to PicoBSD anyway (mostly to get to
FreeBSD-3.x) and hope that I'm allowed to contribute the init(8) as
described above.
Martin
--
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Martin Cracauer <[EMAIL PROTECTED]> http://www.cons.org/cracauer/
Tel.: (private) +4940 5221829 Fax.: (private) +4940 5228536
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
