Building user interface from sources
IPFIRE userspace program needs to be built from sources.
After extracting
compressed folder, place yourself inside ipfi directory, which contains
userspace interface to kernel firewall. Then impart the command:
make
This command builds interface with default options, i.e. with rule naming enabled.
If rule naming is enabled in interface compiling, it has to be enable also when
building kernel modules. This is achieved by compiling modules with the same
make command. (See next chapter
for kernel building details).
The reason why you would disable rule naming is to decrease rule and kernel state and
translation tables sizes by 20 bytres (the maximum length for rule names defined in
constant RULENAMELEN in source headers). You can disable this
feature typing
make DISABLE_RULENAME=1
as building command.
NOTE:
If user interface is built without rule name support and kernel modules are built
within, firewall interface will refuse to start giving an explaining message.
Installing user interface and post - install tasks
After building sources, you can install them giving:
make install .
After installation is complete, each user should create in his home directory a
subdirectory named IPFIRE in which to put the following files:
- allowed
- where permission rules are stored
- blacklist
- where denial rules are stored
- translation
- where translation rules are stored (for root only)
- blacksites
- where blocked sites have to be listed
Those above are the default files. Keep in mind that you can specify you own files
as described in command line and configuration files chapters.
A log file /var/log/ipfire.log (default) must also be created and be writable
by all IPFIRE users.