-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathINSTALL
More file actions
47 lines (32 loc) · 1.7 KB
/
INSTALL
File metadata and controls
47 lines (32 loc) · 1.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
* You need one of either libmd or libcrypto, including headers.
libcrypto is part of openssl which you probably already have
installed. You can download source from http://www.openssl.org,
If you dont have openssl installed, you probably dont want build
it just for this. You can download the much smaller libmd from
http://www.penguin.cz/~mhi/libmd/
Configure the Makefile appropriately. Default is for libcrypto
* Configure FW_OBJS in the Makefile for whichever you prefer
Dont forget to set FW_PROGRAM in the Makefile if you are using
fw_program.o
* make; make install
* Create your /usr/local/etc/ipscromp_pass file.
Each line is in the form username:password
* Configure your program and/or firewall
For fw_linux.o you'll need to add 3 chains, scromp-0 thru 2,
hooked into your firewall setup wherever you fancy.
If you are using add_ip and reload_ipf with fw_program.o, you'll
need to copy them from scripts/ to somewhere helpful, usually
/usr/local/sbin. Be sure and chmod them both 700, owned by root. Check
that ETHER_DEV is correct in reload_ipf
add_ip/reload_ipf use /var/spool/ipscromp, so:
mkdir /var/spool/ipscromp; chmod 700 /var/spool/ipscromp
* Test your firewall setup. fw_test will help if you use fw_linux.o.
Be sure and have a backout plan if you are doing this remotely!
* Add ipscromp to /etc/services, the default is 2002/tcp.
* Add in.ipscrompd to your inetd. It probably needs to run as root.
Reload inetd.
* Test
* If required, add an hourly (?) cron job that will cleanup your
old ipscromp entries. For fw_linux, use scripts/flush_chains.
If you are using add_ip with fw_program.o, use reload_ipf which
will handle expiry.