diff --git a/package/base/sysfiles/rocknet_README b/package/base/sysfiles/rocknet_README index 37966276f..c2fbd1e1f 100644 --- a/package/base/sysfiles/rocknet_README +++ b/package/base/sysfiles/rocknet_README @@ -1,11 +1,174 @@ -/etc/network - the ROCK Net configuration and module directory +ROCKNET [by Clifford Wolf] +=========================== -For detailed information please visit: +The idea of ROCKNET is to make the network configuration more flexible and +allow integration of simple firewalling rules, multiple interfaces, multiple +IPs per interface and multiple profiles. It should be easy to setup very +complex and very simple setups, should "feel good" when working directly +with an ASCII editor on the config files and should be easy to integrate in +a more or less colored configuration GUI (such as stone). - http://www.rocklinux.org/rocknet.html -or consult the ROCK Net section in the ROCK Linux Handbook at: +Configuration File +------------------ - http://dl.rocklinux-consulting.de/rock-handbook/html/rock-handbook.html +The network configuration is stored in /etc/network/config. All filenames +in this file are relative to /etc/network/ if they don't begin with a slash. + +An example /etc/network/config follows: + + auto eth0 eth1 + forward + + interface eth0 + ip 192.168.1.1/24 + ip 192.168.2.1/24 + + interface eth1 + ip 192.168.100.99/24 + gw 192.168.100.1 + +Or another /etc/network/config: + + auto eth0 + + interface eth0 + dhcp + script dyndns.sh # update dyndns + allow ip 10.10.0.0/24 # office + allow ip 192.168.0.0/24 # home + allow tcp 80 # webserver is open + deny all + +Or one using profiles: + + auto eth0 eth1(office) + + interface eth0(home) + ip 192.168.69.15/24 + + interface eth0(office) + allow ip 10.10.0.0/16 tcp ssh + deny all + dhcp + + interface eth1(office) + essid 'Blubb' + keyc 'I@mCo0l' + deny all + dhcp + +So there are commands with optional parameter lists. The following commands +are allowed in the config file: + +auto + Lists those interfaces which should be set up automatically at + boot up (list evaluated from left to right) and shut down on system + shutdown (from right to left). All interfaces not listed here must + be set up or shut down manually using 'ifup' and 'ifdown'. + Must be used before the first 'interface' directive. + +forward + If used, forwarding between interfaces will be activated at boot up + and the host may be used as gateway between two networks. + Must be used before the first 'interface' directive. + +interface + Everything after that statement and before the next interface statement + is the configuration for that specific interface. All directives within + an interface section are executed from the first to the last when + setting up the interface and the reversed order when shutting it down. + +dhcp + Configure the interface using the DHCP protocol. + +script + Execute the specified script with the given parameters. The parameter + "up" is inserted as first parameter when the interface is set up and + the parameter "down" is inserted when the interface is shut down. + +run-up, run-down + Run the given command when the interface is set up or shut down + respectively. + +ip, gw + Set the given ip(s) and gateway when the interface is set up, remove + all IPs from the interface when the interface is shut down. + +allow, deny + Add the given simple firewalling rules. Those statements are executed + before the other statements in the interface section when setting up + the interface and are executed after the other statements when + shutting down the interface. See section "Simple Firewall" below for + details. + + +Profiles +-------- + +Interface names in the 'auto' and the 'interface' statement can be followed +by a coma-separated list of profile names in parentheses. + +In case of the 'auto' statement, only those interfaces are used which do +have the current profile specified or no profile at all. + +In case of the 'interface' statement, an interface section is used if it has +no profile specified or the current profile is given in the profile list. + +An non-existing interface section will be handled as it would be an empty +interface section. Empty interface sections are silently ignored by "ifup" +and "ifdown". + +The current profile is stored in /etc/network/profile. + + +Command-line Tools +------------------ + +There are two simple command line tools for working with ROCKNET: "ifup" +and "ifdown". The first parameter is the name of the interface which should +be set up, the second parameter (which is optional) is the profile name to be +used while reading the configuration. If the 2nd parameter is missing, the +content of /etc/network/profile is used. + + +Simple Firewall +--------------- + +When there are any 'allow' or 'deny' statements in an interface section, the +ifup script automatically adds a chain named 'simple-firewall-' to +the iptables 'filter' table and links that chain into the INPUT chain using +the incoming interface as condition. + +All 'allow' and 'deny' statements add rules to that chain. 'Allow' links +to the netfilter 'ACCEPT' target and 'deny' to the netfilter 'REJECT' (and +not 'DROP') target. + +When shutting down the interface, the chain 'simple-firewall-' is +simply flushed and removed from the iptables configuration. + + +Tricking with pseudo-interfaces +------------------------------- + +It's possible to define non-existing interfaces such as 'iptables' in the +configuration file. It would result to errors if e.g. the 'ip' statement +would be used in those interface sections - but it is possible to use the +'script' statement in those pseudo-interfaces and so e.g. link a complex +firewall setup into the ROCKNET framework. + + +Compatibility +------------- + +The program names "ifup" and "ifdown" are used on many distributions for small +helpers to set up or shut down interfaces. + +The file /etc/network/config has a very similar "feeling" as debians +/etc/network/interfaces and so it should be pretty easy especially for debian +users to get used to ROCK Linux based distributions network configuration. + +The whole thing is very different from RedHats /etc/sysconfig/network/ and is +likely to also be different from whatever SuSE is using for the same purpose.