The Sentry Firewall CD project has several "branches". To understand what the differences are between these branches, let me first explain basically how the CD is designed.First, the actual Linux system on the rootdisk and ISO is centered around a "host" Linuxsystem, which is based on a particular Linux distribution. Then there are the configurationscripts, written in perl, that are kept on the ramdisk and run shortly after the ramdiskis mounted as root(/). These configuration scripts are what parse the sentry.conf fileand allow us to do all this neat configuration stuff via a floppy disk or a remote server(explained later).
Currently, there are three main "stable" branches and three "devel" branches, one for each of the stable ones. Each branch is based on a different Linux distribution, and as such often have different configuration and init files. For example, the first versions of the Sentry Firewall CD were based on Slackware, now called the "SENTRYCD" branch. Slackware usesrc.whatever type files located in "/etc/rc.d/", whereas other branches use SystemV-ish initfiles and other configuration files. As a result the configuration directives available foreach branch will vary. I will explain more about the sentry.conf file and configurationdirectives later.
Which branch to use is, of course, your choice. However, at the time of this writing, the SENTRYCD branch(Slackware-based) is by far the most stable. But this will likely change as theSENTRYCD-DEB branch becomes stable. The following is a current list of available Sentry FirewallCD branches:
The CDROM is distributed as a gzip or bzip2 compressed iso image, and is generally between 95-105MB in size. Uncompressed ISO images are generally between 250-350MB in size. Available download mirrors are listed on the websites; http://www.SentryFirewall.com/ or http://Sentry.Sourceforge.net/.
Although the iso image is free to use and distribute, copies of the Sentry Firewall CD can be mailed to you at a minimal cost. Custom versions of the CD and support can also be made available and tailored to a specific network configuration.
For more information about these services, please email me.
Updated versions of the Sentry Firewall CD are made available on occasion when new features are added or packages updated. There are two ways to update the Sentry Firewall iso; you may either download the new iso in its entirety(approx. 110MB) or download a binary "patch" file to update your current iso image.
Recently, updated versions of the Sentry Firewall CD ISO have been distributed as binary "patch" files that are generally considerably smaller than the complete ISO image. In order to utilize these patch files you will need the "xdelta" utility available at http://sourceforge.net/projects/xdelta/.
Applying the patch can take several minutes. You will also want to make sure you have ampledisk space available since xdelta does not modify the old iso image, but instead uses the patchfile and the iso image to create a new, updated iso image.
This section will attempt a general overview on how to burn the CD ISO
image once you have obtained it from one of the mirrors. All the commands
presume you're working in Linux. Burning ISO images in Windows is not covered
in this howto. If you are using windows then check out the
CD Burning Howto
First, let's decompress the ISO image:
NOTE: Make sure you have enough disk space, the uncompressed iso image can be
somewhere between 250MB and 350MB.
blah@wherever:~$ gzip -d sentrycd.iso.gz
or
blah@wherever:~$ bzip2 -d sentrycd.iso.bz2
Verify the integrity of the iso image,
blah@wherever:~$ md5sum -b sentrycd.iso
Now, let's try to burn the CD. You'll need the 'cdrecord' utility available, it can be obtained here.You will want to run 'cdrecord -scanbus' in order to find the 'dev' valuerequired for the following command. You will also need to know the write speedof your CD-RW. Details on how to set this all up are beyond the scope of thisdocument, please refer to the CD Writing HOWTOfor more details.
blah@wherever:~$ DEV="DEV_LINE_HERE" SPEED="SPEED"
blah@wherever:~$ cdrecord -v -data speed=$SPEED dev=$DEV sentrycd.iso
That's it, you now have a Sentry Firewall CDROM. By the way, you may have to be 'root' to do all this.
If you simply want to look at the ISO image without actually burning the CD, you can mount the image on a loopback device;
blah@wherever:~$ mount -o loop ./sentrycd.iso /MOUNT_POINT
Where "MOUNT_POINT" is where you would like the CD mounted. You may then 'cd' to the MOUNT_POINT directory and poke around - don't forget to 'umount' the image once you're finished. This assumes you have support in your kernel for the loopback device. You probably do, but once again, recompiling kernels is beyond the scope of this document.