Next Previous Contents

9. Building a Custom Sentry CD

9.1 Introduction

This section will attempt to describe how to create a custom Sentry Firewall CDROM. I may not be able to go into every detail, but at the very least I will try and provide a thorough overview of the CD creation process.

9.2 The development system(How I do it)

My development system consists of two separate Linux installations of the same distribution; Slackware/Redhat/Debian, depending on what branch I'm working on. My environment looks something like the following:

So the Sentry Firewall CD ISO is basically an exact copy of the contents of the /SENTRYCD-DIR/CD-FW directory. I use the 'mkisofs' utility to create the ISO image. There is also a script available on the CD called that can assist you in creating a working CD image.

Unfortunately, it is not currently possible to edit an iso9660 image directly. So, if you simply want to modify the contents of the CDROM and create a new image you can try doing the following:

9.3 The RAMDisk Image

That's all nifty, but now comes the hard part - making the ramdisk. If you take a look at the /isolinux directory on the CDROM, you will see a bunch of files -

There is also a directory in /isolinux called "kernels". This is where the Linux kernel(s) reside for the Sentry Firewall CD. You can add your own custom kernel(s) or replace the default ones. If you do so you may also need to customize the isolinux.cfg file to declare your new kernels and options. More information about configuring and using isolinux can be found at

To look at and modify the initrd.img image, do something like the following:

blah@wherever:~$ cp /cdrom/isolinux/initrd.img /tmp/initrd.img.gz
blah@wherever:~$ gzip -d /tmp/initrd.img.gz
blah@wherever:~$ mount -o loop /tmp/initrd.img /MOUNT_POINT

You may then cd to /MOUNT_POINT and edit the files on the rootdisk. Once you are finished you can then unmount and gzip the initrd.img file and place it back in the isolinux directory.

Although the above method will allow you to customize the rootdisk to your liking, this is not the method I use to create the rootdisk. I use a script called ''. This is a bash shell script that formats/mounts the disk image, and then creates or copies the files to the disk image as needed.

If you would like to attempt to use the script please be sure to read through it first, as it tends to be a bit hacky at times. It runs perfectly on my development system, but may not run well at all on yours. The output from the script should look something like the following:

   Sentry Firewall CD-ROM:
   Copyright (C) Stephen A. Zarkos,
   Ok, let's get to it...

   [+] Creating /root/rootdisk/root... Done.
   [+] Ok, starting to copy stuff to the rootdisk...
   [+] Making directories: root dev proc etc sbin bin lib mnt mnt1 mnt2 mnt3 mnt4 opt 
cdrom floppy tmp    tmp/drivers var initrd... Done.
   [+] Copying /dev files... Done.
   [+] Working in /var... Done.
   [+] Working in /home... Done.
   [+] Working in /bin... Done.
   [+] Working in /sbin... Done.
   [+] Working in /lib... Done.
   [+] Working in /etc... Done.
   [+] Building drivers-2.4.tar.gz(network config support).
       [+] Using /cdrom/lib/modules/2.4.25GENERIC.
   [+] Tar/Gzipping /root/rootdisk/root... Done.
   [+] Zeroing out file: /root/rootdisk/initrd.img... Done.
   [+] Creating ext2 file system on /root/rootdisk/initrd.img... Done.
   [+] Mounting initrd.img on /root/rootdisk/mnt... Done.
   [+] Copying files to rootdisk... Done.

   [+] /root/rootdisk/initrd.img is still mounted, do you want me
       to unmount it? (y/n) y
       [+] Unmounting /root/rootdisk/mnt... Done.
       [+] Gzipping /root/rootdisk/initrd.img... Done.

   Location of new rootdisk --> /root/rootdisk/initrd.img

9.4 Making the ISO Image

I use called '' to create the ISO image. The script simply declares a few variables and runs the 'mkisofs' utility. The command I normally run looks like the following:

me@mybox:~# cd /SENTRYCD-DIR/CD-FW
me@mybox:/mnt/CD-FW# mkisofs -o sentrycd.iso -R -V "Sentry Firewall CD [v1.x.x]" -v \
   -T -d -D -N \
   -b isolinux/isolinux.bin \
   -c isolinux/ \
   -no-emul-boot -boot-load-size 4 -boot-info-table \
   -A "Sentry Firewall CD v1.x.x" .
... <lots of output> ...

And that's it, I burn the ISO to a CD and test it. For reference, the following files are available on the CDROM and online at

Next Previous Contents