A few changes
-------------

For testing or in somes other cases I think it makes sense to load modules
and packages from a second floppy. If you have a 2nd drive you can set the
parameter USE_2nd_FLOPPY to "y". 
For people like me who have only one drive I added the parameter
USE_EXTRA_FLOPPY. Set to "y" floppyfy will ask you to insert an additional
floppy into your first drive.

During the startup of floppyfw forwarding is switched off when the interfaces
are set up. Because floppfw doesn't start any services the box isn't 
vulnerable. 
But when you think of starting a daemon like the new http-daemon provided 
this month (March 2001) or other services it can make sense to deny access
to the firewall before the interfaces come up (It's a bit paranoid - I know).
This can be activated by setting "paranoid" to "yes" 
(file: config)

Don't forget to remove the line
ipchains -F
in "firewall.ini"
Take a look at my example; it is completly different from 
the original one.

I modified the script network.ini and added ipchains deny rules.

Modified files:
- config (serveral switches)
- floppyfw/floppyfw.ini
- network.ini (code for paranoid added)
- modules_extra.lst    /* for modules on the 2nd disk */

I use an old 486 for packet filtering and I had the idea to use
the old small and slow harddisk instead of floppies. So I build a
new 2.2.18 kernel with ide support and added hda... to the list
of blockdevices in initrd. (take a look at my config-file).

For booting I use the "grub" bootloader. You can find information and
source code on: ftp://alpha.gnu.org/pub/gnu/grub

I also modified the linuxrc script in initrd. In initrc you can 
now set your bootdevice to either fd0/1 or hda1..10.

To use your harddisk for floppyfw perform the following steps:
- create 2 floppies (bootloader, firewall)
------> dd if=grub of=/dev/fd0
------> dd if=idefw of=/dev/fd0
- create an ext2 filesystem on your hd (/dev/hda1) >4MB
- mount it and
-----> mkdir boot
-----> mkdir boot/grub
-----> insert grub floppy
-----> mount /dev/fd0 /mnt
-----> cp /mnt/boot/grub/* boot/grub
-----> umount grub floppy, insert firewall floppy
-----> mkdir floppyfw
-----> mount /dev/fd0 /mnt
-----> cp -R /mnt/* floppyfw
-----> umount and remove floppy
-----> vi boot/grub/menu.lst and check the boot partitions
-----> insert grub floppy and reboot
-----> start grub installation
-----> remove floppy and reboot

Now floppyfw should boot from harddisk.

Comments and improvements appreciated

Good luck
Bernd
(bernd.rudack@witten-schnee.de)