about

minisoekris is based on the OpenSoekris project with the goal of a minimal installation taken to the extreme. the target size of the installation is an 8MB CF card.

security

minisoekris has both good security and none at all. remote logins via sshd, telnetd, etc are entirely impossible. nothing ever listens on any socket.

however, it's entirely up to the serial console server, which controls logins. the minisoekris OS has no authentication mechanisms at all, meaning anyone who has access to the serial port has access to the entire device.

functionality

minisoekris is a minimal router, firewall, and NAT device. it uses static routing, but can also accomodate RIPv1 and RIPv2 via routed. interactions are done via nsh, the network shell.

minisoekris can also act as a bridge using nsh, as well.

an example session is shown in this session capture of the current system i'm using as my firewall. note that i have dhcp enabled on my external interface and have yet to fix up my pf integration. still, not bad for a few hours' worth of work.

minisoekris does not support: GRE tunnels, IPSec, or authpf.

building

the minisoekris.sh script builds the needed filesystem for you. it expects a NET4501 kernel and the ../addon/nsh/nsh binary to already be built. run this script as root.

currently the minisoekris script does not do the physical installation on the CF device. for that you need to disklabel, newfs, copy files, and run installboot yourself. this is forthcoming.

todo

right now all of this is only available through the (minimal) /bin/sh interface.

download