minisoekris - the super tiny soekris OS minisoekris is based on the OpenSoekris project with the goal of a minimal installation taken to the extreme. the target size of the installation is an 8MB CF card. --- security minisoekris has both good security and none at all. remote logins via sshd, telnetd, etc are entirely impossible. nothing ever listens on any socket. however, it's entirely up to the serial console server, which controls logins. the minisoekris OS has no authentication mechanisms at all, meaning anyone who has access to the serial port has access to the entire device. -- functionality minisoekris is a minimal router, firewall, and NAT device. it uses static routing, but can also accomodate RIPv1 and RIPv2 via routed. interactions are done via nsh, the network shell. minisoekris can also act as a bridge using nsh, as well. minisoekris does not support: GRE tunnels, IPSec, VLAN devices, authpf. -- building the minisoekris.sh script builds the needed filesystem for you. it expects a NET4501 kernel and the ../addon/nsh/nsh binary to already be built. run this script as root. currently the minisoekris script does not do the physical installation on the CF device. for that you need to disklabel, newfs, copy files, and run installboot yourself. this is forthcoming. -- todo o integrate PF nicely firewall subcommands, example ... - pass in proto tcp ... - no pass in proto tcp ... NAT subcommands, example ... - rdr on sis0 from any to any port 80 -> 10.10.10.10 port 80 - no rdr on sis0 from any to any port 80 -> 10.10.10.10 port 80 o integrate routed more nicely example rip (and no rip), version 1, version 2 commands right now all of this is only available through the (minimal) /bin/sh interface.