Line 23: |
Line 23: |
| Then add a user, using a non-obvious username, e.g. '''PlnUsr456''' : (follow the prompts) | | Then add a user, using a non-obvious username, e.g. '''PlnUsr456''' : (follow the prompts) |
| | | |
− | # adduser | + | # useradd -m PlnUser456 |
| + | # passwd PlnUser456 |
| | | |
| | | |
Line 190: |
Line 191: |
| Once you're satisfied that the IPv6 firewall rules are performing correctly then they can be saved using the following command: | | Once you're satisfied that the IPv6 firewall rules are performing correctly then they can be saved using the following command: |
| | | |
− | # rc.d save ip6tables | + | # ip6tables-save >/etc/iptables/ip6tables.rules |
| | | |
| Note that if you're also using IPv4 then don't forget to setup a similar IPv4 firewall ruleset. Again this example is only suitable for use in a trusted environment and needs further consideration for an internet facing machine. | | Note that if you're also using IPv4 then don't forget to setup a similar IPv4 firewall ruleset. Again this example is only suitable for use in a trusted environment and needs further consideration for an internet facing machine. |
Line 223: |
Line 224: |
| Once you're happy with your IPv4 firewall then you can save the active rules using the following command: | | Once you're happy with your IPv4 firewall then you can save the active rules using the following command: |
| | | |
− | # rc.d save iptables | + | # iptables-save >/etc/iptables/iptables.rules |
| | | |
| Note that it is import to check full functionality still exists with your firewall in place - this particularly applies to address allocation (e.g. DHCP and SLAAC) procedures which may mean that a misconfigured firewall makes your Raspberry Pi unreachable. This is one reason why it is useful to develop the two rulesets (IPv4 and IPv6) separately, since if you misconfigure one firewall and lose connectivity then you can fall back to the working protocol version to correct your mistake. Once you're happy that both firewall sets are correct then you can insert ''both'' sets into '''/etc/rc.conf''' DAEMONS statement before the network module is called: | | Note that it is import to check full functionality still exists with your firewall in place - this particularly applies to address allocation (e.g. DHCP and SLAAC) procedures which may mean that a misconfigured firewall makes your Raspberry Pi unreachable. This is one reason why it is useful to develop the two rulesets (IPv4 and IPv6) separately, since if you misconfigure one firewall and lose connectivity then you can fall back to the working protocol version to correct your mistake. Once you're happy that both firewall sets are correct then you can insert ''both'' sets into '''/etc/rc.conf''' DAEMONS statement before the network module is called: |
| | | |
| DAEMONS=(!hwclock syslog-ng '''iptables''' '''ip6tables''' network openntpd @netfs @crond @sshd @mysqld @httpd) | | DAEMONS=(!hwclock syslog-ng '''iptables''' '''ip6tables''' network openntpd @netfs @crond @sshd @mysqld @httpd) |
| + | # systemctl enable ip6tables |
| | | |
| You can check for dropped/logged packets (in the examples above logging is included for the IPv6 packet filter) using the following command: | | You can check for dropped/logged packets (in the examples above logging is included for the IPv6 packet filter) using the following command: |
Line 239: |
Line 241: |
| | | |
| # pacman -S apache php php-apache mysql | | # pacman -S apache php php-apache mysql |
| + | |
| + | Note: if you are running on a Model B version 1 then edit /etc/mysql/my.cnf to specify '''innodb_buffer_pool_size = 16M''' before attempting to start the service. |
| | | |
− | # rc.d start mysqld | + | # systemctl start mysqld |
| | | |
| Don't forget to add a MySQL password: | | Don't forget to add a MySQL password: |
Line 248: |
Line 252: |
| | | |
| | | |
− | Then Edit /etc/rc.conf (to start MySQL at boot): | + | Then issue the following command to start MySQL at boot: |
| | | |
− | DAEMONS=(... mysqld ...) | + | # systemctl enable mysqld |
| | | |
| | | |
Line 274: |
Line 278: |
| Once Apache and PHP start successfully: | | Once Apache and PHP start successfully: |
| | | |
− | # rc.d start httpd | + | # systemctl start httpd |
| | | |
− | then edit /etc/rc.conf (to start Apache at boot): | + | then : |
| | | |
− | DAEMONS=(... httpd ...) | + | # systemctl enable httpd |
| | | |
| Then install the basic development tools (provides gcc, etc.) | | Then install the basic development tools (provides gcc, etc.) |