leaf-user — This mailing list is for all users and developers of LEAF.

[leaf-user] Getting in touch with @KP ....

[jeanrocco jr <bla...@gm...>]

Hello List,

Has anyone been in touch with KP lately, I didn't get any answer from him
to a recent question.

I'm a bit worried !

Thank's
Jeanrocco

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 10

[Erich T. <eri...@th...>]

Hi Slavek

Am 17.12.2025 um 22:29 schrieb Sławek Adamski via leaf-user:
> W dniu 17.12.2025 o 13:18, lea...@li... pisze:
>> ------------------------------
>>
>> Message: 2
>> Date: Wed, 17 Dec 2025 11:31:37 +0100
>> From: Erich Titl<eri...@th...>
>> To:lea...@li...
>> Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 8
>> Message-ID:<f03...@th...>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Hi Slavek
>>
>> Am 17.12.2025 um 01:03 schrieb S?awek Adamski via leaf-user:
>>> Hello all,
>>>
>>> I'm very sorry. Jeanrocco wrote on November 29 about a bug in /etc/
>>> lighttpd/lighttpd.annotated.conf:
>>>
>>> There is indeed a bug in 7.5.1 that prevents lighttpd from starting,
>>> that is why there is no webconf !!! you can correct it easily, I assume
>>> you know how to use edit, by going in /etc/lighttpd/
>>> lighttpd.annotated.conf and correct line 100 (cat -n
>>> lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd And I
>>> misunderstood it. I realized that it is good to: server.username = "sh-
>>> httpd"
>>>
>>> and it is bad:
>>>
>>> server.username = "httpd"
>>>
>>> I didn't even notice that he wrote httpd not hhtpd. And for me a good
>>> line was:
>>>
>>> server.username = "sh-hhtpd"
>>>
>>> because there is sh- in it.
>>>
>>> Mea culpa, mea culpa, mea maxima culpa.
>>>
>>> So now I have two pen-drives with leaf. And now this line is correct in
>>> both. The first one, as I wrote on November 29, I configured based on my
>>> previous firewall. Version 5.2.6. Even though I corrected this line, I
>>> still don't have webconf.
>> Please check the directory /var/log/lighttpd for the files access.log
>> and error.log. If they exist that means at least that lighttpd tries to
>> start.
> Sorry Erich, I'm not Linux man. I don't know how to do that. I'm using 
> lrcfg for changes in configuration, upgrade, ip addr and reboot. That's 
> all.  WinSCP doesn't work at me. Please write commends how to do that. 
>  From PuTTy I can copy edited file and send that in mail.

OK

1) ls -l /var/log/lighttpd should show something like

gatekeeper# ls /var/log/lighttpd
access.log  error.log
gatekeeper#

then:

gatekeeper# tail /var/log/lighttpd/error.log
2025-12-17 21:00:01: server.c.1976) server stopped by UID = 0 PID = 8274
2025-12-17 21:00:01: server.c.1513) server started (lighttpd/1.4.59)
2025-12-17 21:42:01: server.c.1976) server stopped by UID = 0 PID = 10021
2025-12-17 21:42:01: server.c.1513) server started (lighttpd/1.4.59)
2025-12-17 22:00:01: server.c.1976) server stopped by UID = 0 PID = 10757
2025-12-17 22:00:01: server.c.1513) server started (lighttpd/1.4.59)
2025-12-17 22:42:00: server.c.1976) server stopped by UID = 0 PID = 12488
2025-12-17 22:42:01: server.c.1513) server started (lighttpd/1.4.59)
2025-12-17 23:00:00: server.c.1976) server stopped by UID = 0 PID = 13316
2025-12-17 23:00:01: server.c.1513) server started (lighttpd/1.4.59)

gatekeeper# tail /var/log/lighttpd/access.log
194.124.158.52 - - [17/Dec/2025:15:26:31 +0000] "PRI * HTTP/2.0" 100 
4442 "-" "-"
194.124.158.52 194.124.158.1 admin [17/Dec/2025:15:28:51 +0000] "GET / 
HTTP/1.1" 200 4218 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:146.0) Gecko/20100101 Firefox/146.0"
194.124.158.52 194.124.158.1 admin [17/Dec/2025:15:28:51 +0000] "GET 
/webconf.css HTTP/1.1" 200 6025 "https://194.124.158.1/" "Mozilla/5.0 
(Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0"
194.124.158.52 194.124.158.1 admin [17/Dec/2025:15:28:51 +0000] "GET 
/pix/180px-LEAFProjectLogo-Landscape.png HTTP/1.1" 200 14458 
"https://194.124.158.1/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:146.0) Gecko/20100101 Firefox/146.0"
194.124.158.52 194.124.158.1 admin [17/Dec/2025:15:28:51 +0000] "GET 
/favicon.ico HTTP/1.1" 404 341 "https://194.124.158.1/" "Mozilla/5.0 
(Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0"
194.124.158.52 gatekeeper.think.ch - [17/Dec/2025:15:39:07 +0000] "GET / 
HTTP/1.1" 401 347 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:146.0) Gecko/20100101 Firefox/146.0"
194.124.158.52 gatekeeper.think.ch admin [17/Dec/2025:15:39:17 +0000] 
"GET / HTTP/1.1" 200 4218 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; 
rv:146.0) Gecko/20100101 Firefox/146.0"
194.124.158.52 gatekeeper.think.ch admin [17/Dec/2025:15:39:17 +0000] 
"GET /webconf.css HTTP/1.1" 200 6025 "https://gatekeeper.think.ch/" 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 
Firefox/146.0"
194.124.158.52 gatekeeper.think.ch admin [17/Dec/2025:15:39:18 +0000] 
"GET /pix/180px-LEAFProjectLogo-Landscape.png HTTP/1.1" 200 14458 
"https://gatekeeper.think.ch/" "Mozilla/5.0 (Windows NT 10.0; Win64; 
x64; rv:146.0) Gecko/20100101 Firefox/146.0"
194.124.158.52 gatekeeper.think.ch admin [17/Dec/2025:15:39:18 +0000] 
"GET /favicon.ico HTTP/1.1" 404 341 "https://gatekeeper.think.ch/" 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 
Firefox/146.0"

This should get you an idea what is running.

>>
>> Also run
>>
>> /etc/init.d/lighttpd restart it should show:
>>
>> gatekeeper# /etc/init.d/lighttpd restart
>> Stopping lighttpd: OK
>> Starting lighttpd: OK

Then do the above, it should restart lighttpd. If something is wrong 
with the configuration you will probably not see the OK

cheers

ET
-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 8

[Sławek A. <sa...@wa...>]

W dniu 17.12.2025 o 23:13, jeanrocco jr pisze:
> Hello Slawek,
>
> On Tue, Dec 16, 2025 at 7:03 PM Sławek Adamski <sa...@wa...> wrote:
>
>     Hello all,
>
>     I'm very sorry. Jeanrocco wrote on November 29 about a bug in
>     /etc/lighttpd/lighttpd.annotated.conf:
>
>     There is indeed a bug in 7.5.1 that prevents lighttpd from
>     starting, that is why there is no webconf !!! you can correct it
>     easily, I assume you know how to use edit, by going in
>     /etc/lighttpd/lighttpd.annotated.conf and correct line 100 (cat -n
>     lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd
>     And I misunderstood it. I realized that it is good to:
>     server.username = "sh-httpd"
>
>     and it is bad:
>
>     server.username = "httpd"
>
>     I didn't even notice that he wrote httpd not hhtpd. And for me a good line was:
>
>     server.username = "sh-hhtpd"
>
>     because there is sh- in it.
>
>     Mea culpa, mea culpa, mea maxima culpa.
>
>     So now I have two pen-drives with leaf. And now this line is correct in both. The first one, as I wrote on November 29, I configured based on my previous firewall. Version 5.2.6. Even though I corrected this line, I still don't have webconf. But I  have internet access. And I can write to you. The second (syslinux for make bootable, unpack and copy Bering-uClibc_7.5.1_i686_syslinux_vga.tar.gz and configure) has working webconf but ... it hasn't access to net. Ping from windows to eth1 works, PuTTy from Windows works. Ping from firewall to 8.8.8.8 works but not from Windows. I'll check the configuration. Maybe I'll find my mistake.
>
>
> At last this is very good news, I did suspect you were not reading 
> sh-hhtpd correctly, this is why I typed sh-httpd , to make you notice ...
>
> Ok could you use the pen-drive where you did not modify Shorewall 
> Policies and Rules, and check if Windows connects to the Net, it 
> should with the basic configuration. From your Windows PC, connect to 
> Webconf and switch to Expert, and click dnsmasq, and /etc/dnsmasq.conf .
> go to this line: and give a range to the DHCP server .
> ...
> ...
> # Uncomment this to enable the integrated DHCP server, you need
> # to supply the range of addresses available for lease and optionally
> # a lease time. If you have more than one network, you will need to
> # repeat this for each network on which you want to supply DHCP
> # service.
> #dhcp-range=192.168.1.1,192.168.1.199,12h
> dhcp-range=192.168.1.100,192.168.1.199,12h
> ...
> ...
>
> Click Save, and Backup Packages.
>
> You can now set your Windows PC to obtain its IP address using DHCP 
> instead of the fixed address you gave it.
>
> Tell me if Windows connects to the Net.
Yes. It works. There's webconf and net. But I don't want that. I want 
the local computer I'm connecting to to have an IP4. The IP4 I know of. 
And if it doesn't, it won't have net. And I won't publish the IP4 
numbers that are accepted. So I decide.

But thank you very much. I suspected I'd made a configuration error 
somewhere. Now I'm sure I did. I'll look for it. Tomorrow. It's 00:10 AM 
here. Thursday.
>
> Bye
> Jeanrocco
>
>
>

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 8

[jeanrocco jr <bla...@gm...>]

Hello Slawek,

On Tue, Dec 16, 2025 at 7:03 PM Sławek Adamski <sa...@wa...> wrote:

> Hello all,
>
> I'm very sorry. Jeanrocco wrote on November 29 about a bug in
> /etc/lighttpd/lighttpd.annotated.conf:
>
> There is indeed a bug in 7.5.1 that prevents lighttpd from starting,
> that is why there is no webconf !!!
>
> you can correct it easily, I assume you know how to use edit, by going in
> /etc/lighttpd/lighttpd.annotated.conf and correct line 100 (cat -n
> lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd
> And I misunderstood it. I realized that it is good to:
>
> server.username = "sh-httpd"
>
> and it is bad:
> server.username = "httpd"
>
> I didn't even notice that he wrote httpd not hhtpd. And for me a good line was:
> server.username = "sh-hhtpd"
>
> because there is sh- in it.
>
> Mea culpa, mea culpa, mea maxima culpa.
>
> So now I have two pen-drives with leaf. And now this line is correct in both. The first one, as I wrote on November 29, I configured based on my previous firewall. Version 5.2.6. Even though I corrected this line, I still don't have webconf. But I  have internet access. And I can write to you. The second (syslinux for make bootable, unpack and copy Bering-uClibc_7.5.1_i686_syslinux_vga.tar.gz and configure) has working webconf but ... it hasn't access to net. Ping from windows to eth1 works, PuTTy from Windows works. Ping from firewall to 8.8.8.8 works but not from Windows. I'll check the configuration. Maybe I'll find my mistake.
>
>
At last this is very good news, I did suspect you were not reading
sh-hhtpd correctly, this is why I typed sh-httpd , to make you notice ...

Ok could you use the pen-drive where you did not modify Shorewall Policies
and Rules, and check if Windows connects to the Net, it should with the
basic configuration. From your Windows PC, connect to Webconf and switch to
Expert, and click dnsmasq, and /etc/dnsmasq.conf .
go to this line: and give a range to the DHCP server .
...
...
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
#dhcp-range=192.168.1.1,192.168.1.199,12h
dhcp-range=192.168.1.100,192.168.1.199,12h
...
...

Click Save, and Backup Packages.

You can now set your Windows PC to obtain its IP address using DHCP instead
of the fixed address you gave it.

Tell me if Windows connects to the Net.

Bye
Jeanrocco

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 10

[Sławek A. <sa...@wa...>]

W dniu 17.12.2025 o 13:18, lea...@li... pisze:
> ------------------------------
>
> Message: 2
> Date: Wed, 17 Dec 2025 11:31:37 +0100
> From: Erich Titl<eri...@th...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 8
> Message-ID:<f03...@th...>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Slavek
>
> Am 17.12.2025 um 01:03 schrieb S?awek Adamski via leaf-user:
>> Hello all,
>>
>> I'm very sorry. Jeanrocco wrote on November 29 about a bug in /etc/
>> lighttpd/lighttpd.annotated.conf:
>>
>> There is indeed a bug in 7.5.1 that prevents lighttpd from starting,
>> that is why there is no webconf !!! you can correct it easily, I assume
>> you know how to use edit, by going in /etc/lighttpd/
>> lighttpd.annotated.conf and correct line 100 (cat -n
>> lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd And I
>> misunderstood it. I realized that it is good to: server.username = "sh-
>> httpd"
>>
>> and it is bad:
>>
>> server.username = "httpd"
>>
>> I didn't even notice that he wrote httpd not hhtpd. And for me a good
>> line was:
>>
>> server.username = "sh-hhtpd"
>>
>> because there is sh- in it.
>>
>> Mea culpa, mea culpa, mea maxima culpa.
>>
>> So now I have two pen-drives with leaf. And now this line is correct in
>> both. The first one, as I wrote on November 29, I configured based on my
>> previous firewall. Version 5.2.6. Even though I corrected this line, I
>> still don't have webconf.
> Please check the directory /var/log/lighttpd for the files access.log
> and error.log. If they exist that means at least that lighttpd tries to
> start.
Sorry Erich, I'm not Linux man. I don't know how to do that. I'm using 
lrcfg for changes in configuration, upgrade, ip addr and reboot. That's 
all.  WinSCP doesn't work at me. Please write commends how to do that. 
 From PuTTy I can copy edited file and send that in mail.
>
> Also run
>
> /etc/init.d/lighttpd restart it should show:
>
> gatekeeper# /etc/init.d/lighttpd restart
> Stopping lighttpd: OK
> Starting lighttpd: OK
>
> cheers
>
> ET

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 8

[Erich T. <eri...@th...>]

Hi Slavek

Am 17.12.2025 um 01:03 schrieb Sławek Adamski via leaf-user:
> Hello all,
> 
> I'm very sorry. Jeanrocco wrote on November 29 about a bug in /etc/ 
> lighttpd/lighttpd.annotated.conf:
> 
> There is indeed a bug in 7.5.1 that prevents lighttpd from starting, 
> that is why there is no webconf !!! you can correct it easily, I assume 
> you know how to use edit, by going in /etc/lighttpd/ 
> lighttpd.annotated.conf and correct line 100 (cat -n 
> lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd And I 
> misunderstood it. I realized that it is good to: server.username = "sh- 
> httpd"
> 
> and it is bad:
> 
> server.username = "httpd"
> 
> I didn't even notice that he wrote httpd not hhtpd. And for me a good 
> line was:
> 
> server.username = "sh-hhtpd"
> 
> because there is sh- in it.
> 
> Mea culpa, mea culpa, mea maxima culpa.
> 
> So now I have two pen-drives with leaf. And now this line is correct in 
> both. The first one, as I wrote on November 29, I configured based on my 
> previous firewall. Version 5.2.6. Even though I corrected this line, I 
> still don't have webconf. 

Please check the directory /var/log/lighttpd for the files access.log 
and error.log. If they exist that means at least that lighttpd tries to 
start.

Also run

/etc/init.d/lighttpd restart it should show:

gatekeeper# /etc/init.d/lighttpd restart
Stopping lighttpd: OK
Starting lighttpd: OK

cheers

ET

-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 8

[Sławek A. <sa...@wa...>]

Hello all,

I'm very sorry. Jeanrocco wrote on November 29 about a bug in 
/etc/lighttpd/lighttpd.annotated.conf:

There is indeed a bug in 7.5.1 that prevents lighttpd from starting, 
that is why there is no webconf !!! you can correct it easily, I assume 
you know how to use edit, by going in 
/etc/lighttpd/lighttpd.annotated.conf and correct line 100 (cat -n 
lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd And I 
misunderstood it. I realized that it is good to: server.username = 
"sh-httpd"

and it is bad:

server.username = "httpd"

I didn't even notice that he wrote httpd not hhtpd. And for me a good line was:

server.username = "sh-hhtpd"

because there is sh- in it.

Mea culpa, mea culpa, mea maxima culpa.

So now I have two pen-drives with leaf. And now this line is correct in both. The first one, as I wrote on November 29, I configured based on my previous firewall. Version 5.2.6. Even though I corrected this line, I still don't have webconf. But I  have internet access. And I can write to you. The second (syslinux for make bootable, unpack and copy Bering-uClibc_7.5.1_i686_syslinux_vga.tar.gz and configure) has working webconf but ... it hasn't access to net. Ping from windows to eth1 works, PuTTy from Windows works. Ping from firewall to 8.8.8.8 works but not from Windows. I'll check the configuration. Maybe I'll find my mistake.

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 8

[Sławek A. <sa...@wa...>]

Hello everyone,

W dniu 11.12.2025 o 13:16, lea...@li... pisze:
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 10 Dec 2025 13:14:01 -0500
> From: jeanrocco jr<bla...@gm...>
> To: leaf-user<lea...@li...>
> Subject: [leaf-user] Install new LEAF version with Windows only, or
> 	with the firewall itself...
> Message-ID:
> 	<CAC...@ma...>
> Content-Type: text/plain; charset="UTF-8"
>
> Hello everyone,
>
> A recent request from Slavek Adamski made me realize we (the LEAF Gang)
> were assuming that the LEAF installations could only be made from an
> external PC running a Linux OS.
>
> It is not the case anymore, as I found 2 new ways of doing it, one with
> Windows 10 and one with the firewall itself, if it is booted with a 7.0.0
> bootable USB image.
>
> The Windows one is interesting. The thought of someone, with Windows
> knowledge only, wanting to generate a bootable USB key of a LEAF
> distribution, never occurred to me (us?) . Well this situation
> just happened with Slawek Adamski, who recently asked
> for help.  Considering he is not the only one in the World to use Windows
> (80% ?) finding a way to do it became very desirable venture. I looked
> around, and was surprised to discover it is quite feasible and even easy
> for a "Windows only" user. We only need the right tools, like 7-Zip and
> syslinux for Windows. I thought it was important enough so I included it in
> the Documentation; look at:
> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_from_a_Windows_PC
> .
> The other way, with the firewall running a 7.0.0 image, initially occured
> to me, to simplify the installation for a user with no previous notion of
> Linux.  Burning these 7.0.0 images is easy using Raspberry PI imager on any
> OS and, once booted on the Firewall to be, it will provide the user with a
> workable Linux PC. From there, installing a Distribution is fairly easy,
> following the usual methods, but you have to use Linux command lines... an
> non-appealing  task for many new users. So, just in case, I also added this
> method to the Documentation, you can look here:
> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Simple_copy_for_USB_booting
>
> and here:
> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_using_the_firewall_itself.2C_which_is_running_a_7.0.0_USB_image
>
> So if you have some time to spare, please have a look. I would appreciate
> any comments and be mindful that english is not my mother language.
>
> Thank's everyone, and special thanks to Slawek, who in some sense, helped
> to find these new ways of installing LEAF and provide enhancements to the
> Documentation.
>
> Bye
> jeanrocco
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 11 Dec 2025 00:53:47 +0100
> From: Erich Titl<eri...@th...>
> To:lea...@li...
> Subject: Re: [leaf-user] Install new LEAF version with Windows only,
> 	or with the firewall itself...
> Message-ID:<7f0...@th...>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Jeanrocco
>
> Am 10.12.2025 um 19:14 schrieb jeanrocco jr:
>> Hello everyone,
>>
>> A recent request from Slavek Adamski made me realize we (the LEAF Gang)
>> were assuming that the LEAF installations could only be made from an
>> external PC running a Linux OS.
> Mhhh... it is a few years back but AFAIK originally the installation
> assumed you had a PC running DOS. The original instructions must be
> somewhere hidden in the net.
Many years ago I downladed one. As html files. There, on one of the 
first pages, there is:

   Bering Installation Guide

       Jacques Nilo
|<jnilo at users.sourceforge.net <mailto:jnilo at users.sourceforge.net>>|

       Eric Wolzak
|<ericw at users.sourceforge.net <mailto:ericw at users.sourceforge.net>>|

         Edited by
       Jacques Nilo

*Revision History*
Revision 1.0    2003-05-11    Updates for Bering 1.2
Revision 0.9    2003-02-16    Updates for Bering 1.1
Revision 0.8    2002-11-14    Eight draft for review
Revision 0.7    2002-10-20    Seventh draft for review
Revision 0.6    2002-06-16    Sixth draft for review
Revision 0.5    2002-04-22    Fifth draft for review
Revision 0.4    2002-03-19    Fourth draft for review
Revision 0.3    2002-02-21    Third draft for review
Revision 0.2    2002-02-02    Second draft for review
Revision 0.1    2002-01-18    First draft for review

The whole thing (compressed with 7-zip) is almost 1 MB. I could upload 
it somewhere. But where?
>
>> It is not the case anymore, as I found 2 new ways of doing it, one with
>> Windows 10 and one with the firewall itself, if it is booted with a 7.0.0
>> bootable USB image.
> And that was IMHO the reason why binary images of such were made available.
>
>> The Windows one is interesting. The thought of someone, with Windows
>> knowledge only, wanting to generate a bootable USB key of a LEAF
>> distribution, never occurred to me (us?) . Well this situation
>> just happened with Slawek Adamski, who recently asked
>> for help.  Considering he is not the only one in the World to use Windows
>> (80% ?) finding a way to do it became very desirable venture. I looked
>> around, and was surprised to discover it is quite feasible and even easy
>> for a "Windows only" user. We only need the right tools, like 7-Zip and
>> syslinux for Windows. I thought it was important enough so I included it in
>> the Documentation; look at:
>> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_from_a_Windows_PC
>> .
>> The other way, with the firewall running a 7.0.0 image, initially occured
>> to me, to simplify the installation for a user with no previous notion of
>> Linux.  Burning these 7.0.0 images is easy using Raspberry PI imager on any
>> OS and, once booted on the Firewall to be, it will provide the user with a
>> workable Linux PC. From there, installing a Distribution is fairly easy,
>> following the usual methods, but you have to use Linux command lines... an
>> non-appealing  task for many new users. So, just in case, I also added this
>> method to the Documentation, you can look here:
>> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Simple_copy_for_USB_booting
>>
>> and here:
>> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_using_the_firewall_itself.2C_which_is_running_a_7.0.0_USB_image
>>
>> So if you have some time to spare, please have a look. I would appreciate
>> any comments and be mindful that english is not my mother language.
> C'est Qu?b?cois ??
>
>> Thank's everyone, and special thanks to Slawek, who in some sense, helped
>> to find these new ways of installing LEAF and provide enhancements to the
>> Documentation.
> I would suggest to build recent images which can be used as a bootstrap.
> Then I believe there is a webconf link that allows to install these very
> images to storage media on the target system. Of course then this
> bootstrap installation should provide webconf access which I don't know
> anymore if it does.
>
> So basically It would be nice to have such images with every release :-)
>
> cheers
>
> ET
>

Re: [leaf-user] Install new LEAF version with Windows only, or with the firewall itself...

[Erich T. <eri...@th...>]

Hi Jeanrocco

Am 10.12.2025 um 19:14 schrieb jeanrocco jr:
> Hello everyone,
> 
> A recent request from Slavek Adamski made me realize we (the LEAF Gang)
> were assuming that the LEAF installations could only be made from an
> external PC running a Linux OS.

Mhhh... it is a few years back but AFAIK originally the installation 
assumed you had a PC running DOS. The original instructions must be 
somewhere hidden in the net.

> 
> It is not the case anymore, as I found 2 new ways of doing it, one with
> Windows 10 and one with the firewall itself, if it is booted with a 7.0.0
> bootable USB image.

And that was IMHO the reason why binary images of such were made available.

> 
> The Windows one is interesting. The thought of someone, with Windows
> knowledge only, wanting to generate a bootable USB key of a LEAF
> distribution, never occurred to me (us?) . Well this situation
> just happened with Slawek Adamski, who recently asked
> for help.  Considering he is not the only one in the World to use Windows
> (80% ?) finding a way to do it became very desirable venture. I looked
> around, and was surprised to discover it is quite feasible and even easy
> for a "Windows only" user. We only need the right tools, like 7-Zip and
> syslinux for Windows. I thought it was important enough so I included it in
> the Documentation; look at:
> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_from_a_Windows_PC
> .
> The other way, with the firewall running a 7.0.0 image, initially occured
> to me, to simplify the installation for a user with no previous notion of
> Linux.  Burning these 7.0.0 images is easy using Raspberry PI imager on any
> OS and, once booted on the Firewall to be, it will provide the user with a
> workable Linux PC. From there, installing a Distribution is fairly easy,
> following the usual methods, but you have to use Linux command lines... an
> non-appealing  task for many new users. So, just in case, I also added this
> method to the Documentation, you can look here:
> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Simple_copy_for_USB_booting
> 
> and here:
> https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_using_the_firewall_itself.2C_which_is_running_a_7.0.0_USB_image
> 
> So if you have some time to spare, please have a look. I would appreciate
> any comments and be mindful that english is not my mother language.

C'est Québécois ??

> 
> Thank's everyone, and special thanks to Slawek, who in some sense, helped
> to find these new ways of installing LEAF and provide enhancements to the
> Documentation.

I would suggest to build recent images which can be used as a bootstrap. 
Then I believe there is a webconf link that allows to install these very 
images to storage media on the target system. Of course then this 
bootstrap installation should provide webconf access which I don't know 
anymore if it does.

So basically It would be nice to have such images with every release :-)

cheers

ET

-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

[leaf-user] Install new LEAF version with Windows only, or with the firewall itself...

[jeanrocco jr <bla...@gm...>]

Hello everyone,

A recent request from Slavek Adamski made me realize we (the LEAF Gang)
were assuming that the LEAF installations could only be made from an
external PC running a Linux OS.

It is not the case anymore, as I found 2 new ways of doing it, one with
Windows 10 and one with the firewall itself, if it is booted with a 7.0.0
bootable USB image.

The Windows one is interesting. The thought of someone, with Windows
knowledge only, wanting to generate a bootable USB key of a LEAF
distribution, never occurred to me (us?) . Well this situation
just happened with Slawek Adamski, who recently asked
for help.  Considering he is not the only one in the World to use Windows
(80% ?) finding a way to do it became very desirable venture. I looked
around, and was surprised to discover it is quite feasible and even easy
for a "Windows only" user. We only need the right tools, like 7-Zip and
syslinux for Windows. I thought it was important enough so I included it in
the Documentation; look at:
https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_from_a_Windows_PC
.
The other way, with the firewall running a 7.0.0 image, initially occured
to me, to simplify the installation for a user with no previous notion of
Linux.  Burning these 7.0.0 images is easy using Raspberry PI imager on any
OS and, once booted on the Firewall to be, it will provide the user with a
workable Linux PC. From there, installing a Distribution is fairly easy,
following the usual methods, but you have to use Linux command lines... an
non-appealing  task for many new users. So, just in case, I also added this
method to the Documentation, you can look here:
https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Simple_copy_for_USB_booting

and here:
https://bering-uclibc.zetam.org/wiki/Bering-uClibc_7.x_-_User_Guide_-_Installing_the_Disk_Image#Copying_a_syslinux_Image_to_a_Flash_Media_using_the_firewall_itself.2C_which_is_running_a_7.0.0_USB_image

So if you have some time to spare, please have a look. I would appreciate
any comments and be mindful that english is not my mother language.

Thank's everyone, and special thanks to Slawek, who in some sense, helped
to find these new ways of installing LEAF and provide enhancements to the
Documentation.

Bye
jeanrocco

Re: [leaf-user] Bug in 7.5.1 prevents lighttpd from starting

[Erich T. <eri...@th...>]

Hi Jeanrocco

Am 08.12.2025 um 07:01 schrieb jeanrocco jr:
> Hello KP, developers and all
> 
> Lighttpd won't start, so no Webconf, because of a little bug
> in /etc/lighttpd/lighttpd.annotated.conf , we have to correct line 100 (cat
> -n lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd .

Good catch
but why do we use lighttpd.annotated.conf at all. As a name it implies 
to be nothing but an annotated configuration file (which it is). Why not 
juse use the previous standard config name files which would fit better 
in the whole startup settings.

I guess noone uses lighttpd-ssl.conf as the config file but just copies 
the content to lighttpd.conf if one wants to use https.

YMMV

ET
-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

[leaf-user] Bug in 7.5.1 prevents lighttpd from starting

[jeanrocco jr <bla...@gm...>]

Hello KP, developers and all

Lighttpd won't start, so no Webconf, because of a little bug
in /etc/lighttpd/lighttpd.annotated.conf , we have to correct line 100 (cat
-n lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd .

jeanrocco

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 5

[Erich T. <eri...@th...>]

Hi Slavek

Am 06.12.2025 um 22:05 schrieb Sławek Adamski via leaf-user:
....
>>> ##
>>>> #######################################################################
>>>> ## disable http/2
>>>>
>>>> server.feature-flags += ( "server.h2proto" => "disable", 
>>>> "server.h2c" =>
>>>> "disable" )
>>> Erich, can you write for the inexperienced as me in which file to put it
>>> in?
>> You can put it into /etc/lighttpd/lighttpd.conf
>> or include it in a separate config file in /etc/lighttpd/conf.d
>>
>> cheers
>> ET
> Unfortunately, it didn't help me.

This only applies if you use https. I don't know what misconfiguration 
you appear to have. lighttpd works fine in most installations.

ET
-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 5

[Sławek A. <sa...@wa...>]

W dniu 6.12.2025 o 13:16, lea...@li... pisze:
> Message: 1
> Date: Fri, 5 Dec 2025 22:22:42 +0100
> From: S?awek Adamski<sa...@wa...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 4
> Message-ID:<cbe...@wa...>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> W dniu 5.12.2025 o?13:14,lea...@li... pisze:
>> Message: 1
>> Date: Thu, 4 Dec 2025 20:55:55 +0100
>> From: Erich Titl<eri...@th...>
>> To:lea...@li...
>> Subject: [leaf-user] heads up:lighttp and ssl
>> Message-ID:<2e7...@th...>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Hi Folks
>>
>> This is just a heads up for those of you who want to use lighttpd with
>> ssl and firefox.
>>
>> If you encounter a network protocol error after entering the credentials
>> in firefox you should look at the http protocol version used. I had to
>> disable http/2 in lighttp using the following directive:
>>
>> ##
>> #######################################################################
>> ## disable http/2
>>
>> server.feature-flags += ( "server.h2proto" => "disable", "server.h2c" =>
>> "disable" )
> Erich, can you write for the inexperienced as me in which file to put it
> in?
>> YMMV
>>
>> ET
>
> ------------------------------
>
> Message: 2
> Date: Sat, 6 Dec 2025 00:54:51 +0100
> From: Erich Titl<eri...@th...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 4
> Message-ID:<7d5...@th...>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Slavek
>
> Am 05.12.2025 um 22:22 schrieb S?awek Adamski via leaf-user:
>> W dniu 5.12.2025 o?13:14,lea...@li... pisze:
>>> Message: 1
>>> Date: Thu, 4 Dec 2025 20:55:55 +0100
>>> From: Erich Titl<eri...@th...>
>>> To:lea...@li...
>>> Subject: [leaf-user] heads up:lighttp and ssl
>>> Message-ID:<2e7...@th...>
>>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>>
>>> Hi Folks
>>>
>>> This is just a heads up for those of you who want to use lighttpd with
>>> ssl and firefox.
>>>
>>> If you encounter a network protocol error after entering the credentials
>>> in firefox you should look at the http protocol version used. I had to
>>> disable http/2 in lighttp using the following directive:
>>>
>>> ##
>>> #######################################################################
>>> ## disable http/2
>>>
>>> server.feature-flags += ( "server.h2proto" => "disable", "server.h2c" =>
>>> "disable" )
>> Erich, can you write for the inexperienced as me in which file to put it
>> in?
> You can put it into /etc/lighttpd/lighttpd.conf
> or include it in a separate config file in /etc/lighttpd/conf.d
>
> cheers
> ET
Unfortunately, it didn't help me.

Best Regards
Sławek

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 4

[Erich T. <eri...@th...>]

Hi Slavek

Am 05.12.2025 um 22:22 schrieb Sławek Adamski via leaf-user:
> W dniu 5.12.2025 o 13:14, lea...@li... pisze:
>> Message: 1
>> Date: Thu, 4 Dec 2025 20:55:55 +0100
>> From: Erich Titl<eri...@th...>
>> To:lea...@li...
>> Subject: [leaf-user] heads up:lighttp and ssl
>> Message-ID:<2e7...@th...>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Hi Folks
>>
>> This is just a heads up for those of you who want to use lighttpd with
>> ssl and firefox.
>>
>> If you encounter a network protocol error after entering the credentials
>> in firefox you should look at the http protocol version used. I had to
>> disable http/2 in lighttp using the following directive:
>>
>> ##
>> #######################################################################
>> ## disable http/2
>>
>> server.feature-flags += ( "server.h2proto" => "disable", "server.h2c" =>
>> "disable" )
> Erich, can you write for the inexperienced as me in which file to put it 
> in?

You can put it into /etc/lighttpd/lighttpd.conf
or include it in a separate config file in /etc/lighttpd/conf.d

cheers
ET
-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 4

[Sławek A. <sa...@wa...>]

W dniu 5.12.2025 o 13:14, lea...@li... pisze:
> Message: 1
> Date: Thu, 4 Dec 2025 20:55:55 +0100
> From: Erich Titl<eri...@th...>
> To:lea...@li...
> Subject: [leaf-user] heads up:lighttp and ssl
> Message-ID:<2e7...@th...>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Folks
>
> This is just a heads up for those of you who want to use lighttpd with
> ssl and firefox.
>
> If you encounter a network protocol error after entering the credentials
> in firefox you should look at the http protocol version used. I had to
> disable http/2 in lighttp using the following directive:
>
> ##
> #######################################################################
> ## disable http/2
>
> server.feature-flags += ( "server.h2proto" => "disable", "server.h2c" =>
> "disable" )
Erich, can you write for the inexperienced as me in which file to put it 
in?
>
> YMMV
>
> ET

[leaf-user] heads up:lighttp and ssl

[Erich T. <eri...@th...>]

Hi Folks

This is just a heads up for those of you who want to use lighttpd with 
ssl and firefox.

If you encounter a network protocol error after entering the credentials 
in firefox you should look at the http protocol version used. I had to 
disable http/2 in lighttp using the following directive:

##
#######################################################################
## disable http/2

server.feature-flags += ( "server.h2proto" => "disable", "server.h2c" => 
"disable" )

YMMV

ET
-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 2

[Sławek A. <sa...@wa...>]

Hello Erich

W dniu 2.12.2025 o 13:14, lea...@li... pisze:
> Send leaf-user mailing list submissions to
> 	lea...@li...
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.sourceforge.net/lists/listinfo/leaf-user
> or, via email, send a message with subject or body 'help' to
> 	lea...@li...
>
> You can reach the person managing the list at
> 	lea...@li...
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of leaf-user digest..."
>
>
> Today's Topics:
>
>     1. Re: leaf-user Digest, Vol 205, Issue 1 (S?awek Adamski)
>     2. Re: leaf-user Digest, Vol 205, Issue 1 (Erich Titl)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 2 Dec 2025 01:31:59 +0100
> From: S?awek Adamski<sa...@wa...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 1
> Message-ID:<ea5...@wa...>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hello Erich,
>
> W dniu 1.12.2025 o?13:13,lea...@li... pisze:
>> Message: 1
>> Date: Mon, 1 Dec 2025 02:05:48 +0100
>> From: S?awek Adamski<sa...@wa...>
>> To:lea...@li...
>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 8
>> Message-ID:<877...@wa...>
>> Content-Type: text/plain; charset=UTF-8; format=flowed
>>
>> Hi Erich,
>>
>> W dniu 30.11.2025 o?13:12,lea...@li... pisze:
>>> Message: 1
>>> Date: Sat, 29 Nov 2025 23:50:52 +0100
>>> From: Erich Titl<eri...@th...>
>>> To:lea...@li...
>>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6
>>> Message-ID:<76d...@th...>
>>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>>
>>> Hi Slavek
>>>
>>> Am 29.11.2025 um 22:48 schrieb jeanrocco jr:
>>>> Hello Slawek and All
>>>>
>>>>
>>>>
>>>> On Sat, Nov 29, 2025 at 11:29?AM S?awek Adamski via leaf-user< lea...@li...> wrote:
>>>>
>>>>> Hello Jeanrocco
>>>>>
>>>>> Unfortunately, it didn't help. I did not change the file
>>>>> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.
>>>> Are you telling me Webconf is not working ?
>>>>
>>>>
>>>>> Line
>>>>> number 100 was just as you wrote. Changing the /etc/shorewall/rules file
>>>>> didn't help. All IPs are still accepted.
>>> Was shorewall restarted ?
>> Yes. Many times. About twice a day. Robert K Coffman Jr. wrote to me
>> about this.
>>> What is the internal net like?
>> Good. My Windows PC has access to external net.
>>> cheers
>>>
>>> ET
>>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 1 Dec 2025 11:00:29 +0100
>> From: Erich Titl<eri...@th...>
>> To:lea...@li...
>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 8
>> Message-ID:<c94...@th...>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Hi Slavek
>>
>> Am 01.12.2025 um 02:05 schrieb S?awek Adamski via leaf-user:
>>> Hi Erich,
>>>
>>> W dniu 30.11.2025 o?13:12,lea...@li... pisze:
>>>> Message: 1
>>>> Date: Sat, 29 Nov 2025 23:50:52 +0100
>>>> From: Erich Titl<eri...@th...>
>>>> To:lea...@li...
>>>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6
>>>> Message-ID:<76d...@th...>
>>>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>>>
>>>> Hi Slavek
>>>>
>>>> Am 29.11.2025 um 22:48 schrieb jeanrocco jr:
>>>>> Hello Slawek and All
>>>>>
>>>>>
>>>>>
>>>>> On Sat, Nov 29, 2025 at 11:29?AM S?awek Adamski via leaf-user< leaf- us...@li...> wrote:
>>>>>
>>>>>> Hello Jeanrocco
>>>>>>
>>>>>> Unfortunately, it didn't help. I did not change the file
>>>>>> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.
>>>>> Are you telling me Webconf is not working ?
>>>>>
>>>>>
>>>>>> Line
>>>>>> number 100 was just as you wrote. Changing the /etc/shorewall/rules
>>>>>> file
>>>>>> didn't help. All IPs are still accepted.
>>>> Was shorewall restarted ?
>>> Yes. Many times. About twice a day. Robert K Coffman Jr. wrote to me
>>> about this.
>>>> What is the internal net like?
>>> Good. My Windows PC has access to external net.
>> OK, so I understand that you have internet access from the internal net.
>> Your problem is that certain addresses from the internal net to the
>> firewall should be blocked and aledgedly are not
>>
>> Please let us know
>>
>> - the IP range of your internal network
>> - /etc/shorewall/rules
>> - /etc/shorewall/policy
>> - /etc/shorewall/interfaces
>>
>> please also show us /var/log/shorewall.log
> I'm not linux man. Can you tell me how to copy these files to a USB
> drive? Manually copying them letter by letter from computer to computer
> can cause errors. I'll copy it, take out the USB and put it in my
> Windows PC and finally send them to
> lea...@li... as my answer.
>> cheers
>>
>> ET
>>
> Best Regards
> S?awek
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 2 Dec 2025 08:38:12 +0100
> From: Erich Titl<eri...@th...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 205, Issue 1
> Message-ID:<35b...@th...>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Slavek
>
> Am 02.12.2025 um 01:31 schrieb S?awek Adamski via leaf-user:
>
>
>> I'm not linux man. Can you tell me how to copy these files to a USB
>> drive? Manually copying them letter by letter from computer to computer
>> can cause errors. I'll copy it, take out the USB and put it in my
>> Windows PC and finally send them to
>> lea...@li... as my answer.
> These files are rather small you could easily cut and paste the contents.
>
> If you have ssh access to your LEAF box you can use winscp to copy the
> files directly to your windoze box.
Fantastic. I didn't know about such possibilities. Thanks a lot. You're 
big. I don't know how to configure WinSCP (I installed it), and it 
doesn't work for me — it won't connect. Too bad — in 1985, I started 
using DOS. And Norton Commander. Then Windows (95 and today Windows 11) 
and Total Commander. I use Total Commander to today. I bought it. Could 
you show me how to configure it?
But I found and installed Putty. And it connects to the firewall. So I 
could select text in the leaf editor and Ctrl+C - Ctrl+V.
But I don't want to publish my IP addresses. So assume the firewall has 
an IP on eth1 of xxx.yyy.zzz.fw and the local computers have 
xxx.yyy.zzz.loc1, xxx.yyy.zzz.loc2, ... .  So:
#
# Shorewall -- /etc/shorewall/interfaces
#
# For information about entries in this file, type "man 
shorewall-interfaces"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-interfaces.html
#
?FORMAT 2
###############################################################################
#ZONE           INTERFACE               OPTIONS
net             $NET_IF                 dhcp,routefilter
loc             $LOC_IF                 dhcp,bridge

#
# Shorewall -- /etc/shorewall/policy
#
# For information about entries in this file, type "man shorewall-policy"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-policy.html
#
###############################################################################
#SOURCE         DEST            POLICY  LOGLEVEL        LIMIT  CONNLIMIT
loc     net     ACCEPT
#loc    fw      REJECT
net     all     DROP
# If you want open access to the Internet from your Firewall
# remove the comment from the following line.
#fw             net             ACCEPT
# THE FOLLOWING POLICY MUST BE LAST
#
all     all     REJECT                  NFLOG(4,0,4)

#
# Shorewall -- /etc/shorewall/rules
#
# For information on the settings in this file, type "man shorewall-rules"
#
# The manpage is also online at
# http://www.shorewall.net/manpages/shorewall-rules.html
#
##############################################################################################################################################################
#ACTION         SOURCE          DEST            PROTO   DPORT  SPORT  
  ORIGDEST        RATE    USER    MARK    CONNLIMIT  TIME    HEADERS 
SWITCH  HELPER

?SECTION ALL
?SECTION ESTABLISHED
?SECTION RELATED
?SECTION INVALID
?SECTION UNTRACKED
?SECTION NEW

#      Accept DNS connections from the firewall to the network
#      and from the local network to the firewall (in case dnsmasq is 
running)
DNS(ACCEPT)   fw          net
DNS(ACCEPT)   loc         fw

#      Accept SSH connections from the local network for administration
#
SSH(ACCEPT)     loc             fw
#SSH(ACCEPT)    net             fw

#      Allow Ping to Firewall
#
Ping(ACCEPT)  fw        net
#Ping(ACCEPT)  net      fw
Ping(ACCEPT)  loc       fw
#
#      Allow all ICMP types (including ping) from firewall
ACCEPT    fw           loc                     icmp
ACCEPT    fw           net                     icmp
#      Allow local network to access weblet/webconf
#
HTTP(ACCEPT)   loc        fw
HTTPS(ACCEPT)   loc        fw
#HTTP(ACCEPT)   net        fw
#HTTPS(ACCEPT)   net        fw
# timeserver (allow syncing with time servers (default: pool.ntp.org))
NTP(ACCEPT)         fw       net
# timeserver (allow LAN clients to sync with the time service on the router)
#NTP(ACCEPT)         loc    fw

# --- dodane
# http i https
ACCEPT loc net tcp 80
ACCEPT loc net tcp 443
# ftp
ACCEPT loc net tcp 21
# poczta
ACCEPT loc net tcp 25
ACCEPT loc net tcp 110
ACCEPT loc net tcp 465
ACCEPT loc net tcp 995
# newsy
ACCEPT loc net tcp 119
# newsy
ACCEPT loc net tcp 22
ACCEPT loc net tcp 23
# czas
ACCEPT loc net tcp 37
ACCEPT loc net tcp 123
ACCEPT loc net udp 37
ACCEPT loc net udp 123
# drukarka
ACCEPT loc fw tcp 9100:9102
# zdalny pulpit
ACCEPT loc net tcp 3389
ACCEPT loc net udp 3389
ACCEPT net loc tcp 3389
ACCEPT net loc udp 3389
ACCEPT loc net tcp 1494
ACCEPT loc net udp 1494
ACCEPT net loc tcp 1494
ACCEPT net loc udp 1494
# p2p
DNAT net loc:xxx.yyy.zzz.loc1 tcp 28111
#DNAT net loc:xxx.yyy.zzz.loc1.udp 28111
DNAT net loc:xxx.yyy.zzz.loc2 tcp 28112
DNAT net loc:xxx.yyy.zzz.loc2 udp 28112
DNAT net loc:xxx.yyy.zzz.loc3 tcp 28113
DNAT net loc:xxx.yyy.zzz.loc3 udp 28113
DNAT net loc:xxx.yyy.zzz.loc4 tcp 28114
DNAT net loc:xxx.yyy.zzz.loc4 udp 28114
DNAT net loc:xxx.yyy.zzz.loc5 tcp 28115
DNAT net loc:xxx.yyy.zzz.loc5 udp 28115
DNAT net loc:xxx.yyy.zzz.loc6 tcp 28116
DNAT net loc:xxx.yyy.zzz.loc6 udp 28116
DNAT net loc:xxx.yyy.zzz.loc7 tcp 28117
DNAT net loc:xxx.yyy.zzz.loc7 udp 28117
DNAT net loc:xxx.yyy.zzz.loc8 tcp 28118
DNAT net loc:xxx.yyy.zzz.loc8 udp 28118
DNAT net loc:xxx.yyy.zzz.loc9 tcp 28119
DNAT net loc:xxx.yyy.zzz.loc9 udp 29119
# dnmasq - dhpcp
ACCEPT loc fw udp 67,68
# akceptowalne IP
SSH(ACCEPT) loc:xxx.yyy.zzz.loc1 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc2 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc3 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc4 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc5 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc6 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc7 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc8 fw
SSH(ACCEPT) loc:xxx.yyy.zzz.loc9 fw
#ACCEPT loc:xxx.yyy.zzz.loc1/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc2/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc3/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc4/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc5/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc6/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc7/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc8/24 fw all
#ACCEPT loc:xxx.yyy.zzz.loc9/24 fw all




>
> If you have webconf running then you can easily build a full copy of
> your installation by using the Backup Software Image function. It will
> download a binary image of your running system.
Webconf isn't working for me. I don't know why.
>
> Else you must mount the usb stick on your router somehow like
>
> mount /dev/sd?? /mnt
> the question marks should be replaced by something like b1 or c1
> depending on your hardware
>
> then copy the files to /mnt
>
> cp /etc/shorewall/policy /mnt
> ....
> ....
>
> once done don't forget to unmount
> umount /mnt
>
> I understand this is more complicated than cut and paste.
Thanks. That's what I was thinking, not knowing of any better options. 
I'll try it. This might come in handy someday.
>
> cheers
>
> ET

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 1

[Erich T. <eri...@th...>]

Hi Slavek

Am 02.12.2025 um 01:31 schrieb Sławek Adamski via leaf-user:


> I'm not linux man. Can you tell me how to copy these files to a USB 
> drive? Manually copying them letter by letter from computer to computer 
> can cause errors. I'll copy it, take out the USB and put it in my 
> Windows PC and finally send them to
> lea...@li... as my answer.

These files are rather small you could easily cut and paste the contents.

If you have ssh access to your LEAF box you can use winscp to copy the 
files directly to your windoze box.

If you have webconf running then you can easily build a full copy of 
your installation by using the Backup Software Image function. It will 
download a binary image of your running system.

Else you must mount the usb stick on your router somehow like

mount /dev/sd?? /mnt
the question marks should be replaced by something like b1 or c1 
depending on your hardware

then copy the files to /mnt

cp /etc/shorewall/policy /mnt
....
....

once done don't forget to unmount
umount /mnt

I understand this is more complicated than cut and paste.

cheers

ET
-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 205, Issue 1

[Sławek A. <sa...@wa...>]

Hello Erich,

W dniu 1.12.2025 o 13:13, lea...@li... pisze:
> Message: 1
> Date: Mon, 1 Dec 2025 02:05:48 +0100
> From: S?awek Adamski<sa...@wa...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 8
> Message-ID:<877...@wa...>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> Hi Erich,
>
> W dniu 30.11.2025 o?13:12,lea...@li... pisze:
>> Message: 1
>> Date: Sat, 29 Nov 2025 23:50:52 +0100
>> From: Erich Titl<eri...@th...>
>> To:lea...@li...
>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6
>> Message-ID:<76d...@th...>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Hi Slavek
>>
>> Am 29.11.2025 um 22:48 schrieb jeanrocco jr:
>>> Hello Slawek and All
>>>
>>>
>>>
>>> On Sat, Nov 29, 2025 at 11:29?AM S?awek Adamski via leaf-user< lea...@li...> wrote:
>>>
>>>> Hello Jeanrocco
>>>>
>>>> Unfortunately, it didn't help. I did not change the file
>>>> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.
>>> Are you telling me Webconf is not working ?
>>>
>>>
>>>> Line
>>>> number 100 was just as you wrote. Changing the /etc/shorewall/rules file
>>>> didn't help. All IPs are still accepted.
>> Was shorewall restarted ?
> Yes. Many times. About twice a day. Robert K Coffman Jr. wrote to me
> about this.
>> What is the internal net like?
> Good. My Windows PC has access to external net.
>> cheers
>>
>> ET
>>
> ------------------------------
>
> Message: 2
> Date: Mon, 1 Dec 2025 11:00:29 +0100
> From: Erich Titl<eri...@th...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 8
> Message-ID:<c94...@th...>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Slavek
>
> Am 01.12.2025 um 02:05 schrieb S?awek Adamski via leaf-user:
>> Hi Erich,
>>
>> W dniu 30.11.2025 o?13:12,lea...@li... pisze:
>>> Message: 1
>>> Date: Sat, 29 Nov 2025 23:50:52 +0100
>>> From: Erich Titl<eri...@th...>
>>> To:lea...@li...
>>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6
>>> Message-ID:<76d...@th...>
>>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>>
>>> Hi Slavek
>>>
>>> Am 29.11.2025 um 22:48 schrieb jeanrocco jr:
>>>> Hello Slawek and All
>>>>
>>>>
>>>>
>>>> On Sat, Nov 29, 2025 at 11:29?AM S?awek Adamski via leaf-user< leaf- us...@li...> wrote:
>>>>
>>>>> Hello Jeanrocco
>>>>>
>>>>> Unfortunately, it didn't help. I did not change the file
>>>>> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.
>>>> Are you telling me Webconf is not working ?
>>>>
>>>>
>>>>> Line
>>>>> number 100 was just as you wrote. Changing the /etc/shorewall/rules
>>>>> file
>>>>> didn't help. All IPs are still accepted.
>>> Was shorewall restarted ?
>> Yes. Many times. About twice a day. Robert K Coffman Jr. wrote to me
>> about this.
>>> What is the internal net like?
>> Good. My Windows PC has access to external net.
> OK, so I understand that you have internet access from the internal net.
> Your problem is that certain addresses from the internal net to the
> firewall should be blocked and aledgedly are not
>
> Please let us know
>
> - the IP range of your internal network
> - /etc/shorewall/rules
> - /etc/shorewall/policy
> - /etc/shorewall/interfaces
>
> please also show us /var/log/shorewall.log
I'm not linux man. Can you tell me how to copy these files to a USB 
drive? Manually copying them letter by letter from computer to computer 
can cause errors. I'll copy it, take out the USB and put it in my 
Windows PC and finally send them to
lea...@li... as my answer.
>
> cheers
>
> ET
>
Best Regards
Sławek

Re: [leaf-user] leaf-user Digest, Vol 204, Issue 8

[Erich T. <eri...@th...>]

Hi Slavek

Am 01.12.2025 um 02:05 schrieb Sławek Adamski via leaf-user:
> Hi Erich,
> 
> W dniu 30.11.2025 o 13:12, lea...@li... pisze:
>> Message: 1
>> Date: Sat, 29 Nov 2025 23:50:52 +0100
>> From: Erich Titl<eri...@th...>
>> To:lea...@li...
>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6
>> Message-ID:<76d...@th...>
>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>
>> Hi Slavek
>>
>> Am 29.11.2025 um 22:48 schrieb jeanrocco jr:
>>> Hello Slawek and All
>>>
>>>
>>>
>>> On Sat, Nov 29, 2025 at 11:29?AM S?awek Adamski via leaf-user< leaf- 
>>> us...@li...> wrote:
>>>
>>>> Hello Jeanrocco
>>>>
>>>> Unfortunately, it didn't help. I did not change the file
>>>> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.
>>>
>>> Are you telling me Webconf is not working ?
>>>
>>>
>>>> Line
>>>> number 100 was just as you wrote. Changing the /etc/shorewall/rules 
>>>> file
>>>> didn't help. All IPs are still accepted.
>> Was shorewall restarted ?
> Yes. Many times. About twice a day. Robert K Coffman Jr. wrote to me 
> about this.
>>
>> What is the internal net like?
> Good. My Windows PC has access to external net.

OK, so I understand that you have internet access from the internal net. 
Your problem is that certain addresses from the internal net to the 
firewall should be blocked and aledgedly are not

Please let us know

- the IP range of your internal network
- /etc/shorewall/rules
- /etc/shorewall/policy
- /etc/shorewall/interfaces

please also show us /var/log/shorewall.log

cheers

ET

-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 204, Issue 8

[Sławek A. <sa...@wa...>]

Hi Erich,

W dniu 30.11.2025 o 13:12, lea...@li... pisze:
> Message: 1
> Date: Sat, 29 Nov 2025 23:50:52 +0100
> From: Erich Titl<eri...@th...>
> To:lea...@li...
> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6
> Message-ID:<76d...@th...>
> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>
> Hi Slavek
>
> Am 29.11.2025 um 22:48 schrieb jeanrocco jr:
>> Hello Slawek and All
>>
>>
>>
>> On Sat, Nov 29, 2025 at 11:29?AM S?awek Adamski via leaf-user< lea...@li...> wrote:
>>
>>> Hello Jeanrocco
>>>
>>> Unfortunately, it didn't help. I did not change the file
>>> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.
>>
>> Are you telling me Webconf is not working ?
>>
>>
>>> Line
>>> number 100 was just as you wrote. Changing the /etc/shorewall/rules file
>>> didn't help. All IPs are still accepted.
> Was shorewall restarted ?
Yes. Many times. About twice a day. Robert K Coffman Jr. wrote to me 
about this.
>
> What is the internal net like?
Good. My Windows PC has access to external net.
>
> cheers
>
> ET
>

Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6

[Erich T. <eri...@th...>]

Hi Slavek

Am 29.11.2025 um 22:48 schrieb jeanrocco jr:
> Hello Slawek and All
> 
> 
> 
> On Sat, Nov 29, 2025 at 11:29 AM Sławek Adamski via leaf-user <
> lea...@li...> wrote:
> 
>> Hello Jeanrocco
>>
>> Unfortunately, it didn't help. I did not change the file
>> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.
> 
> 
> Are you telling me Webconf is not working ?
> 
> 
>> Line
>> number 100 was just as you wrote. Changing the /etc/shorewall/rules file
>> didn't help. All IPs are still accepted.

Was shorewall restarted ?

What is the internal net like?

cheers

ET

-- 
„Wer von seinem Tag nicht zwei Drittel für sich hat, ist ein Sklave.“
―Friedrich Nietzsche

Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6

[jeanrocco jr <bla...@gm...>]

Hello Slawek and All



On Sat, Nov 29, 2025 at 11:29 AM Sławek Adamski via leaf-user <
lea...@li...> wrote:

> Hello Jeanrocco
>
> Unfortunately, it didn't help. I did not change the file
> /etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary.


Are you telling me Webconf is not working ?


> Line
> number 100 was just as you wrote. Changing the /etc/shorewall/rules file
> didn't help. All IPs are still accepted.
>
> At this point I don't know what to think ...

Could you tell me what hardware you are using for the firewall PC, I know
it's a VGA and has a keyboard, but there is more to be said, tell me what
it is; PC type, motherboard, number of NICs, memory etc ...
Some Pentium motherboards had an issue with address assignment of eth0 and
eth1 that required a special bbnameif.lrp module ...

Personally, using the 7.0.0 distribution, I could not get 'upgrade' to work
properly, some changes in Sourceforge.net prevented the retrieve() function
in 'upgrade' bash script from downloading certain files.
I tried some hacking and I never got it right, so, in the end,  I decided
to do a clean install of 7.5.1 on another USB key. You could try that too,
if you are willing.

Steps to get a clean install of 7.5.1 on another USB key, using the 7.0.0
USB key.

You probably still have on your Windows PC a copy of
'Bering-uClibc_x86_64_vga.img'  (7.0.0) , burn it again on a USB key using
the Raspberry Pi imager as you did before.
Unplug all the network interface cables on your firewall PC
Boot your firewall PC with this 7.0.0 USB key. Login as root and set a
strong password. Quit the LEAF configuration menu until you get the
leafinstaller# prompt.
Plug a network cable from the Firewall eth0 port to your cable modem rj-45
port.
run:
leafinstaller# ip addr

should show eth0  inet www.xxx.yyy.zzz
                     eth1  inet 192.168.1.254/24

If eth0 does not show a valid IP address, plug the network cable in the
other firewall NIC port.

Let's prepare another USB key:

plug another USB key in your firewall PC
run: leafinstaller# fdisk -l
/dev/sda1 ...  bla bla bla ...
/dev/sdb1 ...  bla bla bla ...

leafinstaller# fdisk /dev/sdb

Just follow the documentation from here:
_____________________________________

The safest approach is to delete any existing partition on the media. To
delete a partition type "*d*", to create a new partition type "*n*", choose
"*p*" for a new primary partition, "*1*" for the partition number, accept
the default values for First and Last Sector. To change the partition
system id to W95 FAT32, type "*t*" and "*b*". Lastly make the partition
bootable, type "*a*" and "*1*" to make the first partition bootable.

You may have a look before writing the changes to your media with the
command "*p*". It should show something like this:

Device      Boot      Start         End           Blocks      Id         System
/dev/sdb1    *         2048        524287         261120        b
   W95 FAT32

Save your changes with the command "*w*" and leave the fdisk utility with "
*q*".


Format the flash media:

mkfs.vfat -r 1024 /dev/sdb1

Next you need to install the SYSLINUX
<http://syslinux.zytor.com/wiki/index.php/SYSLINUX> bootloader onto the
boot partition. Simply run:

syslinux -i /dev/sdb1


Install the MBR code on the flash media:

cd /usr/share/syslinux
dd bs=440 count=1 if=mbr.bin of=/dev/sdb

Please note */dev/sdb*, this will write the Syslinux mbr code (mbr.bin)
into the master boot record of the media.

Running syslinux -i results in file ldlinux.sys being created in the root
of the FAT32 file system. Do not attempt to edit or move this file since
that will break the SYSLINUX operation.

For Bering-uClibc 5.x
<https://bering-uclibc.zetam.org/wiki/Bering-uClibc_5.x> the Linux kernel
and the SYSLINUX configuration files have been relocated to the syslinux/
directory of the boot disk. However, file ldlinux.sys should remain in the
root directory (although by using the -d directory argument to syslinux
this can be moved to a different pre-existing directory on the boot disk,
if desired).


Mount the media:

sudo mount /dev/sdb1 /mnt
cd /mnt
______________________________________________________________

Ok let's get a copy of the 7.5.1 distribution :

leafinstaller# wget
https://sourceforge.net/projects/leaf/files/Bering-uClibc/7.5.1/Bering-uClibc_7.5.1_x86_64_syslinux_vga.tar.gz
-O /mnt/distro

( yes I know it's a long typing to do ...) you should see lots of stars
*********************:-), when finished:

leafinstaller# tar -xvzf distro

Ok you now have a clean copy of 7.5.1 on /dev/sdb1

Take the 7.0.0 USB key out, and reboot !

You don't have to touch anything else except the rules in shorewall that we
talked about.

Let me know how it went !

W dniu 29.11.2025 o 13:14, lea...@li... pisze:
> > Hello Slawek, and the gang ...
> >
> > On Wed, Nov 26, 2025 at 1:41?PM S?awek Adamski via leaf-user<
> lea...@li...> wrote:
> >
> >> He Erich
> >>
> >> Sorry for my poor English. I'm not artificial. And I'm a bit
> >> intelligent, I think.
> >
> > very funny !
> >
> >
> >> The config was changed by me. Only by me. I'm not
> >> using AI. I'm to old for that. I'm programmer. Retired.
> >
> > most of us are :-)
> >
> >
> >> When I was
> >> working the AI was absent. My work was simple - databases and ERP.
> >> Initially, it was DOS, and later Windows. I've never worked with Linux.
> >> In 1998, a friend of mine showed me how to build a firewall for the
> >> company I worked for. It was a small company?seven employees, including
> >> the owners. It was Leaf Bering. Made on CD. At home, on my old computer,
> >> I also installed a firewall. For security reasons. That friend of mine
> >> is no longer alive ? SM. But nine years ago, unfortunately, without his
> >> help, I configured Leaf Berin uClibc version 5.2.6. Also on CD. And I
> >> used it until recently. Now I decided to make a new one firewall. On
> >> USB. In version 5.2.6, I could log into the firewall from a local
> >> Windows computer. I usually use Firefox. I copied the settings to
> >> Windows, file by file. I logged into the new firewall using its
> >> keyboard. Logging in from Windows doesn't work for me. That was version
> >> 7.0.0. But now there's an upgrade command. And I have version 7.5.1.
> >> Great. After logging in, I looked at all the files in lrcfg and changed
> >> them based on the configuration I was reading from the second monitor,
> >> the one running Windows. I think I was successful. It works. I have
> >> internet. But I missed something. I can't access it from Windows, and
> >> all local IPs are accepted.
> >>
> >>
> > Well for a guy who claims not to be too good with Linux, I have to admit
> > you did quite well so far ... yeah a bit intelligent :-) !
> >
> > There is indeed a bug in 7.5.1 that prevents lighttpd from starting,
> > that is why there is no webconf !!!
> >
> > you can correct it easily, I assume you know how to use edit, by going in
> > /etc/lighttpd/lighttpd.annotated.conf and correct line 100 (cat -n
> > lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd :-)
> >
> > Once done, manually restart lighttpd with:
> >
> > cd /etc/init.d
> > ./lighttpd start
> >
> > Webconf should now be available from your WIndow PC at url
> > http://192.168.1.254 .
> > The first time you connect the 'Webconf Password' page will ask you to
> set
> > a username like admin and a password that has to be entered twice.
> > Click Apply
> > Even if the page still displays the same thing, you can now click on any
> > links in the left Configuration column. They will be outlined in blue as
> > you move the mouse over them.
> >
> > The distribution comes as a pre-configure firewall, with the basic
> required
> > lrp modules loaded. It expects to connect to a cable modem (with dhcpcd).
> > When connected to the Internet it will fetch an Ip address from your ISP
> > DHCP server, unless you have a permanent one.
> >
> > To allow only some local machines to access the firewall (with ssh), you
> > should only say that in /etc/shorewall/rules not in /etc/hosts.allow .
> > The rules might look like:
> >
> > SSH(ACCEPT)   loc:192.168.1.5,192.168.1.6,192.168.1.7         fw
> >
> > I hope this is helpful.
> >
> >
> >> W dniu 26.11.2025 o 00:22,lea...@li...
> pisze:
> >>> Message: 2
> >>> Date: Wed, 26 Nov 2025 00:06:27 +0100
> >>> From: Erich Titl<eri...@th...>
> >>> To:lea...@li...
> >>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 3
> >>> Message-ID:<c58...@th...>
> >>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
> >>>
> >>> Hi Folks
> >>>
> >>> If I understand this issue correctly it started with a AI built config,
> >>> not with something set in either the shorewall documentation or with a
> >>> simple config as distributed with LEAF. Please correct me if this is
> not
> >>> the case.
> >>>
> >>> It appears to me that the OP does not have a strong conceptual
> >>> understanding of his network topology.
> >>>
> >>> I would suggest to lay down the concept of this installation instead of
> >>> explaining what alledgedly is not working, e.g. the logical and
> physical
> >>> layout of the network(s). Based on this I am positive that the group
> can
> >>> suggest solutions.
> >>>
> >>> I understand that the shorewall documentation by Tom is complex. It
> >>> shows at what high abstraction level Tom was able to think when he
> >>> designed, wrote and documented shorewall. I understand also that many
> if
> >>> not all of us will not easily absorb this, at least I need to reread
> >> often.
> >>> My 2 cents.
> >>>
> >>> cheers
> >>>
> >>> ET
> >>>
> >>> Am 25.11.2025 um 22:01 schrieb S?awek Adamski via leaf-user:
> >>>> Big thanks. It's very nice that you want to help me. But your solution
> >>>> doesn't work. For clarity, I added the IP numbers I approved to
> >>>>    ?/etc/shorewall/rules as you wrote. And /etc/shorewall/policy was
> >>>> (I added line numbers):
> >>>>
> >>>>    ?1? ? #
> >>>>    ?2? ? # Shorewall -- /etc/shorewall/policy
> >>>>    ?3? ? #
> >>>>    ?4? ? # For information about entries in this file, type "man
> >>>> shorewall-policy"
> >>>>    ?5? ? #
> >>>>    ?6? ? # The manpage is also online at
> >>>>    ?7? ? #http://www.shorewall.net/manpages/shorewall-policy.html
> >>>>    ?8? ? #
> >>>>    ?9
> >>>>
> >>
> ###############################################################################
> >>>> 10? ? #SOURCE? ? ? ? DEST? ? ? ? POLICY? ? LOGLEVEL? ? LIMIT CONNLIMIT
> >>>> 11? ? #loc? ? net? ? ACCEPT
> >>>> 12? ? loc? ? fw? ? REJECT
> >>>> 13? ? net? ? all? ? DROP
> >>>> 14? ? # If you want open access to the Internet from your Firewall
> >>>> 15? ? # remowe the comment from the following line.
> >>>> 16? ? #fw? ? ? ? net? ? ? ? ACCEPT
> >>>> 17? ? # THE FOLLOWING POLICY MUST BE LAST
> >>>> 18? ? #
> >>>> 19? ? all? ? all? ? REJECT? ? ? ? ? ? NFLOG(4,0,4)
> >>>>
> >>>> I commented out line 11 and added line 12. And it doesn't work.
> >>>> No local IP has internet. I uncommented line 11 without sucses.
> >>>> Still no net. So I commented line 12. And every local IP has access
> >>>> again. Probably the problem is in other place.
> >>>>
> >>>> W dniu 25.11.2025 o?13:19,lea...@li...
> >> pisze:
> >>>>> Message: 1
> >>>>> Date: Mon, 24 Nov 2025 08:36:05 -0500
> >>>>> From: "Robert K Coffman Jr. -Info From Data Corp."
> >>>>> ????<bco...@in...>
> >>>>> To:lea...@li...
> >>>>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 1
> >>>>> Message-ID:<e43...@in...>
> >>>>> Content-Type: text/plain; charset="UTF-8"
> >>>>>
> >>>>> ??? If I am understanding you correctly, this is how I would
> accomplish
> >>>>> ??? that.? I'm assuming Shorewall (the default firewall on Leaf,
> unless
> >>>>> ??? that has changed) is running.? You can confirm by:
> >>>>> ??? shorewall status
> >>>>> ??? You should see a message including "Shorewall is running."
> >>>>> ??? If you do, edit /etc/shorewall/policy and look for the line that
> is
> >>>>> ??? similar to this:
> >>>>> ??? loc???????????? fw????????????? ACCEPT
> >>>>> ??? In that line, change ACCEPT to REJECT
> >>>>> ??? Then, in /etc/shorewall/rules, add these rules for the IPs you
> >>>>> want to
> >>>>> ??? allow from your lan to connect to your firewall, one line for
> each
> >>>>> IP:
> >>>>> ??? ACCEPT??? loc:192.168.0.5/24??? fw?? all
> >>>>> ??? The /24 assumes that your subnet mask for your firewall is
> >>>>> ??? 255.255.255.0.? If it is different, you will need to modify that,
> >> and
> >>>>> ??? of course make the IP address match your config.
> >>>>> ??? After you make that edit, run:
> >>>>>
> >>>>> ??? shorewall restart
> >>>>>
> >>>>> ??? Verify it was successful, and you should be good to go.
> >>>>>
> >>>>> ??? - Robert
> >>>>>
> >>>>> ??? On 11/22/2025 10:44:33 AM, S?awek Adamski via leaf-user wrote:
> >>>>>
> >>>>> ????? Hello Robert,
> >>>>> ????? Thanks a lot for your response. Hmm... the documentation of
> leaf
> >>>>> ????? Bering uClibc is unavailable again:
> >>>>> ????? "
> >>>>> ?????? Sorry! This site is experiencing technical difficulties.
> >>>>> ????? Try waiting a few minutes and reloading.
> >>>>> ????? (Cannot access the database)
> >>>>> ?????" A month ago I copied near all of that as html files. My answer
> >> for
> >>>>> you question: I haven't even tried. I don't know how. Marco
> >>>>> described another solution for me, but I'm not a Linux man. I didn't
> >>>>> understand that. So I did what I described. It works, but not
> >>>>> exactly how I wanted. W dniu 22.11.2025 o 13:14, [1]leaf-user-
> >>>>> re...@li... pisze: Message: 1 Date: Fri, 21 Nov
> >>>>> 2025 12:39:03 -0500 From: "Robert K Coffman Jr. -Info From Data
> Corp."
> >>>>> ????????? [2]<bco...@in...>
> >>>>> ????? [3]To:lea...@li...
> >>>>> ????? Subject: Re: [leaf-user] Problem with configuration.
> >>>>> ????? Message-ID:[4]<66b68c95-
> >> ace...@in... >
> >>>>> ????? Content-Type: text/plain; charset="UTF-8"
> >>>>> ????????? S?awek,
> >>>>> ????????? Did you overcome the problems you had with this?
> >>>>> ????????? - Robert
> >>>>> ????????? On 10/28/2025 4:50:11 PM, S?awek Adamski via leaf-user
> wrote:
> >>>>> ??????????? Hi,
> >>>>> ??????????? Please forgive my poor English.
> >>>>> ??????????? I have small success. My leaf bering boots from USB and
> >>>>> works.
> >>>>> ????? Near
> >>>>> ??????????? properly. Near.
> >>>>> ??????????? I have two PC. One with Windows 11 and second for leaf.
> >> Both
> >>>>> ????? have
> >>>>> ??????????? keyboards and monitors.
> >>>>> ??????????? Steps I took:
> >>>>> ??????????? 1. Using image Bering-uClibc_x86_vga.img and? Rasberry Pi
> >>>>> ????? Imager I
> >>>>> ??????????? recorded the first USB with version 7.0.0. In Rasberry Pi
> >>>>> ????? Imager I
> >>>>> ??????????? set the login and password for that leaf.
> >>>>> ??????????? 2. The partition on the USB had only 64 MB so using
> >>>>> DiskGenius
> >>>>> ????? I
> >>>>> ??????????? expanded it to 128 MB.
> >>>>> ??????????? 3.? I logged into the booted from USB and upgraded doing:
> >>>>> ????? upgrade
> >>>>> ??????????? --release 7.5.1.
> >>>>> ??????????? 4. I configured that a little.
> >>>>> ??????????? And it works. My PC with Windows has access to net via
> >>>>> ????? firewall. My
> >>>>> ??????????? firewall ignores pings to him. And longing to him from
> net
> >> is
> >>>>> ??????????? impossible. And I changed the IP4 number to one I made
> up.
> >>>>> ??????????? But I need two things in configuration. First I want
> ignore
> >>>>> ????? local
> >>>>> ??????????? connections from IP doesn't accepted by me. I wrote the
> >>>>> ????? accepted
> >>>>> ??????????? list to hosts.allow. Something like that, of course with
> my
> >>>>> ????? IP:
> >>>>> ??????????? # Allow anything from the local net
> >>>>> ??????????? #ALL: 192.168.1.0/255.255.255.0
> >>>>> ??????????? 192.168.1.x
> >>>>> ??????????? 192.168.1.y
> >>>>> ??????????? 192.168.1.z
> >>>>> ??????????? where 192.168.1.x, 192.168.1.y and 192.168.1.z are the
> >>>>> allowed
> >>>>> ????? IP by
> >>>>> ??????????? me.
> >>>>> ??????????? But it doesn't work. I don' understood the guide. I'm not
> >>>>> ????? linux man.
> >>>>> ??????????? Probably it must be done in other way.
> >>>>> ??????????? The second which I want is to have working webconf. Now
> it
> >> is
> >>>>> ????? still
> >>>>> ??????????? asking for login and password in not ending loop. From
> >>>>> ????? Firefox,
> >>>>> ??????????? Chrome and Edge. Seems something is wrong.
> >>>>> ??????????? Best Regards
> >>>>> ??????????? S?awek
> >>>>>
> >>>>>
> >>>>> --------------------------------------------------------------------
> >>>>> ??????????? ----
> >>>>> ??????????? leaf-user mailing list: [[5]1]
> >> lea...@li...
> >>>>> ??????????? [2][6]
> >> https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>> ??????????? Support Request -- [3][7]http://leaf-project.org/
> >>>>> ????? --
> >>>>> ????? Robert K Coffman Jr.
> >>>>> ????? Info From Data Corp.
> >>>>> ????? 3307249000
> >>>>> ????? [[8]4]su...@in...
> >>>>> ????? References
> >>>>> ????????? [9]1.mailto:lea...@li...
> >>>>> ????????? 2.https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>> ????????? 3.http://leaf-project.org/
> >>>>> ????????? [10]4.mailto:su...@in...
> >>>>> ????? ------------------------------
> >>>>> ????? ------------------------------
> >>>>> ????? Subject: Digest Footer
> >>>>> ????? _______________________________________________
> >>>>> ????? leaf-user mailing list
> >>>>> ????? [11]lea...@li...
> >>>>> ????? [12]https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>> ????? ------------------------------
> >>>>> ????? End of leaf-user Digest, Vol 204, Issue 1
> >>>>> ????? *****************************************
> >>>>>
> >>>>>
> >>>>> --------------------------------------------------------------------
> >>>>> ????? ----
> >>>>> ????? leaf-user mailing list: [13]lea...@li...
> >>>>> ????? [14]https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>> ????? Support Request -- [15]http://leaf-project.org/
> >>>>>
> >>>>> --
> >>>>> Robert K Coffman Jr.
> >>>>> Info From Data Corp.
> >>>>> 3307249000
> >>>>> [16]su...@in...
> >>>>>
> >>>>> References
> >>>>>
> >>>>> ???1.mailto:lea...@li...
> >>>>> ???2.mailto:bco...@in...
> >>>>> ???3.mailto:To:lea...@li...
> >>>>> ???4.mailto:66b...@in...
> >>>>> ???5.mailto:1]lea...@li...
> >>>>> ??? 6.https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>> ??? 7.http://leaf-project.org/
> >>>>> ???8.mailto:4]su...@in...
> >>>>> ???9.mailto:1.mailto:lea...@li...
> >>>>> ??10.mailto:4.mailto:su...@in...
> >>>>> ??11.mailto:lea...@li...
> >>>>> ?? 12.https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>> ??13.mailto:lea...@li...
> >>>>> ?? 14.https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>> ?? 15.http://leaf-project.org/
> >>>>> ??16.mailto:su...@in...
> >>>>>
> >>>>>
> >>>>> ------------------------------
> >>>>>
> >>>>>
> >>>>>
> >>>>> ------------------------------
> >>>>>
> >>>>> Subject: Digest Footer
> >>>>>
> >>>>> _______________________________________________
> >>>>> leaf-user mailing list
> >>>>> lea...@li...
> >>>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>>>
> >>>>>
> >>>>> ------------------------------
> >>>>>
> >>>>> End of leaf-user Digest, Vol 204, Issue 3
> >>>>> *****************************************
> >>>>
> ------------------------------------------------------------------------
> >>>> leaf-user mailinglist:lea...@li...
> >>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
> >>>> Support Request --http://leaf-project.org/
> >>
> >> ------------------------------------------------------------------------
> >> leaf-user mailing list:lea...@li...
> >> https://lists.sourceforge.net/lists/listinfo/leaf-user
> >> Support Request --http://leaf-project.org/
> >>
> >
> > ------------------------------
> >
> >
> >
> > ------------------------------
> >
> > Subject: Digest Footer
> >
> > _______________________________________________
> > leaf-user mailing list
> > lea...@li...
> > https://lists.sourceforge.net/lists/listinfo/leaf-user
> >
> >
> > ------------------------------
> >
> > End of leaf-user Digest, Vol 204, Issue 6
> > *****************************************
>
>
> ------------------------------------------------------------------------
> leaf-user mailing list: lea...@li...
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> Support Request -- http://leaf-project.org/
>

Re: [leaf-user] leaf-user Digest, Vol 204, Issue 6

[Sławek A. <sa...@wa...>]

Hello Jeanrocco

Unfortunately, it didn't help. I did not change the file 
/etc/lighttpd/lighttpd.annotated.conf. That wasn't necessary. Line 
number 100 was just as you wrote. Changing the /etc/shorewall/rules file 
didn't help. All IPs are still accepted.

W dniu 29.11.2025 o 13:14, lea...@li... pisze:
> Hello Slawek, and the gang ...
>
> On Wed, Nov 26, 2025 at 1:41?PM S?awek Adamski via leaf-user< lea...@li...> wrote:
>
>> He Erich
>>
>> Sorry for my poor English. I'm not artificial. And I'm a bit
>> intelligent, I think.
>
> very funny !
>
>
>> The config was changed by me. Only by me. I'm not
>> using AI. I'm to old for that. I'm programmer. Retired.
>
> most of us are :-)
>
>
>> When I was
>> working the AI was absent. My work was simple - databases and ERP.
>> Initially, it was DOS, and later Windows. I've never worked with Linux.
>> In 1998, a friend of mine showed me how to build a firewall for the
>> company I worked for. It was a small company?seven employees, including
>> the owners. It was Leaf Bering. Made on CD. At home, on my old computer,
>> I also installed a firewall. For security reasons. That friend of mine
>> is no longer alive ? SM. But nine years ago, unfortunately, without his
>> help, I configured Leaf Berin uClibc version 5.2.6. Also on CD. And I
>> used it until recently. Now I decided to make a new one firewall. On
>> USB. In version 5.2.6, I could log into the firewall from a local
>> Windows computer. I usually use Firefox. I copied the settings to
>> Windows, file by file. I logged into the new firewall using its
>> keyboard. Logging in from Windows doesn't work for me. That was version
>> 7.0.0. But now there's an upgrade command. And I have version 7.5.1.
>> Great. After logging in, I looked at all the files in lrcfg and changed
>> them based on the configuration I was reading from the second monitor,
>> the one running Windows. I think I was successful. It works. I have
>> internet. But I missed something. I can't access it from Windows, and
>> all local IPs are accepted.
>>
>>
> Well for a guy who claims not to be too good with Linux, I have to admit
> you did quite well so far ... yeah a bit intelligent :-) !
>
> There is indeed a bug in 7.5.1 that prevents lighttpd from starting,
> that is why there is no webconf !!!
>
> you can correct it easily, I assume you know how to use edit, by going in
> /etc/lighttpd/lighttpd.annotated.conf and correct line 100 (cat -n
> lighttpd.annotated.conf) to server.username = "sh-httpd" not hhtpd :-)
>
> Once done, manually restart lighttpd with:
>
> cd /etc/init.d
> ./lighttpd start
>
> Webconf should now be available from your WIndow PC at url
> http://192.168.1.254 .
> The first time you connect the 'Webconf Password' page will ask you to set
> a username like admin and a password that has to be entered twice.
> Click Apply
> Even if the page still displays the same thing, you can now click on any
> links in the left Configuration column. They will be outlined in blue as
> you move the mouse over them.
>
> The distribution comes as a pre-configure firewall, with the basic required
> lrp modules loaded. It expects to connect to a cable modem (with dhcpcd).
> When connected to the Internet it will fetch an Ip address from your ISP
> DHCP server, unless you have a permanent one.
>
> To allow only some local machines to access the firewall (with ssh), you
> should only say that in /etc/shorewall/rules not in /etc/hosts.allow .
> The rules might look like:
>
> SSH(ACCEPT)   loc:192.168.1.5,192.168.1.6,192.168.1.7         fw
>
> I hope this is helpful.
>
>
>> W dniu 26.11.2025 o 00:22,lea...@li... pisze:
>>> Message: 2
>>> Date: Wed, 26 Nov 2025 00:06:27 +0100
>>> From: Erich Titl<eri...@th...>
>>> To:lea...@li...
>>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 3
>>> Message-ID:<c58...@th...>
>>> Content-Type: text/plain; charset="utf-8"; Format="flowed"
>>>
>>> Hi Folks
>>>
>>> If I understand this issue correctly it started with a AI built config,
>>> not with something set in either the shorewall documentation or with a
>>> simple config as distributed with LEAF. Please correct me if this is not
>>> the case.
>>>
>>> It appears to me that the OP does not have a strong conceptual
>>> understanding of his network topology.
>>>
>>> I would suggest to lay down the concept of this installation instead of
>>> explaining what alledgedly is not working, e.g. the logical and physical
>>> layout of the network(s). Based on this I am positive that the group can
>>> suggest solutions.
>>>
>>> I understand that the shorewall documentation by Tom is complex. It
>>> shows at what high abstraction level Tom was able to think when he
>>> designed, wrote and documented shorewall. I understand also that many if
>>> not all of us will not easily absorb this, at least I need to reread
>> often.
>>> My 2 cents.
>>>
>>> cheers
>>>
>>> ET
>>>
>>> Am 25.11.2025 um 22:01 schrieb S?awek Adamski via leaf-user:
>>>> Big thanks. It's very nice that you want to help me. But your solution
>>>> doesn't work. For clarity, I added the IP numbers I approved to
>>>>    ?/etc/shorewall/rules as you wrote. And /etc/shorewall/policy was
>>>> (I added line numbers):
>>>>
>>>>    ?1? ? #
>>>>    ?2? ? # Shorewall -- /etc/shorewall/policy
>>>>    ?3? ? #
>>>>    ?4? ? # For information about entries in this file, type "man
>>>> shorewall-policy"
>>>>    ?5? ? #
>>>>    ?6? ? # The manpage is also online at
>>>>    ?7? ? #http://www.shorewall.net/manpages/shorewall-policy.html
>>>>    ?8? ? #
>>>>    ?9
>>>>
>> ###############################################################################
>>>> 10? ? #SOURCE? ? ? ? DEST? ? ? ? POLICY? ? LOGLEVEL? ? LIMIT CONNLIMIT
>>>> 11? ? #loc? ? net? ? ACCEPT
>>>> 12? ? loc? ? fw? ? REJECT
>>>> 13? ? net? ? all? ? DROP
>>>> 14? ? # If you want open access to the Internet from your Firewall
>>>> 15? ? # remowe the comment from the following line.
>>>> 16? ? #fw? ? ? ? net? ? ? ? ACCEPT
>>>> 17? ? # THE FOLLOWING POLICY MUST BE LAST
>>>> 18? ? #
>>>> 19? ? all? ? all? ? REJECT? ? ? ? ? ? NFLOG(4,0,4)
>>>>
>>>> I commented out line 11 and added line 12. And it doesn't work.
>>>> No local IP has internet. I uncommented line 11 without sucses.
>>>> Still no net. So I commented line 12. And every local IP has access
>>>> again. Probably the problem is in other place.
>>>>
>>>> W dniu 25.11.2025 o?13:19,lea...@li...
>> pisze:
>>>>> Message: 1
>>>>> Date: Mon, 24 Nov 2025 08:36:05 -0500
>>>>> From: "Robert K Coffman Jr. -Info From Data Corp."
>>>>> ????<bco...@in...>
>>>>> To:lea...@li...
>>>>> Subject: Re: [leaf-user] leaf-user Digest, Vol 204, Issue 1
>>>>> Message-ID:<e43...@in...>
>>>>> Content-Type: text/plain; charset="UTF-8"
>>>>>
>>>>> ??? If I am understanding you correctly, this is how I would accomplish
>>>>> ??? that.? I'm assuming Shorewall (the default firewall on Leaf, unless
>>>>> ??? that has changed) is running.? You can confirm by:
>>>>> ??? shorewall status
>>>>> ??? You should see a message including "Shorewall is running."
>>>>> ??? If you do, edit /etc/shorewall/policy and look for the line that is
>>>>> ??? similar to this:
>>>>> ??? loc???????????? fw????????????? ACCEPT
>>>>> ??? In that line, change ACCEPT to REJECT
>>>>> ??? Then, in /etc/shorewall/rules, add these rules for the IPs you
>>>>> want to
>>>>> ??? allow from your lan to connect to your firewall, one line for each
>>>>> IP:
>>>>> ??? ACCEPT??? loc:192.168.0.5/24??? fw?? all
>>>>> ??? The /24 assumes that your subnet mask for your firewall is
>>>>> ??? 255.255.255.0.? If it is different, you will need to modify that,
>> and
>>>>> ??? of course make the IP address match your config.
>>>>> ??? After you make that edit, run:
>>>>>
>>>>> ??? shorewall restart
>>>>>
>>>>> ??? Verify it was successful, and you should be good to go.
>>>>>
>>>>> ??? - Robert
>>>>>
>>>>> ??? On 11/22/2025 10:44:33 AM, S?awek Adamski via leaf-user wrote:
>>>>>
>>>>> ????? Hello Robert,
>>>>> ????? Thanks a lot for your response. Hmm... the documentation of leaf
>>>>> ????? Bering uClibc is unavailable again:
>>>>> ????? "
>>>>> ?????? Sorry! This site is experiencing technical difficulties.
>>>>> ????? Try waiting a few minutes and reloading.
>>>>> ????? (Cannot access the database)
>>>>> ?????" A month ago I copied near all of that as html files. My answer
>> for
>>>>> you question: I haven't even tried. I don't know how. Marco
>>>>> described another solution for me, but I'm not a Linux man. I didn't
>>>>> understand that. So I did what I described. It works, but not
>>>>> exactly how I wanted. W dniu 22.11.2025 o 13:14, [1]leaf-user-
>>>>> re...@li... pisze: Message: 1 Date: Fri, 21 Nov
>>>>> 2025 12:39:03 -0500 From: "Robert K Coffman Jr. -Info From Data Corp."
>>>>> ????????? [2]<bco...@in...>
>>>>> ????? [3]To:lea...@li...
>>>>> ????? Subject: Re: [leaf-user] Problem with configuration.
>>>>> ????? Message-ID:[4]<66b68c95-
>> ace...@in... >
>>>>> ????? Content-Type: text/plain; charset="UTF-8"
>>>>> ????????? S?awek,
>>>>> ????????? Did you overcome the problems you had with this?
>>>>> ????????? - Robert
>>>>> ????????? On 10/28/2025 4:50:11 PM, S?awek Adamski via leaf-user wrote:
>>>>> ??????????? Hi,
>>>>> ??????????? Please forgive my poor English.
>>>>> ??????????? I have small success. My leaf bering boots from USB and
>>>>> works.
>>>>> ????? Near
>>>>> ??????????? properly. Near.
>>>>> ??????????? I have two PC. One with Windows 11 and second for leaf.
>> Both
>>>>> ????? have
>>>>> ??????????? keyboards and monitors.
>>>>> ??????????? Steps I took:
>>>>> ??????????? 1. Using image Bering-uClibc_x86_vga.img and? Rasberry Pi
>>>>> ????? Imager I
>>>>> ??????????? recorded the first USB with version 7.0.0. In Rasberry Pi
>>>>> ????? Imager I
>>>>> ??????????? set the login and password for that leaf.
>>>>> ??????????? 2. The partition on the USB had only 64 MB so using
>>>>> DiskGenius
>>>>> ????? I
>>>>> ??????????? expanded it to 128 MB.
>>>>> ??????????? 3.? I logged into the booted from USB and upgraded doing:
>>>>> ????? upgrade
>>>>> ??????????? --release 7.5.1.
>>>>> ??????????? 4. I configured that a little.
>>>>> ??????????? And it works. My PC with Windows has access to net via
>>>>> ????? firewall. My
>>>>> ??????????? firewall ignores pings to him. And longing to him from net
>> is
>>>>> ??????????? impossible. And I changed the IP4 number to one I made up.
>>>>> ??????????? But I need two things in configuration. First I want ignore
>>>>> ????? local
>>>>> ??????????? connections from IP doesn't accepted by me. I wrote the
>>>>> ????? accepted
>>>>> ??????????? list to hosts.allow. Something like that, of course with my
>>>>> ????? IP:
>>>>> ??????????? # Allow anything from the local net
>>>>> ??????????? #ALL: 192.168.1.0/255.255.255.0
>>>>> ??????????? 192.168.1.x
>>>>> ??????????? 192.168.1.y
>>>>> ??????????? 192.168.1.z
>>>>> ??????????? where 192.168.1.x, 192.168.1.y and 192.168.1.z are the
>>>>> allowed
>>>>> ????? IP by
>>>>> ??????????? me.
>>>>> ??????????? But it doesn't work. I don' understood the guide. I'm not
>>>>> ????? linux man.
>>>>> ??????????? Probably it must be done in other way.
>>>>> ??????????? The second which I want is to have working webconf. Now it
>> is
>>>>> ????? still
>>>>> ??????????? asking for login and password in not ending loop. From
>>>>> ????? Firefox,
>>>>> ??????????? Chrome and Edge. Seems something is wrong.
>>>>> ??????????? Best Regards
>>>>> ??????????? S?awek
>>>>>
>>>>>
>>>>> --------------------------------------------------------------------
>>>>> ??????????? ----
>>>>> ??????????? leaf-user mailing list: [[5]1]
>> lea...@li...
>>>>> ??????????? [2][6]
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>> ??????????? Support Request -- [3][7]http://leaf-project.org/
>>>>> ????? --
>>>>> ????? Robert K Coffman Jr.
>>>>> ????? Info From Data Corp.
>>>>> ????? 3307249000
>>>>> ????? [[8]4]su...@in...
>>>>> ????? References
>>>>> ????????? [9]1.mailto:lea...@li...
>>>>> ????????? 2.https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>> ????????? 3.http://leaf-project.org/
>>>>> ????????? [10]4.mailto:su...@in...
>>>>> ????? ------------------------------
>>>>> ????? ------------------------------
>>>>> ????? Subject: Digest Footer
>>>>> ????? _______________________________________________
>>>>> ????? leaf-user mailing list
>>>>> ????? [11]lea...@li...
>>>>> ????? [12]https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>> ????? ------------------------------
>>>>> ????? End of leaf-user Digest, Vol 204, Issue 1
>>>>> ????? *****************************************
>>>>>
>>>>>
>>>>> --------------------------------------------------------------------
>>>>> ????? ----
>>>>> ????? leaf-user mailing list: [13]lea...@li...
>>>>> ????? [14]https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>> ????? Support Request -- [15]http://leaf-project.org/
>>>>>
>>>>> --
>>>>> Robert K Coffman Jr.
>>>>> Info From Data Corp.
>>>>> 3307249000
>>>>> [16]su...@in...
>>>>>
>>>>> References
>>>>>
>>>>> ???1.mailto:lea...@li...
>>>>> ???2.mailto:bco...@in...
>>>>> ???3.mailto:To:lea...@li...
>>>>> ???4.mailto:66b...@in...
>>>>> ???5.mailto:1]lea...@li...
>>>>> ??? 6.https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>> ??? 7.http://leaf-project.org/
>>>>> ???8.mailto:4]su...@in...
>>>>> ???9.mailto:1.mailto:lea...@li...
>>>>> ??10.mailto:4.mailto:su...@in...
>>>>> ??11.mailto:lea...@li...
>>>>> ?? 12.https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>> ??13.mailto:lea...@li...
>>>>> ?? 14.https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>> ?? 15.http://leaf-project.org/
>>>>> ??16.mailto:su...@in...
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> Subject: Digest Footer
>>>>>
>>>>> _______________________________________________
>>>>> leaf-user mailing list
>>>>> lea...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>>>
>>>>>
>>>>> ------------------------------
>>>>>
>>>>> End of leaf-user Digest, Vol 204, Issue 3
>>>>> *****************************************
>>>> ------------------------------------------------------------------------
>>>> leaf-user mailinglist:lea...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>>>> Support Request --http://leaf-project.org/
>>
>> ------------------------------------------------------------------------
>> leaf-user mailing list:lea...@li...
>> https://lists.sourceforge.net/lists/listinfo/leaf-user
>> Support Request --http://leaf-project.org/
>>
>
> ------------------------------
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> leaf-user mailing list
> lea...@li...
> https://lists.sourceforge.net/lists/listinfo/leaf-user
>
>
> ------------------------------
>
> End of leaf-user Digest, Vol 204, Issue 6
> *****************************************