# @(#) README 1.1@(#) 95/05/21 #
(c) ExNet Systems Ltd 1995.

 1) Please read the licence terms and conditions before using the software.

 2) Please note in particular that we cannot accept any liability for direct or
    consequential or any other losses from use of this software, especially due
    to hacking.

 3) A brief setup guide:

     a) Configure your firewall host with the minimum of services running
        (often none from inetd, for example) and a minimal kernel with *ROUTING
        TURNED OFF IN THE KERNEL*, eg build your kernel with:

            options "IPFORWARDING=-1"

        in the config file, and remove any unneeded options such as server- and
        client- side NFS.

        Turn off NIS (or YP, as it was).

     b) Unpack the tar archive the software arrived in.

     c) Pick the appropriate executable for your host's architecture, and copy
        it somewhere suitable, eg /usr/etc.

        ExFilter.G.* has been compiled with GNU CC and is not guaranteed to
        work, though may prove faster than the other versions supplied.

     d) Copy the tinyeg.conf to /etc/ExFilter.conf.  Modify the network
        addresses in it to suit your network, including providing a sensible
        address for the `gateway' record.

        Provide a `verbosity' record with a value of about 5 or above for
        initial debugging and setup, and consider switching on the `trace'
        gateway parameter initially, eg:

            gateway <addr> trace <otheroptions>

        Double check everything you have done above.

     e) Insert startup code for ExFilter into rc.local to run after all your IP
        interfaces have been brought up, something like this:

            EXFILTER=/usr/etc/ExFilter.O.sun4-SunOS-4
            if [ -f $EXFILTER ]; then
                    echo 'Starting Exfilter.'
                    ($EXFILTER &)   > /dev/console
            fi

     f) Think again about your configuration!  It may be all that stands
        between you and the wily hackers!

     g) Start up ExFilter by hand in the foreground and watch the output from
        syslog.  You can kill ExFilter with your INT character, usually ^C.

     h) Try rebooting the machine to check everything starts correctly in that
        case and that no packets are being let through that shouldn't be (eg
        nothing turns kernel routing on).

     i) When you are happy everything is working you may consider turning down
        verbosity to about 3 (so you can still see throttling going on and
        off), and almost certainly turn trace mode off if you haven't already.

     j) Keep an eye on network and gateway behaviour for unexpected behaviour.
        Don't entirely automate this, since the first thing a wily hacker
        should do is subvert any such mechanism.

Happy motoring!
