Prerequisites:
==============

 - Apache[2]
   (Debian package: apache2)
 - Apache PHP4 module
   (libapache2-mod-php4)
 - PHP DOM-XML
   (php-dom-xml)
 - Python 2.3 or greater
   (python python2.3-dev)
 - IPy Python package: http://software.inl.fr/trac/trac.cgi/wiki/IPy
 - LDAP Python library: http://python-ldap.sourceforge.net/
   (python-ldap)
 - sudo program
   (sudo)
 - Net_IPv4 from pear: pear install Net_IPv4
 - CONNTRACK netfilter target. This can be as simple as loading the kernel module

For better performances on Netfilter rules generation, you can install
psyco python package (python-psyco).


Installation
============

The installation in done in five steps:
   1. Install files
   2. Configure desc.xml and nupyf.conf
   3. Configure Apache
   4. How to configure /etc/sudoers
   5. Install init scripts

1) Install files
================

You can edit variables defined at beginning of the Makefile to adapt
configuration. Then use make to install nuface interface, type:
   make install

You change change directories prefix and/or Apache user and group using:
   make install DESTDIR=/usr/local WWW_USER=apache WWW_GROUP=apache

It will install Nufaces web files and Python scripts, and create the
following directories:

 - /usr/share/edenwall-web/nuface
 - /usr/lib/python2.4/site-packages/nupyf
 - /etc/network/firewall
 - /var/backups
 - /var/lock
 - /var/local/nuface
 - /var/local/nuface-logs
 - /var/local/nufw


2) Configure desc.xml and nupyf.conf
====================================

You have to setup your network interfaces and your LDAP configuration in the
files desc.xml and nupyf.conf in directory /etc/network/firewall/desc/. In the
same directory, you will find sample files (desc.xml.ex and nupyf.conf.ex).
Rename the sample files and adapt them.

You can also use the Perl script scripts/builddesc.pl to generate desc.xml


3) Configure Apache
===================

A sample Apache configuration file is provided in doc/nuface_apache.conf. Just
replace /path/to/some/file with the htpasswd file you created with htpasswd
utility.


4) How to configure /etc/sudoers
================================

Nuface must be able to run /etc/init.d/init-firewall to load rules.

We use the program sudo for that, and so you have to allow it.
Edit /etc/sudoers file and add the lines:
------------------------8< -----------------------------------
Cmnd_Alias      NETWORK_SCRIPTS = /etc/init.d/init-firewall
Defaults:www-data       !authenticate

www-data HOSTNAME=NETWORK_SCRIPTS
------------------------8< -----------------------------------

You have to change:
 - HOSTNAME is your hostname, set your real hostname !
 - www-data is the user identifier used to run the web server (Apache)

5) Install init scripts
=======================

If you use Nuface with NuFW ($nufw_firewall set to true), just run the following commands::
  cp doc/init-firewall
  update-rc.d init-firewall defaults

If not ($nufw_firewall set to false), you should use a wrapper for init-firewall, in order to run unauthenticating rules on boot.

To do that, run the following commands::
  cp doc/init-*firewall /etc/init.d/
  update-rc.d init-sdt-firewall defaults

