Linux kernel documentation is evil. For example, lets look at the Linux 2.4 packet filtering HOWTO. It mentions, and I quote: "This means you need kernel 2.3.15 or beyond, and answer `Y' to CONFIG_NETFILTER in the kernel configuration.". What the documentation does not mention is that you need to enable some other things in the kernel to get the example basic firewall to work. In more detail:
CONFIG_NETFILTER=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_FILTER=y
It took me hours to figure this out; I finally found the hidden "netfilter configuration" submenu, which is nowhere near the part of the menu where you enable netfilter. Grrrr....
After doing that, I was quickly able to set up X to use an international keyboard. It was a simple matter of adding a single line to my awk script that customizes X, and a /var/lib/xkb directory to the ramdisk.
I was able to make some more room on the disk by removing all duplicate files in my huge set of English lessons. With the extra room, I was able to have a kernel with full built-in iptables support and the iptables program (about 200k when all was said and done); and a zipfile with the the entire Bible in HTML (about 1.6 megs), and one English lesson I had to delete from yesterday's version of MOAM-CD. All of this is in my private 200meg MINI-CD; the public version only has some programs MOAM-CD uses and script to make a CD image on a CentOS 3 system with Opera installed.
I was up until 2:30 AM deal with all of this. I think I am done with the MOAM-CD project for now; I now have a system that has X refreshed at 70hz (easy on my eyes), a recent Web browser (that is reasonably secure as long as I don't install earlier versions of Flash), and even a full C development environment for developing MaraDNS. Not to mention Freecell (Ace of Penguins is so tiny, this is a freebie: 200k including the PNG library Ace of Penguins uses)
The public version is here:
http://www.samiam.org/moof/moam-cd-0.2.tar.bz2 (sig)
So now that this is done, I can deal with MaraDNS again. I will look at those two issues this weekend. Hopefully.
- Sam
