8 files changed, 328 insertions, 15 deletions
diff --git a/content/software/OpenBSD_firewall.md b/content/software/OpenBSD_firewall.md
new file mode 100644
index 0000000..baa9794
--- /dev/null
+++ b/content/software/OpenBSD_firewall.md
@@ -0,0 +1,222 @@
++++
+title = "OpenBSD-Firewall"
+description = "OpenBSD firewall via scripts"
++++
+
+## History
+
+Earlier versions of this project were used at Eurospider by Mihai Barbos (https://github.com/mbarbos) 
+to build corporate-style firewalls with Portwell hardware.
+
+It ran on a Soekris net6501 for 4 years.
+
+Newer versions run on a Network LES of Thomas Krenn now.
+
+I merely collected the ideas and updated them to new versions of OpenBSD and cleaned up the repository a little bit. :-)
+
+And I'm using it at home on an Alix 2D.13.
+
+## Git
+
+Further development happens on git://git.andreasbaumann.cc/OpenBSD-firewall.git
+or http://git.andreasbaumann.cc/cgit/OpenBSD-firewall/.
+
+## Install
+
+Check disk geometry of flash with:
+
+    disklabel wd0
+
+Adapt disk geometry in hardware/[machine]/flash_params.
+
+Run 'build.sh [machine] [flash_profile]', e.g.
+
+    build.sh firewall-test firewall-test
+
+Transfer image to flash:
+
+    dd if=[machine].img of=/dev/wd0c
+
+or remotely (after booting from floppy dongle or from hard disk):
+
+    dd if=[machine].img | ssh [machine] "dd of=/dev/wd1c"
+
+## Directory layout
+
+- build.sh: central build script
+- doc: various documentation
+- template: common files with variables being substituted and then copied to the image
+- config: machine-specific configuration (e.g. pf.conf)
+- hardware: flash disk geometry for specific machines
+
+## News
+
+14.4.2024:
+
+    updated to OpenBSD 7.5
+
+19.10.2023:
+
+    updated to OpenBSD 7.4
+
+20.4.2023:
+
+    updated to OpenBSD 7.3
+
+22.10.2022:
+
+    updated to OpenBSD 7.2
+
+1.5.2022:
+
+    updated to OpenBSD 7.1
+
+24.10.2021:
+
+    updated to OpenBSD 7.0
+
+3.6.2021:
+
+    updated to OpenBSD 6.9
+
+22.10.2020:
+
+    updated to OpenBSD 6.8
+
+5.6.2020:
+
+    updated to OpenBSD 6.7
+
+20.10.2019:
+
+    updated to OpenBSD 6.6
+
+11.05.2019:
+
+    updated to OpenBSD 6.5
+
+28.10.2018:
+
+    updated to OpenBSD 6.4
+
+06.05.2018:
+
+    moved repository from Github to a local repository.
+
+15.04.2018:
+
+    updated to OpenBSD 6.3
+
+19.10.2017:
+
+    updated to OpenBSD 6.2
+
+14.4.2017:
+
+    updated to OpenBSD 6.1
+
+18.9.2016:
+
+    updated to OpenBSD 6.0
+
+15.7.2016:
+
+    updated to OpenBSD 5.9
+
+17.1.2016:
+
+    updated to OpenBSD 5.8
+    example shows how to use two nsd's and one unbound to replace a split horizon configuration formerly done with bind views
+
+## Roadmap
+
+- update to new versions of OpenBSD as they come along
+- improve update process, preferably an in-situ update via TFTP
+- deal with logging
+  - sensord
+  - remote syslog
+- various playgrounds
+  - ospf, pfsync, carp
+  - automatic acme and relayd certificate renewal for HTTPS relaying
+
+## Other Embedded OpenBSD projects
+
+Possible small OpenBSD makers (low level):
+
+- CompactBSD: http://compactbsd.sourceforge.net/, back in 2002, looks like OpenBSD 3.x was the last version tested
+- Flashboot: http://www.mindrot.org/projects/flashboot/
+- Flashrd/Flashdist:
+  - http://www.nmedia.net/flashrd/rlsnotes.html
+  - https://github.com/yellowman/flashrd/
+  - http://www.nmedia.net/~chris/soekris/: original page which has gone, flashdist is the older version of flashrd. The EIT firewalls where based on early scripts of Chris Cappuccio (early flashdist)
+- Bowlfish:
+  - http://www.kernel-panic.it/software/bowlfish/: latest version 2.1 seems a little bit old (11.4.2013). The description about Embedded OpenBSD is very worthy to read, gives quite some insights how it works.
+    sort of a normal BSD install, not really automatic
+    seems to be for OpenBSD 4.9, not for 5.x ./install[332]: /usr/mdec/installboot: not found some files in etc missing
+  - Soekris256: http://256.com/gray/docs/soekris_openbsd_diskless/
+
+more high-level:
+
+- http://opensoekris.sourceforge.net/
+- http://compactbsd.sourceforge.net/
+
+others:
+
+- https://andrewmemory.wordpress.com/tag/flashrd/
+- http://www.onlamp.com/pub/a/bsd/2004/03/11/Big_Scary_Daemons.html
+- http://glozer.net/soekris/cf-install.html
+- http://verb.bz/2011/06/12/openbsd-embedded-router/
+
+## Hardware
+
+At Eurospider we had Portwell NAR-2054 (3 and 5 ethernet port versions), 
+some have VGA ports and USBs, others only COMs, so make sure we always 
+get boot output on COM.
+
+It ran on a Soekris net6501 for 4 years, then the Soekris died.
+
+Newer versions run on a Network LES of Thomas Krenn now.
+
+At home I'm running it on an ALIX.2D13 with 3 LAN ports and a WLAN card.
+
+## VirtualBox build and test
+
+Create a VMDK wrapper for the disk image built with 'build.sh firewall-test':
+
+  VBoxManage internalcommands createrawvmdk -filename firewall-test.vmdk -rawdisk firewall-test.image
+
+Copy firewall-test.image from OpenBSD machine to the machine running Virtualbox.
+
+Use COM1 and /tmp/serial, host pipe, create pipe in VirtualBox, then:
+
+  socat unix-connect:/tmp/serial stdio,raw,echo=0,icanon=0
+
+The network devices is 'em0' not 'reX' on VirtualBox (as opposed to the real box, at the time of writting there is no Realtek ethernet card emulated in VirtualBox).
+Troubleshooting
+DMA issues
+
+If you get something like
+
+    pciide0:0:0: bus-master DMA error: missing interrupt, status=0x21
+
+then change the access mode from DMA to PIO x See man wd(4) for the values of flags
+
+    config -e -o /bsd.new /bsd
+
+    UKC> change wd
+    change (y/n) ? y
+    channel [-1] ? -1
+    flags [0] ? 0xff0
+    UKC> quit
+
+    mv -f /bsd.new /bsd
+
+## Links to guides and documentation
+
+- Manpages of OpenBSD
+- http://home.nuug.no/~peter/pf/en/long-firewall.html and his "Book of PF".
+- limit handling in production (connection states): http://www.skeptech.org/blog/2013/01/15/pf-limits-in-openbsd/
+
+## Other projects
+
+http://securityrouter.org, OpenBSD-based, free and commercial versions available, has a GUI
diff --git a/content/software/_index.md b/content/software/_index.md
index 040c967..cf5a707 100644
--- a/content/software/_index.md
+++ b/content/software/_index.md
@@ -11,10 +11,10 @@ title = "Software"
 
 ## C
 
-* [pguse](https://github.com/andreasbaumann/pgfuse): a
+* [PgFuse](/software/pgfuse): a
   [FUSE](http://fuse.sourceforge.net) filsystem for the
   [PostgreSQL](http://www.postgresql.org/) database.
-* [cssh](https://github.com/andreasbaumann/cssh): a small parallel SSH
+* [cssh](http://git.andreasbaumann.cc/cgit/cssh/): a small parallel SSH
   client for copying and executing commands to a cluster of machines.
 
 ## C++
@@ -30,5 +30,7 @@ title = "Software"
 
 ## Administration
 
+* [OpenBSD-firewall](/software/openbsd_firewall): a set of scripts
+  for building a small OpenBSD firewall appliance
 * [Nagios libcurl plugin](/software/nagios_plugin_curl): a
   [Nagios](http://www.nagios.org) plugin replacing check_http
diff --git a/content/software/linux_packaging.md b/content/software/linux_packaging.md
index 64b182a..805aa2c 100644
--- a/content/software/linux_packaging.md
+++ b/content/software/linux_packaging.md
@@ -20,7 +20,10 @@ I stopped to maintain the CRUX packages.
 
 I'm still maintaing some ARCH Linux packages, mainly things I need for
 personal hacking.  
-See my [ARCH packages](http://aur.archlinux.org/packages.php?SeB=m&K=andreas_baumann).
+See my [ARCH packages](https://aur.archlinux.org/packages?O=0&SeB=M&K=andreas_baumann&outdated=&SB=p&SO=d&PP=50).
+
+I'm also taking part in the [Archlinux32](https://www.archlinux32.org) project,
+an effort to keep 32-bit Intel alive for Archlinux.
 
 I'm also trying to play with a [minimalistic Linux](/software/minilinux).
 A little bit extreme maybe, but given the current CoreOS maybe also not. :-)
diff --git a/content/software/luceneanalyzer.md b/content/software/luceneanalyzer.md
index 0728969..f59aa28 100644
--- a/content/software/luceneanalyzer.md
+++ b/content/software/luceneanalyzer.md
@@ -69,6 +69,7 @@ text    va902b  9[1]
 text    valueselect     7[1]
 ```
 
-A Git repository is accessible at **git://github.com/andreasbaumann/LuceneAnalyzer.git** (or at [https://github.com/andreasbaumann/LuceneAnalyzer/](https://github.com/andreasbaumann/LuceneAnalyzer/))
+A Git repository is accessible at **git://git.andreasbaumann.cc/LuceneAnalyzer.git** (or at 
+http://git.andreasbaumann.cc/cgit/LuceneAnalyzer/ )
 
-In case of questions, contact me at <mail at andreasbaumann dot cc>.
+In case of questions, contact me via email.
diff --git a/content/software/minilinux.md b/content/software/minilinux.md
index b89c644..fa8239d 100644
--- a/content/software/minilinux.md
+++ b/content/software/minilinux.md
@@ -32,7 +32,7 @@ qemu -hda minilinux.img
 [view demo session](/minilinux/minilinux.avi)
 
 A Git repository is accessible at 
-**git://github.com/andreasbaumann/minilinux.git** 
-(or at [https://github.com/andreasbaumann/minilinux/](https://github.com/andreasbaumann/minilinux/))
+**git://git.andreasbaumann.cc/minilinux.git** 
+(or at http://git.andreasbaumann.cc/cgit/minilinux/)
 
-In case of questions, contact me at **mail at andreasbaumann dot cc**.
+In case of questions, contact me via email.
diff --git a/content/software/nagios_plugin_curl.md b/content/software/nagios_plugin_curl.md
index 92cbe42..1867b9f 100644
--- a/content/software/nagios_plugin_curl.md
+++ b/content/software/nagios_plugin_curl.md
@@ -3,11 +3,15 @@ title = "Nagios Curl Plugin"
 description = "a [Nagios](http://www.nagios.org) plugin replacing check_http"
 +++
 
-In my job I'm sometimes the deputy of the system administrator. 
-Using nagios/zabbix/SNMP for monitoring I needed a decent plugin 
-for Nagios to do HTTP alive checks. The standard one had some problems 
+In my job I'm taking care of a monitoring system using nagios. 
+For monitoring web sites I needed a decent plugin  for Nagios to do
+HTTP(s) alive checks. The standard 'check_http' plugin had some problems 
 mainly with chunked transfer encoding, thus I hacked a plugin using the
 excellent [libCurl library](http://curl.haxx.se).
 
-The development area is accessible at:  
-[https://github.com/andreasbaumann/nagios-plugin-curl](https://github.com/andreasbaumann/nagios-plugin-curl).
+Further development goes on as 'check_curl' in
+[monitoring-plugins](https://github.com/monitoring-plugins/monitoring-plugins).
+If you want help out testing or developing it should happen there.
+
+An old archived version of the plugin can be found at
+http://git.andreasbaumann.cc/cgit/nagios-plugin-curl/.
diff --git a/content/software/pgfuse.md b/content/software/pgfuse.md
new file mode 100644
index 0000000..3b848bd
--- /dev/null
+++ b/content/software/pgfuse.md
@@ -0,0 +1,66 @@
++++
+title = "PgFuse"
+description = "FUSE filesystem for PostgreSQL"
++++
+
+## Purpose
+
+Store files and their metadata completely in a PostgreSQL database.
+Expose a standard file system with the help of the FUSE API.
+
+## Requirements
+
+- PostgreSQL 8.4 or newer
+- FUSE 2.6 or newer
+
+## History
+
+Yes, I know what happens if you store files in a database (in respect to
+drop of efficiency and incremental backups for instance). :-)
+
+Nevertheless, there are special situations, where a filesystem in a database
+is useful. With FUSE this is also rather simple to write.
+
+The reason I wrote one was a project with lots of data on a ReiserFS (at
+least in 2001, this was), which was more or less immutable and should be 
+efficiently stored away (almost in an archive mode). Backup is no issue
+here (as the files are more or less static after an initial load),
+but space efficiency is an issue.
+
+Most other projects try to map an existing database structure somehow as
+files. This here should strictly deal withs files/dirs as the only
+available model.
+ 
+## Other projects
+
+### Pgfs:
+
+Stores a filesystem in Postgres, exposes it as a NFS server, rather old
+and I was unable to find the sources.
+
+### mysqlfs
+
+The blueprint I used and got inspired from. Does exactly the same for
+the MySQL database.
+  
+ Also the block splitting algorithm I used more or less from this project.
+
+###  libsqlfs
+
+The same for storing files in a Sqlite database.
+  
+### curlftpfs
+
+Blueprint for some debugging code.
+
+## References
+
+- http://www.postgresql.org/docs/
+- http://fuse.sourceforge.net/
+
+A Git repository is accessible at 
+**git://git.andreasbaumann.cc/pgfuse.git** 
+(or at http://git.andreasbaumann.cc/cgit/pgfuse/)
+
+In case of questions, if you want to supply a patch or if you
+want to collaborate on the project contact me via email.
diff --git a/content/software/sqlitexx.md b/content/software/sqlitexx.md
index 5801ffd..6272359 100644
--- a/content/software/sqlitexx.md
+++ b/content/software/sqlitexx.md
@@ -3,7 +3,22 @@ title = "C++ Sqlite interface"
 description = "a C++ library for [sqlite3](http://www.sqlite.org) following ideas of [libpqxx](http://pqxx.org/)"
 +++
 
+### Description
+
 I saw libpqxx some time ago, the defacto standard C++ API for Postgresql
 and was really impressed. Not finding one for Sqlite I decided to write
-one. My efforts are accessible at
-[http://wiki.github.com/andreasbaumann/sqlitexx/](http://wiki.github.com/andreasbaumann/sqlitexx/).
+one. My efforts are accessible at http://git.andreasbaumann.cc/cgit/sqlitexx/.
+
+Current state is work-in-progress. Basic functionality is available as:
+
+- simple connections
+- basic transactions
+- prepared statements
+- result sets
+- support for int, double, text types
+
+My apologies for my C++-style (it’s the first thing I write) and also my apologies to the libpqxx developers if I copied ideas and code from their project..
+Download
+
+Release 0.0.5 is available at http://www.andreasbaumann.cc/sqlitexx/sqlitexx-0.0.5.tar.gz.
+