Skip to content

Latest commit

 

History

History
105 lines (75 loc) · 2.75 KB

README.md

File metadata and controls

105 lines (75 loc) · 2.75 KB

zfw-zet

Installation

Ubuntu

  1. Install package via the installation script.
curl -sSLf https://raw.githubusercontent.com/netfoundry/zfw-zet/refs/heads/main/files/install-zfw-zet.bash | bash
  1. Enable and start the service
sudo systemctl enable --now ziti-edge-tunnel.service
  1. Add an Identity.
sudo ziti-edge-tunnel add --jwt "$(< ./in-file.jwt)" --identity myIdentityName

Debian

Debian Release UBUNTU_LTS Architecture
13 Trixie jammy x86_64, arm64
12 Bookworm jammy x86_64, arm64
11 Bullseye focal x86_64, arm64
  1. Refer to the table to find the Ubuntu release name that is the contemporary of the Debian release. Substitute the Ubuntu release name for focal for the definition below.
UBUNTU_LTS=focal
  1. Install gpg package if not installed already.
sudo apt update
sudo apt install --yes gnupg2
  1. Subscribe the system to the OpenZiti package repository for the UBUNTU_LTS specified above.
echo "deb [signed-by=/usr/share/keyrings/netfoundry-cloud.gpg] https://netfoundry.jfrog.io/artifactory/netfoundry-cloud-deb-stable ${UBUNTU_LTS} main" \
  | sudo tee /etc/apt/sources.list.d/zfw.list >/dev/null
  1. Install the package signing pubkey.
curl -sSLf https://netfoundry.jfrog.io/artifactory/api/security/keypair/public/repositories/netfoundry-cloud-deb-stable \
  | sudo gpg --dearmor --output /usr/share/keyrings/netfoundry-cloud.gpg
  1. Ensure the pubkey is readable by all.
sudo chmod a+r /usr/share/keyrings/netfoundry-cloud.gpg
  1. Refresh the package list and install zfw-zet
sudo apt update
sudo apt install --yes zfw-zet
  1. Add interfaces to run zfw interception
sudo vi /opt/openziti/etc/ziti-edge-tunnel.env
  • Set ziti-edge-tunnel worker threads to 1
UV_THREADPOOL_SIZE=1
  • To provide bi-directional transparency support only add
ZITI_DIVERTER=<comma separated interface list> e.g. ZITI_DIVERTER="eth0,eth1"
  • To provide full IPv4/V6 firewalling add
ZITI_FIREWALL=<comma separated interface list> e.g. ZITI_FIREWALL="eth0,eth1"
    • You can specify user rules and load them into zfw automatically. For more information about user rules, please refer to the zfw Readme file
    • The user rules only get loaded at the start of the ziti-edge-tunnel, any modifications to the file will require a restart of the ziti-edge-tunnel service.**
  1. Enable and start the service
sudo systemctl enable --now ziti-edge-tunnel.service
  1. Add an Identity.
sudo ziti-edge-tunnel add --jwt "$(< ./in-file.jwt)" --identity myIdentityName