Skip to content

netfoundry/zfw-zet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.github/workflows
.github/workflows
 
 
files
files
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

zfw-zet

Installation

Ubuntu

  1. Install package via the installation script.
curl -sSLf https://raw.githubusercontent.com/netfoundry/zfw-zet/refs/heads/main/files/install-zfw-zet.bash | bash
  1. Enable and start the service
sudo systemctl enable --now ziti-edge-tunnel.service
  1. Add an Identity.
sudo ziti-edge-tunnel add --jwt "$(< ./in-file.jwt)" --identity myIdentityName

Debian

Debian Release UBUNTU_LTS Architecture
13 Trixie jammy x86_64, arm64
12 Bookworm jammy x86_64, arm64
11 Bullseye focal x86_64, arm64
  1. Refer to the table to find the Ubuntu release name that is the contemporary of the Debian release. Substitute the Ubuntu release name for focal for the definition below.
UBUNTU_LTS=focal
  1. Install gpg package if not installed already.
sudo apt update
sudo apt install --yes gnupg2
  1. Subscribe the system to the OpenZiti package repository for the UBUNTU_LTS specified above.
echo "deb [signed-by=/usr/share/keyrings/netfoundry-cloud.gpg] https://netfoundry.jfrog.io/artifactory/netfoundry-cloud-deb-stable ${UBUNTU_LTS} main" \
  | sudo tee /etc/apt/sources.list.d/zfw.list >/dev/null
  1. Install the package signing pubkey.
curl -sSLf https://netfoundry.jfrog.io/artifactory/api/security/keypair/public/repositories/netfoundry-cloud-deb-stable \
  | sudo gpg --dearmor --output /usr/share/keyrings/netfoundry-cloud.gpg
  1. Ensure the pubkey is readable by all.
sudo chmod a+r /usr/share/keyrings/netfoundry-cloud.gpg
  1. Refresh the package list and install zfw-zet
sudo apt update
sudo apt install --yes zfw-zet
  1. Add interfaces to run zfw interception
sudo vi /opt/openziti/etc/ziti-edge-tunnel.env
  • Set ziti-edge-tunnel worker threads to 1
UV_THREADPOOL_SIZE=1
  • To provide bi-directional transparency support only add
ZITI_DIVERTER=<comma separated interface list> e.g. ZITI_DIVERTER="eth0,eth1"
  • To provide full IPv4/V6 firewalling add
ZITI_FIREWALL=<comma separated interface list> e.g. ZITI_FIREWALL="eth0,eth1"
    • You can specify user rules and load them into zfw automatically. For more information about user rules, please refer to the zfw Readme file
    • The user rules only get loaded at the start of the ziti-edge-tunnel, any modifications to the file will require a restart of the ziti-edge-tunnel service.**
  1. Enable and start the service
sudo systemctl enable --now ziti-edge-tunnel.service
  1. Add an Identity.
sudo ziti-edge-tunnel add --jwt "$(< ./in-file.jwt)" --identity myIdentityName

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases 4

v0.0.4 Latest
Dec 20, 2024
+ 3 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages