Recompiling the kernel- part 2


 

 

 

 

 

Introduction to this web page

This is a sequel to the page about recompiling the kernel, in order to have a kernel in a live firewall that is matched to the function of the firewall.

 

Modifying a live production firewall

Based on my experiences of recompiling the kernel on a laboratory based firewall, the last thing I wanted to do was to try to compile a new kernel in a live production firewall, where there is a considerable user dependency on the existence of a working firewall.

I therefore investigated the possibility of importing a replacement already-built kernel into the live firewall.

It turned out it is very easy, and only involved the following steps :-

  • Copy on to a CD or memory stick or whatever

    • /boot/vmlinuz-2.4.20-fw

    • /boot/initrd-2.4.20-fw.img

    • /lib/modules/2.4.20-fw/

    This last one had to be done as a recursive copy process, as the whole folder, including all the sub folders and all the files are required.

    This folder of course contains all the kernel modules that the kernel requires for its correct function.

  • Copy them into the same locations on the live firewall.

  • Edit /etc/grub.conf to show the new kernel

  • Restart the firewall, selecting the new kernel

And that is all that was required.

There was an error message generated during the copying of the kernel modules folder, which advised that a file called "Build" could not be copied. This isn`t a problem, as this file is a symbolic link to the source code folder in /kernel/, and the live firewall works fine without it. As far as I am aware, there is no general requirement for the source code to exist in a Linux installation.

 

The results

Very cool !

A very noticeable reduction in transit time through the firewall. Sorry, I can`t quantify it in terms of seconds or milliseconds, but as a user interaction with server based services is much faster.

 


© 2004 Ron Turner


Return to the Firewall index page