Chapter 2. SmallWall Hacker's Guide

Table of Contents

2.1. Modifying a running firewall with exec.php
2.2. Modifying an image with
2.3. Working with a running file system with pxe boot
2.3.1. The Kernel
2.3.2. The Modules
2.3.3. The root filesystem
2.3.4. For the impatient
2.3.5. The loader and pxe config
2.3.6. GO
2.4. Unpacking/Editing/Packing the Source
2.5. Submitting Changes

This chapter has a bit of history. It originated from Chris Buechler's original m0n0wall documentation that took a lot from Rudi van Drunen's m0n0wall Hackers Guide. However, sections 1 and 2 are all new.

SmallWall is open-source software: If it does not quite do what you want, you can change it yourself, or have someone else of your choice change it for you. There are many ways to do this, and the official way is documented in the image building section. But for those who just want a minor change quickly, there are other options.

Note that the instructions in this guide are meant as guidelines, your mileage may vary. Also, hacking low level things may seriously mess up your development system, target system, or other systems, please take care.

There are three different methods to "hack" SmallWall that we will cover here.

  1. Modifying a running firewall with exec.php

  2. Modifying an image with

  3. Working with a running file system with pxe boot.

2.1. Modifying a running firewall with exec.php

Some times you do not need a full image, but just a quick test of some change. You can use SmallWall's built in features to test newly developed features. With this method you are not able to compile new binaries on the box, but are able to add php pages into the environment, as well as pre-compiled binaries.

  1. Develop the page

  2. Open a browser and point it to http://SmallWall-ip/exec.php or use https if you have enabled it. It is generally easiest if you simply log into your firewall, and then append exec.php to the end of the url.

  3. Upload the page and any binaries needed for it to function properly via exec.php.

  4. Execute the following to place php pages into the www root.

    mv /tmp/*.php /usr/local/www 
  5. If you need any binaries for the page to work, copy them into the appropriate places.

  6. Use chmod to make your pages readable and executable by the web server. For example, to make all your web pages read and execute;

    chmod 755 /usr/local/www/* 
  7. Type in the address of your new page to try out your experiment.

Using this method, the image will revert after a reboot in case you messed something up. You may wish to write a script to move everything into its proper place and upload that along with your pages / binaries if the feature requires many files. Then simply execute the script in exec.php. After you have successfully tested the feature, and are happy with the result, submit your work to the forums at or email for it to be added to the project.