The directory structure of Barracuda CloudGen Firewall systems is split into organizational units. You will find the configuration files arranged in administrative subunits within subdirectories of the configuration root directory. This article provides information on the directories that contain system configuration files.
Directories Containing Configuration Files
Configuration files for the system are contained in the following directories:
/opt/phion/config/configroot
The /opt/phion/config/configroot directory contains all configuration files that are constantly changed. The configuration tree of NG Admin starts in this directory. The box configuration is retrieved from this directory by Barracuda Firewall Admin. This directory will only contain empty configuration files for a fresh Barracuda CloudGen Firewall installation. If any service is added, the template files are copied from the corresponding directory at /opt/phion/modules/directory/box.
The Open configuration column displays the file structure as it is in this directory.
/opt/phion/config/active
The /opt/phion/config/active directory contains the active box configuration.
/opt/phion/modules/box
The /opt/phion/modules/box directory contains all default configuration (confdef) files and required scripts for activation and verification. The directory itself is split into several subdirectories. Usually, a corresponding subdirectory for each configuration file is found in the /opt/phion/config/configroot directory. Most subdirectories contain a bin directory with a verify and activate script or a binary or both.
Example for the directory structure:
[root@Bart:~]# cd /opt/phion/config/configroot/
[2005-10-07 16:57 UTC] [-root shell-] [-powered by Cuda IT-]
[root@Bart:
/opt/phion/config/configroot]# ll
total 176
drwxr-xr-x 9 root root 4096 Oct 7 15:40 .
drwxr-xr-x 8 root root 4096 Oct 7 15:40 ..
-rw-r--r-- 1 root root 141 Oct 5 10:57 1
-rw------- 1 root root 421 Oct 5 10:31 boxadm.conf
-rw------- 1 root root 146 Oct 5 10:31 boxadm.desc
-rw-r--r-- 1 root root 131 Oct 5 10:31 boxadm.param
-rw------- 1 root root 196 Oct 4 13:07 box.conf
-rw------- 1 root root 131 Oct 4 13:07 box.desc
-rw------- 1 root root 2580 Oct 4 13:07 boxkey.conf
-rw------- 1 root root 137 Oct 4 13:07 boxkey.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 boxkey.param
-rw------- 1 root root 1490 Oct 4 13:07 boxnet.conf
-rw------- 1 root root 135 Oct 4 13:07 boxnet.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 boxnet.param
drwxr-xr-x 2 root root 4096 Oct 4 13:07
boxother
-rw------- 1 root root 139 Oct 4 13:07 boxother.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 boxother.param
-rw-r--r-- 1 root root 131 Oct 4 13:07 box.param
-rw------- 1 root root 857 Oct 4 13:07 boxqos.conf
-rw------- 1 root root 165 Oct 4 13:07 boxqos.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 boxqos.param
drwxr-xr-x 2 root root 4096 Oct 4 13:07
boxsrv
-rw------- 1 root root 142 Oct 4 13:07 boxsrv.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 boxsrv.param
-rw------- 1 root root 217 Oct 4 13:07 boxsys.conf
-rw------- 1 root root 142 Oct 4 13:07 boxsys.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 boxsys.param
drwxr-xr-x 2 root root 4096 Oct 7 15:07
data
-rw------- 1 root root 106 Oct 4 13:07 data.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 data.param
drwxr-xr-x 3 root root 4096 Oct 4 13:07
gdata
-rw------- 1 root root 107 Oct 4 13:07 gdata.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 gdata.param
drwxr-xr-x 3 root root 4096 Oct 4 04:51 LostAndFound
-rw------- 1 root root 3352 Oct 4 13:07 masterpub.conf
-rw------- 1 root root 167 Oct 4 13:07 masterpub.desc
-rw-r--r-- 1 root root 131 Oct 4 13:07 masterpub.param
drwxr-xr-x 2 root root 4096 Oct 4 04:51
pool
-rw------- 1 root root 1227 Oct 4 13:07 roles.conf
rw-------
1 root root 164 Oct 4 13:07 roles.desc
This example shows the /opt/phion/config/configroot directory containing the boxnet.conf file. In the /opt/phion/modules/box directory, the boxnet subdirectory contains the .conf files and links to the activation and verification files.
The /opt/phion/modules/box directory contains two important subdirectories:
- /opt/phion/modules/box/boxother – This directory corresponds to Box Misc.
- /opt/phion/modules/box/boxsrv – This directory corresponds to Box Services.
Generally, all box services, such as the Firewall, Event, and Statistics services, are located in boxsrv. Other configuration items, such as authentication schemes, bootloader, or box licenses, are located in boxother. The confdef file determines the look of a window in Barracuda Firewall Admin (input fields, labels, buttons).
/opt/phion/modules/box/boxother
When a node is opened in the Box Misc. branch, the configuration is read from the /opt/phion/modules/box/boxother directory.
/opt/phion/modules/box/boxsrv
When a node is opened in the Box Services branch, the configuration is read from the /opt/phion/modules/box/boxsrv directory.
Subdirectories for the Configuration Tree Directory
On every Barracuda CloudGen Firewall system there is a configuration tree that contains all necessary information to keep the system up and running. The tree is at /opt/phion/config and contains the following subdirectories:
active
The active subdirectory contains the active configuration that is used by the currently running services. It contains two important files: boxadmin.conf and boxnet.conf.
configroot
The configroot directory is the directory for the GUI’s management configuration tree.
history
The history directory contains the DB files for internal use only. This directory must not be changed manually.
sessions
The sessions directory contains information for opened sessions.
update
The update directory contains all files that are required for syncing with another system (e.g., high availability system).
Checking the Integrity of Configuration Files
To check the integrity of the boxnet.conf and boxadm.conf files, use the verify (/etc/phion/bin/verify) script. This script is also used for network configuration checks from the Barracuda Firewall Admin GUI.
The following table displays example output from running the verify script:
[root@winix:/var/phion/logs]# verify /opt/phion/config/configroot/boxnet.conf
SUCCESS: No obvious critical consistency errors in box configuration
Info: [0140000] º boxnet(k,ARGS): box reaches MC@10.0.6.3 from 10.0.6.31 via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm internal«
Info: [0140000] º boxnet(k,ARGS): box reaches MC@10.0.6.2 from 10.0.6.31 via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm internal«
Info: [0140000] º boxnet(k,ARGS): box reaches server NTP@10.0.6.96 from 10.0.6.31 via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm
internal«
Info: [0140000] º boxnet(k,ARGS): box reaches server DNS@10.0.6.90 from all via »10.0.6.0/8 dev eth0 src 10.0.6.31 realm
internal«
Info: [0140000] º boxnet(k,ARGS): logical check passed
[ local networks ]
|name |addr |dev |ping |mgmt |ntpd
---------------------------------------------------------------net0
|loop |127.0.0.1/8 |lo |y |y |n
net1
|fw |127.0.1.1/8 |tap0 |y |n |n
net2
|vpn |127.0.2.1/8 |tap1 |y |n |n
net3
|vpnpers |127.0.3.1/8 |tap2 |y |n |n
net4
|mip0 |10.0.6.31/8 |eth0 |y |y |y
net5
|ospfVP |10.0.151.33/8 |eth1 |y |n |n
[ management IPs ]
|addr
-------------------------ip0
|127.0.0.1/0
ip1
|10.0.6.31/0
[ servers ]
1: mw
primary box: winix [*] 10.0.6.31
secondary box: linix 10.0.6.32
1st server ip: 172.31.1.33 pingable=yes
2nd server ip: 10.0.60.33 pingable=yes
2: win0
primary box: winix [*] 10.0.6.31
secondary box: -- none -
1st server ip: 172.31.1.33 pingable=yes
2nd server ip: 172.31.70.2 pingable=yes
add server ip: 10.0.60.32 pingable=yes
add server ip: 10.0.61.32 pingable=yes
add server ip: 172.16.0.1 pingable=yes
add server ip: 172.16.1.1 pingable=yes
add server ip: 10.0.6.33 pingable=yes
add server ip: 10.0.150.33 pingable=yes
[ IP tunnels ]
|status |name |mode |dev/src addr | local <-> remote
--------------------------------------------------------------------------------------tu0
|ready |tun1 |gre |10.0.150.33/8 | 10.0.151.33 <-> 10.0.151.8
[ routing structure ]
Type indicators: 'u' .... unicast, 'Ø' .... unreachable, '¤' .... stop lookup
State indicators: '®' .... ready, '×' .... pending, '¿' .... dynamic, '¬' .... inactive
1: u from 0.0.0.0/32 prio 0 table local
2: u from 0.0.0.0/32 prio 3 table vpnlocal
3: u from 0.0.0.0/32 prio 10000 table main
Activating Configuration Changes
From the CLI, you can change your system configuration by editing the files in the /opt/phion/config/configroot directory. After checking the integrity of the edited files, copy them to the /opt/phion/config/active directory that contains active system configurations. Then execute the activate command to activate your changes. You must also refresh Barracuda Firewall Admin to display your new configurations.
To change and activate configuration changes from the CLI:
- Back up the files in the /opt/phion/config/active directory.
- At the command line, change to the /opt/phion/config/configroot directory.
- Make the required changes to the appropriate file. For example, you can edit the boxnet.conf file.
- Change to the /bin directory at /opt/phion/modules/box/ for the configuration file that you edited. Enter:
cd /opt/phion/modules/box/<config file>/bin
cd /opt/phion/modules/box/boxnet/bin
- Verify the integrity of the configuration file that you edited in the /opt/phion/config/configroot directory. Enter:
verify <path to the file in configroot directory>
verify /opt/phion/config/configroot/boxnet.conf
After the edited configuration file has been successfully checked, copy it to the /opt/phion/config/active directory.
- Change into the /bin directory at /opt/phion/modules/box/ and activate the configuration.
cd /opt/phion/modules/box/<config file>/bin
activate
cd /opt/phion/modules/box/boxnet/bin
activate
Refresh the configurations in Barracuda Firewall Admin. You have two options:
Click Disconnect and then click Reconnect.
In the Config Tree, right-click the top node and select Refresh Complete Tree.