1.1. Procedure – Zorp startup and initialization

  1. The zorpctl utility loads the instances.conf file and starts the main zorp program. The instances.conf file stores the parameters of the configured Zorp instances.

  2. zorp performs the following initialization steps:

    • Sets the stack limit.

    • Creates its PID file.

    • Changes the running user to the user and group specified for the instance.

    • Initializes the handling of dynamic capabilities and sets the chroot directory.

    • Loads the firewall policy from the policy.py file.

  3. The init() of Zorp initializes the ruleset defined for the Zorp instance.

  4. The kzorp kernel module uploads packet-filtering services, rules, and zones into the kernel.

    Note

    Zorp creates four sockets (one for each type of traffic: TCP IPv6, TCP IPv4, UDP IPv6, UDP IPv4); the kzorp module directs the incoming connections to the appropriate socket.