I have an ongoing and never ending documentation project for all aspects of my SOHO Network and IT in general. So when I do things I try to update that.
This is something I most seriously have to do, in case I am not able to handle things myself, being away, or ill, or dead.
So this brings me, obviously, to document my IPFire settings.
I was looking for something like a routing table, but I could not really find anything spot on on the wiki. So I resorted to screenshots. Some things are still missing, but what do you think, is this a viable way? Or in other words, would you be able to recreate my network based on that - plus a map of topology ?
The simplest approach here would seem to be to keep a copy of the latest backup plus backups of the individual addons.
If any changes are made then the backup is updated. Then keep the backup on a usb stick.
Then the documentation only needs to focus on the installation of IPFire with your documented subnets/netmasks together with the IP’s for each of the internal zones you have. Then document the running of the restore of the backup, installation of each addon and the restore from each of their backups.
It’s certainly a viable way. How successful it would be is dependent on the capabilities of whoever will be doing the re-installation. On the first page you mention green as being 192.168.1.1/24 but in the installation they have to just put 192.168.1.1 and know that the default netmask of 255.255.255.0 is equivalent to /24
As your intent is for it to be for someone doing it on your behalf when you are not available then you should also test out giving them the documentation and letting them follow it to see if any changes/additions are needed.
There is nothing about the actual installation itself and I think that is very important.
You mention in the zones section about being important to connect the right cable to the right port.
I have my cables with a label on them for the network colour and then I have a label with R G B O on the top of the machine above where the network ports are located. That also helps me remember which port to use for which cable when I have to disconnect things.
I also have a document that lists the mac address for each port and which colour zone that is intended for and which network address to use for each zone.
I put the focus on the installation and then deal with the settings by using the restore from the backup but I am doing it for myself. If I am not available there won’t be anyone else using the network.
EDIT:
One thing I have noticed that is missing is the details of which rulesets you have selected for the IPS ruleset providers. You list the ruleset providers but nothing from the Customize Ruleset page.
Low attrition increases compliance. You need just to take the notebook and write with your pen, minimizing the chance of procrastination.
Permanence. The information is not subjected to any digital decay problem. The risk of losing the data is greatly minimized.
Edit: there is a third advantage. Writing with pen and paper engages the brain in a very different way than using the keyboard and mouse. We think more clearly when we need to activate the fine motor skills necessary to write. This is a well know cognitive effect of hand-writing.
Technology might help you here. Can’t be sure about the timeline, but the fact that one day in the near future you will be able to train a language model to answer to questions exactly like you would do, is almost certain. It is already possible, just too expensive, however the field is growing at an exponential pace. I don’t think the possibility to train and continuously fine tune your own model at the price of a today consumer desktop is that far in the future. Possibly in less than 5 years, more likely less then 10. Unless of course something really bad happens to humanity, which is always a possibility.
“you should also test out giving them the documentation and letting them follow it to see if any changes/additions are needed”
If you are serious, do this.
It is harder than you think, because when following your own procedure you mentally fill in gaps or make minor corrections then forget you made them. Have somebody else follow it, hands off.
My documentation includes four diagrams:
Firewall concept: five coloured boxes and thick arrows to show what zone can access what – true if a single device can access a single other device for a single purpose.
Design concept: Essentially the layers of routing, switching, WiFi and devices to show where everything is in relation to each other, not the house, with DHCP zones.
Physical connections: What primary elements (routers, APs, switches, devices) are connected to which ethernet points around the house.
Patch panel: What zones are on what ports, with a photograph to show the cables there.
I agree with cfusco about the utility of pen and paper. The above diagrams are created in Omnigraffle.
I may have an advantage that my target audience is my adult son, brighter and far more highly skilled than me, so my wife would rely on him anyway albeit he is hundreds of Km away
As for methodology, right now I am more focused on
as Adolf posted, getting all the information
in a readable format
in an “executable” way, kinda like ISO 9001 which I did, and do, on occasion… ( there may be other relevant ISO’s, I am not an ISO nerd, only know I have done that one).
So I will keep typing and screenshotting, prepare a USB, se how that should be done, and take it from there. Try a disaster recovery…
My best option is my son-in-law, 400 kilometres away… I am the brightest and most skilled in IT anywhere closer than that.