source: hybrid/branches/releng-11/nanobsd/files/etc/rc.conf@ 14155

# Stolen from /sbin/dhclient-script using using no /usr based binaries.

# Converts an commented list into a SEP (default space) seperated list.

make_list() {

  SEP=${2:-' '}

  oldifs="$IFS"

  IFS="

"

  list=""

  for line in $1; do

    line=${line%%[ \t#]*}

    [ -n "$line" ] && list="$list$SEP$line"

  done

  IFS=${oldifs}

  echo ${list##$SEP}

}



# No kernel dumps as we don't have a place to store them 

dumpdev="NO"                    



# We are an router/gateway (wireless to be precise) running the lvrouted

# routing daemon.

gateway_enable="YES"

lvrouted_enable="YES"

lvrouted_flags="-u -s s00p3rs3kr3t -m 28"



# Takes lvrouted a small while to create reachable network nodes, make sure to

# wait on it,to saves some bootup warnings.

netwait_enable="YES"

netwait_timeout="20"

netwait_ip="8.8.8.8 172.16.4.46 172.27.129.1 172.17.14.1"



# Block the full range as smaller subnets are used for allowances, this avoids

# traffic going out (due to the default route) to unreachable parts to the

# 172.16.0.0/12 network. 

static_routes="quickstop"

route_quickstop="-net 172.16.0.0/12 127.0.0.1 -reject"



# NTP server needs working config with WL network or internet on boot

# so some warnings might pop up, but no harm

ntpdate_enable="YES"

ntpdate_flags="-b -s"

ntpd_enable="YES"

ntpd_sync_on_start="YES"

ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift"



# We need no running mail server

sendmail_enable="NONE"



# Don't let syslog accept input from other remote hosts

syslogd_enable="YES"

syslogd_flags="-s -N -A -c"



# Remote login without DNS checking as it might not also be functionable

# -u0 prevent sshd from making DNS requests unless the authentication mechanism

# or configuration requires it.

sshd_enable="YES"

sshd_flags="-u0"



# Monitoring deamons; monit replaced watchdogd

snmpd_enable="YES"

snmpd_flags="-Ls 1"

monit_enable="YES"



# Performance profiling

iperf_enable="YES"



# HTTP(S) proxy server

tinyproxy_enable="NO"



# Make sure generated ssh keys are saved 

nanobsd_save_sshkeys_enable="YES"



# Deprecated: low-memory footprint DHCP and non-authorative recursive

# forwarding DNS resolver

dnsmasq_enable="NO"



# Normal node, consist of fully-fleshed caching resolver and autoritive DNS

# server for reverse entries (de-centralized setup).

unbound_enable="YES"

unbound_anchorflags="-f /etc/resolv.conf"

nsd_enable="YES"



# Explicitly enable isc-dhcp43-server, the alternative for dnsmasq

dhcpd_enable="YES"

dhcpd_flags="-q"



# WL Captive Portal and WL Web Config Overview

apache24_enable="YES"

http302_enable="YES"



# Hybrid setup, requires outgoing VPN Server

openvpn_enable="NO"

openvpn_if="tap"

openvpn_configfile="/usr/local/etc/openvpn/client.conf"



# Enable the firewall by default, needed for port redirection (captive portal,

# splash screen)

pf_enable="YES"



# Autogenerated flags are used during runtime

rc_conf_running='/etc/rc.conf.running'

if [ -r $rc_conf_running ]; then

  . $rc_conf_running

else

  : > $rc_conf_running

fi