1 | # Stolen from /sbin/dhclient-script using using no /usr based binaries.
|
---|
2 | # Converts an commented list into a SEP (default space) seperated list.
|
---|
3 | make_list() {
|
---|
4 | SEP=${2:-' '}
|
---|
5 | oldifs="$IFS"
|
---|
6 | IFS="
|
---|
7 | "
|
---|
8 | list=""
|
---|
9 | for line in $1; do
|
---|
10 | line=${line%%[ \t#]*}
|
---|
11 | [ -n "$line" ] && list="$list$SEP$line"
|
---|
12 | done
|
---|
13 | IFS=${oldifs}
|
---|
14 | echo ${list##$SEP}
|
---|
15 | }
|
---|
16 |
|
---|
17 | # No kernel dumps as we don't have a place to store them
|
---|
18 | dumpdev="NO"
|
---|
19 |
|
---|
20 | # We are an router/gateway (wireless to be precise) running the lvrouted
|
---|
21 | # routing daemon.
|
---|
22 | gateway_enable="YES"
|
---|
23 | lvrouted_enable="YES"
|
---|
24 | lvrouted_flags="-u -s s00p3rs3kr3t -m 28"
|
---|
25 |
|
---|
26 | # Takes lvrouted a small while to create reachable network nodes, make sure to
|
---|
27 | # wait on it,to saves some bootup warnings.
|
---|
28 | netwait_enable="YES"
|
---|
29 | netwait_timeout="20"
|
---|
30 | netwait_ip="8.8.8.8 172.16.4.46 172.27.129.1 172.17.14.1"
|
---|
31 |
|
---|
32 | # Block the full range as smaller subnets are used for allowances, this avoids
|
---|
33 | # traffic going out (due to the default route) to unreachable parts to the
|
---|
34 | # 172.16.0.0/12 network.
|
---|
35 | static_routes="quickstop"
|
---|
36 | route_quickstop="-net 172.16.0.0/12 127.0.0.1 -reject"
|
---|
37 |
|
---|
38 | # NTP server needs working config with WL network or internet on boot
|
---|
39 | # so some warnings might pop up, but no harm
|
---|
40 | ntpdate_enable="YES"
|
---|
41 | ntpdate_flags="-b -s"
|
---|
42 | ntpd_enable="YES"
|
---|
43 | ntpd_sync_on_start="YES"
|
---|
44 | ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift"
|
---|
45 |
|
---|
46 | # We need no running mail server
|
---|
47 | sendmail_enable="NONE"
|
---|
48 |
|
---|
49 | # Don't let syslog accept input from other remote hosts
|
---|
50 | syslogd_enable="YES"
|
---|
51 | syslogd_flags="-s -N -A -c"
|
---|
52 |
|
---|
53 | # Remote login without DNS checking as it might not also be functionable
|
---|
54 | # -u0 prevent sshd from making DNS requests unless the authentication mechanism
|
---|
55 | # or configuration requires it.
|
---|
56 | sshd_enable="YES"
|
---|
57 | sshd_flags="-u0"
|
---|
58 |
|
---|
59 | # Monitoring deamons; monit replaced watchdogd
|
---|
60 | snmpd_enable="YES"
|
---|
61 | snmpd_flags="-Ls 1"
|
---|
62 | monit_enable="YES"
|
---|
63 |
|
---|
64 | # Performance profiling
|
---|
65 | iperf_enable="YES"
|
---|
66 |
|
---|
67 | # HTTP(S) proxy server
|
---|
68 | tinyproxy_enable="NO"
|
---|
69 |
|
---|
70 | # Make sure generated ssh keys are saved
|
---|
71 | nanobsd_save_sshkeys_enable="YES"
|
---|
72 |
|
---|
73 | # Deprecated: low-memory footprint DHCP and non-authorative recursive
|
---|
74 | # forwarding DNS resolver
|
---|
75 | dnsmasq_enable="NO"
|
---|
76 |
|
---|
77 | # Normal node, consist of fully-fleshed caching resolver and autoritive DNS
|
---|
78 | # server for reverse entries (de-centralized setup).
|
---|
79 | unbound_enable="YES"
|
---|
80 | unbound_anchorflags="-f /etc/resolv.conf"
|
---|
81 | nsd_enable="YES"
|
---|
82 |
|
---|
83 | # Explicitly enable isc-dhcp43-server, the alternative for dnsmasq
|
---|
84 | dhcpd_enable="YES"
|
---|
85 | dhcpd_flags="-q"
|
---|
86 |
|
---|
87 | # WL Captive Portal and WL Web Config Overview
|
---|
88 | apache24_enable="YES"
|
---|
89 | http302_enable="YES"
|
---|
90 |
|
---|
91 | # Hybrid setup, requires outgoing VPN Server
|
---|
92 | openvpn_enable="NO"
|
---|
93 | openvpn_if="tap"
|
---|
94 | openvpn_configfile="/usr/local/etc/openvpn/client.conf"
|
---|
95 |
|
---|
96 | # Enable the firewall by default, needed for port redirection (captive portal,
|
---|
97 | # splash screen)
|
---|
98 | pf_enable="YES"
|
---|
99 |
|
---|
100 | # Autogenerated flags are used during runtime
|
---|
101 | rc_conf_running='/etc/rc.conf.running'
|
---|
102 | if [ -r $rc_conf_running ]; then
|
---|
103 | . $rc_conf_running
|
---|
104 | else
|
---|
105 | : > $rc_conf_running
|
---|
106 | fi
|
---|