1 | # No kernel dumps as we don't have a place to store them
|
---|
2 | dumpdev="NO"
|
---|
3 |
|
---|
4 | # We are an router/gateway (wireless to be precise) running the lvrouted
|
---|
5 | # routing daemon.
|
---|
6 | gateway_enable="YES"
|
---|
7 | lvrouted_enable="YES"
|
---|
8 | lvrouted_flags="-u -s s00p3rs3kr3t -m 28"
|
---|
9 |
|
---|
10 | # NTP server needs working config with WL network or internet on boot
|
---|
11 | # so some warnings might pop up, but no harm
|
---|
12 | ntpdate_enable="YES"
|
---|
13 | ntpd_enable="YES"
|
---|
14 | ntpd_sync_on_start="YES"
|
---|
15 | ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift"
|
---|
16 |
|
---|
17 | # We need no running mail server
|
---|
18 | sendmail_enable="NONE"
|
---|
19 |
|
---|
20 | # Don't let syslog accept input from other remote hosts
|
---|
21 | syslogd_enable="YES"
|
---|
22 | syslogd_flags="-s -A -c"
|
---|
23 |
|
---|
24 | # Remote login without DNS checking as it might not also be functionable
|
---|
25 | # -u0 prevent sshd from making DNS requests unless the authentication mechanism
|
---|
26 | # or configuration requires it.
|
---|
27 | sshd_enable="YES"
|
---|
28 | sshd_flags="-u0"
|
---|
29 |
|
---|
30 | # Monitoring deamons
|
---|
31 | nrpe2_enable="YES"
|
---|
32 | snmpd_enable="YES"
|
---|
33 | snmpd_flags="-a -LF w /var/log/snmpd.log"
|
---|
34 |
|
---|
35 | # HTTP(S) proxy server
|
---|
36 | tinyproxy_enable="NO"
|
---|
37 |
|
---|
38 | # Make sure generated ssh keys are saved
|
---|
39 | nanobsd_save_sshkeys_enable="YES"
|
---|
40 |
|
---|
41 | # low-memory footprint DHCP and non-autoritive recursive DNS resolver
|
---|
42 | dnsmasq_enable="YES"
|
---|
43 |
|
---|
44 | # Explicitly disable the memory-hungry alternatives
|
---|
45 | dhcpd_enable="NO"
|
---|
46 | named_enable="NO"
|
---|
47 | named_chrootdir=""
|
---|
48 | named_auto_forward="YES"
|
---|
49 |
|
---|
50 | # WL Captive Portal and WL Web Config Overview
|
---|
51 | thttpd_enable="YES"
|
---|
52 | http302_enable="YES"
|
---|
53 |
|
---|
54 | # Hybrid setup, requires outgoing VPN Server
|
---|
55 | openvpn_enable="NO"
|
---|
56 | openvpn_if="tap"
|
---|
57 |
|
---|
58 | # Enable the firewall by default
|
---|
59 | pf_enable="YES"
|
---|
60 | pf_rules="/etc/pf.open.conf"
|
---|
61 | pf_flags=''
|
---|
62 | # Used with /etc/pf.proxy.conf
|
---|
63 | # pf_flags="-D ext_if=vr0 -D int_if=vr1 -D publicnat={80,443}"
|
---|
64 | # Used with /etc/pf.node.conf
|
---|
65 | # pf_flags="-D captive_portal_interfaces=wlan0,wlan1"
|
---|