source: hybrid/branches/releng-9.0/nanobsd/files/etc/rc.conf@ 10745

Last change on this file since 10745 was 10719, checked in by rick, 13 years ago

only allow reachable 172.16.0.0/12 subnets.

Related-To: nodefactory#153
  • Property svn:eol-style set to LF
File size: 3.0 KB
Line 
1# Stolen from /sbin/dhclient-script using using no /usr based binaries.
2# Converts an commented list into a SEP (default space) seperated list.
3make_list() {
4 SEP=${2:-' '}
5 oldifs="$IFS"
6 IFS="
7"
8 list=""
9 for line in $1; do
10 line=${line%%[ \t#]*}
11 [ -n "$line" ] && list="$list$SEP$line"
12 done
13 IFS=${oldifs}
14 echo ${list##$SEP}
15}
16
17# No kernel dumps as we don't have a place to store them
18dumpdev="NO"
19
20# We are an router/gateway (wireless to be precise) running the lvrouted
21# routing daemon.
22gateway_enable="YES"
23lvrouted_enable="YES"
24lvrouted_flags="-u -s s00p3rs3kr3t -m 28"
25
26# Block the full range as smaller subnets are used for allowances, this avoids
27# traffic going out (due to the default route) to unreachable parts to the
28# 172.16.0.0/12 network.
29static_routes="quickstop"
30route_quickstop="-net 172.16.0.0/12 127.0.0.1 -reject"
31
32# NTP server needs working config with WL network or internet on boot
33# so some warnings might pop up, but no harm
34ntpdate_enable="YES"
35ntpd_enable="YES"
36ntpd_sync_on_start="YES"
37ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift"
38
39# We need no running mail server
40sendmail_enable="NONE"
41
42# Don't let syslog accept input from other remote hosts
43syslogd_enable="YES"
44syslogd_flags="-s -A -c"
45
46# Remote login without DNS checking as it might not also be functionable
47# -u0 prevent sshd from making DNS requests unless the authentication mechanism
48# or configuration requires it.
49sshd_enable="YES"
50sshd_flags="-u0"
51
52# Watchdogd: avoid visits because of unit not reachable. If sshd is not running
53# for -t seconds than reboot. This is checked evert -s seconds.
54watchdogd_enable="YES"
55watchdogd_flags="-t 300 -s 60 -e '/etc/rc.d/sshd status'"
56
57# Monitoring deamons
58nrpe2_enable="YES"
59snmpd_enable="YES"
60snmpd_flags="-Ls 1"
61
62# HTTP(S) proxy server
63tinyproxy_enable="NO"
64
65# Make sure generated ssh keys are saved
66nanobsd_save_sshkeys_enable="YES"
67
68# low-memory footprint DHCP and non-autoritive recursive DNS resolver
69dnsmasq_enable="YES"
70
71# Explicitly disable the memory-hungry alternatives
72dhcpd_enable="NO"
73dhcpd_flags="-q"
74named_enable="NO"
75named_chrootdir=""
76named_auto_forward="YES"
77
78# WL Captive Portal and WL Web Config Overview
79thttpd_enable="YES"
80http302_enable="YES"
81
82# Hybrid setup, requires outgoing VPN Server
83openvpn_enable="NO"
84openvpn_if="tap"
85openvpn_configfile="/usr/local/etc/openvpn/client.conf"
86
87# Enable the firewall by default
88pf_enable="YES"
89pf_rules="/etc/pf.open.conf"
90pf_flags=''
91# Used with Proxy Configuration
92#pf_rules="/etc/pf.proxy.conf"
93#pf_flags="-D ext_if=vr0 -D int_if=vr1 -D publicnat={80,443}"
94# Used with Node Configuration
95#pf_rules="/etc/pf.node.conf"
96#pf_flags="-D captive_portal_interfaces=wlan0,wlan1"
97# Used with Hybrid Configuration
98#pf_rules="/etc/pf.hybrid.conf"
99#pf_flags="-D ext_if=vr0 -D captive_portal_interfaces=wlan0 -D publicnat=80,443"
100
101
102# Autogenerated flags are used during runtime
103rc_conf_running='/etc/rc.conf.running'
104if [ -r $rc_conf_running ]; then
105 . $rc_conf_running
106else
107 : > $rc_conf_running
108fi
Note: See TracBrowser for help on using the repository browser.