Changeset 10185 in hybrid
- Timestamp:
- Mar 17, 2012, 11:51:28 AM (13 years ago)
- Location:
- branches/releng-9.0/nanobsd/files
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/releng-9.0/nanobsd/files/etc/ipfw.sh
r10136 r10185 1 # !/bin/sh -2 # Based on /etc/rc.firewall 3 # 4 # Credits: Richard van Mansom, Rick van der Zwet 1 ## Building options 2 dumpdev="NO" # No kernel dumps as we don't have a place to 3 # store them 4 ipv6_enable="NO" # No IPv6 support for now, near feature... ;-) 5 5 6 # NTP server needs working config with WL network or internet on boot 7 # so some warnings might pop up, but no harm 8 ntpdate_enable="YES" 9 ntpd_enable="YES" 10 ntpd_sync_on_start="YES" 11 ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" 6 12 7 allowed2internet="80,443" 8 maxconnections="10"13 # We need no running mail server 14 sendmail_enable="NONE" 9 15 10 RFC1918_nets="10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" 11 WLNET='172.16.0.0/12' 16 # Don't let syslog accept input from other remote hosts 17 syslogd_enable="YES" 18 syslogd_flags="-s -A -c" 12 19 13 # Suck in the configuration variables. 14 if [ -z "${source_rc_confs_defined}" ]; then 15 if [ -r /etc/defaults/rc.conf ]; then 16 . /etc/defaults/rc.conf 17 source_rc_confs 18 elif [ -r /etc/rc.conf ]; then 19 . /etc/rc.conf 20 fi 21 fi 20 # Remote login without DNS checking as it might not also be functionable 21 # -u0 prevent sshd from making DNS requests unless the authentication mechanism 22 # or configuration requires it. 23 sshd_enable="YES" 24 sshd_flags="-u0" 22 25 23 setup_loopback () { 24 ############ 25 # Only in rare cases do you want to change these rules 26 # 27 ${fwcmd} add 100 pass all from any to any via lo0 28 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 29 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any 30 } 26 # Don't update the motd as it not writeable, the update_nanobsd_motd is a 27 # simple wrapper found at /usr/local/etc/rc.d supporting this featureg 28 update_motd="NO" 29 update_nanobsd_motd="YES" 31 30 32 ############ 33 # Set quiet mode if requested 34 # 35 case ${firewall_quiet} in 36 [Yy][Ee][Ss]) 37 fwcmd="/sbin/ipfw -q" 38 ;; 39 *) 40 fwcmd="/sbin/ipfw" 41 ;; 42 esac 31 # Monitoring deamons 32 nrpe2_enable="YES" 33 snmpd_enable="YES" 34 snmpd_flags="-a -LF w /var/log/snmpd.log" 43 35 44 ########### 45 # Set Internal/External Interface 46 # 47 driver=`echo ${internalif} | sed 's/[0-9]*//g'` 48 seq=`echo ${internalif} | sed 's/[a-zA-Z]*//g'` 36 # HTTP(S) proxy server 37 tinyproxy_enable="YES" 49 38 50 if [ ${seq} = 0 ]; then 51 seq=`expr ${seq} \+ 1` 52 else 53 seq=`expr ${seq} \- 1` 54 fi 39 # Make sure generated ssh keys are saved 40 nanobsd_save_sshkeys_enable="YES" 55 41 56 externalif="$driver$seq" 42 ## Port extentions 43 # Serve our clients some pretty cool IP address to at least get connected 44 # Also some low-memory footprint dns resolver 45 dnsmasq_enable="YES" 57 46 58 # Get interface Addresses 59 externalip=`ifconfig $externalif | awk '/inet/ { print $2 }'` 60 internalip=`ifconfig $internalif | awk '/inet/ { print $2 }'` 61 ############ 62 # Flush out the list before we begin. 63 # 64 ${fwcmd} -f flush 47 ## WL ports extentions 48 thttpd_enable="YES" 49 http302_enable="YES" 65 50 66 setup_loopback 51 # Make sure generated ssh keys are saved 52 nanobsd_save_sshkeys_enable="YES" 67 53 68 69 ############ 70 # Block the hosters network (and maybe others) 71 for IP in ${firewall_block} 72 do 73 ${fwcmd} add deny ip from any to ${IP} in via $internalif 74 done 75 76 ############ 77 # Statefull filewall in use 78 ${fwcmd} add check-state 79 80 # Allow anything originating from me 81 ${fwcmd} add allow ip from me to any keep-state 82 83 84 ############# 85 # Outbound NAT setup 86 # WL Net -> Internet 87 ${fwcmd} add nat 100 all from $WLNET to any out recv $internalif xmit $externalif 88 ${fwcmd} add nat 100 all from any to $externalip in recv $externalif 89 ${fwcmd} nat 100 config if $externalif 90 91 # Subnet Internet is allowed 92 ${fwcmd} add allow tcp from $WLNET to any $allowed2internet in via $internalif setup limit src-addr $maxconnections 93 94 95 ############# 96 # Internal Network -> WL Net 97 # Inbound NAT setup, to allow proxy device to be used gateway from Internal Network to WL 98 ${fwcmd} add nat 200 all from $RFC1918_nets to $WLNET out recv $externalif xmit $internalif 99 ${fwcmd} add nat 200 all from $WLNET to $internalip in recv $internalif 100 ${fwcmd} nat 200 config if $internalif 101 102 # Allow all traffic inbound 103 ${fwcmd} add allow all from $RFC1918_nets to $WLNET in recv $externalif keep-state 104 105 106 ############# 107 ## Services in use 108 ## Allow on external interface 109 external_allow_tcp="ssh" 110 ${fwcmd} add allow tcp from any to me $external_allow_tcp via $externalif setup keep-state 111 112 ## Allow on internal interface 113 internal_allow_tcp="ssh,domain,3128" 114 internal_allow_udp="ntp,domain,snmp,12345" 115 ${fwcmd} add allow udp from $WLNET to me ${internal_allow_udp} via $internalif keep-state 116 ${fwcmd} add allow tcp from $WLNET to me ${internal_allow_tcp} via $internalif setup keep-state 117 118 # Basic ICMP managment traffic 119 ${fwcmd} add allow icmp from any to me icmptype 8 120 ${fwcmd} add allow icmp from me to any icmptype 3,4,11 121 122 123 ############# 124 # Block anything else 125 ${fwcmd} add 65000 deny log logamount 500 ip from any to any 126 54 #Hybrid 55 openvpn_enable="YES" 56 openvpn_if="tap" 57 cloned_interfaces="bridge0" 58 gateway_enable="YES" 59 pf_enable="YES" 60 pf_rules="/etc/pf.conf.ileiden" 61 pf_flags="" 62 pf2_enable="YES" -
branches/releng-9.0/nanobsd/files/tools/wl-config
r10136 r10185 1 1 #!/bin/sh 2 # Wireless Leiden proxyconfig-update script for FreeBSD 8.0 (nanobsd)2 # Wireless Leiden config-update script for FreeBSD 8.0 (nanobsd) 3 3 # Based on the 'API' of Jasper 4 # Rick van der Zwet ; Richard van Mansom4 # Rick van der Zwet 5 5 # XXX: TODO, some proper error checking for fetch 6 6 7 BASEURL="http://132.229.112.21/config/iris/proxy/FreeBSD/8.0-RELEASE/g_list.pl" 7 8 # Slow connection = no connection 9 HTTP_TIMEOUT=3 10 11 12 check_access() { 13 # Direct Access - Internal IP 14 BASEURL="http://172.16.4.46/wleiden/config/" 15 # Connectivity check 16 fetch -o /dev/null -q $BASEURL > /dev/null && return 17 echo "# WARN: Fetch via internal $BASEURL failed" 18 19 # Direct Access - External DNS 20 BASEURL="http://132.229.112.21/wleiden/config/" 21 fetch -o /dev/null -q $BASEURL > /dev/null && return 22 echo "# CRIT: Fetch via external $BASEURL failed" 23 24 exit 1 25 } 26 check_access 27 8 28 9 29 # Default config to fetch 10 CONFIG=`hostname -s | tr '[A-Z]' '[a-z]'`30 CONFIG=`hostname -s` 11 31 12 32 # Determine it's statup and running location and some other hints 13 33 # Skip named.conf as it not planned in current release 14 FILES="authorized_keys rc.conf.local resolv.conf"34 FILES="authorized_keys dnsmasq.conf rc.conf.local resolv.conf wleiden.yaml" 15 35 file_details() { 16 36 case "$1" in … … 20 40 FILE_HINT="" 21 41 ;; 42 'dnsmasq.conf') 43 STARTUP_LOC="/cfg/local/${FILE}" 44 RUNNING_LOC="/etc/local/${FILE}" 45 FILE_HINT="/usr/local/etc/rc.d/dnsmasq restart" 46 ;; 47 'named.conf') 48 STARTUP_LOC="/cfg/namedb/${FILE}" 49 RUNNING_LOC="/etc/namedb/${FILE}" 50 FILE_HINT="/etc/rc.d/named restart" 51 ;; 22 52 'rc.conf.local') 23 53 STARTUP_LOC="/cfg/${FILE}" … … 30 60 FILE_HINT="" 31 61 ;; 62 'wleiden.yaml') 63 STARTUP_LOC="/cfg/local/${FILE}" 64 RUNNING_LOC="/etc/local/${FILE}" 65 FILE_HINT="" 66 ;; 32 67 esac 33 68 } … … 36 71 ( 37 72 echo "Usage: $0 [-bn] [-c <config>] [-m <all|startup|testing|running>]" 38 echo " -b 39 echo " -c <config> 40 echo " -n 41 echo " -m all 42 echo " -m startup 43 echo " -m testing 44 echo " -m running 45 echo " -m hack copyrunning files to config partition"73 echo " -b = batch mode, no user input" 74 echo " -c <config> = default configuration to fetch" 75 echo " -n = do not mount config partition" 76 echo " -m all = copy config files to running & config partition [default]" 77 echo " -m startup = copy config files to config partition" 78 echo " -m testing = do not copy config files" 79 echo " -m running = copy config files to running partition" 80 echo " -m hack = copy running files to config partition" 46 81 ) 1>&2 47 82 exit 2 … … 80 115 81 116 if [ "${OPT_RUNNING}" -eq 1 ]; then 82 echo " INFO: Storing new config files in running configuration"117 echo "# INFO: Storing new config files in running configuration" 83 118 fi 84 119 85 120 if [ "${OPT_STARTUP}" -eq 1 ]; then 86 echo " INFO: Storing new config files in startup configuration"121 echo "# INFO: Storing new config files in startup configuration" 87 122 fi 88 123 89 124 if [ "${OPT_HACK}" -eq 1 ]; then 90 echo " WARN: Copy running configuration to startup configuration"91 echo " WARN: Please do mind to document/mention this changes somewhere"125 echo "# WARN: Copy running configuration to startup configuration" 126 echo "# WARN: Please do mind to document/mention this changes somewhere" 92 127 fi 93 128 … … 107 142 else 108 143 echo "WARNING: Input '${INPUT}' is not valid, some hints..." 109 grep "${INPUT}" ${TMPDIR}/node_list.txt144 grep -i "${INPUT}" ${TMPDIR}/node_list.txt 110 145 return 1 111 146 fi … … 158 193 SOURCE=$1 159 194 TARGET=$2 160 diff - q ${SOURCE} ${TARGET} >/dev/null2>/dev/null195 diff -I '^# Generated at ' ${SOURCE} ${TARGET} 2>/dev/null 161 196 if [ $? -ne 0 ]; then 162 197 mkdir -p `dirname ${TARGET}` || exit 1 … … 200 235 file_details ${FILE} 201 236 202 echo " INFO: Working on file: '${FILE}'"237 echo "# INFO: Working on file: '${FILE}'" 203 238 # Copy file boot location 204 239 if [ ${OPT_STARTUP} -eq 1 ]; then … … 210 245 copy_file ${FRESH_LOC} ${RUNNING_LOC} 211 246 if [ $? -eq 0 ]; then 212 echo " INFO: '${FILE}' changed"247 echo "# INFO: '${FILE}' changed" 213 248 if [ -n "${FILE_HINT}" ]; then 214 echo " INFO: For instant activate: ${FILE_HINT}"249 echo "# INFO: For instant activate: ${FILE_HINT}" 215 250 echo "" 216 251 fi -
branches/releng-9.0/nanobsd/files/usr/local/etc/wlportal/login.tmpl
r10184 r10185 4 4 </head> 5 5 <body> 6 <table width="100%"><tr> 7 <td><img src="/static/wl-logo.png"></td> 8 <td><h2>%(status_msg)s</h2></td> 9 </tr></table> 10 <hr /> 11 <small><i><a href="#english">For English see bottom of this page</a></i></small> 12 <h3>Eerlijk gebruikmaken van Wireless Leiden</h3> 13 <pre> 14 A) Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. 15 B) U dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen. 16 C) De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.</pre> 17 <h3>Internet Toegang</h3> 18 <p>Internetten op het Wireless Leiden netwerk kan op twee manieren:<br /> 19 <small>N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen.</small> 20 <ol> 21 <li>In uw browser een 'proxy' instellen. (in het algemeen sneller internet).</li> 22 <li>Gebruik maken van de iLeiden service (gemakkelijk voor mobiele apparaten).</li> 23 </ol> 6 <img src="/static/wl-logo.png"> 7 <h2>%(status_msg)s</h2> 8 <h1>Welkom bij Wireless Leiden</h1> 9 <i>For English see bottom of this page</i> 10 <h3>Internettoegang</h3> 11 <p>U bent verbonden met het lokale Wireless Leiden network. Om te internetten moet u in uw browser een 'proxy' instellen en hieronder op 'accoord' klikken. Afhankelijk van de locatie kan het ook zonder proxy-instelling, maar de snelheid zal in het algemeen lager zijn. 12 <h3>Instellen proxy in browser</h3> 13 In Firefox: ga naar Edit->Preferences->Advanced->Network->Settings.<br> 14 Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.<br> 15 Gedetailleerde instructies kunt u vinden op onze <a href="http://www.wirelessleiden.nl">website</a>. 16 <p> 17 N.B. U kunt alleen internetten via uw webbrowser, andere toepassingen zoals Microsoft Outlook zijn niet mogelijk. Gebruik webmail om te e-mailen. 24 18 19 <h3>Eerlijk gebruikmaken van Wireless Leiden</h3> 20 Het gebruik van het Wireless Leiden netwerk en de internettoegang zijn kostenloos en u hoeft zich niet aan te melden. Maar u dient zich te houden aan de Nederlandse wetgeving en geen schade toe te brengen of ongemak te veroorzaken voor anderen.<br> 21 De Stichting Wireless Leiden accepteert geen enkele aansprakelijkheid voor schade in welke vorm dan ook die is ontstaan door of verband houdt met het gebruik van het netwerk.<br> 22 <b>Geef hieronder aan of u accoord gaat met deze voorwaarden: 25 23 <form action="http://%(portalroot)s/wlportal/" method="POST"> 26 24 <input name="action" type="hidden" value="login" /> 27 <input type="submit" value=" I wil gebruik maken van iLeiden" style="color:#000000; background: green; font-weight: bold"/>25 <input type="submit" value="OK, accoord" style="color:#000000; background: #FF3300; font-weight: bold"/> 28 26 </form> 29 27 30 <h4>Instellen proxy in browser</h4> 31 In Firefox: ga naar <em>Edit->Preferences->Advanced->Network->Settings.</em><br /> 32 Handmatige proxy-configuratie: vul in HTTP proxy: proxy.wleiden.net port 3128.<br> 33 <p> 34 <small>N.B. Haal na gebruik de instellingen weer weg</small> 28 </b> 35 29 <hr> 36 <a name="english"></a>37 30 <h1>Welcome to Wireless Leiden</h1> 38 31 <h3>Internet access</h3> 39 <p>You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser OR click on the button bellow.<br>40 To set the proxy for instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.<br>32 <p>You are connected to the local Wireless Leiden network. To use one of the gateways (proxies) to Internet you have to specify a proxy in your web browser.<br> 33 For instance in Firefox go to Edit->Preferences->Advanced->Network->Settings.<br> 41 34 Manual proxy configuration: specify HTTP proxy: proxy.wleiden.net port 3128.<br> 42 35 Detailed instructions can be downloaded from our <a href="http://www.wirelessleiden.nl">website</a>. … … 51 44 <form action="http://%(portalroot)s/wlportal/" method="POST"> 52 45 <input name="action" type="hidden" value="login" /> 53 <input type="submit" value="OK, agreed" style="color:#000000; background: green; font-weight: bold" />46 <input type="submit" value="OK, agreed" style="color:#000000; background: #FF3300; font-weight: bold" /> 54 47 </form> 55 48 … … 63 56 <form action="http://%(portalroot)s/wlportal/" method="POST"> 64 57 <input name="action" type="hidden" value="logout" /> 65 <input type="submit" value="Cancel and/or Logout" style="color:#000000; background: red; font-weight: bold"/>58 <input type="submit" value="Cancel and/or Logout" style="color:#000000; background: #FF3300; font-weight: bold"/> 66 59 </form> 67 60 <hr /><em>Technical Details:</em><pre>
Note:
See TracChangeset
for help on using the changeset viewer.