Changeset 10417 in hybrid for branches/releng-9.0


Ignore:
Timestamp:
Apr 10, 2012, 2:51:13 PM (13 years ago)
Author:
rick
Message:

Merging and cleanups of files found in various other places and trees of SVN.

Location:
branches/releng-9.0/nanobsd/files
Files:
6 added
4 deleted
8 edited
1 copied
2 moved

Legend:

Unmodified
Added
Removed

  • branches/releng-9.0/nanobsd/files/FILE_LISTING.txt

    r10416 r10417  
    22./boot.config                           # Serial console output
    33./boot/loader.conf                      # Serial console output
    4 ./conf/default/etc/.work_around_till_fix_of_pr_134513
    5 ./conf/default/var/.work_around_till_fix_of_pr_134513
    64./etc/crontab                           # Extra calls for pen & ntp
    75./etc/namedb/named.conf                 # Custom named configuration
     
    97./etc/rc.conf                           # Highly customized rc.conf
    108./etc/syslog.conf                       # Remote syslogging enabing
    11 ./etc/ttys-nanobsd.patch                # Serial console output
    129./root/.ssh                             # Template directory for authorized_keys file
    1310./tools/change_password                 # Allow persistent changing of root password
    14 ./tools/dhcpd_snmp.sh                   # XXX
    1511./tools/save_sshkeys                    # Allow persistent saving of host ssh keys
    16 ./tools/syslogd_flags.sh                # XXX
    1712./tools/updatep1                        # phk image on slice 1 update script
    1813./tools/updatep2                        # phk image on slice 2 update script
     
    2015./tools/wl-version                      # Version debug tool, gather statistics for debugging
    2116./usr/lib/aout/.keep_me                 # Little hack to have /etc/rc.d/ldconfig stop nagging about missing (pruned) dir
    22 ./usr/local/bin/ssh-copy-id             # XXX
    23 ./usr/local/bin/write_ntpdrift          # XXX
    2417./usr/local/etc/dhcpd-snmp.conf         # dhcp-snmp cofiguration
    2518./usr/local/etc/dhcpd.conf              # Initial custom dhcpd.conf
    26 ./usr/local/etc/nrpe.cfg                # XXX
    27 ./usr/local/etc/ntp.drift               # XXX
    2819./usr/local/etc/rc.d/lvrouted.sh        # lvrouted startup script
    29 ./usr/local/etc/rc.d/nanobsd-motd       # Allow updating motd with persistent save
    3020./usr/local/etc/rc.d/nanobsd-save-sshkeys # Allow saving ssh-keys after generation
    31 ./usr/local/etc/rc.d/pen                # Pen startup script
    32 ./usr/local/etc/rc.d/sort-proxies       # Pen optimizer script
    33 ./usr/local/etc/rc.d/wlweb              # WLweb configuration webinterface startup script
    34 ./usr/local/sbin/dhcpd-snmp             # dhcp-snmp 'binary'
    35 ./usr/local/sbin/lvrouted.opt           # lvrouted 'binary'
    3621./usr/local/share/snmp/mibs/IEEE802dot11-MIB.txt # Draft MIB
    3722./usr/local/share/snmp/snmpd.conf       # Custom snmpd configuration
    38 ./usr/local/wlweb                       #  WLweb configuration webinterface program

  • branches/releng-9.0/nanobsd/files/etc/crontab

    r10136 r10417  
    26261,31    0-5     *       *       *       root    adjkerntz -a
    2727#
     28# WL NanoBSD Custom Rules
     29#
    2830# Write updates for ntp.drift to flash
    29 0       12      *       *       *       root    /usr/local/bin/write_ntpdrift
     310       12      *       *       *       root    /usr/local/sbin/store-ntpdrift
    3032#
    3133# Nagios checks
    32 30      *       *       *       *       root    /usr/local/dense/dense.sh
    3334*/15    *       *       *       *       root    /usr/local/sbin/check-inet-alive

  • branches/releng-9.0/nanobsd/files/etc/newsyslog.conf

    r10416 r10417  
    3737/var/log/wtmp                           644  3     *    @01T05 B
    3838/var/log/xferlog                        600  7     100  *     JC
     39#
     40# WL NanoBSD Custom Log Files. As-rule-of-thumb, use syslog(4) instead custom
     41# created logfile because of locking issues.
     42#
     43/var/log/wlportal.log                   664  3     100  *     J /var/run/wlportal.pid
     44/var/log/snmpd.log                      644  3     100  *     J /var/run/snmpd.pid
     45/var/log/thttpd.log                     644  3     100  *     J
    3946/var/log/pen_wrapper.log                644  3     100  *     J
    40 /var/log/wlportal.log                   664  3     100  *     J /var/run/wlportal.pid
    41 /var/log/wlweb-access.log               644  3     100  *     J
    42 /var/log/wlweb-error.log                644  3     100  *     J
    43 /var/log/snmpd.log                      644  3     100  *     J /var/run/snmpd.pid
    44 /var/log/thttpd.log                     644  3     100  *     J /var/run/thttpd.pid
    45 
    46 

  • branches/releng-9.0/nanobsd/files/etc/pf.conf

    r10242 r10417  
    1 wifi_if="wlan0"
    21all_node="172.31.255.1/32"
    3 
    42wl_net="172.16.0.0/12"
    5 vpn_net="172.17.64.0/28"
    63allow_ext_tcp="{22}"
    74allow_ext_udp="{161}"
    8 allow_int_tcp="{22,53,80,3128}"
    9 allow_int_udp="{53,131,161,12345}"
     5allow_int_tcp="{22,3128}"
     6allow_int_udp="{53,161,12345}"
    107allow_int_udp_any="{67}"
    118
     
    1815nat on $int_if from $private to $wl_net -> ($int_if)
    1916
     17# Redirection, needs source natting and allow rules
     18#rdr on $ext_if inet proto tcp from any to $ext_if port 1022 -> 192.168.84.1 port 22   
     19
    2020# Block all
    21 block in on $ext_if
    22 pass in on $int_if
     21block in on $ext_if from any to $ext_if
     22block in on $int_if from any to $int_if
    2323
    24 # Allow wl access from access point (not yet reversed)
    25 pass on $wifi_if from $wl_net to $wl_net
    26 
    27 # Block this device from wifi
    28 block in on $wifi_if inet from any to $wifi_if
    29 block inet from any to $all_node
    30 
     24# Allow private to private
    3125# Enable me to access anything
    32 pass out on {$ext_if, $int_if, $wifi_if} keep state
     26pass out on {$ext_if, $int_if} keep state
    3327
    3428# Allow internet access from the network
    35 pass in on $wifi_if inet proto tcp from $wl_net to any port $publicnat keep state
    36 block in on $wifi_if inet proto tcp from $wl_net to $wifi_if port $publicnat
    37 block in on $wifi_if inet proto tcp from $wl_net to $all_node port $publicnat
     29pass in on $int_if inet proto tcp from $wl_net to any port $publicnat keep state
     30block in on $int_if inet proto tcp from $wl_net to $int_if port $publicnat
    3831
    3932# Allow directives
     
    4134pass in on $ext_if inet proto udp from any to $ext_if port $allow_ext_udp keep state
    4235
    43 pass in on $int_if inet proto tcp from $wl_net to $vpn_net port $allow_int_tcp keep state
    44 pass in on $int_if inet proto udp from $wl_net to $vpn_net port $allow_int_udp keep state
    45 pass in on $int_if inet proto icmp from $wl_net to $vpn_net keep state
    46 pass in on $int_if inet proto udp from any to any port $allow_int_udp_any keep state
    47 
    48 pass in on $wifi_if inet proto tcp from $wl_net to $wl_net port $allow_int_tcp keep state
    49 pass in on $wifi_if inet proto udp from $wl_net to $wl_net port $allow_int_udp keep state
    50 pass in on $wifi_if inet proto icmp from $wl_net to $wl_net keep state
    51 pass in on $wifi_if inet proto udp from any to any port $allow_int_udp_any keep state
     36pass in on $int_if inet proto tcp from $wl_net to $int_if port $allow_int_tcp keep state
     37pass in on $int_if inet proto udp from $wl_net to $int_if port $allow_int_udp keep state
     38pass in on $int_if inet proto icmp from $wl_net to $int_if keep state
    5239
    5340# Allow wl access from local network
     
    5542
    5643# Make sure to block local network access from wl
    57 block on $wifi_if from $wl_net to $private
    5844block on $int_if from $wl_net to $private
    5945
     46# Otherwise lvrouted breaks:
     47pass in on $int_if

  • branches/releng-9.0/nanobsd/files/etc/rc.conf

    r10382 r10417  
    1 ## Building options
    2 dumpdev="NO"                    # No kernel dumps as we don't have a place to
    3                                 # store them
    4 ipv6_network_interfaces="NONE"  # No IPv6 support for now, near feature... ;-)
     1# No kernel dumps as we don't have a place to store them
     2dumpdev="NO"                   
     3# We are an router/gateway (wireless to be precise)
     4gateway_enable="YES"
    55
    66# NTP server needs working config with WL network or internet on boot
     
    2424sshd_flags="-u0"
    2525
    26 # Don't update the motd as it not writeable, the update_nanobsd_motd is a
    27 # simple wrapper found at /usr/local/etc/rc.d supporting this featureg
    28 update_motd="NO"
    29 update_nanobsd_motd="YES"
    30 
    3126# Monitoring deamons
    3227nrpe2_enable="YES"
     
    4035nanobsd_save_sshkeys_enable="YES"
    4136
    42 ## Port extentions
    43 # Serve our clients some pretty cool IP address to at least get connected
    44 # Also some low-memory footprint dns resolver
     37# low-memory footprint DHCP and non-autoritive recursive DNS resolver
    4538dnsmasq_enable="YES"
     39
     40# Explicitly disable the memory-hungry alternatives
     41dhcpd_enable="NO"
     42named_enable="NO"
    4643named_auto_forward="YES"
    47 named_enable="NO"
    4844
    49 ## WL ports extentions
     45# WL Captive Portal and WL Web Config Overview
    5046thttpd_enable="YES"
    5147http302_enable="YES"
    5248
    53 # Make sure generated ssh keys are saved
    54 nanobsd_save_sshkeys_enable="YES"
     49# Hybrid setup, requires outgoing VPN Server
     50openvpn_enable="NO"
     51openvpn_if="tap"
    5552
    56 #Hybrid
    57 openvpn_enable="YES"
    58 openvpn_if="tap"
     53# Enable the firewall by default
     54pf_enable="YES"
     55pf_rules="/etc/pf.default.conf"
     56pf_flags="-D ext_if=vr0 -D int_if=vr1 -D publicnat={80,443}"

  • branches/releng-9.0/nanobsd/files/etc/syslog.conf

    r10416 r10417  
    3131!ppp
    3232*.*                                             /var/log/ppp.log
     33!thttpd
     34*.*                                             /var/log/thttpd.log

  • branches/releng-9.0/nanobsd/files/usr/local/etc/snmp/snmpd.conf

    r10247 r10417  
    4040# System contact information
    4141
    42 sysLocation Somewhere in or near Leiden
    43 sysContact Stichting Wireless Leiden <beheer@wirelessleiden.nl> / +31 71 5139817
     42sysLocation "Somewhere in or near Leiden"
     43sysContact "Stichting Wireless Leiden <beheer@lijst.wirelessleiden.nl> / +31 71 5139817"
    4444
    4545
     
    7777
    7878#    miboid               exec-command
    79 pass .1.3.6.1.4.1.2021.50 /usr/local/nagios/bin/processor
    80 
    81 pass_persist .1.3.6.1.4.1.21695.1.2 /usr/local/sbin/dhcpd-snmp /usr/local/etc/dhcpd-snmp.conf
    82 
    83 extend .1.3.6.1.4.1.2021.61 nagios-www /usr/local/sbin/proxy-test.sh
    84 extend .1.3.6.1.4.1.2021.62 nagios-routing /usr/local/sbin/lvrouted-test.sh
    85 
    8679extend .1.3.6.1.4.1.2021.70 dhcp-users /bin/sh -c "cat /var/db/dnsmasq.leases \| awk '{ print $1,$2,$3 }'"
    8780extend .1.3.6.1.4.1.2021.71 portal-users /bin/sh -c "cat /var/db/clients \| awk '{ print $1,$2,$3 }'"

  • branches/releng-9.0/nanobsd/files/usr/local/etc/thttpd.conf

    r10416 r10417  
    33cgipat=**
    44nochroot
    5 logfile=/var/log/thttpd.log
    65pidfile=/var/run/thttpd.pid
Note: See TracChangeset for help on using the changeset viewer.