| 1 | # No kernel dumps as we don't have a place to store them
|
|---|
| 2 | dumpdev="NO"
|
|---|
| 3 |
|
|---|
| 4 | # We are an router/gateway (wireless to be precise) running the lvrouted
|
|---|
| 5 | # routing daemon.
|
|---|
| 6 | gateway_enable="YES"
|
|---|
| 7 | lvrouted_enable="YES"
|
|---|
| 8 | lvrouted_flags="-u -s s00p3rs3kr3t -m 28"
|
|---|
| 9 |
|
|---|
| 10 | # NTP server needs working config with WL network or internet on boot
|
|---|
| 11 | # so some warnings might pop up, but no harm
|
|---|
| 12 | ntpdate_enable="YES"
|
|---|
| 13 | ntpd_enable="YES"
|
|---|
| 14 | ntpd_sync_on_start="YES"
|
|---|
| 15 | ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift"
|
|---|
| 16 |
|
|---|
| 17 | # We need no running mail server
|
|---|
| 18 | sendmail_enable="NONE"
|
|---|
| 19 |
|
|---|
| 20 | # Don't let syslog accept input from other remote hosts
|
|---|
| 21 | syslogd_enable="YES"
|
|---|
| 22 | syslogd_flags="-s -A -c"
|
|---|
| 23 |
|
|---|
| 24 | # Remote login without DNS checking as it might not also be functionable
|
|---|
| 25 | # -u0 prevent sshd from making DNS requests unless the authentication mechanism
|
|---|
| 26 | # or configuration requires it.
|
|---|
| 27 | sshd_enable="YES"
|
|---|
| 28 | sshd_flags="-u0"
|
|---|
| 29 |
|
|---|
| 30 | # Monitoring deamons
|
|---|
| 31 | nrpe2_enable="YES"
|
|---|
| 32 | snmpd_enable="YES"
|
|---|
| 33 | snmpd_flags="-a -LF w /var/log/snmpd.log"
|
|---|
| 34 |
|
|---|
| 35 | # HTTP(S) proxy server
|
|---|
| 36 | tinyproxy_enable="NO"
|
|---|
| 37 |
|
|---|
| 38 | # Make sure generated ssh keys are saved
|
|---|
| 39 | nanobsd_save_sshkeys_enable="YES"
|
|---|
| 40 |
|
|---|
| 41 | # low-memory footprint DHCP and non-autoritive recursive DNS resolver
|
|---|
| 42 | dnsmasq_enable="YES"
|
|---|
| 43 |
|
|---|
| 44 | # Explicitly disable the memory-hungry alternatives
|
|---|
| 45 | dhcpd_enable="NO"
|
|---|
| 46 | named_enable="NO"
|
|---|
| 47 | named_auto_forward="YES"
|
|---|
| 48 |
|
|---|
| 49 | # WL Captive Portal and WL Web Config Overview
|
|---|
| 50 | thttpd_enable="YES"
|
|---|
| 51 | http302_enable="YES"
|
|---|
| 52 |
|
|---|
| 53 | # Hybrid setup, requires outgoing VPN Server
|
|---|
| 54 | openvpn_enable="NO"
|
|---|
| 55 | openvpn_if="tap"
|
|---|
| 56 |
|
|---|
| 57 | # Enable the firewall by default
|
|---|
| 58 | pf_enable="YES"
|
|---|
| 59 | pf_rules="/etc/pf.open.conf"
|
|---|
| 60 | pf_flags=''
|
|---|
| 61 | # Used with /etc/pf.proxy.conf
|
|---|
| 62 | # pf_flags="-D ext_if=vr0 -D int_if=vr1 -D publicnat={80,443}"
|
|---|
| 63 | # Used with /etc/pf.node.conf
|
|---|
| 64 | # pf_flags="-D captive_portal_interfaces=wlan0,wlan1"
|
|---|
