Ignore:
Timestamp:
Apr 10, 2012, 2:51:13 PM (13 years ago)
Author:
rick
Message:

Merging and cleanups of files found in various other places and trees of SVN.

Location:
branches/releng-9.0/nanobsd/files/etc
Files:
6 added
2 deleted
5 edited

Legend:

Unmodified
Added
Removed

  • branches/releng-9.0/nanobsd/files/etc/crontab

    r10136 r10417  
    26261,31    0-5     *       *       *       root    adjkerntz -a
    2727#
     28# WL NanoBSD Custom Rules
     29#
    2830# Write updates for ntp.drift to flash
    29 0       12      *       *       *       root    /usr/local/bin/write_ntpdrift
     310       12      *       *       *       root    /usr/local/sbin/store-ntpdrift
    3032#
    3133# Nagios checks
    32 30      *       *       *       *       root    /usr/local/dense/dense.sh
    3334*/15    *       *       *       *       root    /usr/local/sbin/check-inet-alive

  • branches/releng-9.0/nanobsd/files/etc/newsyslog.conf

    r10416 r10417  
    3737/var/log/wtmp                           644  3     *    @01T05 B
    3838/var/log/xferlog                        600  7     100  *     JC
     39#
     40# WL NanoBSD Custom Log Files. As-rule-of-thumb, use syslog(4) instead custom
     41# created logfile because of locking issues.
     42#
     43/var/log/wlportal.log                   664  3     100  *     J /var/run/wlportal.pid
     44/var/log/snmpd.log                      644  3     100  *     J /var/run/snmpd.pid
     45/var/log/thttpd.log                     644  3     100  *     J
    3946/var/log/pen_wrapper.log                644  3     100  *     J
    40 /var/log/wlportal.log                   664  3     100  *     J /var/run/wlportal.pid
    41 /var/log/wlweb-access.log               644  3     100  *     J
    42 /var/log/wlweb-error.log                644  3     100  *     J
    43 /var/log/snmpd.log                      644  3     100  *     J /var/run/snmpd.pid
    44 /var/log/thttpd.log                     644  3     100  *     J /var/run/thttpd.pid
    45 
    46 

  • branches/releng-9.0/nanobsd/files/etc/pf.conf

    r10242 r10417  
    1 wifi_if="wlan0"
    21all_node="172.31.255.1/32"
    3 
    42wl_net="172.16.0.0/12"
    5 vpn_net="172.17.64.0/28"
    63allow_ext_tcp="{22}"
    74allow_ext_udp="{161}"
    8 allow_int_tcp="{22,53,80,3128}"
    9 allow_int_udp="{53,131,161,12345}"
     5allow_int_tcp="{22,3128}"
     6allow_int_udp="{53,161,12345}"
    107allow_int_udp_any="{67}"
    118
     
    1815nat on $int_if from $private to $wl_net -> ($int_if)
    1916
     17# Redirection, needs source natting and allow rules
     18#rdr on $ext_if inet proto tcp from any to $ext_if port 1022 -> 192.168.84.1 port 22   
     19
    2020# Block all
    21 block in on $ext_if
    22 pass in on $int_if
     21block in on $ext_if from any to $ext_if
     22block in on $int_if from any to $int_if
    2323
    24 # Allow wl access from access point (not yet reversed)
    25 pass on $wifi_if from $wl_net to $wl_net
    26 
    27 # Block this device from wifi
    28 block in on $wifi_if inet from any to $wifi_if
    29 block inet from any to $all_node
    30 
     24# Allow private to private
    3125# Enable me to access anything
    32 pass out on {$ext_if, $int_if, $wifi_if} keep state
     26pass out on {$ext_if, $int_if} keep state
    3327
    3428# Allow internet access from the network
    35 pass in on $wifi_if inet proto tcp from $wl_net to any port $publicnat keep state
    36 block in on $wifi_if inet proto tcp from $wl_net to $wifi_if port $publicnat
    37 block in on $wifi_if inet proto tcp from $wl_net to $all_node port $publicnat
     29pass in on $int_if inet proto tcp from $wl_net to any port $publicnat keep state
     30block in on $int_if inet proto tcp from $wl_net to $int_if port $publicnat
    3831
    3932# Allow directives
     
    4134pass in on $ext_if inet proto udp from any to $ext_if port $allow_ext_udp keep state
    4235
    43 pass in on $int_if inet proto tcp from $wl_net to $vpn_net port $allow_int_tcp keep state
    44 pass in on $int_if inet proto udp from $wl_net to $vpn_net port $allow_int_udp keep state
    45 pass in on $int_if inet proto icmp from $wl_net to $vpn_net keep state
    46 pass in on $int_if inet proto udp from any to any port $allow_int_udp_any keep state
    47 
    48 pass in on $wifi_if inet proto tcp from $wl_net to $wl_net port $allow_int_tcp keep state
    49 pass in on $wifi_if inet proto udp from $wl_net to $wl_net port $allow_int_udp keep state
    50 pass in on $wifi_if inet proto icmp from $wl_net to $wl_net keep state
    51 pass in on $wifi_if inet proto udp from any to any port $allow_int_udp_any keep state
     36pass in on $int_if inet proto tcp from $wl_net to $int_if port $allow_int_tcp keep state
     37pass in on $int_if inet proto udp from $wl_net to $int_if port $allow_int_udp keep state
     38pass in on $int_if inet proto icmp from $wl_net to $int_if keep state
    5239
    5340# Allow wl access from local network
     
    5542
    5643# Make sure to block local network access from wl
    57 block on $wifi_if from $wl_net to $private
    5844block on $int_if from $wl_net to $private
    5945
     46# Otherwise lvrouted breaks:
     47pass in on $int_if

  • branches/releng-9.0/nanobsd/files/etc/rc.conf

    r10382 r10417  
    1 ## Building options
    2 dumpdev="NO"                    # No kernel dumps as we don't have a place to
    3                                 # store them
    4 ipv6_network_interfaces="NONE"  # No IPv6 support for now, near feature... ;-)
     1# No kernel dumps as we don't have a place to store them
     2dumpdev="NO"                   
     3# We are an router/gateway (wireless to be precise)
     4gateway_enable="YES"
    55
    66# NTP server needs working config with WL network or internet on boot
     
    2424sshd_flags="-u0"
    2525
    26 # Don't update the motd as it not writeable, the update_nanobsd_motd is a
    27 # simple wrapper found at /usr/local/etc/rc.d supporting this featureg
    28 update_motd="NO"
    29 update_nanobsd_motd="YES"
    30 
    3126# Monitoring deamons
    3227nrpe2_enable="YES"
     
    4035nanobsd_save_sshkeys_enable="YES"
    4136
    42 ## Port extentions
    43 # Serve our clients some pretty cool IP address to at least get connected
    44 # Also some low-memory footprint dns resolver
     37# low-memory footprint DHCP and non-autoritive recursive DNS resolver
    4538dnsmasq_enable="YES"
     39
     40# Explicitly disable the memory-hungry alternatives
     41dhcpd_enable="NO"
     42named_enable="NO"
    4643named_auto_forward="YES"
    47 named_enable="NO"
    4844
    49 ## WL ports extentions
     45# WL Captive Portal and WL Web Config Overview
    5046thttpd_enable="YES"
    5147http302_enable="YES"
    5248
    53 # Make sure generated ssh keys are saved
    54 nanobsd_save_sshkeys_enable="YES"
     49# Hybrid setup, requires outgoing VPN Server
     50openvpn_enable="NO"
     51openvpn_if="tap"
    5552
    56 #Hybrid
    57 openvpn_enable="YES"
    58 openvpn_if="tap"
     53# Enable the firewall by default
     54pf_enable="YES"
     55pf_rules="/etc/pf.default.conf"
     56pf_flags="-D ext_if=vr0 -D int_if=vr1 -D publicnat={80,443}"

  • branches/releng-9.0/nanobsd/files/etc/syslog.conf

    r10416 r10417  
    3131!ppp
    3232*.*                                             /var/log/ppp.log
     33!thttpd
     34*.*                                             /var/log/thttpd.log
Note: See TracChangeset for help on using the changeset viewer.