# Stolen from /sbin/dhclient-script using using no /usr based binaries. # Converts an commented list into a SEP (default space) seperated list. make_list() { SEP=${2:-' '} oldifs="$IFS" IFS=" " list="" for line in $1; do line=${line%%[ \t#]*} [ -n "$line" ] && list="$list$SEP$line" done IFS=${oldifs} echo ${list##$SEP} } # No kernel dumps as we don't have a place to store them dumpdev="NO" # We are an router/gateway (wireless to be precise) running the lvrouted # routing daemon. gateway_enable="YES" lvrouted_enable="YES" lvrouted_flags="-u -s s00p3rs3kr3t -m 28" # Takes lvrouted an small while to create reachable network nodes, make sure to # wait on it,to saves some bootup warnings. netwait_enable="YES" netwait_timeout="20" netwait_ip="8.8.8.8 172.16.4.46 172.27.129.1 172.17.14.1" # Block the full range as smaller subnets are used for allowances, this avoids # traffic going out (due to the default route) to unreachable parts to the # 172.16.0.0/12 network. static_routes="quickstop" route_quickstop="-net 172.16.0.0/12 127.0.0.1 -reject" # NTP server needs working config with WL network or internet on boot # so some warnings might pop up, but no harm ntpdate_enable="YES" ntpdate_flags="-b -s" ntpd_enable="YES" ntpd_sync_on_start="YES" ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntp.drift" # We need no running mail server sendmail_enable="NONE" # Don't let syslog accept input from other remote hosts syslogd_enable="YES" syslogd_flags="-s -A -c" # Remote login without DNS checking as it might not also be functionable # -u0 prevent sshd from making DNS requests unless the authentication mechanism # or configuration requires it. sshd_enable="YES" sshd_flags="-u0" # Watchdogd: avoid visits because of unit not reachable. If sshd is not running # for -t seconds than reboot. This is checked evert -s seconds. watchdogd_enable="YES" watchdogd_flags="-t 300 -s 60 -e '/etc/rc.d/sshd status'" # Monitoring deamons snmpd_enable="YES" snmpd_flags="-Ls 1" # Performance profiling iperf_enable="YES" # HTTP(S) proxy server tinyproxy_enable="NO" # Make sure generated ssh keys are saved nanobsd_save_sshkeys_enable="YES" # low-memory footprint DHCP and non-authorative recursive forwarding DNS resolver dnsmasq_enable="NO" unbound_enable="YES" # Explicitly disable the memory-hungry alternatives dhcpd_enable="NO" dhcpd_flags="-q" # WL Captive Portal and WL Web Config Overview apache24_enable="YES" http302_enable="YES" # Hybrid setup, requires outgoing VPN Server openvpn_enable="NO" openvpn_if="tap" openvpn_configfile="/usr/local/etc/openvpn/client.conf" # Enable the firewall by default pf_enable="YES" pf_rules="/etc/pf.open.conf" pf_flags='' # Used with Proxy Configuration #pf_rules="/etc/pf.proxy.conf" #pf_flags="-D ext_if=vr0 -D int_if=vr1 -D publicnat={80,443}" # Used with Node Configuration #pf_rules="/etc/pf.node.conf" #pf_flags="-D captive_portal_interfaces=wlan0,wlan1" # Used with Hybrid Configuration #pf_rules="/etc/pf.hybrid.conf" #pf_flags="-D ext_if=vr0 -D captive_portal_interfaces=wlan0 -D publicnat=80,443" # Autogenerated flags are used during runtime rc_conf_running='/etc/rc.conf.running' if [ -r $rc_conf_running ]; then . $rc_conf_running else : > $rc_conf_running fi