##----------------------------------------------------------------------------- ## fli4l __FLI4LVER__ - configuration for package "base" ## ## P L E A S E R E A D T H E D O C U M E N T A T I O N ! ## ## B I T T E U N B E D I N G T D I E D O K U M E N T A T I O N L E S E N ! ## ##----------------------------------------------------------------------------- ## Creation: 26.06.2001 fm ## Last Update: $Id$ ## ## Copyright (c) 2001-2016 - Frank Meyer, fli4l-Team ## ## This program is free software; you can redistribute it and/or modify ## it under the terms of the GNU General Public License as published by ## the Free Software Foundation; either version 2 of the License, or ## (at your option) any later version. ##----------------------------------------------------------------------------- #------------------------------------------------------------------------------ # General settings: #------------------------------------------------------------------------------ HOSTNAME='fli4l' # name of fli4l router PASSWORD='fli4l' # password for root login (console, sshd, # imond) BOOT_TYPE='hd' # boot device: hd, cd, ls120, integrated, # attached, netboot, pxeboot LIBATA_DMA='disabled' # Use DMA on ATA Drives ('enabled') or not # ('disabled'). The default 'disabled' allows # ancient IDE CF cards to be booted from. # Use 'enabled' if you boot from a VirtualBox's # virtual device. MOUNT_BOOT='rw' # mount boot device: ro, rw, no BOOTMENU_TIME='5' # waiting time of bootmenu in seconds # before activating normal boot TIME_INFO='MEZ-1MESZ,M3.5.0,M10.5.0/3' # description of local time zone, # don't touch without reading documentation KERNEL_VERSION='3.16.85' # kernel version KERNEL_BOOT_OPTION='' # append option to kernel command line COMP_TYPE_OPT='xz' # compression algorithm if compression is # enabled for OPT archive; # NOTE that some boot types may disallow # some compression algorithms IP_CONNTRACK_MAX='' # override maximum limit of connection # tracking entries POWERMANAGEMENT='acpi' # select pm interface: none, acpi, apm, apm_rm # apm_rm switches to real mode before invoking # apm power off #------------------------------------------------------------------------------ # Localisation #------------------------------------------------------------------------------ LOCALE='de' # defines the default language for several # components, such as httpd #------------------------------------------------------------------------------ # Console settings (serial console, blank time, beep): #------------------------------------------------------------------------------ CONSOLE_BLANK_TIME='' # time in minutes (1-60) to blank # console; '0' = never, '' = system default BEEP='yes' # enable beep after boot and shutdown SER_CONSOLE='no' # use serial interface instead of or as # additional output device and main input # device SER_CONSOLE_IF='0' # serial interface to use, 0 for ttyS0 (COM1) SER_CONSOLE_RATE='9600' # baudrate for serial console #------------------------------------------------------------------------------ # Debug Settings: #------------------------------------------------------------------------------ DEBUG_STARTUP='no' # write an execution trace of the boot #------------------------------------------------------------------------------ # Keyboard layout #------------------------------------------------------------------------------ KEYBOARD_LOCALE='auto' # auto: use most common keyboard layout for # the language specified in 'LOCALE' #OPT_MAKEKBL='no' # set to 'yes' to make a new local keyboard # layout map on the fli4l-router #------------------------------------------------------------------------------ # Ethernet card drivers: #------------------------------------------------------------------------------ # # please see file base_nic.list in your config-dir or read the documentation # # # If you need a dummy device, use 'dummy' as your NET_DRV # and IP_NET_%_DEV='dummy' as your device # #------------------------------------------------------------------------------ NET_DRV_N='1' # number of ethernet drivers to load, usually 1 NET_DRV_1='ne2k-pci' # 1st driver: name (e.g. NE2000 PCI clone) NET_DRV_1_OPTION='' # 1st driver: additional option NET_DRV_2='ne' # 2nd driver: name (e.g. NE2000 ISA clone) NET_DRV_2_OPTION='io=0x320' # 2nd driver: additional option #------------------------------------------------------------------------------ # Ether networks used with IP protocol: #------------------------------------------------------------------------------ IP_NET_N='1' # number of IP ethernet networks, usually 1 IP_NET_1='192.168.6.1/24' # IP address of your n'th ethernet card and # netmask in CIDR (no. of set bits) IP_NET_1_DEV='eth0' # required: device name like ethX #------------------------------------------------------------------------------ # Additional routes, optional #------------------------------------------------------------------------------ IP_ROUTE_N='0' # number of additional routes IP_ROUTE_1='192.168.7.0/24 192.168.6.99' # network/netmaskbits gateway IP_ROUTE_2='0.0.0.0/0 192.168.6.99' # example for default-route #------------------------------------------------------------------------------ # Packet filter configuration #------------------------------------------------------------------------------ PF_INPUT_POLICY='REJECT' # be nice and use reject as policy PF_INPUT_ACCEPT_DEF='yes' # use default rule set PF_INPUT_LOG='no' # don't log at all PF_INPUT_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a burst of 5 # events PF_INPUT_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow a burst # of 5 events; otherwise drop packet PF_INPUT_UDP_REJ_LIMIT='1/second:5' # reject 1 udp packet per second; allow a burst # of 5 events; otherwise drop packet PF_INPUT_N='1' # number of INPUT rules PF_INPUT_1='IP_NET_1 ACCEPT' # allow all hosts in the local network to # access the router PF_INPUT_2='tmpl:samba DROP NOLOG' # drop (or reject) samba access PF_INPUT_2_COMMENT='no samba traffic allowed' # without logging, otherwise the log file will # be filled with useless entries PF_FORWARD_POLICY='REJECT' # be nice and use reject as policy PF_FORWARD_ACCEPT_DEF='yes' # use default rule set PF_FORWARD_LOG='no' # don't log at all PF_FORWARD_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a burst of 5 # events PF_FORWARD_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow a burst # of 5 events; otherwise drop packet PF_FORWARD_UDP_REJ_LIMIT='1/second:5' # reject 1 udp packet per second; allow a burst # of 5 events; otherwise drop packet PF_FORWARD_N='2' # number of FORWARD rules PF_FORWARD_1='tmpl:samba DROP' # drop samba traffic if it tries to leave the # subnet PF_FORWARD_2='IP_NET_1 ACCEPT' # accept everything else PF_OUTPUT_POLICY='ACCEPT' # default policy for outgoing packets PF_OUTPUT_ACCEPT_DEF='yes' # use default rule set PF_OUTPUT_LOG='no' # don't log at all PF_OUTPUT_LOG_LIMIT='3/minute:5' # log 3 events per minute; allow a burst of 5 # events PF_OUTPUT_REJ_LIMIT='1/second:5' # reject 1 connection per second; allow a burst # of 5 events; otherwise drop packet PF_OUTPUT_UDP_REJ_LIMIT='1/second:5' # reject 1 udp packet per second; allow a burst # of 5 events; otherwise drop packet PF_OUTPUT_N='0' # number of OUTPUT rules PF_POSTROUTING_N='1' # number of POSTROUTING rules PF_POSTROUTING_1='IP_NET_1 MASQUERADE' # masquerade traffic leaving the subnet PF_PREROUTING_N='0' # number of PREROUTING rules PF_PREROUTING_1='1.2.3.4 dynamic:22 DNAT:@client2' # forward ssh connections coming from 1.2.3.4 # to client2 PF_PREROUTING_CT_ACCEPT_DEF='yes' # use default rule set PF_PREROUTING_CT_N='1' # number of conntrack PREROUTING rules PF_PREROUTING_CT_1='tmpl:ftp IP_NET_1 HELPER:ftp' # associate FTP conntrack helper for active FTP # forwarded from within the LAN PF_PREROUTING_CT_2='tmpl:ftp any dynamic HELPER:ftp' # associate FTP conntrack helper for active FTP # forwarded to the router's external IP PF_OUTPUT_CT_ACCEPT_DEF='yes' # use default rule set PF_OUTPUT_CT_N='0' # number of conntrack OUTPUT rules PF_OUTPUT_CT_1='tmpl:ftp HELPER:ftp' # associate FTP conntrack helper for outgoing # active FTP on the router (this rule is added # automatically by the tools package if # OPT_FTP='yes' and FTP_PF_ENABLE_ACTIVE='yes') PF_USR_CHAIN_N='0' # number of user-defined rules #------------------------------------------------------------------------------ # Domain configuration: # settings for DNS, DHCP server and HOSTS -> see package DNS_DHCP #------------------------------------------------------------------------------ DOMAIN_NAME='lan.fli4l' # your domain name DNS_FORWARDERS='194.8.57.8' # DNS servers of your provider, # e.g. ns.n-ix.net # optional configuration for the host-entry of the router in /etc/hosts #HOSTNAME_IP='IP_NET_1_IPADDR' # IP to bind to HOSTNAME #HOSTNAME_ALIAS_N='0' # how many ALIAS names for the router #HOSTNAME_ALIAS_1='router.lan.fli4l' # first ALIAS name #HOSTNAME_ALIAS_2='gateway.my.lan' # secound ALIAS name #------------------------------------------------------------------------------ # imond configuration: #------------------------------------------------------------------------------ START_IMOND='no' # start imond: yes or no IMOND_PORT='5000' # port (tcp), don't open it to the outside IMOND_PASS='' # imond-password, may be empty IMOND_ADMIN_PASS='' # imond-admin-password, may be empty IMOND_LED='' # tty for led: com1 - com4 or empty IMOND_BEEP='no' # beep if connection is going up/down IMOND_LOG='no' # log /var/log/imond.log: yes or no IMOND_LOGDIR='auto' # log-directory, e.g. /var/log or auto for # saving in auto-detected savedir IMOND_ENABLE='yes' # accept "enable/disable" command IMOND_DIAL='yes' # accept "dial/hangup" command IMOND_ROUTE='yes' # accept "route" command IMOND_REBOOT='yes' # accept "reboot" command #------------------------------------------------------------------------------ # Generic circuit configuration: #------------------------------------------------------------------------------ IP_DYN_ADDR='yes' # use dyn. IP addresses (most providers do) DIALMODE='auto' # standard dialmode: auto, manual, or off #------------------------------------------------------------------------------ # optional package: syslogd #------------------------------------------------------------------------------ #OPT_SYSLOGD='no' # start syslogd: yes or no #SYSLOGD_RECEIVER='yes' # receive messages from network SYSLOGD_DEST_N='1' # number of destinations SYSLOGD_DEST_1='*.* /dev/console' # n'th prio & destination of syslog msgs SYSLOGD_DEST_2='*.* @192.168.6.2' # example: loghost 192.168.6.2 SYSLOGD_DEST_3='kern.info /var/log/dial.log' # example: log infos to file SYSLOGD_ROTATE='no' # rotate syslog-files once every day SYSLOGD_ROTATE_DIR='/data/syslog' # move rotated files to .... SYSLOGD_ROTATE_MAX='5' # max number of rotated syslog-files #------------------------------------------------------------------------------ # Optional package: klogd #------------------------------------------------------------------------------ #OPT_KLOGD='no' # start klogd: yes or no #------------------------------------------------------------------------------ # Optional package: logip #------------------------------------------------------------------------------ #OPT_LOGIP='no' # logip: yes or no LOGIP_LOGDIR='auto' # log-directory, e.g. /boot or auto-detected #------------------------------------------------------------------------------ # Optional package: y2k correction #------------------------------------------------------------------------------ #OPT_Y2K='no' # y2k correction: yes or no Y2K_DAYS='0' # correct hardware y2k-bug: add x days #------------------------------------------------------------------------------ # Optional package: PNP #------------------------------------------------------------------------------ #OPT_PNP='no' # install isapnp tools: yes or no