Permalink
Browse files

configuration files for the PORTAL

  • Loading branch information...
1 parent ad84ee6 commit ee1272ff36375f8cbc478104c52fc0b40c631993 the grugq committed Jan 11, 2013
Showing with 224 additions and 0 deletions.
  1. +38 −0 files/etc/config/dhcp
  2. +81 −0 files/etc/config/firewall
  3. +20 −0 files/etc/config/fstab
  4. +23 −0 files/etc/config/network
  5. +10 −0 files/etc/config/system
  6. +1 −0 files/etc/hostname
  7. +23 −0 files/etc/profile
  8. +28 −0 files/etc/sysctl.conf
View
38 files/etc/config/dhcp
@@ -0,0 +1,38 @@
+config dnsmasq
+ option domainneeded 1
+ option boguspriv 1
+ option filterwin2k 0 # enable for dial on demand
+ option localise_queries 1
+ option rebind_protection 1 # disable if upstream must serve RFC1918 add
+ option rebind_localhost 1 # enable for RBL checking and similar service
+ #list rebind_domain example.lan # whitelist RFC1918 responses for domai
+ option local '/portal/'
+ option domain 'portal'
+ option expandhosts 1
+ option nonegcache 0
+ option authoritative 1
+ option readethers 1
+ option leasefile '/tmp/dhcp.leases'
+ option resolvfile '/tmp/resolv.conf.auto'
+ #list server '/mycompany.local/1.2.3.4'
+ #option nonwildcard 1
+ #list interface br-lan
+ #list notinterface lo
+ #list bogusnxdomain '64.94.110.11'
+
+config dhcp admin
+ option interface admin
+ option start 100
+ option limit 150
+ option leasetime 12h
+
+config dhcp tor
+ option interface tor
+ option start 100
+ option limit 150
+ option leasetime 1h
+
+config dhcp internet
+ option interface internet
+ option ignore 1
+
View
81 files/etc/config/firewall
@@ -0,0 +1,81 @@
+config defaults
+ option syn_flood '1'
+ option input 'ACCEPT'
+ option output 'ACCEPT'
+ option forward 'REJECT'
+ option disable_ipv6 '1'
+
+config zone
+ option name 'admin'
+ option network 'admin'
+ option input 'ACCEPT'
+ option output 'ACCEPT'
+ option forward 'REJECT'
+
+config zone
+ option name 'tor'
+ option network 'tor'
+ option input 'REJECT'
+ option output 'ACCEPT'
+ option forward 'REJECT'
+ option conntrack '1'
+
+config zone
+ option name 'internet'
+ option network 'internet'
+ option input 'REJECT'
+ option output 'ACCEPT'
+ option forward 'REJECT'
+ option masq '1'
+ option mtu_fix '1'
+
+config rule
+ option name 'Allow-DHCP-Renew'
+ option src 'internet'
+ option proto 'udp'
+ option dest_port '68'
+ option target 'ACCEPT'
+ option family 'ipv4'
+
+config rule
+ option name 'Allow-Ping'
+ option src 'internet'
+ option proto 'icmp'
+ option icmp_type 'echo-request'
+ option family 'ipv4'
+ option target 'ACCEPT'
+
+config rule
+ option name 'Allow-Tor-DHCP'
+ option src 'tor'
+ option proto 'udp'
+ option dest_port '67'
+ option target 'ACCEPT'
+ option family 'ipv4'
+
+config rule
+ option name 'Allow-Tor-DNS'
+ option src 'tor'
+ option proto 'udp'
+ option dest_port '9053'
+ option target 'ACCEPT'
+ option family 'ipv4'
+
+config rule
+ option name 'Allow-Tor-Transparent'
+ option src 'tor'
+ option proto 'tcp'
+ option dest_port '9040'
+ option target 'ACCEPT'
+ option family 'ipv4'
+
+config rule
+ option name 'Allow-Tor-SOCKS'
+ option src 'tor'
+ option proto 'tcp'
+ option dest_port '9050'
+ option target 'ACCEPT'
+ option family 'ipv4'
+
+config include
+ option path '/etc/firewall.user'
View
20 files/etc/config/fstab
@@ -0,0 +1,20 @@
+config global automount
+ option from_fstab 1
+ option anon_mount 1
+
+config global autoswap
+ option from_fstab 1
+ option anon_swap 0
+
+config mount
+ option target /overlay
+ option device /dev/sda1
+ option fstype ext4
+ option options rw,sync,noatime,data=ordered
+ option enabled 1
+ option enabled_fsck 0
+
+config swap
+ option device /dev/sda2
+ option enabled 0
+
View
23 files/etc/config/network
@@ -0,0 +1,23 @@
+
+config interface 'loopback'
+ option ifname 'lo'
+ option proto 'static'
+ option ipaddr '127.0.0.1'
+ option netmask '255.0.0.0'
+
+config interface 'admin'
+ option ifname 'eth0'
+ option proto 'static'
+ option ipaddr '192.168.1.1'
+ option netmask '255.255.255.0'
+
+config interface 'tor'
+ option ifname 'wlan0'
+ option proto 'static'
+ option ipaddr '172.16.1.1'
+ option netmask '255.255.255.0'
+
+config interface 'internet'
+ option ifname 'eth1'
+ option proto 'dhcp'
+
View
10 files/etc/config/system
@@ -0,0 +1,10 @@
+config system
+ option hostname p0rtal
+ option timezone UTC
+
+config timeserver ntp
+ list server 0.openwrt.pool.ntp.org
+ list server 1.openwrt.pool.ntp.org
+ list server 2.openwrt.pool.ntp.org
+ list server 3.openwrt.pool.ntp.org
+ option enable_server 0
View
1 files/etc/hostname
@@ -0,0 +1 @@
+pOrtal
View
23 files/etc/profile
@@ -0,0 +1,23 @@
+#!/bin/sh
+[ -f /etc/banner ] && cat /etc/banner
+
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin
+export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6)
+export HOME=${HOME:-/root}
+export PS1='\[\e[1;31m\]\u\[\e[0m\]@\[\e[1;37m\]\h\[\e[0m\]:\w\$ '
+
+[ -x /bin/more ] || alias more=less
+[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
+
+[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
+
+[ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; }
+[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
+
+entropy() {
+ echo "$(cat /proc/sys/kernel/random/entropy_avail)/$(cat /proc/sys/kernel/random/poolsize)"
+}
+
+echo ""
+echo "Entropy: $(entropy)"
+echo ""
View
28 files/etc/sysctl.conf
@@ -0,0 +1,28 @@
+kernel.panic=3
+net.ipv4.conf.default.arp_ignore=1
+net.ipv4.conf.all.arp_ignore=1
+# when is a router not a router? when it's a PORTAL!
+net.ipv4.ip_forward=0
+net.ipv4.icmp_echo_ignore_broadcasts=1
+net.ipv4.icmp_ignore_bogus_error_responses=1
+net.ipv4.tcp_ecn=0
+net.ipv4.tcp_fin_timeout=30
+net.ipv4.tcp_keepalive_time=120
+net.ipv4.tcp_syncookies=1
+net.ipv4.tcp_timestamps=1
+net.ipv4.tcp_sack=1
+net.ipv4.tcp_dsack=1
+
+net.ipv6.conf.all.forwarding=0
+
+net.netfilter.nf_conntrack_acct=1
+net.netfilter.nf_conntrack_checksum=0
+net.netfilter.nf_conntrack_max=16384
+net.netfilter.nf_conntrack_tcp_timeout_established=3600
+net.netfilter.nf_conntrack_udp_timeout=60
+net.netfilter.nf_conntrack_udp_timeout_stream=180
+
+# disable bridge firewalling by default
+net.bridge.bridge-nf-call-arptables=0
+net.bridge.bridge-nf-call-ip6tables=0
+net.bridge.bridge-nf-call-iptables=0

0 comments on commit ee1272f

Please sign in to comment.