From 7296c90dff5e260c6279aed071fe507a4ddedc4a Mon Sep 17 00:00:00 2001 From: makefu Date: Thu, 10 Jan 2013 14:37:10 +0100 Subject: emergency commit, i am so sorry... --- .../rickroller_bare/customfiles/etc/config/dhcp | 28 ++++++ .../customfiles/etc/config/firewall | 112 +++++++++++++++++++++ .../rickroller_bare/customfiles/etc/config/network | 15 +++ .../rickroller_bare/customfiles/etc/config/system | 8 ++ .../rickroller_bare/customfiles/etc/config/uhttpd | 13 +++ .../customfiles/etc/config/wireless | 19 ++++ .../customfiles/etc/dropbear/authorized_keys | 1 + .../rickroller_bare/customfiles/etc/shadow | 5 + .../rickroller_bare/customfiles/etc/uhttpd.crt | Bin 0 -> 529 bytes .../rickroller_bare/customfiles/etc/uhttpd.key | Bin 0 -> 609 bytes 10 files changed, 201 insertions(+) create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/config/dhcp create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/config/network create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/config/system create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/config/uhttpd create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/config/wireless create mode 120000 minikrebs/profiles/rickroller_bare/customfiles/etc/dropbear/authorized_keys create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/shadow create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.crt create mode 100644 minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.key (limited to 'minikrebs/profiles/rickroller_bare/customfiles/etc') diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/dhcp b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/dhcp new file mode 100644 index 00000000..79d7bea5 --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/dhcp @@ -0,0 +1,28 @@ +config dnsmasq + option domainneeded 1 + option boguspriv 1 + option filterwin2k 0 # enable for dial on demand + option localise_queries 1 + option rebind_protection 1 # disable if upstream must serve RFC191 +8 addresses + option rebind_localhost 1 # enable for RBL checking and similar se +rvices + #list rebind_domain example.lan # whitelist RFC1918 responses for +domains + #option local '/lan/' + #option domain 'lan' + option expandhosts 1 + option nonegcache 0 + option authoritative 1 + option readethers 1 + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + +config dhcp wlan + option interface lan + option start 100 + option limit 150 + option leasetime 12h +config 'domain' + option name '#' + option ip '192.168.23.1' diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall new file mode 100644 index 00000000..56f20aa7 --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/firewall @@ -0,0 +1,112 @@ +config defaults + option syn_flood 1 + option input ACCEPT + option output ACCEPT + option forward REJECT + +config zone + option name lan + option network 'lan' + option input ACCEPT + option output ACCEPT + option forward REJECT + +config zone + option name wan + option network 'wan' + option input ACCEPT + option output ACCEPT + option forward REJECT + option masq 1 + option mtu_fix 1 + +config forwarding + option src lan + option dest wan + +# We need to accept udp packets on port 68, +# see https://dev.openwrt.org/ticket/4108 +config rule + option name Allow-DHCP-Renew + option src wan + option proto udp + option dest_port 68 + option target ACCEPT + option family ipv4 + +# Allow IPv4 ping +config rule + option name Allow-Ping + option src wan + option proto icmp + option icmp_type echo-request + option family ipv4 + option target ACCEPT + +# Allow DHCPv6 replies +# see https://dev.openwrt.org/ticket/10381 +config rule + option name Allow-DHCPv6 + option src wan + option proto udp + option src_ip fe80::/10 + option src_port 547 + option dest_ip fe80::/10 + option dest_port 546 + option family ipv6 + option target ACCEPT + +# Allow essential incoming IPv6 ICMP traffic +config rule + option name Allow-ICMPv6-Input + option src wan + option proto icmp + list icmp_type echo-request + list icmp_type echo-reply + list icmp_type destination-unreachable + list icmp_type packet-too-big + list icmp_type time-exceeded + list icmp_type bad-header + list icmp_type unknown-header-type + list icmp_type router-solicitation + list icmp_type neighbour-solicitation + list icmp_type router-advertisement + list icmp_type neighbour-advertisement + option limit 1000/sec + option family ipv6 + option target ACCEPT + +# Allow essential forwarded IPv6 ICMP traffic +config rule + option name Allow-ICMPv6-Forward + option src wan + option dest * + option proto icmp + list icmp_type echo-request + list icmp_type echo-reply + list icmp_type destination-unreachable + list icmp_type packet-too-big + list icmp_type time-exceeded + list icmp_type bad-header + list icmp_type unknown-header-type + option limit 1000/sec + option family ipv6 + option target ACCEPT + +config redirect + option src lan + option proto tcp + option src_dport 80 + option src_ip !192.168.23.1 + option dest_port 80 + option dest_ip 192.168.23.1 + option target DNAT + +config redirect + option src lan + option proto tcp + option src_dport 443 + option src_ip !192.168.23.1 + option dest_port 443 + option dest_ip 192.168.23.1 + option target DNAT diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/network b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/network new file mode 100644 index 00000000..7ac322a7 --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/network @@ -0,0 +1,15 @@ +config interface 'loopback' + option ifname 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +config interface 'wan' + option ifname 'eth0' + option proto 'dhcp' + +config interface 'lan' + option ifname 'wlan0' + option proto 'static' + option ipaddr 192.168.23.1 + option netmask 255.255.255.0 diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/system b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/system new file mode 100644 index 00000000..ffbe1530 --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/system @@ -0,0 +1,8 @@ +config system + option hostname rickroller + option timezone UTC + +config 'led' 'lan_led' + option 'name' 'blue-led' + option 'sysfs' 'tp-link:blue:system' + option 'trigger' 'default-on' diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/uhttpd b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/uhttpd new file mode 100644 index 00000000..74695b7c --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/uhttpd @@ -0,0 +1,13 @@ +config uhttpd main + list listen_http 0.0.0.0:80 + list listen_https 0.0.0.0:443 + option home /www + option rfc1918_filter 1 + option max_requests 3 + option cert /etc/uhttpd.crt + option key /etc/uhttpd.key + option cgi_prefix /cgi-bin + option script_timeout 60 + option network_timeout 30 + option tcp_keepalive 1 + option error_page /index.html diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/config/wireless b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/wireless new file mode 100644 index 00000000..bce01a9e --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/config/wireless @@ -0,0 +1,19 @@ +config wifi-device radio0 + option type mac80211 + option channel 11 + option macaddr 14:e6:e4:e6:e4:e0 + option hwmode 11ng + option htmode HT20 + list ht_capab SHORT-GI-20 + list ht_capab SHORT-GI-40 + list ht_capab RX-STBC1 + list ht_capab DSSS_CCK-40 + # REMOVE THIS LINE TO ENABLE WIFI: + option disabled 0 + +config wifi-iface + option device radio0 + option network lan + option mode ap + option ssid default + option encryption none diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/dropbear/authorized_keys b/minikrebs/profiles/rickroller_bare/customfiles/etc/dropbear/authorized_keys new file mode 120000 index 00000000..9c87fc52 --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/dropbear/authorized_keys @@ -0,0 +1 @@ +/root/.ssh/authorized_keys \ No newline at end of file diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/shadow b/minikrebs/profiles/rickroller_bare/customfiles/etc/shadow new file mode 100644 index 00000000..251abaf5 --- /dev/null +++ b/minikrebs/profiles/rickroller_bare/customfiles/etc/shadow @@ -0,0 +1,5 @@ +root:$1$spkPLKf6$KEM1l1DgouvYjeBfkT2wW1:0:0:99999:7::: +daemon:*:0:0:99999:7::: +ftp:*:0:0:99999:7::: +network:*:0:0:99999:7::: +nobody:*:0:0:99999:7::: diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.crt b/minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.crt new file mode 100644 index 00000000..d406c90f Binary files /dev/null and b/minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.crt differ diff --git a/minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.key b/minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.key new file mode 100644 index 00000000..d5d163d2 Binary files /dev/null and b/minikrebs/profiles/rickroller_bare/customfiles/etc/uhttpd.key differ -- cgit v1.2.3