summaryrefslogtreecommitdiffstats
path: root/package/base-files/default/etc
diff options
context:
space:
mode:
Diffstat (limited to 'package/base-files/default/etc')
-rw-r--r--package/base-files/default/etc/banner6
-rw-r--r--package/base-files/default/etc/dnsmasq.conf25
-rwxr-xr-xpackage/base-files/default/etc/firewall.user27
-rwxr-xr-xpackage/base-files/default/etc/functions.sh57
-rw-r--r--package/base-files/default/etc/group2
-rw-r--r--package/base-files/default/etc/hosts1
-rwxr-xr-xpackage/base-files/default/etc/init.d/S10boot38
-rwxr-xr-xpackage/base-files/default/etc/init.d/S40network14
-rwxr-xr-xpackage/base-files/default/etc/init.d/S45firewall92
-rwxr-xr-xpackage/base-files/default/etc/init.d/S50dnsmasq27
-rwxr-xr-xpackage/base-files/default/etc/init.d/S50httpd2
-rwxr-xr-xpackage/base-files/default/etc/init.d/S50telnet2
-rwxr-xr-xpackage/base-files/default/etc/init.d/S99done4
-rwxr-xr-xpackage/base-files/default/etc/init.d/rcS8
-rw-r--r--package/base-files/default/etc/inittab3
-rw-r--r--package/base-files/default/etc/ipkg.conf3
-rw-r--r--package/base-files/default/etc/modules2
-rw-r--r--package/base-files/default/etc/nvram.overrides96
-rw-r--r--package/base-files/default/etc/passwd2
-rwxr-xr-xpackage/base-files/default/etc/preinit17
-rw-r--r--package/base-files/default/etc/profile11
-rw-r--r--package/base-files/default/etc/protocols56
-rw-r--r--package/base-files/default/etc/shells1
-rw-r--r--package/base-files/default/etc/sysctl.conf7
24 files changed, 503 insertions, 0 deletions
diff --git a/package/base-files/default/etc/banner b/package/base-files/default/etc/banner
new file mode 100644
index 000000000..2b2b2c015
--- /dev/null
+++ b/package/base-files/default/etc/banner
@@ -0,0 +1,6 @@
+ _______ ________ __
+ | |.-----.-----.-----.| | | |.----.| |_
+ | - || _ | -__| || | | || _|| _|
+ |_______|| __|_____|__|__||________||__| |____|
+ |__| W I R E L E S S F R E E D O M
+
diff --git a/package/base-files/default/etc/dnsmasq.conf b/package/base-files/default/etc/dnsmasq.conf
new file mode 100644
index 000000000..4ef96803a
--- /dev/null
+++ b/package/base-files/default/etc/dnsmasq.conf
@@ -0,0 +1,25 @@
+# filter what we send upstream
+domain-needed
+bogus-priv
+filterwin2k
+localise-queries
+
+# allow /etc/hosts and dhcp lookups via *.lan
+local=/lan/
+domain=lan
+
+# no dhcp / dns queries from the wan
+except-interface=vlan1
+
+# enable dhcp (start,end,netmask,leasetime)
+dhcp-authoritative
+#dhcp-range=192.168.1.100,192.168.1.250,255.255.255.0,12h
+#dhcp-leasefile=/tmp/dhcp.leases
+
+# use /etc/ethers for static hosts; same format as --dhcp-host
+# <hwaddr> [<hostname>] <ipaddr>
+read-ethers
+
+# other useful options:
+# default route(s): dhcp-option=3,192.168.1.1,192.168.1.2
+# dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2
diff --git a/package/base-files/default/etc/firewall.user b/package/base-files/default/etc/firewall.user
new file mode 100755
index 000000000..1781bd4ea
--- /dev/null
+++ b/package/base-files/default/etc/firewall.user
@@ -0,0 +1,27 @@
+#!/bin/sh
+. /etc/functions.sh
+
+WAN=$(nvram get wan_ifname)
+LAN=$(nvram get lan_ifname)
+
+iptables -F input_rule
+iptables -F output_rule
+iptables -F forwarding_rule
+iptables -t nat -F prerouting_rule
+iptables -t nat -F postrouting_rule
+
+### BIG FAT DISCLAIMER
+### The "-i $WAN" literally means packets that came in over the $WAN interface;
+### this WILL NOT MATCH packets sent from the LAN to the WAN address.
+
+### Allow SSH from WAN
+# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT
+# iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT
+
+### Port forwarding
+# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2
+# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT
+
+### DMZ (should be placed after port forwarding / accept rules)
+# iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2
+# iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT
diff --git a/package/base-files/default/etc/functions.sh b/package/base-files/default/etc/functions.sh
new file mode 100755
index 000000000..60d6231f8
--- /dev/null
+++ b/package/base-files/default/etc/functions.sh
@@ -0,0 +1,57 @@
+#!/bin/ash
+
+alias debug=${DEBUG:-:}
+
+# allow env to override nvram
+nvram () {
+ case $1 in
+ get) eval "echo \${NVRAM_$2:-\$(command nvram get $2)}";;
+ *) command nvram $*;;
+ esac
+}
+. /etc/nvram.overrides
+
+# valid interface?
+if_valid () (
+ ifconfig "$1" >&- 2>&- ||
+ [ "${1%%[0-9]}" = "br" ] ||
+ {
+ [ "${1%%[0-9]}" = "vlan" ] && (
+ i=${1#vlan}
+ hwname=$(nvram get vlan${i}hwname)
+ hwaddr=$(nvram get ${hwname}macaddr)
+ [ -z "$hwaddr" ] && return 1
+
+ vif=$(ifconfig -a | awk '/^eth.*'$hwaddr'/ {print $1; exit}' IGNORECASE=1)
+ debug "# vlan$i => $vif"
+
+ $DEBUG ifconfig $vif up
+ $DEBUG vconfig add $vif $i 2>&-
+ )
+ } ||
+ { debug "# missing interface '$1' ignored"; false; }
+)
+
+bitcount () {
+ local c=$1
+ echo $((
+ c=((c>> 1)&0x55555555)+(c&0x55555555),
+ c=((c>> 2)&0x33333333)+(c&0x33333333),
+ c=((c>> 4)&0x0f0f0f0f)+(c&0x0f0f0f0f),
+ c=((c>> 8)&0x00ff00ff)+(c&0x00ff00ff),
+ c=((c>>16)&0x0000ffff)+(c&0x0000ffff)
+ ))
+}
+
+valid_netmask () {
+ return $((-($1)&~$1))
+}
+
+ip2int () (
+ set $(echo $1 | tr '\.' ' ')
+ echo $(($1<<24|$2<<16|$3<<8|$4))
+)
+
+int2ip () {
+ echo $(($1>>24&255)).$(($1>>16&255)).$(($1>>8&255)).$(($1&255))
+}
diff --git a/package/base-files/default/etc/group b/package/base-files/default/etc/group
new file mode 100644
index 000000000..c4e77f316
--- /dev/null
+++ b/package/base-files/default/etc/group
@@ -0,0 +1,2 @@
+root:x:0:
+nogroup:x:65534:
diff --git a/package/base-files/default/etc/hosts b/package/base-files/default/etc/hosts
new file mode 100644
index 000000000..ce138ec1e
--- /dev/null
+++ b/package/base-files/default/etc/hosts
@@ -0,0 +1 @@
+127.0.0.1 localhost OpenWrt
diff --git a/package/base-files/default/etc/init.d/S10boot b/package/base-files/default/etc/init.d/S10boot
new file mode 100755
index 000000000..22096d5fb
--- /dev/null
+++ b/package/base-files/default/etc/init.d/S10boot
@@ -0,0 +1,38 @@
+#!/bin/sh
+echo "S" > /proc/jffs2_bbc
+
+mkdir -p /var/run
+mkdir -p /var/log
+touch /var/log/wtmp
+touch /var/log/lastlog
+
+[ "$(nvram get il0macaddr)" = "00:90:4c:5f:00:2a" ] && {
+ # if default wifi mac, set two higher than the lan mac
+ nvram set il0macaddr=$(nvram get et0macaddr|
+ awk '{OFS=FS=":";for(x=7,y=2;--x;){$x=sprintf("%02x",(y+="0x"$x)%256);y/=256}print}')
+}
+
+# set up the vlan*ports variables for the asus wl-500g deluxe
+# if they don't already exist
+[ "$(nvram get boardtype)" = "bcm95365r" \
+-a "$(nvram get boardnum)" = "45" \
+-a -z "$(nvram get vlan0ports)$(nvram get vlan1ports)" ] && {
+ nvram set vlan0ports="1 2 3 4 5*"
+ nvram set vlan1ports="0 5"
+}
+
+sed 's/^[^#]/insmod &/' /etc/modules /etc/modules.d/* 2>&-|ash
+
+ifconfig lo 127.0.0.1 up
+ifconfig eth0 promisc
+
+HOSTNAME=$(nvram get wan_hostname)
+HOSTNAME=${HOSTNAME%%.*}
+echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname
+
+vconfig set_name_type VLAN_PLUS_VID_NO_PAD
+
+# automagically run firstboot
+[ -z "$FAILSAFE" ] && {
+ { mount|grep "on / type jffs2" 1>&-; } || firstboot
+}
diff --git a/package/base-files/default/etc/init.d/S40network b/package/base-files/default/etc/init.d/S40network
new file mode 100755
index 000000000..d8b4e4125
--- /dev/null
+++ b/package/base-files/default/etc/init.d/S40network
@@ -0,0 +1,14 @@
+#!/bin/sh
+case "$1" in
+ start|restart)
+ ifup lan
+ ifup wan
+ ifup wifi
+ wifi up
+
+ for route in $(nvram get static_route); do {
+ eval "set $(echo $route | sed 's/:/ /g')"
+ $DEBUG route add -net $1 netmask $2 gw $3 metric $4 dev $5
+ } done
+ ;;
+esac
diff --git a/package/base-files/default/etc/init.d/S45firewall b/package/base-files/default/etc/init.d/S45firewall
new file mode 100755
index 000000000..8350ccbfe
--- /dev/null
+++ b/package/base-files/default/etc/init.d/S45firewall
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+## Please make changes in /etc/firewall.user
+
+. /etc/functions.sh
+WAN=$(nvram get wan_ifname)
+LAN=$(nvram get lan_ifname)
+
+## CLEAR TABLES
+for T in filter nat mangle; do
+ iptables -t $T -F
+ iptables -t $T -X
+done
+
+iptables -N input_rule
+iptables -N output_rule
+iptables -N forwarding_rule
+
+iptables -t nat -N prerouting_rule
+iptables -t nat -N postrouting_rule
+
+### INPUT
+### (connections with the router as destination)
+
+ # base case
+ iptables -P INPUT DROP
+ iptables -A INPUT -m state --state INVALID -j DROP
+ iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+ iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP
+
+ #
+ # insert accept rule or to jump to new accept-check table here
+ #
+ iptables -A INPUT -j input_rule
+
+ # allow
+ iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces
+ iptables -A INPUT -p icmp -j ACCEPT # allow ICMP
+ iptables -A INPUT -p gre -j ACCEPT # allow GRE
+
+ # reject (what to do with anything not allowed earlier)
+ iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset
+ iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable
+
+### OUTPUT
+### (connections with the router as source)
+
+ # base case
+ iptables -P OUTPUT DROP
+ iptables -A OUTPUT -m state --state INVALID -j DROP
+ iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+ #
+ # insert accept rule or to jump to new accept-check table here
+ #
+ iptables -A OUTPUT -j output_rule
+
+ # allow
+ iptables -A OUTPUT -j ACCEPT #allow everything out
+
+ # reject (what to do with anything not allowed earlier)
+ iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset
+ iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
+
+### FORWARDING
+### (connections routed through the router)
+
+ # base case
+ iptables -P FORWARD DROP
+ iptables -A FORWARD -m state --state INVALID -j DROP
+ iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
+ iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+ #
+ # insert accept rule or to jump to new accept-check table here
+ #
+ iptables -A FORWARD -j forwarding_rule
+
+ # allow
+ iptables -A FORWARD -i br0 -o br0 -j ACCEPT
+ iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT
+
+ # reject (what to do with anything not allowed earlier)
+ # uses the default -P DROP
+
+### MASQ
+ iptables -t nat -A PREROUTING -j prerouting_rule
+ iptables -t nat -A POSTROUTING -j postrouting_rule
+ iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE
+
+## USER RULES
+[ -f /etc/firewall.user ] && . /etc/firewall.user
diff --git a/package/base-files/default/etc/init.d/S50dnsmasq b/package/base-files/default/etc/init.d/S50dnsmasq
new file mode 100755
index 000000000..6a5af0f05
--- /dev/null
+++ b/package/base-files/default/etc/init.d/S50dnsmasq
@@ -0,0 +1,27 @@
+#!/bin/sh
+. /etc/functions.sh
+
+# interface to use for DHCP
+iface=lan
+
+ifname=$(nvram get ${iface}_ifname)
+ipaddr=$(nvram get ${iface}_ipaddr)
+netmask=$(nvram get ${iface}_netmask)
+
+(
+ # check for existing DHCP server
+ udhcpc -n -q -R -s /dev/zero -i $ifname >&- || {
+
+ ipaddr=$(ip2int $ipaddr)
+ netmask=$(ip2int ${netmask:-255.255.255.0})
+ network=$((ipaddr&netmask))
+
+ start=$(nvram get dhcp_start)
+ start=$((network+${start:-100}))
+ end=$(nvram get dhcp_num)
+ end=$((start+${end:-150}))
+
+ args="-l /tmp/dhcp.leases -K -F $(int2ip $start),$(int2ip $end),$(int2ip $netmask),12h"
+ }
+ dnsmasq ${args}
+) &
diff --git a/package/base-files/default/etc/init.d/S50httpd b/package/base-files/default/etc/init.d/S50httpd
new file mode 100755
index 000000000..9cf551e5c
--- /dev/null
+++ b/package/base-files/default/etc/init.d/S50httpd
@@ -0,0 +1,2 @@
+#!/bin/sh
+httpd -p 80 -h /www -r WRT54G Router
diff --git a/package/base-files/default/etc/init.d/S50telnet b/package/base-files/default/etc/init.d/S50telnet
new file mode 100755
index 000000000..599c3540e
--- /dev/null
+++ b/package/base-files/default/etc/init.d/S50telnet
@@ -0,0 +1,2 @@
+#!/bin/sh
+telnetd -l /bin/login
diff --git a/package/base-files/default/etc/init.d/S99done b/package/base-files/default/etc/init.d/S99done
new file mode 100755
index 000000000..ce6033721
--- /dev/null
+++ b/package/base-files/default/etc/init.d/S99done
@@ -0,0 +1,4 @@
+#!/bin/sh
+# set leds to normal state
+echo "0x00" > /proc/sys/diag
+sysctl -p >&-
diff --git a/package/base-files/default/etc/init.d/rcS b/package/base-files/default/etc/init.d/rcS
new file mode 100755
index 000000000..e6daddc59
--- /dev/null
+++ b/package/base-files/default/etc/init.d/rcS
@@ -0,0 +1,8 @@
+#!/bin/sh
+syslogd -C 16
+klogd
+${FAILSAFE:+telnetd -l /bin/login; ifup lan; exit}
+
+for i in /etc/init.d/S*; do
+ $i start 2>&1
+done | logger -s -p 6 -t '' &
diff --git a/package/base-files/default/etc/inittab b/package/base-files/default/etc/inittab
new file mode 100644
index 000000000..aab2df956
--- /dev/null
+++ b/package/base-files/default/etc/inittab
@@ -0,0 +1,3 @@
+::sysinit:/etc/init.d/rcS
+::shutdown:/sbin/halt
+tts/0::askfirst:/bin/ash --login
diff --git a/package/base-files/default/etc/ipkg.conf b/package/base-files/default/etc/ipkg.conf
new file mode 100644
index 000000000..386721331
--- /dev/null
+++ b/package/base-files/default/etc/ipkg.conf
@@ -0,0 +1,3 @@
+src experimental http://openwrt.org/downloads/experimental/bin/packages
+dest root /
+dest ram /tmp
diff --git a/package/base-files/default/etc/modules b/package/base-files/default/etc/modules
new file mode 100644
index 000000000..e717eae57
--- /dev/null
+++ b/package/base-files/default/etc/modules
@@ -0,0 +1,2 @@
+et
+wl
diff --git a/package/base-files/default/etc/nvram.overrides b/package/base-files/default/etc/nvram.overrides
new file mode 100644
index 000000000..d457af48e
--- /dev/null
+++ b/package/base-files/default/etc/nvram.overrides
@@ -0,0 +1,96 @@
+# NVRAM overrides
+#
+# This file handles the NVRAM quirks of various hardware.
+# THIS FILE IS NOT A REPLACEMENT FOR NVRAM
+
+# Load sysconf defaults
+[ -f /etc/sysconf ] && . /etc/sysconf
+
+# linksys bug; remove when not using static configuration for lan
+NVRAM_lan_proto="static"
+
+remap () {
+ for type in lan wifi wan pppoe
+ do
+ for s in '' s
+ do
+ eval NVRAM_${type}_ifname$s=\"$(nvram get ${type}_ifname$s|sed s/$1/$2/g)\"
+ done
+ done
+}
+
+# hacks for wrt54g 1.x hardware
+[ "$(nvram get boardnum)" = "42" \
+-a "$(nvram get boardtype)" = "bcm94710dev" ] && {
+ debug "### wrt54g 1.x hack ###"
+ NVRAM_vlan1hwname="et0"
+ NVRAM_vlan2hwname="et0"
+ FAILSAFE_ifnames="vlan1 vlan2 eth2"
+ remap eth0 vlan2
+ remap eth1 vlan1
+}
+
+# hacks for asus wl-500g deluxe
+[ "$(nvram get boardtype)" = "bcm95365r" \
+-a "$(nvram get boardnum)" = "45" ] && {
+ debug "### wl-500g deluxe hacks ###"
+ NVRAM_vlan0hwname="et0"
+ NVRAM_vlan1hwname="et0"
+ FAILSAFE_ifnames="vlan0 eth1"
+ remap eth0.1 vlan0
+ remap eth0 vlan1
+}
+
+# hacks for asus wl-300g
+[ "$(nvram get productid)" = "WL300g" ] && {
+ debug "### wl-300g hacks ###"
+ NVRAM_lan_ifnames="eth0 eth2"
+ NVRAM_wan_ifname="none"
+}
+
+# hacks for wap54g hardware
+[ "$(nvram get boardnum)" = "2" \
+-o "$(nvram get boardnum)" = "1024" ] && {
+ debug "### wap54g hack ###"
+ NVRAM_wan_ifname="none"
+ FAILSAFE_ifnames="eth0 eth1"
+}
+
+# hacks for buffalo wla2-g54l
+[ "$(nvram get boardnum)" = "00" \
+-a "$(nvram get product_name)" = "Product_name" \
+-o "$(nvram get product_name)" = "WLA2-G54L" ] && {
+ debug "### wla2-g54l hacks ###"
+ NVRAM_wan_ifname="none"
+ NVRAM_lan_ifnames="vlan0"
+}
+
+# hack for asus wl-500g hardware
+[ "$(nvram get boardnum)" = "asusX" \
+-a "$(nvram get boardtype)" = "bcm94710dev" ] && {
+ FAILSAFE_ifnames="eth0 eth2"
+}
+
+# defaults if lan_ifname is missing
+[ -z "$(nvram get lan_ifname)" ] && {
+ NVRAM_lan_ifname="br0"
+ NVRAM_lan_ifnames=${FAILSAFE_ifnames:-"vlan0 vlan2 eth1 eth2 eth3"}
+}
+
+# defaults if wan_ifname is missing
+[ -z "$(nvram get wan_ifname)" ] && {
+ NVRAM_wan_ifname="vlan1"
+ NVRAM_wan_proto="dhcp"
+}
+
+# failsafe if reset is held
+[ "$FAILSAFE" = "true" ] && {
+ echo "### YOU ARE IN FAILSAFE MODE ####"
+ NVRAM_lan_ifname="br0"
+ NVRAM_lan_ifnames=${FAILSAFE_ifnames:-"vlan0 vlan1 eth1 eth2 eth3"}
+ NVRAM_lan_ipaddr=${BR2_SYSCONF_FAILSAFE_IP:-"192.168.1.1"}
+ NVRAM_lan_netmask=${BR2_SYSCONF_FAILSAFE_NETMASK:-"255.255.255.0"}
+ NVRAM_lan_hwaddr=${BR2_SYSCONF_FAILSAFE_MAC:-"00:0B:AD:0A:DD:00"}
+ NVRAM_wan_ifname="none"
+ NVRAM_wifi_ifname="none"
+}
diff --git a/package/base-files/default/etc/passwd b/package/base-files/default/etc/passwd
new file mode 100644
index 000000000..3b660a0d4
--- /dev/null
+++ b/package/base-files/default/etc/passwd
@@ -0,0 +1,2 @@
+root:!:0:0:root:/tmp:/bin/ash
+nobody:*:65534:65534:nobody:/var:/bin/false
diff --git a/package/base-files/default/etc/preinit b/package/base-files/default/etc/preinit
new file mode 100755
index 000000000..0c59893f7
--- /dev/null
+++ b/package/base-files/default/etc/preinit
@@ -0,0 +1,17 @@
+#!/bin/sh
+mount none /proc -t proc
+insmod diag
+echo 0x01 > /proc/sys/diag
+sleep 1
+if [ $(cat /proc/sys/reset) = 1 ] || [ "$(/usr/sbin/nvram get failsafe)" = 1 ]; then
+ export FAILSAFE=true
+ [ "$(/usr/sbin/nvram get boot_wait)" != "on" ] && {
+ /usr/sbin/nvram set boot_wait=on
+ /usr/sbin/nvram commit
+ }
+ while :; do { echo $(((X=(X+1)%8)%2)) > /proc/sys/diag; sleep $((X==0)); } done &
+fi
+
+/sbin/mount_root ${FAILSAFE:+failsafe}
+
+exec /sbin/init
diff --git a/package/base-files/default/etc/profile b/package/base-files/default/etc/profile
new file mode 100644
index 000000000..1d98ae340
--- /dev/null
+++ b/package/base-files/default/etc/profile
@@ -0,0 +1,11 @@
+#!/bin/sh
+[ -f /etc/banner ] && cat /etc/banner
+
+export PATH=/bin:/sbin:/usr/bin:/usr/sbin
+export PS1='\u@\h:\w\$ '
+
+[ -x /usr/bin/less ] || alias less=more
+alias vim=vi
+
+arp() { cat /proc/net/arp; }
+ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
diff --git a/package/base-files/default/etc/protocols b/package/base-files/default/etc/protocols
new file mode 100644
index 000000000..53fecb6d3
--- /dev/null
+++ b/package/base-files/default/etc/protocols
@@ -0,0 +1,56 @@
+# Internet (IP) protocols
+#
+# Updated from http://www.iana.org/assignments/protocol-numbers and other
+# sources.
+# New protocols will be added on request if they have been officially
+# assigned by IANA and are not historical.
+# If you need a huge list of used numbers please install the nmap package.
+
+ip 0 IP # internet protocol, pseudo protocol number
+#hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883]
+icmp 1 ICMP # internet control message protocol
+igmp 2 IGMP # Internet Group Management
+ggp 3 GGP # gateway-gateway protocol
+ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
+st 5 ST # ST datagram mode
+tcp 6 TCP # transmission control protocol
+egp 8 EGP # exterior gateway protocol
+igp 9 IGP # any private interior gateway (Cisco)
+pup 12 PUP # PARC universal packet protocol
+udp 17 UDP # user datagram protocol
+hmp 20 HMP # host monitoring protocol
+xns-idp 22 XNS-IDP # Xerox NS IDP
+rdp 27 RDP # "reliable datagram" protocol
+iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 [RFC905]
+xtp 36 XTP # Xpress Transfer Protocol
+ddp 37 DDP # Datagram Delivery Protocol
+idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport
+ipv6 41 IPv6 # Internet Protocol, version 6
+ipv6-route 43 IPv6-Route # Routing Header for IPv6
+ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6
+idrp 45 IDRP # Inter-Domain Routing Protocol
+rsvp 46 RSVP # Reservation Protocol
+gre 47 GRE # General Routing Encapsulation
+esp 50 IPSEC-ESP # Encap Security Payload [RFC2046]
+ah 51 IPSEC-AH # Authentication Header [RFC2402]
+skip 57 SKIP # SKIP
+ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6
+ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6
+ipv6-opts 60 IPv6-Opts # Destination Options for IPv6
+rspf 73 RSPF CPHB # Radio Shortest Path First (officially CPHB)
+vmtp 81 VMTP # Versatile Message Transport
+eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)
+ospf 89 OSPFIGP # Open Shortest Path First IGP
+ax.25 93 AX.25 # AX.25 frames
+ipip 94 IPIP # IP-within-IP Encapsulation Protocol
+etherip 97 ETHERIP # Ethernet-within-IP Encapsulation [RFC3378]
+encap 98 ENCAP # Yet Another IP encapsulation [RFC1241]
+# 99 # any private encryption scheme
+pim 103 PIM # Protocol Independent Multicast
+ipcomp 108 IPCOMP # IP Payload Compression Protocol
+vrrp 112 VRRP # Virtual Router Redundancy Protocol
+l2tp 115 L2TP # Layer Two Tunneling Protocol [RFC2661]
+isis 124 ISIS # IS-IS over IPv4
+sctp 132 SCTP # Stream Control Transmission Protocol
+fc 133 FC # Fibre Channel
+
diff --git a/package/base-files/default/etc/shells b/package/base-files/default/etc/shells
new file mode 100644
index 000000000..006aa38ce
--- /dev/null
+++ b/package/base-files/default/etc/shells
@@ -0,0 +1 @@
+/bin/ash
diff --git a/package/base-files/default/etc/sysctl.conf b/package/base-files/default/etc/sysctl.conf
new file mode 100644
index 000000000..2050b0c88
--- /dev/null
+++ b/package/base-files/default/etc/sysctl.conf
@@ -0,0 +1,7 @@
+kernel.panic=3
+net.ipv4.ip_forward=1
+net.ipv4.icmp_echo_ignore_broadcasts=1
+net.ipv4.icmp_ignore_bogus_error_responses=1
+net.ipv4.tcp_fin_timeout=30
+net.ipv4.tcp_keepalive_time=120
+net.ipv4.tcp_timestamps=0