diff options
Diffstat (limited to 'package/base-files/default/etc')
24 files changed, 503 insertions, 0 deletions
diff --git a/package/base-files/default/etc/banner b/package/base-files/default/etc/banner new file mode 100644 index 000000000..2b2b2c015 --- /dev/null +++ b/package/base-files/default/etc/banner @@ -0,0 +1,6 @@ + _______ ________ __ + | |.-----.-----.-----.| | | |.----.| |_ + | - || _ | -__| || | | || _|| _| + |_______|| __|_____|__|__||________||__| |____| + |__| W I R E L E S S F R E E D O M + diff --git a/package/base-files/default/etc/dnsmasq.conf b/package/base-files/default/etc/dnsmasq.conf new file mode 100644 index 000000000..4ef96803a --- /dev/null +++ b/package/base-files/default/etc/dnsmasq.conf @@ -0,0 +1,25 @@ +# filter what we send upstream +domain-needed +bogus-priv +filterwin2k +localise-queries + +# allow /etc/hosts and dhcp lookups via *.lan +local=/lan/ +domain=lan + +# no dhcp / dns queries from the wan +except-interface=vlan1 + +# enable dhcp (start,end,netmask,leasetime) +dhcp-authoritative +#dhcp-range=192.168.1.100,192.168.1.250,255.255.255.0,12h +#dhcp-leasefile=/tmp/dhcp.leases + +# use /etc/ethers for static hosts; same format as --dhcp-host +# <hwaddr> [<hostname>] <ipaddr> +read-ethers + +# other useful options: +# default route(s): dhcp-option=3,192.168.1.1,192.168.1.2 +# dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2 diff --git a/package/base-files/default/etc/firewall.user b/package/base-files/default/etc/firewall.user new file mode 100755 index 000000000..1781bd4ea --- /dev/null +++ b/package/base-files/default/etc/firewall.user @@ -0,0 +1,27 @@ +#!/bin/sh +. /etc/functions.sh + +WAN=$(nvram get wan_ifname) +LAN=$(nvram get lan_ifname) + +iptables -F input_rule +iptables -F output_rule +iptables -F forwarding_rule +iptables -t nat -F prerouting_rule +iptables -t nat -F postrouting_rule + +### BIG FAT DISCLAIMER +### The "-i $WAN" literally means packets that came in over the $WAN interface; +### this WILL NOT MATCH packets sent from the LAN to the WAN address. + +### Allow SSH from WAN +# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j ACCEPT +# iptables -A input_rule -i $WAN -p tcp --dport 22 -j ACCEPT + +### Port forwarding +# iptables -t nat -A prerouting_rule -i $WAN -p tcp --dport 22 -j DNAT --to 192.168.1.2 +# iptables -A forwarding_rule -i $WAN -p tcp --dport 22 -d 192.168.1.2 -j ACCEPT + +### DMZ (should be placed after port forwarding / accept rules) +# iptables -t nat -A prerouting_rule -i $WAN -j DNAT --to 192.168.1.2 +# iptables -A forwarding_rule -i $WAN -d 192.168.1.2 -j ACCEPT diff --git a/package/base-files/default/etc/functions.sh b/package/base-files/default/etc/functions.sh new file mode 100755 index 000000000..60d6231f8 --- /dev/null +++ b/package/base-files/default/etc/functions.sh @@ -0,0 +1,57 @@ +#!/bin/ash + +alias debug=${DEBUG:-:} + +# allow env to override nvram +nvram () { + case $1 in + get) eval "echo \${NVRAM_$2:-\$(command nvram get $2)}";; + *) command nvram $*;; + esac +} +. /etc/nvram.overrides + +# valid interface? +if_valid () ( + ifconfig "$1" >&- 2>&- || + [ "${1%%[0-9]}" = "br" ] || + { + [ "${1%%[0-9]}" = "vlan" ] && ( + i=${1#vlan} + hwname=$(nvram get vlan${i}hwname) + hwaddr=$(nvram get ${hwname}macaddr) + [ -z "$hwaddr" ] && return 1 + + vif=$(ifconfig -a | awk '/^eth.*'$hwaddr'/ {print $1; exit}' IGNORECASE=1) + debug "# vlan$i => $vif" + + $DEBUG ifconfig $vif up + $DEBUG vconfig add $vif $i 2>&- + ) + } || + { debug "# missing interface '$1' ignored"; false; } +) + +bitcount () { + local c=$1 + echo $(( + c=((c>> 1)&0x55555555)+(c&0x55555555), + c=((c>> 2)&0x33333333)+(c&0x33333333), + c=((c>> 4)&0x0f0f0f0f)+(c&0x0f0f0f0f), + c=((c>> 8)&0x00ff00ff)+(c&0x00ff00ff), + c=((c>>16)&0x0000ffff)+(c&0x0000ffff) + )) +} + +valid_netmask () { + return $((-($1)&~$1)) +} + +ip2int () ( + set $(echo $1 | tr '\.' ' ') + echo $(($1<<24|$2<<16|$3<<8|$4)) +) + +int2ip () { + echo $(($1>>24&255)).$(($1>>16&255)).$(($1>>8&255)).$(($1&255)) +} diff --git a/package/base-files/default/etc/group b/package/base-files/default/etc/group new file mode 100644 index 000000000..c4e77f316 --- /dev/null +++ b/package/base-files/default/etc/group @@ -0,0 +1,2 @@ +root:x:0: +nogroup:x:65534: diff --git a/package/base-files/default/etc/hosts b/package/base-files/default/etc/hosts new file mode 100644 index 000000000..ce138ec1e --- /dev/null +++ b/package/base-files/default/etc/hosts @@ -0,0 +1 @@ +127.0.0.1 localhost OpenWrt diff --git a/package/base-files/default/etc/init.d/S10boot b/package/base-files/default/etc/init.d/S10boot new file mode 100755 index 000000000..22096d5fb --- /dev/null +++ b/package/base-files/default/etc/init.d/S10boot @@ -0,0 +1,38 @@ +#!/bin/sh +echo "S" > /proc/jffs2_bbc + +mkdir -p /var/run +mkdir -p /var/log +touch /var/log/wtmp +touch /var/log/lastlog + +[ "$(nvram get il0macaddr)" = "00:90:4c:5f:00:2a" ] && { + # if default wifi mac, set two higher than the lan mac + nvram set il0macaddr=$(nvram get et0macaddr| + awk '{OFS=FS=":";for(x=7,y=2;--x;){$x=sprintf("%02x",(y+="0x"$x)%256);y/=256}print}') +} + +# set up the vlan*ports variables for the asus wl-500g deluxe +# if they don't already exist +[ "$(nvram get boardtype)" = "bcm95365r" \ +-a "$(nvram get boardnum)" = "45" \ +-a -z "$(nvram get vlan0ports)$(nvram get vlan1ports)" ] && { + nvram set vlan0ports="1 2 3 4 5*" + nvram set vlan1ports="0 5" +} + +sed 's/^[^#]/insmod &/' /etc/modules /etc/modules.d/* 2>&-|ash + +ifconfig lo 127.0.0.1 up +ifconfig eth0 promisc + +HOSTNAME=$(nvram get wan_hostname) +HOSTNAME=${HOSTNAME%%.*} +echo ${HOSTNAME:=OpenWrt}>/proc/sys/kernel/hostname + +vconfig set_name_type VLAN_PLUS_VID_NO_PAD + +# automagically run firstboot +[ -z "$FAILSAFE" ] && { + { mount|grep "on / type jffs2" 1>&-; } || firstboot +} diff --git a/package/base-files/default/etc/init.d/S40network b/package/base-files/default/etc/init.d/S40network new file mode 100755 index 000000000..d8b4e4125 --- /dev/null +++ b/package/base-files/default/etc/init.d/S40network @@ -0,0 +1,14 @@ +#!/bin/sh +case "$1" in + start|restart) + ifup lan + ifup wan + ifup wifi + wifi up + + for route in $(nvram get static_route); do { + eval "set $(echo $route | sed 's/:/ /g')" + $DEBUG route add -net $1 netmask $2 gw $3 metric $4 dev $5 + } done + ;; +esac diff --git a/package/base-files/default/etc/init.d/S45firewall b/package/base-files/default/etc/init.d/S45firewall new file mode 100755 index 000000000..8350ccbfe --- /dev/null +++ b/package/base-files/default/etc/init.d/S45firewall @@ -0,0 +1,92 @@ +#!/bin/sh + +## Please make changes in /etc/firewall.user + +. /etc/functions.sh +WAN=$(nvram get wan_ifname) +LAN=$(nvram get lan_ifname) + +## CLEAR TABLES +for T in filter nat mangle; do + iptables -t $T -F + iptables -t $T -X +done + +iptables -N input_rule +iptables -N output_rule +iptables -N forwarding_rule + +iptables -t nat -N prerouting_rule +iptables -t nat -N postrouting_rule + +### INPUT +### (connections with the router as destination) + + # base case + iptables -P INPUT DROP + iptables -A INPUT -m state --state INVALID -j DROP + iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + iptables -A INPUT -p tcp --tcp-flags SYN SYN --tcp-option \! 2 -j DROP + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A INPUT -j input_rule + + # allow + iptables -A INPUT -i \! $WAN -j ACCEPT # allow from lan/wifi interfaces + iptables -A INPUT -p icmp -j ACCEPT # allow ICMP + iptables -A INPUT -p gre -j ACCEPT # allow GRE + + # reject (what to do with anything not allowed earlier) + iptables -A INPUT -p tcp -j REJECT --reject-with tcp-reset + iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable + +### OUTPUT +### (connections with the router as source) + + # base case + iptables -P OUTPUT DROP + iptables -A OUTPUT -m state --state INVALID -j DROP + iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A OUTPUT -j output_rule + + # allow + iptables -A OUTPUT -j ACCEPT #allow everything out + + # reject (what to do with anything not allowed earlier) + iptables -A OUTPUT -p tcp -j REJECT --reject-with tcp-reset + iptables -A OUTPUT -j REJECT --reject-with icmp-port-unreachable + +### FORWARDING +### (connections routed through the router) + + # base case + iptables -P FORWARD DROP + iptables -A FORWARD -m state --state INVALID -j DROP + iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu + iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT + + # + # insert accept rule or to jump to new accept-check table here + # + iptables -A FORWARD -j forwarding_rule + + # allow + iptables -A FORWARD -i br0 -o br0 -j ACCEPT + iptables -A FORWARD -i $LAN -o $WAN -j ACCEPT + + # reject (what to do with anything not allowed earlier) + # uses the default -P DROP + +### MASQ + iptables -t nat -A PREROUTING -j prerouting_rule + iptables -t nat -A POSTROUTING -j postrouting_rule + iptables -t nat -A POSTROUTING -o $WAN -j MASQUERADE + +## USER RULES +[ -f /etc/firewall.user ] && . /etc/firewall.user diff --git a/package/base-files/default/etc/init.d/S50dnsmasq b/package/base-files/default/etc/init.d/S50dnsmasq new file mode 100755 index 000000000..6a5af0f05 --- /dev/null +++ b/package/base-files/default/etc/init.d/S50dnsmasq @@ -0,0 +1,27 @@ +#!/bin/sh +. /etc/functions.sh + +# interface to use for DHCP +iface=lan + +ifname=$(nvram get ${iface}_ifname) +ipaddr=$(nvram get ${iface}_ipaddr) +netmask=$(nvram get ${iface}_netmask) + +( + # check for existing DHCP server + udhcpc -n -q -R -s /dev/zero -i $ifname >&- || { + + ipaddr=$(ip2int $ipaddr) + netmask=$(ip2int ${netmask:-255.255.255.0}) + network=$((ipaddr&netmask)) + + start=$(nvram get dhcp_start) + start=$((network+${start:-100})) + end=$(nvram get dhcp_num) + end=$((start+${end:-150})) + + args="-l /tmp/dhcp.leases -K -F $(int2ip $start),$(int2ip $end),$(int2ip $netmask),12h" + } + dnsmasq ${args} +) & diff --git a/package/base-files/default/etc/init.d/S50httpd b/package/base-files/default/etc/init.d/S50httpd new file mode 100755 index 000000000..9cf551e5c --- /dev/null +++ b/package/base-files/default/etc/init.d/S50httpd @@ -0,0 +1,2 @@ +#!/bin/sh +httpd -p 80 -h /www -r WRT54G Router diff --git a/package/base-files/default/etc/init.d/S50telnet b/package/base-files/default/etc/init.d/S50telnet new file mode 100755 index 000000000..599c3540e --- /dev/null +++ b/package/base-files/default/etc/init.d/S50telnet @@ -0,0 +1,2 @@ +#!/bin/sh +telnetd -l /bin/login diff --git a/package/base-files/default/etc/init.d/S99done b/package/base-files/default/etc/init.d/S99done new file mode 100755 index 000000000..ce6033721 --- /dev/null +++ b/package/base-files/default/etc/init.d/S99done @@ -0,0 +1,4 @@ +#!/bin/sh +# set leds to normal state +echo "0x00" > /proc/sys/diag +sysctl -p >&- diff --git a/package/base-files/default/etc/init.d/rcS b/package/base-files/default/etc/init.d/rcS new file mode 100755 index 000000000..e6daddc59 --- /dev/null +++ b/package/base-files/default/etc/init.d/rcS @@ -0,0 +1,8 @@ +#!/bin/sh +syslogd -C 16 +klogd +${FAILSAFE:+telnetd -l /bin/login; ifup lan; exit} + +for i in /etc/init.d/S*; do + $i start 2>&1 +done | logger -s -p 6 -t '' & diff --git a/package/base-files/default/etc/inittab b/package/base-files/default/etc/inittab new file mode 100644 index 000000000..aab2df956 --- /dev/null +++ b/package/base-files/default/etc/inittab @@ -0,0 +1,3 @@ +::sysinit:/etc/init.d/rcS +::shutdown:/sbin/halt +tts/0::askfirst:/bin/ash --login diff --git a/package/base-files/default/etc/ipkg.conf b/package/base-files/default/etc/ipkg.conf new file mode 100644 index 000000000..386721331 --- /dev/null +++ b/package/base-files/default/etc/ipkg.conf @@ -0,0 +1,3 @@ +src experimental http://openwrt.org/downloads/experimental/bin/packages +dest root / +dest ram /tmp diff --git a/package/base-files/default/etc/modules b/package/base-files/default/etc/modules new file mode 100644 index 000000000..e717eae57 --- /dev/null +++ b/package/base-files/default/etc/modules @@ -0,0 +1,2 @@ +et +wl diff --git a/package/base-files/default/etc/nvram.overrides b/package/base-files/default/etc/nvram.overrides new file mode 100644 index 000000000..d457af48e --- /dev/null +++ b/package/base-files/default/etc/nvram.overrides @@ -0,0 +1,96 @@ +# NVRAM overrides +# +# This file handles the NVRAM quirks of various hardware. +# THIS FILE IS NOT A REPLACEMENT FOR NVRAM + +# Load sysconf defaults +[ -f /etc/sysconf ] && . /etc/sysconf + +# linksys bug; remove when not using static configuration for lan +NVRAM_lan_proto="static" + +remap () { + for type in lan wifi wan pppoe + do + for s in '' s + do + eval NVRAM_${type}_ifname$s=\"$(nvram get ${type}_ifname$s|sed s/$1/$2/g)\" + done + done +} + +# hacks for wrt54g 1.x hardware +[ "$(nvram get boardnum)" = "42" \ +-a "$(nvram get boardtype)" = "bcm94710dev" ] && { + debug "### wrt54g 1.x hack ###" + NVRAM_vlan1hwname="et0" + NVRAM_vlan2hwname="et0" + FAILSAFE_ifnames="vlan1 vlan2 eth2" + remap eth0 vlan2 + remap eth1 vlan1 +} + +# hacks for asus wl-500g deluxe +[ "$(nvram get boardtype)" = "bcm95365r" \ +-a "$(nvram get boardnum)" = "45" ] && { + debug "### wl-500g deluxe hacks ###" + NVRAM_vlan0hwname="et0" + NVRAM_vlan1hwname="et0" + FAILSAFE_ifnames="vlan0 eth1" + remap eth0.1 vlan0 + remap eth0 vlan1 +} + +# hacks for asus wl-300g +[ "$(nvram get productid)" = "WL300g" ] && { + debug "### wl-300g hacks ###" + NVRAM_lan_ifnames="eth0 eth2" + NVRAM_wan_ifname="none" +} + +# hacks for wap54g hardware +[ "$(nvram get boardnum)" = "2" \ +-o "$(nvram get boardnum)" = "1024" ] && { + debug "### wap54g hack ###" + NVRAM_wan_ifname="none" + FAILSAFE_ifnames="eth0 eth1" +} + +# hacks for buffalo wla2-g54l +[ "$(nvram get boardnum)" = "00" \ +-a "$(nvram get product_name)" = "Product_name" \ +-o "$(nvram get product_name)" = "WLA2-G54L" ] && { + debug "### wla2-g54l hacks ###" + NVRAM_wan_ifname="none" + NVRAM_lan_ifnames="vlan0" +} + +# hack for asus wl-500g hardware +[ "$(nvram get boardnum)" = "asusX" \ +-a "$(nvram get boardtype)" = "bcm94710dev" ] && { + FAILSAFE_ifnames="eth0 eth2" +} + +# defaults if lan_ifname is missing +[ -z "$(nvram get lan_ifname)" ] && { + NVRAM_lan_ifname="br0" + NVRAM_lan_ifnames=${FAILSAFE_ifnames:-"vlan0 vlan2 eth1 eth2 eth3"} +} + +# defaults if wan_ifname is missing +[ -z "$(nvram get wan_ifname)" ] && { + NVRAM_wan_ifname="vlan1" + NVRAM_wan_proto="dhcp" +} + +# failsafe if reset is held +[ "$FAILSAFE" = "true" ] && { + echo "### YOU ARE IN FAILSAFE MODE ####" + NVRAM_lan_ifname="br0" + NVRAM_lan_ifnames=${FAILSAFE_ifnames:-"vlan0 vlan1 eth1 eth2 eth3"} + NVRAM_lan_ipaddr=${BR2_SYSCONF_FAILSAFE_IP:-"192.168.1.1"} + NVRAM_lan_netmask=${BR2_SYSCONF_FAILSAFE_NETMASK:-"255.255.255.0"} + NVRAM_lan_hwaddr=${BR2_SYSCONF_FAILSAFE_MAC:-"00:0B:AD:0A:DD:00"} + NVRAM_wan_ifname="none" + NVRAM_wifi_ifname="none" +} diff --git a/package/base-files/default/etc/passwd b/package/base-files/default/etc/passwd new file mode 100644 index 000000000..3b660a0d4 --- /dev/null +++ b/package/base-files/default/etc/passwd @@ -0,0 +1,2 @@ +root:!:0:0:root:/tmp:/bin/ash +nobody:*:65534:65534:nobody:/var:/bin/false diff --git a/package/base-files/default/etc/preinit b/package/base-files/default/etc/preinit new file mode 100755 index 000000000..0c59893f7 --- /dev/null +++ b/package/base-files/default/etc/preinit @@ -0,0 +1,17 @@ +#!/bin/sh +mount none /proc -t proc +insmod diag +echo 0x01 > /proc/sys/diag +sleep 1 +if [ $(cat /proc/sys/reset) = 1 ] || [ "$(/usr/sbin/nvram get failsafe)" = 1 ]; then + export FAILSAFE=true + [ "$(/usr/sbin/nvram get boot_wait)" != "on" ] && { + /usr/sbin/nvram set boot_wait=on + /usr/sbin/nvram commit + } + while :; do { echo $(((X=(X+1)%8)%2)) > /proc/sys/diag; sleep $((X==0)); } done & +fi + +/sbin/mount_root ${FAILSAFE:+failsafe} + +exec /sbin/init diff --git a/package/base-files/default/etc/profile b/package/base-files/default/etc/profile new file mode 100644 index 000000000..1d98ae340 --- /dev/null +++ b/package/base-files/default/etc/profile @@ -0,0 +1,11 @@ +#!/bin/sh +[ -f /etc/banner ] && cat /etc/banner + +export PATH=/bin:/sbin:/usr/bin:/usr/sbin +export PS1='\u@\h:\w\$ ' + +[ -x /usr/bin/less ] || alias less=more +alias vim=vi + +arp() { cat /proc/net/arp; } +ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; } diff --git a/package/base-files/default/etc/protocols b/package/base-files/default/etc/protocols new file mode 100644 index 000000000..53fecb6d3 --- /dev/null +++ b/package/base-files/default/etc/protocols @@ -0,0 +1,56 @@ +# Internet (IP) protocols +# +# Updated from http://www.iana.org/assignments/protocol-numbers and other +# sources. +# New protocols will be added on request if they have been officially +# assigned by IANA and are not historical. +# If you need a huge list of used numbers please install the nmap package. + +ip 0 IP # internet protocol, pseudo protocol number +#hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883] +icmp 1 ICMP # internet control message protocol +igmp 2 IGMP # Internet Group Management +ggp 3 GGP # gateway-gateway protocol +ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'') +st 5 ST # ST datagram mode +tcp 6 TCP # transmission control protocol +egp 8 EGP # exterior gateway protocol +igp 9 IGP # any private interior gateway (Cisco) +pup 12 PUP # PARC universal packet protocol +udp 17 UDP # user datagram protocol +hmp 20 HMP # host monitoring protocol +xns-idp 22 XNS-IDP # Xerox NS IDP +rdp 27 RDP # "reliable datagram" protocol +iso-tp4 29 ISO-TP4 # ISO Transport Protocol class 4 [RFC905] +xtp 36 XTP # Xpress Transfer Protocol +ddp 37 DDP # Datagram Delivery Protocol +idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport +ipv6 41 IPv6 # Internet Protocol, version 6 +ipv6-route 43 IPv6-Route # Routing Header for IPv6 +ipv6-frag 44 IPv6-Frag # Fragment Header for IPv6 +idrp 45 IDRP # Inter-Domain Routing Protocol +rsvp 46 RSVP # Reservation Protocol +gre 47 GRE # General Routing Encapsulation +esp 50 IPSEC-ESP # Encap Security Payload [RFC2046] +ah 51 IPSEC-AH # Authentication Header [RFC2402] +skip 57 SKIP # SKIP +ipv6-icmp 58 IPv6-ICMP # ICMP for IPv6 +ipv6-nonxt 59 IPv6-NoNxt # No Next Header for IPv6 +ipv6-opts 60 IPv6-Opts # Destination Options for IPv6 +rspf 73 RSPF CPHB # Radio Shortest Path First (officially CPHB) +vmtp 81 VMTP # Versatile Message Transport +eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco) +ospf 89 OSPFIGP # Open Shortest Path First IGP +ax.25 93 AX.25 # AX.25 frames +ipip 94 IPIP # IP-within-IP Encapsulation Protocol +etherip 97 ETHERIP # Ethernet-within-IP Encapsulation [RFC3378] +encap 98 ENCAP # Yet Another IP encapsulation [RFC1241] +# 99 # any private encryption scheme +pim 103 PIM # Protocol Independent Multicast +ipcomp 108 IPCOMP # IP Payload Compression Protocol +vrrp 112 VRRP # Virtual Router Redundancy Protocol +l2tp 115 L2TP # Layer Two Tunneling Protocol [RFC2661] +isis 124 ISIS # IS-IS over IPv4 +sctp 132 SCTP # Stream Control Transmission Protocol +fc 133 FC # Fibre Channel + diff --git a/package/base-files/default/etc/shells b/package/base-files/default/etc/shells new file mode 100644 index 000000000..006aa38ce --- /dev/null +++ b/package/base-files/default/etc/shells @@ -0,0 +1 @@ +/bin/ash diff --git a/package/base-files/default/etc/sysctl.conf b/package/base-files/default/etc/sysctl.conf new file mode 100644 index 000000000..2050b0c88 --- /dev/null +++ b/package/base-files/default/etc/sysctl.conf @@ -0,0 +1,7 @@ +kernel.panic=3 +net.ipv4.ip_forward=1 +net.ipv4.icmp_echo_ignore_broadcasts=1 +net.ipv4.icmp_ignore_bogus_error_responses=1 +net.ipv4.tcp_fin_timeout=30 +net.ipv4.tcp_keepalive_time=120 +net.ipv4.tcp_timestamps=0 |