From 0c2686e9d7220b4a09d3377d35db336860ede456 Mon Sep 17 00:00:00 2001 From: Xiangfu Date: Mon, 12 Mar 2012 10:40:08 +0800 Subject: [PATCH] milkyist-files: add uci config files for 703n --- milkymist-files/data/m1/files/etc/config/dhcp | 27 ++++ .../data/m1/files/etc/config/firewall | 141 ++++++++++++++++++ .../data/m1/files/etc/config/network | 14 ++ .../data/m1/files/etc/config/uhttpd | 84 +++++++++++ 4 files changed, 266 insertions(+) create mode 100644 milkymist-files/data/m1/files/etc/config/dhcp create mode 100644 milkymist-files/data/m1/files/etc/config/firewall create mode 100644 milkymist-files/data/m1/files/etc/config/network create mode 100644 milkymist-files/data/m1/files/etc/config/uhttpd diff --git a/milkymist-files/data/m1/files/etc/config/dhcp b/milkymist-files/data/m1/files/etc/config/dhcp new file mode 100644 index 0000000..1efde32 --- /dev/null +++ b/milkymist-files/data/m1/files/etc/config/dhcp @@ -0,0 +1,27 @@ + +config 'dnsmasq' + option 'domainneeded' '1' + option 'boguspriv' '1' + option 'filterwin2k' '0' + option 'localise_queries' '1' + option 'rebind_protection' '1' + option 'rebind_localhost' '1' + option 'local' '/lan/' + option 'domain' 'lan' + option 'expandhosts' '1' + option 'nonegcache' '0' + option 'authoritative' '1' + option 'readethers' '1' + option 'leasefile' '/tmp/dhcp.leases' + option 'resolvfile' '/tmp/resolv.conf.auto' + +config 'dhcp' 'lan' + option 'interface' 'lan' + option 'start' '100' + option 'leasetime' '12h' + option 'limit' '1' + +config 'dhcp' 'wan' + option 'interface' 'wan' + option 'ignore' '1' + diff --git a/milkymist-files/data/m1/files/etc/config/firewall b/milkymist-files/data/m1/files/etc/config/firewall new file mode 100644 index 0000000..46ec945 --- /dev/null +++ b/milkymist-files/data/m1/files/etc/config/firewall @@ -0,0 +1,141 @@ + +config 'defaults' + option 'syn_flood' '1' + option 'input' 'ACCEPT' + option 'output' 'ACCEPT' + option 'forward' 'REJECT' + +config 'zone' + option 'name' 'lan' + option 'network' 'lan' + option 'input' 'ACCEPT' + option 'output' 'ACCEPT' + option 'forward' 'REJECT' + +config 'zone' + option 'name' 'wan' + option 'input' 'REJECT' + option 'output' 'ACCEPT' + option 'forward' 'REJECT' + option 'masq' '1' + option 'mtu_fix' '1' + option 'network' 'wan wwan' + +config 'forwarding' + option 'src' 'lan' + option 'dest' 'wan' + +config 'rule' + option 'name' 'Allow-DHCP-Renew' + option 'src' 'wan' + option 'proto' 'udp' + option 'dest_port' '68' + option 'target' 'ACCEPT' + option 'family' 'ipv4' + +config 'rule' + option 'name' 'Allow-Ping' + option 'src' 'wan' + option 'proto' 'icmp' + option 'icmp_type' 'echo-request' + option 'family' 'ipv4' + option 'target' 'ACCEPT' + +config 'rule' + option 'name' 'Allow-DHCPv6' + option 'src' 'wan' + option 'proto' 'udp' + option 'src_ip' 'fe80::/10' + option 'src_port' '547' + option 'dest_ip' 'fe80::/10' + option 'dest_port' '546' + option 'family' 'ipv6' + option 'target' 'ACCEPT' + +config 'rule' + option 'name' 'Allow-ICMPv6-Input' + option 'src' 'wan' + option 'proto' 'icmp' + list 'icmp_type' 'echo-request' + list 'icmp_type' 'destination-unreachable' + list 'icmp_type' 'packet-too-big' + list 'icmp_type' 'time-exceeded' + list 'icmp_type' 'bad-header' + list 'icmp_type' 'unknown-header-type' + list 'icmp_type' 'router-solicitation' + list 'icmp_type' 'neighbour-solicitation' + option 'limit' '1000/sec' + option 'family' 'ipv6' + option 'target' 'ACCEPT' + +config 'rule' + option 'name' 'Allow-ICMPv6-Forward' + option 'src' 'wan' + option 'dest' '*' + option 'proto' 'icmp' + list 'icmp_type' 'echo-request' + list 'icmp_type' 'destination-unreachable' + list 'icmp_type' 'packet-too-big' + list 'icmp_type' 'time-exceeded' + list 'icmp_type' 'bad-header' + list 'icmp_type' 'unknown-header-type' + option 'limit' '1000/sec' + option 'family' 'ipv6' + option 'target' 'ACCEPT' + +config 'include' + option 'path' '/etc/firewall.user' + +config 'zone' + option 'name' 'newzone' + option 'input' 'ACCEPT' + option 'forward' 'REJECT' + option 'network' ' ' + option 'output' 'ACCEPT' + +config 'rule' + option 'target' 'ACCEPT' + option 'src' 'wan' + option 'dest_port' '22' + option 'name' 'ssh' + option 'family' 'ipv4' + option 'proto' 'tcp udp' + +config 'rule' + option 'target' 'ACCEPT' + option 'src' 'wan' + option 'dest_port' '80' + option 'name' 'web' + option 'family' 'ipv4' + option 'proto' 'tcp udp' + +config 'redirect' + option 'target' 'DNAT' + option 'src' 'wan' + option 'dest' 'lan' + option 'proto' 'tcp udp' + option 'src_dport' '4444' + option 'dest_ip' '192.168.42.100' + option 'dest_port' '4444' + option 'name' 'osc' + +config 'redirect' + option 'target' 'DNAT' + option 'src' 'wan' + option 'dest' 'lan' + option 'proto' 'tcp' + option 'src_dport' '21' + option 'dest_ip' '192.168.42.100' + option 'dest_port' '21' + option 'name' 'ftp' + +config 'redirect' + option 'target' 'DNAT' + option 'src' 'wan' + option 'dest' 'lan' + option 'proto' 'tcp udp' + option 'src_dport' '23' + option 'dest_ip' '192.168.42.100' + option 'dest_port' '23' + option 'name' 'telnet' + diff --git a/milkymist-files/data/m1/files/etc/config/network b/milkymist-files/data/m1/files/etc/config/network new file mode 100644 index 0000000..c2bd615 --- /dev/null +++ b/milkymist-files/data/m1/files/etc/config/network @@ -0,0 +1,14 @@ + +config 'interface' 'loopback' + option 'ifname' 'lo' + option 'proto' 'static' + option 'ipaddr' '127.0.0.1' + option 'netmask' '255.0.0.0' + +config 'interface' 'lan' + option 'ifname' 'eth0' + option 'type' 'bridge' + option 'proto' 'static' + option 'netmask' '255.255.255.0' + option 'ipaddr' '192.168.42.1' + diff --git a/milkymist-files/data/m1/files/etc/config/uhttpd b/milkymist-files/data/m1/files/etc/config/uhttpd new file mode 100644 index 0000000..08ca5e5 --- /dev/null +++ b/milkymist-files/data/m1/files/etc/config/uhttpd @@ -0,0 +1,84 @@ +# Server configuration +config uhttpd main + + # HTTP listen addresses, multiple allowed + list listen_http 0.0.0.0:80 +# list listen_http [::]:80 + + # HTTPS listen addresses, multiple allowed + list listen_https 0.0.0.0:443 +# list listen_https [::]:443 + + # Server document root + option home /www + + # Reject requests from RFC1918 IP addresses + # directed to the servers public IP(s). + # This is a DNS rebinding countermeasure. + option rfc1918_filter 1 + + # Certificate and private key for HTTPS. + # If no listen_https addresses are given, + # the key options are ignored. + option cert /etc/uhttpd.crt + option key /etc/uhttpd.key + + # CGI url prefix, will be searched in docroot. + # Default is /cgi-bin + option cgi_prefix /cgi-bin + + # List of extension->interpreter mappings. + # Files with an associated interpreter can + # be called outside of the CGI prefix and do + # not need to be executable. +# list interpreter ".php=/usr/bin/php-cgi" +# list interpreter ".cgi=/usr/bin/perl" + + # Lua url prefix and handler script. + # Lua support is disabled if no prefix given. +# option lua_prefix /luci +# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua + + # CGI/Lua timeout, if the called script does not + # write data within the given amount of seconds, + # the server will terminate the request with + # 504 Gateway Timeout response. + option script_timeout 60 + + # Network timeout, if the current connection is + # blocked for the specified amount of seconds, + # the server will terminate the associated + # request process. + option network_timeout 30 + + # TCP Keep-Alive, send periodic keep-alive probes + # over established connections to detect dead peers. + # The value is given in seconds to specify the + # interval between subsequent probes. + # Setting this to 0 will disable TCP keep-alive. + option tcp_keepalive 1 + + # Basic auth realm, defaults to local hostname +# option realm OpenWrt + + # Configuration file in busybox httpd format +# option config /etc/httpd.conf + + +# Certificate defaults for px5g key generator +config cert px5g + + # Validity time + option days 730 + + # RSA key size + option bits 1024 + + # Location + option country DE + option state Berlin + option location Berlin + + # Common name + option commonname OpenWrt +