#!/bin/sh # #--lavr, all-RC places for auto-start at bootstrap procedure local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs. rc_conf_files="/etc/rc.conf /etc/rc.conf.local" ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network and firewall/security options: ### hostname="unix1.jinr.ru" # Set this! nisdomainname="cms.jinr.ru" # Set to NIS domain if using NIS (or NO). #--lavr, all for IPFW firewall_enable="YES" # Set to YES to enable firewall functionality firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall #firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_type="open" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display firewall_logging="NO" # Set to YES to enable events logging firewall_flags="" # Flags passed to ipfw when type is a file #--lavr, re-assign SOME-WANTED PORT-NUMPERS from port-address to other ip_portrange_first="NO" # Set first dynamically allocated port ip_portrange_last="NO" # Set last dynamically allocated port #--lavr, setkey for IPSEC, we havn't IPSEC sets ipsec_enable="NO" # Set to YES to run setkey on ipsec_file ipsec_file="/etc/ipsec.conf" # Name of config file for setkey #--lavr, NATD related natd_program="/sbin/natd" # path to natd, if you want a different one. natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface or IPaddress to use. natd_flags="" # Additional flags for natd. #--lavr, IPFILTER section, but we havn't it ipfilter_enable="NO" # Set to YES to enable ipfilter functionality ipfilter_program="/sbin/ipf -Fa -f" # program and how to specify the rules file, # see /etc/rc.network (pass1) for details ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see # /usr/src/contrib/ipfilter/rules for examples ipfilter_flags="-E" # should be *empty* when ipf is _not_ a module # (i.e. compiled into the kernel) to # avoid a warning about "already initialized" ipnat_enable="NO" # Set to YES for ipnat; needs ipfilter, too! ipnat_program="/sbin/ipnat -CF -f" # program and how to specify rules file ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat ipnat_flags="" # additional flags for ipnat ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter, too! ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog" #--lavr, some NET's extensions #tcp_extensions="YES" # Set to YES to turn on RFC1323 extensions. tcp_extensions="NO" # Set to YES to turn on RFC1323 extensions. log_in_vain="NO" # YES to log connects to ports w/o listeners. tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO). # For the following two options, you need to have TCP_DROP_SYNFIN and # TCP_RESTRICT_RST set in your kernel. Please refer to LINT for details. tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN # NOTE: this violates the TCP specification tcp_restrict_rst="NO" # Set to YES to restrict emission of RST icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets #--lavr, CNTC-NET settings #network_interfaces="auto" # List of network interfaces (or "auto"). network_interfaces="lo0 ed0" # List of network interfaces (or "auto"). ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. ifconfig_ed0="inet _÷áû_IP_ADDRESS_ netmask _÷áûá_íáóëá_" #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. #ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry. ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_flags="-s" # Flags to syslogd (if enabled). inetd_enable="YES" # Run the network daemon dispatcher (or NO). inetd_flags="-wW" # Optional flags to inetd #--lavr, WE HAVE LOCAL setting & startup # # named. It may be possible to run named in a sandbox, man security for # details. # named_enable="NO" # Run named, the DNS server (or NO). named_program="named" # path to named, if you want a different one. named_flags="" # Flags for named #named_flags="-u bind -g bind" # Flags for named #--lavr, NFS CLIENT/SERVER RUN'S nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_client_flags="-n 4" # Flags to nfsiod (if enabled). nfs_access_cache="2" # Client cache timeout in seconds nfs_server_enable="NO" # This host is an NFS server (or NO). nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled). single_mountd_enable="NO" # Run mountd only (or NO). mountd_flags="-r" # Flags to mountd (if NFS server enabled). weak_mountd_authentication="NO" # Allow non-root mount requests to be served. nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). nfs_bufpackets="DEFAULT" # bufspace (in packets) for client (or DEFAULT) rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server. rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO). #--lavr PORTMAPPER portmap_enable="YES" # Run the portmapper service (or NO). portmap_program="/usr/sbin/portmap" # path to portmap, if you want a different one. portmap_flags="" # Flags to portmap (if enabled). #--lavr NIS-Master with SecureRPS -??? rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). keyserv_flags="" # Flags to keyserv (if enabled). #--lavr, some ex-NET for lovely rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="" # Flags to rarpd. xtend_enable="NO" # Run the X-10 power controller daemon. xtend_flags="" # Flags to xtend (if enabled). #--lavr, SSHD=YES sshd_enable="YES" # Enable sshd sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one. sshd_flags="" # Additional flags for sshd. ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO). ntpdate_program="ntpdate" # path to ntpdate, if you want a different one. ntpdate_flags="" # Flags to ntpdate (if enabled). xntpd_enable="NO" # Run ntpd Network Time Protocol (or NO). xntpd_program="ntpd" # path to ntpd, if you want a different one. xntpd_flags="-p /var/run/ntpd.pid" # Flags to ntpd (if enabled). # Network Information Services (NIS) options: ### nis_client_enable="YES" # We're an NIS client (or NO). nis_client_flags="-s" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="YES" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). ### Network routing options: ### defaultrouter="159.93.17.1" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. router_enable="NO" # Set to YES to enable a routing daemon. router="routed" # Name of routing daemon to use if enabled. router_flags="-q" # Flags for routing daemon. mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf). mrouted_flags="" # Flags for multicast routing daemon. #--lavr, some networks tricks arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us ### Miscellaneous network options: ### icmp_bmcastecho="NO" # respond to broadcast ping packets ### IPv6 options: ### #ipv6_enable="NO" # Set to YES to set up for IPv6. #ipv6_network_interfaces="auto" # List of network interfaces (or "auto"). #ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO). #ipv6_static_routes="" # Set to static route list (or leave empty). #ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64 # route toward loopback interface. #ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1" #ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway. #ipv6_router_enable="NO" # Set to YES to enable an IPv6 routing daemon. #ipv6_router="/usr/sbin/route6d" # Name of IPv6 routing daemon. #ipv6_router_flags="" # Flags to IPv6 routing daemon. #ipv6_router_flags="-l" # Example for route6d with only IPv6 site local # addrs. #ipv6_network_interfaces="ed0 ep0" # Examples for router # or static configuration for end node. # Choose correct prefix value. #ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr. #ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr. #ipv6_ifconfig_ed0="fec0:0:0:5::1 prefixlen 64" # Sample alias entry #ipv6_default_interface="" # Default output interface for scoped addrs. # Now this works only for IPv6 link local # multicast addrs. #prefixcmd_enable="YES" # Use prefix command to assign router prefix. #rtadvd_enable="YES" # Set to YES to enable an IPv6 router # advertisement daemon. If set to YES, # this router becomes a possible candidate # IPv6 default router for local subnets. #mroute6d_enable="NO" # Do IPv6 multicast routing. #mroute6d_program="/usr/sbin/pim6dd" # Name of IPv6 multicast routing # daemon. #mroute6d_flags="" # Flags to IPv6 multicast routing daemon. #gif_interfaces="NO" # List of GIF tunnels (or "NO"). #gif_interfaces="gif0 gif1" # Examples typically for a router. # Choose correct tunnel addrs. #gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router. #gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router. #stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4 # tunneling interface. Specify this entry # to enable 6to4 interface. #stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr, # to limit peer addr range. Effective value # is 0-31. #stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0. # If you like, you can set "AUTO" for this. #stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0 #ipv6_ipv4mapping="YES" # Leave empty to disable IPv4 mapped IPv6 addr # communication. (like ::ffff:a.b.c.d) #ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall # functionality #ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall #ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6) #ipv6_firewall_quiet="NO" # Set to YES to suppress rule display #ipv6_firewall_logging="NO" # Set to YES to enable events logging #ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file ############################################################## ### System console options ################################# ############################################################## keymap="ru.koi8-r" # keymap in /usr/share/syscons/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # bell to duration.pitch or normal or visual (or NO). keychange="NO" # function keys default values (or NO). #cursor="normal" # cursor type {normal|blink|destructive} (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). font8x16="koi8-r-8x16" # font 8x16 from /usr/share/syscons/fonts/* (or NO). font8x14="koi8-r-8x14" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="koi8-r-8x8" # font 8x8 from /usr/share/syscons/fonts/* (or NO). #--lavr, preferable #font8x8="cp866-8x8" #font8x14="cp866-8x14" #font8x16="cp866-8x16" #scrnmap="koi8-r2cp866" #keyrate="fast" #keymap="ru.koi8-r" blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="blank" # screen saver: Uses /modules/${saver}_saver.ko moused_enable="YES" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. moused_port="/dev/psm0" # Set to your mouse port. moused_flags="-3" # Any additional flags to moused. allscreens_flags="" # Set this vidcontrol mode for all virtual screens ############################################################## ### Miscellaneous administrative options ################### ############################################################## cron_enable="YES" # Run the periodic job daemon. #--lavr, Printer Running lpd_enable="NO" # Run the line printer daemon. lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one. lpd_flags="" # Flags to lpd (if enabled). #--lavr, Sendmail flags sendmail_enable="YES" # Run the sendmail daemon (or NO). sendmail_flags="-bd -q30m" # Flags to sendmail (if enabled) #--lavr, where we want to dump crash dumpdev="NO" # Device name to crashdump to (or NO). #--lavr, Quotas enable_quotas="NO" # turn on quotas on startup (or NO). check_quotas="YES" # Check quotas on startup (or NO). #--lavr, accounting accounting_enable="YES" # Turn on process accounting (or NO). #--lavr, load emulation modules/kldload #ibcs2_enable="YES" # Ibcs2 (SCO) emulation loaded at startup (or NO). #ibcs2_loaders="YES" # List of additional Ibcs2 loaders (or NO). #linux_enable="YES" # Linux binary compatibility loaded at startup (or NO). #svr4_enable="YES" # SysVR4 emulation loaded at startup (or NO). #--lavr, some tips rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO). clear_tmp_enable="NO" # Clear /tmp at startup. #--lavr, set path for dynamic libraries ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths ldconfig_paths_aout="/usr/lib/compat/aout /usr/X11R6/lib/aout /usr/local/lib/aout" # a.out shared library search paths #--lavr, set SecureKernel level, BE CAREFULL - don't touch if don't knows kern_securelevel_enable="NO" # kernel security level (see init(8)), kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure #--lavr update_motd="YES" # update version info in /etc/motd (or NO)