Created
April 5, 2020 07:39
-
-
Save rubo77/74ee2e045d3e1e1b7fce0c9ad1099a0a to your computer and use it in GitHub Desktop.
all comments in gluon firmware
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright (C) 2013 Project Gluon | |
| # Copyright (C) 2013 Project Gluon | |
| # Firewall script for inserting and removing ebtables rules. | |
| # Example format, for filtering any IPv4 multicast packets to the SSDP UDP port: | |
| # rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP | |
| # Removing all rules: | |
| # $ /etc/init.d/gluon-ebtables stop | |
| # Inserting all rules: | |
| # $ /etc/init.d/gluon-ebtables start | |
| # Inserting a specific rule file: | |
| # $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain | |
| # Removing a specific rule file: | |
| # $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain | |
| # Contains /var/lib/ebtables/lock for '--concurrent' | |
| # Copyright (C) 2013 Project Gluon | |
| # Firewall script for inserting and removing ebtables rules. | |
| # Example format, for filtering any IPv4 multicast packets to the SSDP UDP port: | |
| # rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP | |
| # Removing all rules: | |
| # $ /etc/init.d/gluon-ebtables stop | |
| # Inserting all rules: | |
| # $ /etc/init.d/gluon-ebtables start | |
| # Inserting a specific rule file: | |
| # $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain | |
| # Removing a specific rule file: | |
| # $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain | |
| # Contains /var/lib/ebtables/lock for '--concurrent' | |
| # Copyright (C) 2007-2012 OpenWrt.org | |
| # is invalid hex literal | |
| # convert into host id | |
| # If there's no carrier yet, skip this interface. | |
| # The init script will be called again once the link is up | |
| # use entry when no instance entry set, or if it matches | |
| # TODO: DHCPV6 does not have circuitid; catch "option6:" | |
| # TODO: DHCPV6 vendor class has stricter definitions; catch? fixup? | |
| # --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap | |
| # many MAC are possible to track a laptop ON/OFF dock | |
| # --dhcp-host=id:00:03:00:01:12:00:00:01:02:03,[::beef],lap | |
| # one (virtual) machine gets one DUID per RFC3315 | |
| # --dhcp-host=lap,192.168.0.199,[::beef] | |
| # All IP addresses discovered by dnsmasq will be labeled (except fe80::) | |
| # This uses a static host file entry for only limited addresses. | |
| # Use dnsmasq option "--expandhosts" to enable FQDN on host files. | |
| # NOTE: dnsmasq has explicit "option6:" prefix for DHCPv6 so no collisions | |
| # TODO: BOOTURL is different between DHCPv4 and DHCPv6 | |
| # Many ISP do not have useful names for DHCP customers (your WAN). | |
| # Do not support non-static interfaces for now | |
| # Override interface netmask with dhcp config if applicable | |
| #check for an already active dhcp server on the interface, unless 'force' is set | |
| # Put the router host name on this DHCP served interface address(es) | |
| # Note: dnsmasq cannot just be a DHCPv6 server (all-in-1) | |
| # and let some other machine(s) send RA pointing to it. | |
| # Send UNSOLICITED RA at default interval and live for 2 hours. | |
| # TODO: convert flexible lease time into route life time (only seconds). | |
| # SLACC with DCHP for extended options | |
| # DHCP address and RA only for management redirection | |
| # SLAAC only but dnsmasq attempts to link HOSTNAME, DHCPv4 MAC, and SLAAC | |
| # SLAAC and full DHCP | |
| # NOTE: dnsmasq has explicit "option6:" prefix for DHCPv6 so no collisions | |
| # reset list of DOMAINS and DNS servers (for each dnsmasq instance) | |
| # before we can call xappend | |
| # if we did this last, we could override auto-generated config | |
| # DHCP V4 and V6 in DNSMASQ | |
| # ODHCPD is doing it all | |
| # You have ODHCPD but use DNSMASQ for DHCPV4 | |
| # DHCP V4 and V6 in DNSMASQ | |
| # Allow DHCP/DHCPv6 to be handled by ISC DHCPD | |
| # maintain support for previous UCI | |
| # Enable RA feature for when/if it is constructed, | |
| # and RA is selected per interface pool (RA, DHCP, or both), | |
| # but no one (should) want RA broadcast in syslog | |
| # Be silent on boot, firewall might be started by hotplug already, | |
| # so don't complain in syslog. | |
| # Copyright (C) 2013 OpenWrt.org | |
| # start after and stop before networking | |
| # Copyright (C) 2013-2014 OpenWrt.org | |
| # Copyright (C) 2006-2011 OpenWrt.org | |
| # compat for brcm47xx and mvebu | |
| # temporary hack until configd exists | |
| # Copyright (C) 2011 OpenWrt.org | |
| # Copyright (C) 2013-2014 OpenWrt.org | |
| # Copyright (C) 2010 Jo-Philipp Wich | |
| # Prefer px5g for certificate generation (existence evaluated last) | |
| # Copyright (C) 2008 OpenWrt.org | |
| # handled by rssileds userspace process | |
| # Backward compatibility: translate to the new trigger | |
| # Translate port of root hub, e.g. 4-1 -> usb4-port1 | |
| # Translate port of extra hub, e.g. 2-2.4 -> 2-2-port4 | |
| # Copyright (C) 2006-2011 OpenWrt.org | |
| # compat for brcm47xx and mvebu | |
| # temporary hack until configd exists | |
| # Copyright (C) 2013 OpenWrt.org | |
| # start after and stop before networking | |
| # Copyright (C) 2006 OpenWrt.org | |
| # process user commands | |
| # set leds to normal state | |
| # Copyright (C) 2006-2011 OpenWrt.org | |
| # Copyright (C) 2015 OpenWrt.org | |
| # export GPIO pin for access | |
| # we need to wait a bit until the GPIO appears | |
| # direction attribute only exists if the kernel supports changing the | |
| # direction of a GPIO | |
| # set the pin to output with high or low pin value | |
| # Copyright (C) 2014 OpenWrt.org | |
| # apply timezone to kernel | |
| # Copyright (C) 2006-2010 OpenWrt.org | |
| # Copyright (C) 2006 Carlos Sobrinho | |
| # check for keys | |
| # generate missing keys | |
| # close all open connections | |
| # if this script is run from inside a client session, then ignore that session | |
| # get parent process id | |
| # check if client connection | |
| # get all server pids that should be ignored | |
| # get all running pids and kill client connections | |
| # check if correct program, otherwise process next pid | |
| # check if pid should be ignored (servers, ourself) | |
| # kill process | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (c) 2012-2016, Matthias Schiffer <mschiffer@universe-factory.net> | |
| # These options are deprecated | |
| # Copyright (C) 2006 OpenWrt.org | |
| # first set default, then all interfaces to avoid races with appearing interfaces | |
| # Copyright (C) 2006-2010 OpenWrt.org | |
| # Copyright (C) 2006 Carlos Sobrinho | |
| # check for keys | |
| # generate missing keys | |
| # close all open connections | |
| # if this script is run from inside a client session, then ignore that session | |
| # get parent process id | |
| # check if client connection | |
| # get all server pids that should be ignored | |
| # get all running pids and kill client connections | |
| # check if correct program, otherwise process next pid | |
| # check if pid should be ignored (servers, ourself) | |
| # kill process | |
| # Copyright (C) 2015 OpenWrt.org | |
| # export GPIO pin for access | |
| # we need to wait a bit until the GPIO appears | |
| # direction attribute only exists if the kernel supports changing the | |
| # direction of a GPIO | |
| # set the pin to output with high or low pin value | |
| # (C) 2013 openwrt.org | |
| ## This file contains files and directories that should | |
| ## be preserved during an upgrade. | |
| # /etc/example.conf | |
| # /etc/openvpn/ | |
| # Check that the calibration data size in header equals the desired size | |
| # For AR9220 and AR9223, GPIO JTAG must explicit be disabled | |
| # before LEDs start working. Do this when wifi device is | |
| # detected. | |
| # $DEVPATH is not valid for some boards (including WZR-HP-AG300H). | |
| # Manipulate the $DEVPATH to reach the corresponding phyN. | |
| # ar922x_disable_gpio_jtag(): | |
| # Emulate | |
| # REG_SET_BIT(ah, AR_GPIO_INPUT_EN_VAL, AR_GPIO_JTAG_DISABLE); | |
| # for AR9220 and AR9223. | |
| # ignore virtual interfaces | |
| # Do not edit, changes to this file will be lost on upgrades | |
| # /etc/sysctl.conf can be used to customize sysctl settings | |
| # Do not edit, changes to this file will be lost on upgrades | |
| # /etc/sysctl.conf can be used to customize sysctl settings | |
| # Copyright (C) 2006-2016 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # Copyright (C) 2011-2015 OpenWrt.org | |
| # Copyright (C) 2011 OpenWrt.org | |
| # Copyright (C) 2013-2015 OpenWrt.org | |
| # Copyright (C) 2015 OpenWrt.org | |
| # Defaults are configured in /etc/sysctl.d/* and can be customized in this file | |
| # This file is interpreted as shell script. | |
| # Put your custom iptables rules here, they will | |
| # be executed with each firewall (re-)start. | |
| # Internal uci firewall chains are flushed and recreated on reload, so | |
| # put custom rules into the root chains e.g. INPUT or FORWARD or into the | |
| # special user chains, e.g. input_wan_rule or postrouting_lan_rule. | |
| # Copyright (C) 2006-2012 OpenWrt.org | |
| # for procd | |
| # Change the following lines if you want dnsmasq to serve SRV | |
| # records. | |
| # You may add multiple srv-host lines. | |
| # The fields are <name>,<target>,<port>,<priority>,<weight> | |
| # A SRV record sending LDAP for the example.com domain to | |
| # ldapserver.example.com port 289 | |
| #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 | |
| # Two SRV records for LDAP, each with different priorities | |
| #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 | |
| #srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 | |
| # A SRV record indicating that there is no LDAP server for the domain | |
| # example.com | |
| #srv-host=_ldap._tcp.example.com | |
| # The following line shows how to make dnsmasq serve an arbitrary PTR | |
| # record. This is useful for DNS-SD. | |
| # The fields are <name>,<target> | |
| #ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" | |
| # Change the following lines to enable dnsmasq to serve TXT records. | |
| # These are used for things like SPF and zeroconf. | |
| # The fields are <name>,<text>,<text>... | |
| #Example SPF. | |
| #txt-record=example.com,"v=spf1 a -all" | |
| #Example zeroconf | |
| #txt-record=_http._tcp.example.com,name=value,paper=A4 | |
| # Provide an alias for a "local" DNS name. Note that this _only_ works | |
| # for targets which are names from DHCP or /etc/hosts. Give host | |
| # "bert" another name, bertrand | |
| # The fields are <cname>,<target> | |
| #cname=bertand,bert | |
| # Copyright (C) 2013 Project Gluon | |
| # Firewall script for inserting and removing ebtables rules. | |
| # Example format, for filtering any IPv4 multicast packets to the SSDP UDP port: | |
| # rule FORWARD --logical-out br-client -d Multicast -p IPv4 --ip-protocol udp --ip-destination-port 5355 -j DROP | |
| # Removing all rules: | |
| # $ /etc/init.d/gluon-ebtables stop | |
| # Inserting all rules: | |
| # $ /etc/init.d/gluon-ebtables start | |
| # Inserting a specific rule file: | |
| # $ /etc/init.d/gluon-ebtables start /lib/gluon/ebtables/100-mcast-chain | |
| # Removing a specific rule file: | |
| # $ /etc/init.d/gluon-ebtables stop /lib/gluon/ebtables/100-mcast-chain | |
| # Contains /var/lib/ebtables/lock for '--concurrent' | |
| # Copyright (C) 2014 OpenWrt.org | |
| # apply timezone to kernel | |
| # Copyright (c) 2012-2016, Matthias Schiffer <mschiffer@universe-factory.net> | |
| # These options are deprecated | |
| # Copyright (C) 2013 Project Gluon | |
| # Copyright (C) 2006 OpenWrt.org | |
| # process user commands | |
| # set leds to normal state | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (C) 2015 OpenWrt.org | |
| # export GPIO pin for access | |
| # we need to wait a bit until the GPIO appears | |
| # direction attribute only exists if the kernel supports changing the | |
| # direction of a GPIO | |
| # set the pin to output with high or low pin value | |
| # Copyright (C) 2006 OpenWrt.org | |
| # first set default, then all interfaces to avoid races with appearing interfaces | |
| # Copyright (C) 2013 OpenWrt.org | |
| # start after and stop before networking | |
| # Copyright (C) 2006-2010 OpenWrt.org | |
| # Copyright (C) 2006 Carlos Sobrinho | |
| # check for keys | |
| # generate missing keys | |
| # close all open connections | |
| # if this script is run from inside a client session, then ignore that session | |
| # get parent process id | |
| # check if client connection | |
| # get all server pids that should be ignored | |
| # get all running pids and kill client connections | |
| # check if correct program, otherwise process next pid | |
| # check if pid should be ignored (servers, ourself) | |
| # kill process | |
| # Copyright (C) 2007-2012 OpenWrt.org | |
| # is invalid hex literal | |
| # convert into host id | |
| # If there's no carrier yet, skip this interface. | |
| # The init script will be called again once the link is up | |
| # use entry when no instance entry set, or if it matches | |
| # TODO: DHCPV6 does not have circuitid; catch "option6:" | |
| # TODO: DHCPV6 vendor class has stricter definitions; catch? fixup? | |
| # --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap | |
| # many MAC are possible to track a laptop ON/OFF dock | |
| # --dhcp-host=id:00:03:00:01:12:00:00:01:02:03,[::beef],lap | |
| # one (virtual) machine gets one DUID per RFC3315 | |
| # --dhcp-host=lap,192.168.0.199,[::beef] | |
| # All IP addresses discovered by dnsmasq will be labeled (except fe80::) | |
| # This uses a static host file entry for only limited addresses. | |
| # Use dnsmasq option "--expandhosts" to enable FQDN on host files. | |
| # NOTE: dnsmasq has explicit "option6:" prefix for DHCPv6 so no collisions | |
| # TODO: BOOTURL is different between DHCPv4 and DHCPv6 | |
| # Many ISP do not have useful names for DHCP customers (your WAN). | |
| # Do not support non-static interfaces for now | |
| # Override interface netmask with dhcp config if applicable | |
| #check for an already active dhcp server on the interface, unless 'force' is set | |
| # Put the router host name on this DHCP served interface address(es) | |
| # Note: dnsmasq cannot just be a DHCPv6 server (all-in-1) | |
| # and let some other machine(s) send RA pointing to it. | |
| # Send UNSOLICITED RA at default interval and live for 2 hours. | |
| # TODO: convert flexible lease time into route life time (only seconds). | |
| # SLACC with DCHP for extended options | |
| # DHCP address and RA only for management redirection | |
| # SLAAC only but dnsmasq attempts to link HOSTNAME, DHCPv4 MAC, and SLAAC | |
| # SLAAC and full DHCP | |
| # NOTE: dnsmasq has explicit "option6:" prefix for DHCPv6 so no collisions | |
| # reset list of DOMAINS and DNS servers (for each dnsmasq instance) | |
| # before we can call xappend | |
| # if we did this last, we could override auto-generated config | |
| # DHCP V4 and V6 in DNSMASQ | |
| # ODHCPD is doing it all | |
| # You have ODHCPD but use DNSMASQ for DHCPV4 | |
| # DHCP V4 and V6 in DNSMASQ | |
| # Allow DHCP/DHCPv6 to be handled by ISC DHCPD | |
| # maintain support for previous UCI | |
| # Enable RA feature for when/if it is constructed, | |
| # and RA is selected per interface pool (RA, DHCP, or both), | |
| # but no one (should) want RA broadcast in syslog | |
| # Copyright (C) 2010 Jo-Philipp Wich | |
| # Prefer px5g for certificate generation (existence evaluated last) | |
| # Copyright (C) 2006-2011 OpenWrt.org | |
| # compat for brcm47xx and mvebu | |
| # temporary hack until configd exists | |
| # Be silent on boot, firewall might be started by hotplug already, | |
| # so don't complain in syslog. | |
| # Copyright (C) 2013-2014 OpenWrt.org | |
| # Copyright (C) 2011 OpenWrt.org | |
| # (C) 2013 openwrt.org | |
| # Copyright (C) 2006-2011 OpenWrt.org | |
| # Copyright (C) 2008 OpenWrt.org | |
| # handled by rssileds userspace process | |
| # Backward compatibility: translate to the new trigger | |
| # Translate port of root hub, e.g. 4-1 -> usb4-port1 | |
| # Translate port of extra hub, e.g. 2-2.4 -> 2-2-port4 | |
| # reserved values | |
| # local | |
| #1 inr.ruhep | |
| # lookup table for ematch kinds | |
| # Reserved protocols. | |
| # Put your custom commands here that should be executed once | |
| # the system init finished. By default this file does nothing. | |
| # Lookup man 5 ethers for syntax documentation | |
| # Examples : | |
| # 02:00:11:22:33:44 OpenWrt.lan | |
| # 02:00:11:22:33:44 192.168.1.1 | |
| # <file system> <mount point> <type> <options> <dump> <pass> | |
| # add your custom package feeds here | |
| # src/gz example_feed_name http://www.example.com/path/to/files | |
| # Copyright (C) 2009-2013 OpenWrt.org | |
| # Copyright (C) 2010 OpenWrt.org | |
| # Copyright (C) 2013 OpenWrt.org | |
| # Copyright (C) 2011-2014 OpenWrt.org | |
| # Copyright (C) 2010 OpenWrt.org | |
| # Copyright (C) 2013 OpenWrt.org | |
| # Set to 1 to enable this instance: | |
| # Sets a static config file, optional | |
| # Options set via UCI have higher priority that statically configured ones | |
| # list config '/etc/fastd/sample_config/fastd.conf' | |
| # Configures a single static peer from a configuration file | |
| # list config_peer '/etc/fastd/sample_config/sample_peer.conf' | |
| # Sets an additional directory from which peers configurations are read | |
| # The peer list can be reloaded without restarting fastd | |
| # Peer can either be configured via UCI (see examples below) or via peer dirs | |
| # Can't be used in tun mode | |
| # list config_peer_dir '/etc/fastd/sample_config/peers' | |
| # Sets the log level | |
| # Possible values: error, warn, info, verbose, debug | |
| # Default: info | |
| # IP address and port of the local end, optional | |
| # 'any' can be used to bind to both IPv4 and IPv6 | |
| # If no port is given fastd will bind to a random port | |
| # list bind 'any:1337' | |
| # list bind '0.0.0.0:1337' | |
| # list bind '[::]:1337' | |
| # "method null" uses no encryption or MAC | |
| # "method salsa2012+umac" uses the Salsa20/12 encryption and the UMAC message authentication code | |
| # See the fastd documentation for the other supported encryption methods | |
| # "mode tap" will create an ethernet tunnel (tap device), | |
| # "mode tun" will create an IP tunnel (tun device). | |
| # Set the name of the tunnel interface to use | |
| # option interface 'tun0' | |
| # option interface 'fastd0' | |
| # Sets the MTU of the tunnel interface, default is 1500 | |
| # 1426 is a good value that avoids fragmentation for the xsalsa20-poly1305 method | |
| # when the tunnel uses an IPv4 connection on a line with an MTU of 1492 or higher | |
| # Enables direct forwaring of packets between peers | |
| # WARNING: Only enable this if you know what you are doing, as this can lead to forwarding loops! | |
| # Disable for compatiblity with fastd v10 and older | |
| # Set a packet mark to filter for with iptables or ip rules | |
| # option packet_mark 42 | |
| # Socket to get fastd's status | |
| # option status_socket '/var/run/fastd-example.sock' | |
| # Limits the maximum number of connections (optional) | |
| # May also be used in peer groups | |
| # option peer_limit 5 | |
| # The secret key | |
| # A keypair can be generated with `fastd --generate-key` | |
| # When the corresponding public key is lost it can be recovered with `/etc/init.d/fastd show-key <config name>` | |
| # option secret '0000000000000000000000000000000000000000000000000000000000000000' | |
| # Sets the user to run fastd as. Defaults to root | |
| # option user 'daemon' | |
| # Sets the group to run fastd as. Defaults to the user's primary group | |
| # option group 'daemon' | |
| # If set to 1, the logs won't contain peers' IP addresses | |
| # option hide_ip_addresses '0' | |
| # If set to 1, the logs won't contain peers' MAC addresses | |
| # option hide_mac_addresses '0' | |
| # If set to 0, peer-specific interfaces will only exist as long as there is an active connection | |
| # option persist_interface '1' | |
| # If fastd was compiled with libcap support, defines how capabilities are handled | |
| # Possible values: 1, 0, early, force (see fastd documentation for a description of the values) | |
| # option drop_capabilities '1' | |
| # Command to configure IP addresses etc. after the tunnel interface is up; $1 will be the interface name (optional) | |
| # option up '' | |
| # Command to execute before the tunnel interface is set down; $1 will be the interface name (optional) | |
| # option down '' | |
| # Commands executed by fastd ($INTERFACE can be used for the interface name; optional) | |
| # All except on_pre_up and on_post_down may also be used in peer groups | |
| # option on_pre_up '' | |
| # option on_up '' | |
| # option on_down '' | |
| # option on_post_down '' | |
| # option on_connect '' | |
| # option on_establish '' | |
| # option on_disestablish '' | |
| # option on_verify '' | |
| # Set to 1 to enable this peer | |
| # In tap mode peers can be reloaded dynamically | |
| # Controls which instance this peer is associated with | |
| # Controls which peer group this peer belongs to, optional | |
| # For most use cases peer groups aren't necessary | |
| # option group 'sample_group' | |
| # The peer's public key | |
| # A remote specification consists of an address or a hostname, and a port | |
| # When a hostname is given, it is recommended to specify the address family to use | |
| # It is possible to specify no, one or multiple remotes | |
| # (but all entries must designate the same host as the public key must be unique) | |
| # list remote '192.0.2.1:1337' | |
| # list remote '[2001:db8::1]:1337' | |
| # list remote '"example.com" port 1337' | |
| # list remote 'ipv4 "example.com" port 1337' | |
| # list remote 'ipv6 "example.com" port 1337' | |
| # Setting float to 1 allow incoming connections with this key from other addresses/hostnames/ports than the specified remotes | |
| # option float 0 | |
| # Set to 1 to enable this peer group | |
| # Controls which instance this peer group is associated with | |
| # Peer groups can't be used in tun mode | |
| # Allows configuring nested groups | |
| # option parent 'other_group' | |
| # Includes another config file inside the peer group definition | |
| # list config '/etc/fastd/sample_config/sample_group.conf' | |
| # Configures a single static peer from a configuration file | |
| # list config_peer '/etc/fastd/sample_config/sample_peer.conf' | |
| # Configures an additional peer directory for this group | |
| # list config_peer_dir '/etc/fastd/sample_config/peers2' | |
| # Methods set in the peer group override the ones configured in the parent group or globally | |
| # list method 'null' | |
| #list rebind_domain example.lan # whitelist RFC1918 responses for domains | |
| #list server '/mycompany.local/1.2.3.4' | |
| #list interface br-lan | |
| #list notinterface lo | |
| #list bogusnxdomain '64.94.110.11' | |
| #config autoupdater settings | |
| # option enabled 1 | |
| # option branch "stable" | |
| # option version_file "/lib/firmware_version" | |
| #config branch stable | |
| # The branch name given in the manifest | |
| # option name 'stable' | |
| # list mirror 'http://[fdef:ffc0:3dd7::8]/~freifunk/firmware/autoupdate' | |
| # The updater will run once per hour and perform an update with a certain | |
| # probability. | |
| # 1.0 - perform an update every hour | |
| # 0.5 - on average, perform an update every two hours | |
| # 0.0 - inhibit any automatic updates | |
| # option probability 0.5 | |
| # Minimum valid signatures required to perform the update | |
| # option good_signatures 2 | |
| # List of public keys | |
| # list pubkey 'beea7da92ed0c19563b6c259162b4cb471aa2fdf9d3939d05fea2cf498ea7642' | |
| # list pubkey 'c75c9390cf5d7cc49a388d35f831ca379060cf7bca8c6e3d2d1ea31604597c42' | |
| # list pubkey '03e9514f137f0467c0f0ac108892c0da2b71f1039b30f863331cbd5701abd042' | |
| # option BannerFile '/etc/banner' | |
| # Example config | |
| # Server configuration | |
| # HTTP listen addresses, multiple allowed | |
| # HTTPS listen addresses, multiple allowed | |
| # Redirect HTTP requests to HTTPS if possible | |
| # Server document root | |
| # Reject requests from RFC1918 IP addresses | |
| # directed to the servers public IP(s). | |
| # This is a DNS rebinding countermeasure. | |
| # Maximum number of concurrent requests. | |
| # If this number is exceeded, further requests are | |
| # queued until the number of running requests drops | |
| # below the limit again. | |
| # Maximum number of concurrent connections. | |
| # If this number is exceeded, further TCP connection | |
| # attempts are queued until the number of active | |
| # connections drops below the limit again. | |
| # Certificate and private key for HTTPS. | |
| # If no listen_https addresses are given, | |
| # the key options are ignored. | |
| # CGI url prefix, will be searched in docroot. | |
| # Default is /cgi-bin | |
| # List of extension->interpreter mappings. | |
| # Files with an associated interpreter can | |
| # be called outside of the CGI prefix and do | |
| # not need to be executable. | |
| # list interpreter ".php=/usr/bin/php-cgi" | |
| # list interpreter ".cgi=/usr/bin/perl" | |
| # List of prefix->Lua handler mappings. | |
| # Any request to an URL beneath the prefix | |
| # will be dispatched to the associated Lua | |
| # handler script. Lua support is disabled when | |
| # no handler mappings are specified. Lua prefix | |
| # matches have precedence over the CGI prefix. | |
| # Specify the ubus-rpc prefix and socket path. | |
| # option ubus_prefix /ubus | |
| # option ubus_socket /var/run/ubus.sock | |
| # CGI/Lua timeout, if the called script does not | |
| # write data within the given amount of seconds, | |
| # the server will terminate the request with | |
| # 504 Gateway Timeout response. | |
| # Network timeout, if the current connection is | |
| # blocked for the specified amount of seconds, | |
| # the server will terminate the associated | |
| # request process. | |
| # HTTP Keep-Alive, specifies the timeout for persistent | |
| # HTTP/1.1 connections. Setting this to 0 will disable | |
| # persistent HTTP connections. | |
| # TCP Keep-Alive, send periodic keep-alive probes | |
| # over established connections to detect dead peers. | |
| # The value is given in seconds to specify the | |
| # interval between subsequent probes. | |
| # Setting this to 0 will disable TCP keep-alive. | |
| # Basic auth realm, defaults to local hostname | |
| # option realm OpenWrt | |
| # Configuration file in busybox httpd format | |
| # option config /etc/httpd.conf | |
| # Do not follow symlinks that point outside of the | |
| # home directory. | |
| # option no_symlinks 0 | |
| # Do not produce directory listings but send 403 | |
| # instead if a client requests an url pointing to | |
| # a directory without any index file. | |
| # option no_dirlists 0 | |
| # Do not authenticate any ubus-rpc requests against | |
| # the ubus session/access procedure. | |
| # This is dangerous and should be always left off | |
| # except for development and debug purposes! | |
| # option no_ubusauth 0 | |
| # For this instance of uhttpd use the listed httpauth | |
| # sections to require Basic auth to the specified | |
| # resources. | |
| # list httpauth prefix_user | |
| # Defaults for automatic certificate and key generation | |
| # Validity time | |
| # RSA key size | |
| # Location | |
| # Common name | |
| # config httpauth prefix_user | |
| # option prefix /protected/url/path | |
| # option username user | |
| # option password 'plaintext_or_md5_or_$p$user_for_system_user' | |
| # yet another batX instance | |
| # config 'mesh' 'bat5' | |
| # list 'server' '192.168.0.1' # Example | |
| # repeat the following for every wireless AP device you like to guide. | |
| # and in the final 10000ms | |
| # and in the final 10000ms | |
| # Uncomment this line to disable ipv6 rules | |
| # option disable_ipv6 1 | |
| # We need to accept udp packets on port 68, | |
| # see https://dev.openwrt.org/ticket/4108 | |
| # Allow IPv4 ping | |
| # Allow DHCPv6 replies | |
| # see https://dev.openwrt.org/ticket/10381 | |
| # Allow essential incoming IPv6 ICMP traffic | |
| # Allow essential forwarded IPv6 ICMP traffic | |
| # include a file with users custom iptables rules | |
| ### EXAMPLE CONFIG SECTIONS | |
| # do not allow a specific ip to access wan | |
| #config rule | |
| # option src lan | |
| # option src_ip 192.168.45.2 | |
| # option dest wan | |
| # option proto tcp | |
| # option target REJECT | |
| # block a specific mac on wan | |
| #config rule | |
| # option dest wan | |
| # option src_mac 00:11:22:33:44:66 | |
| # option target REJECT | |
| # block incoming ICMP traffic on a zone | |
| #config rule | |
| # option src lan | |
| # option proto ICMP | |
| # option target DROP | |
| # port redirect port coming in on wan to lan | |
| #config redirect | |
| # option src wan | |
| # option src_dport 80 | |
| # option dest lan | |
| # option dest_ip 192.168.16.235 | |
| # option dest_port 80 | |
| # option proto tcp | |
| # port redirect of remapped ssh port (22001) on wan | |
| #config redirect | |
| # option src wan | |
| # option src_dport 22001 | |
| # option dest lan | |
| # option dest_port 22 | |
| # option proto tcp | |
| ### FULL CONFIG SECTIONS | |
| #config rule | |
| # option src lan | |
| # option src_ip 192.168.45.2 | |
| # option src_mac 00:11:22:33:44:55 | |
| # option src_port 80 | |
| # option dest wan | |
| # option dest_ip 194.25.2.129 | |
| # option dest_port 120 | |
| # option proto tcp | |
| # option target REJECT | |
| #config redirect | |
| # option src lan | |
| # option src_ip 192.168.45.2 | |
| # option src_mac 00:11:22:33:44:55 | |
| # option src_port 1024 | |
| # option src_dport 80 | |
| # option dest_ip 194.25.2.129 | |
| # option dest_port 120 | |
| # option proto tcp | |
| # Internet (IP) protocols | |
| # Updated from http://www.iana.org/assignments/protocol-numbers and other | |
| # sources. | |
| # New protocols will be added on request if they have been officially | |
| # assigned by IANA and are not historical. | |
| # If you need a huge list of used numbers please install the nmap package. | |
| #hopopt 0 HOPOPT # IPv6 Hop-by-Hop Option [RFC1883] | |
| # 99 # any private encryption scheme | |
| # Copyright (C) 2006 OpenWrt.org | |
| # section start | |
| # section end | |
| # initialize defaults | |
| # parse options | |
| # prevent messages from clobbering the tarball when using stdout | |
| # Cannot handle spaces in filenames - but opkg cannot either... | |
| # hooks | |
| # .gz files | |
| # (C) 2008 openwrt.org | |
| # Copyright (C) 2006-2016 OpenWrt.org | |
| # Copyright (C) 2009 OpenWrt.org | |
| # Copyright (C) 2011 OpenWrt.org | |
| # This can happen after an upgrade from a version before the config file was called gluon-setup-mode | |
| # We'll just reboot to return to the normal mode... | |
| # Library to be sourced by download.d/abort.d scripts | |
| # In case on VLAN on IBSS, first set MTU of the underlying interface | |
| # This script can be removed after Gluon v2018.2 | |
| # Check for a random line that always was in /etc/sysctl.conf | |
| # Copyright (C) 2009-2011 OpenWrt.org | |
| # Use awk to remove everything unprintable | |
| # Unknown ID | |
| # The revision is stored at the beginning of the "mac" partition | |
| # The returned string will end with \r\n, but we don't remove it here | |
| # to simplify matching against it in the sysupgrade image check | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # commands for emitting messages to network in failsafe mode | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # only use the first one | |
| # configure the switch, if present | |
| # trim any vlan ids | |
| # if the preinit interface isn't specified and ifname is set in | |
| # preinit.arch use that interface | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # bail out if firmware does not exist | |
| # check if mac address was already patched | |
| # some boards have bogus mac in otp (= directly in the PCIe card's EEPROM). | |
| # we have to patch the default mac in the firmware because we cannot change | |
| # the otp. | |
| # Copyright (C) 2006-2015 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # Copyright (C) 2006-2010 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # Copyright (C) 2009 OpenWrt.org | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # Copyright (C) 2006 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # Copyright (C) 2006-2010 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # if we're on the console we wait for input | |
| # Copyright (C) 2009 OpenWrt.org | |
| # VLAN specific variables | |
| # batadv_vlan options | |
| # Request classless route option (see RFC 3442) by default | |
| # SIGUSR1 forces udhcpc to renew its lease | |
| # Configure | |
| # SIGUSR1 forces odhcp6c to renew its lease | |
| # TODO: apply $broadcast | |
| # CIDR STATIC ROUTES (rfc3442) | |
| # user rules | |
| # 802.11n requires CCMP for WPA | |
| # Examples: | |
| # psk-mixed/tkip => WPA1+2 PSK, TKIP | |
| # wpa-psk2/tkip+aes => WPA2 PSK, CCMP+TKIP | |
| # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP | |
| # mesh | |
| # 802.11ac | |
| # supported Channel widths | |
| # maximum MPDU length | |
| # maximum A-MPDU length exponent | |
| # whether or not the STA supports link adaptation using VHT variant | |
| # Device might have just been deleted, give the kernel some time to finish cleaning it up | |
| # Device might not support virtual interfaces, so the interface never got deleted in the first place. | |
| # Check if the interface already exists, and avoid failing in this case. | |
| # It is far easier to delete and create the desired interface | |
| # Hostapd will handle recreating the interface and | |
| # subsequent virtual APs belonging to the same PHY | |
| # ALL ap functionality will be passed to hostapd | |
| # All interfaces must have unique mac addresses | |
| # which can either be explicitly set in the device | |
| # section, or automatically generated | |
| # convert channel to frequency | |
| # Here we make the assumption that if we're in open mode | |
| # with WPS enabled, we got to be in unconfigured state. | |
| # radius can provide VLAN ID for clients | |
| # legacy compatibility | |
| # RSN -> allow management frame protection | |
| # accept_mac_file can be used to set MAC to VLAN ID mapping | |
| # execute in subshell to not taint callers env | |
| # see tickets #11046, #11545, #11570 | |
| # Apply IPv6 / ND configuration | |
| # Merge RA-DNS | |
| # Merge addresses | |
| # RFC 7278 | |
| # TODO: $SNTP_IP $SIP_IP $SNTP_FQDN $SIP_DOMAIN | |
| # user rules | |
| # Copyright (C) 2006-2014 OpenWrt.org | |
| # Copyright (C) 2006 Fokus Fraunhofer <carsten.tittel@fokus.fraunhofer.de> | |
| # Copyright (C) 2010 Vertical Communications | |
| # newline | |
| # config_get <variable> <section> <option> [<default>] | |
| # config_get <section> <option> | |
| # config_get_bool <variable> <section> <option> [<default>] | |
| # The U-Boot loader of the OpenMesh devices requires image sizes and | |
| # checksums to be provided in the U-Boot environment. | |
| # The OpenMesh devices come with 2 main partitions - while one is active | |
| # sysupgrade will flash the other. The boot order is changed to boot the | |
| # newly flashed partition. If the new partition can't be booted due to | |
| # upgrade failures the previously used partition is loaded. | |
| # make sure we got uboot-envtools and fw_env.config copied over to the ramfs | |
| # create /var/lock for the lock "fw_setenv.lock" of fw_setenv | |
| # Combined Extended Image v1 | |
| # Skip PID1, our parent, ourself and our children | |
| # Skip kernel threads | |
| # Needs to be unset again because of busybox weirdness ... | |
| # Exec new shell from ramfs | |
| # Copyright (C) 2011 OpenWrt.org | |
| # Here $image is given to dd directly instead of using get_image; | |
| # otherwise the skip will take almost a second (as dd can't seek) | |
| # New images have the support list at 7802888, old ones at 1511432 | |
| # these boards use metadata images | |
| # erase firmware if booted from initramfs | |
| # Copyright (C) 2015-2016 Chris Blake <chrisrblake93@gmail.com> | |
| # Custom upgrade script for Meraki NAND devices (ex. MR18) | |
| # Based on dir825.sh and stock nand functions | |
| # Setup partitions using board name, in case of future platforms | |
| # Src is MTD | |
| # Dest is UBI | |
| # TODO: possibly add create (hard to do when rootfs_data is expanded & mounted) | |
| # Would need to be done from ramdisk | |
| # What is our kernel magic string? | |
| # Do we need to do any platform tweaks? | |
| # Check and create UBI caldata if it's invalid | |
| # Check and create UBI caldata if it's invalid | |
| # squashfs+jffs2 | |
| # jffs2 | |
| # Flash firmware to MTD partition | |
| # $(1): path to image | |
| # $(2): (optional) pipe command to extract firmware, e.g. dd bs=n skip=m | |
| # Essential files that will be always kept | |
| # Copyright (C) 2012 OpenWrt.org | |
| # restore calibration data before downgrading to | |
| # the normal image | |
| # backup calibration data before upgrading to the | |
| # fat image | |
| # The U-Boot loader of the some Allnet devices requires image sizes and | |
| # checksums to be provided in the U-Boot environment. | |
| # In case the check fails during boot, a failsafe-system is started to provide | |
| # a minimal web-interface for flashing a new firmware. | |
| # make sure we got uboot-envtools and fw_env.config copied over to the ramfs | |
| # create /var/lock for the lock "fw_setenv.lock" of fw_setenv | |
| # determine size of the main firmware partition | |
| # get the first 4 bytes (magic) of a given file starting at offset in hex format | |
| # scan through the update image pages until matching a magic | |
| # U-Boot image magic | |
| # SquashFS | |
| # JFFS2 empty page | |
| # this needs a recent version of uboot-envtools! | |
| # Copyright (C) 2011-2012 OpenWrt.org | |
| # Copyright (C) 2006-2013 OpenWrt.org | |
| # "canonicalize" mac | |
| # "canonicalize" mac | |
| # Copyright (C) 2013 OpenWrt.org | |
| # procd API: | |
| # procd_open_service(name, [script]): | |
| # Initialize a new procd command message containing a service with one or more instances | |
| # procd_close_service() | |
| # Send the command message for the service | |
| # procd_open_instance([name]): | |
| # Add an instance to the service described by the previous procd_open_service call | |
| # procd_set_param(type, [value...]) | |
| # Available types: | |
| # command: command line (array). | |
| # respawn info: array with 3 values $fail_threshold $restart_timeout $max_fail | |
| # env: environment variable (passed to the process) | |
| # data: arbitrary name/value pairs for detecting config changes (table) | |
| # file: configuration files (array) | |
| # netdev: bound network device (detects ifindex changes) | |
| # limits: resource limits (passed to the process) | |
| # user info: array with 1 values $username | |
| # pidfile: file name to write pid into | |
| # No space separation is done for arrays/tables - use one function argument per command line argument | |
| # procd_close_instance(): | |
| # Complete the instance being prepared | |
| # procd_kill(service, [instance]): | |
| # Kill a service instance (or all instances) | |
| # procd_send_signal(service, [instance], [signal]) | |
| # Send a signal to a service instance (or all instances) | |
| # service: simple wrapper around start-stop-daemon | |
| # Usage: service ACTION EXEC ARGS... | |
| # Action: | |
| # -C check if EXEC is alive | |
| # -S start EXEC, passing it ARGS as its arguments | |
| # -K kill EXEC, sending it a TERM signal if not specified otherwise | |
| # Environment variables exposed: | |
| # SERVICE_DAEMONIZE run EXEC in background | |
| # SERVICE_WRITE_PID create a pid-file and use it for matching | |
| # SERVICE_MATCH_EXEC use EXEC command-line for matching (default) | |
| # SERVICE_MATCH_NAME use EXEC process name for matching | |
| # SERVICE_USE_PID assume EXEC create its own pid-file and use it for matching | |
| # SERVICE_NAME process name to use (default to EXEC file part) | |
| # SERVICE_PID_FILE pid file to use (default to /var/run/$SERVICE_NAME.pid) | |
| # SERVICE_SIG signal to send when using -K | |
| # SERVICE_SIG_RELOAD default signal used when reloading | |
| # SERVICE_SIG_STOP default signal used when stopping | |
| # SERVICE_STOP_TIME time to wait for a process to stop gracefully before killing it | |
| # SERVICE_UID user EXEC should be run as | |
| # SERVICE_GID group EXEC should be run as | |
| # SERVICE_DEBUG don't do anything, but show what would be done | |
| # SERVICE_QUIET don't print anything | |
| # Copyright (C) 2006-2013 OpenWrt.org | |
| # Copyright (C) 2010 Vertical Communications | |
| # inherited: $num $device $need_tag $want_untag $role $index $prev_role | |
| # inherited: $n_cpu $n_ports $n_vlan $cpu0 $cpu1 $cpu2 $cpu3 $cpu4 $cpu5 | |
| # record pointer to cpu entry for lookup in _ucidef_finish_switch_roles() | |
| # create/append object to role list | |
| # inherited: $name $n_cpu $n_vlan $cpu0 $cpu1 $cpu2 $cpu3 $cpu4 $cpu5 | |
| # attach previous interfaces (for multi-switch devices) | |
| # auto-initialize model id and name if applicable | |
| # 1: destination variable | |
| # 2: interface | |
| # 3: path | |
| # 4: separator | |
| # 5: limit | |
| # determine first IPv4 address of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine first IPv6 address of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine first IPv4 subnet of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine first IPv6 subnet of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # Attempt to return first non-fe80::/10, non-fc::/7 range | |
| # Attempt to return first non-fe80::/10 range | |
| # Return first item | |
| # determine first IPv6 prefix of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine all IPv4 addresses of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine all IPv6 addresses of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine all IP addresses of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine all IPv4 subnets of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine all IPv6 subnets of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine all IPv6 prefixes of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine IPv4 gateway of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # 3: consider inactive gateway if "true" (optional) | |
| # determine IPv6 gateway of given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # 3: consider inactive gateway if "true" (optional) | |
| # determine the DNS servers of the given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # 3: consider inactive servers if "true" (optional) | |
| # determine the domains of the given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # 3: consider inactive domains if "true" (optional) | |
| # 1: destination variable | |
| # 2: addr | |
| # 3: inactive | |
| # find the logical interface which holds the current IPv4 default route | |
| # 1: destination variable | |
| # 2: consider inactive default routes if "true" (optional) | |
| # find the logical interface which holds the current IPv6 default route | |
| # 1: destination variable | |
| # 2: consider inactive dafault routes if "true" (optional) | |
| # test whether the given logical interface is running | |
| # 1: interface | |
| # determine the protocol of the given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine the metric of the given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine the layer 3 linux network device of the given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # determine the layer 2 linux network device of the given logical interface | |
| # 1: destination variable | |
| # 2: interface | |
| # defer netifd actions on the given linux network device | |
| # 1: device name | |
| # continue netifd actions on the given linux network device | |
| # 1: device name | |
| # flush the internal value cache to force re-reading values from ubus | |
| # Shell script compatibility wrappers for /sbin/uci | |
| # Copyright (C) 2008-2010 OpenWrt.org | |
| # Copyright (C) 2008 Felix Fietkau <nbd@nbd.name> | |
| # This program is free software; you can redistribute it and/or modify | |
| # it under the terms of the GNU General Public License as published by | |
| # the Free Software Foundation; either version 2 of the License, or | |
| # (at your option) any later version. | |
| # This program is distributed in the hope that it will be useful, | |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
| # General Public License for more details. | |
| # You should have received a copy of the GNU General Public License | |
| # along with this program; if not, write to the Free Software | |
| # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |
| # force bridge for multi-interface devices (and lan) | |
| # fixup IPv6 slave interface if parent is a bridge | |
| # autogenerate vlans | |
| # write port specific settings | |
| # range calculations: | |
| # ipcalc <ip> <netmask> <start> <num> | |
| # Remove invalid characters and leading/trailing spaces | |
| # libiwinfo hardware database | |
| # vendor id | device id | subsystem vendor id | subsystem device id | | |
| # txpower offset | frequency offset | "vendor name" | "device name" | |
| # dhcpbogushostname.conf included configuration file for dnsmasq | |
| # includes a list of hostnames that should not be associated with dhcp leases | |
| # in response to CERT VU#598349 | |
| # file included by default, option dhcpbogushostname 0 to disable | |
| # RFC6761 included configuration file for dnsmasq | |
| # includes a list of domains that should not be forwarded to Internet name servers | |
| # to reduce burden on them, asking questions that they won't know the answer to. | |
| # functions for parsing and generating json | |
| # dest=$1 | |
| # var=$2 | |
| # var=$1 | |
| # var=$1 | |
| # var=$1 | |
| # var=$1 | |
| # value=$2 | |
| # var=$1 | |
| # var=$1 | |
| # dest=$2 | |
| # type=$1 | |
| # name=$2 | |
| # value=$3 | |
| # cur=$4 | |
| # name=$1 | |
| # type=$2 | |
| # itype=$3 | |
| # functions read access to json variables | |
| # CIDR STATIC ROUTES (rfc3442) | |
| # user rules |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment