mirror/freebsd
1
0
Fork 0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-17 15:27:36 +00:00
Code Issues Releases Activity

In the spirit of nanoBSD and PicoBSD, add TinyBSD.

Browse Source 
Submitted by jmeloatfreebsdbrasil,com-br
(Jean Milanez Melo)
As PicoBSD becomes slightly less useful, TinyBSD fills the gap below nanoBSD.
This commit is contained in:
Julian Elischer 2006-09-20 22:24:20 +00:00
parent df464e4361
commit 1474f88f74
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=162485
46 changed files with 5596 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
tools/tools/README
View File

@ -50,6 +50,7 @@ recoverdisk Copy as much data as possible from a deffective disk.
scsi-defects Get at the primary or grown defect list of a SCSI disk.
sysdoc Build a manual page with available sysctls for a specific
kernel configuration.
tinybsd Script to build FreeBSD embedded systems.
vop_table Generates a HTML document that shows all the VOP's in
the kernel.
whereintheworld Summarizes "make world" output.

43
tools/tools/tinybsd/CHANGES Normal file
View File

@ -0,0 +1,43 @@
# $FreeBSD$
0.9:
- Added function personal_directories, you can create on conf dir your custom
personal directories with your custom files inside of them and it will be copied
to your image.
Thanks to Marcus Grando <mnag@FreeBSD.org> for the patch.
0.8:
- Now FreeBSD 6.X is the default configuration on TinyBSD files.
- TinyBSD no longer use bootmanager, so fstab device was changed to ad0a.
- Added an example configuration to WRAP motherboards. Just use 'wrap' as argument on build to use it.
0.7:
- Revision on Makefile to respect non-standard LOCALBASE/X11BASE on FreeBSD.
Thanks to Florent Thoumie <flz@FreeBSD.org>.
0.6:
- fix script problem on symlinks creation.
- added debug information on tinybsd build process with "====>".
0.5:
- fix script problem when the kernel is not build, it's not should process
an image without kernel :) Thanks to Marten <info@martenvijn.nl> for the patch.
0.4:
- added pre configured images to build tinybsd: default, bridge, minimal, vpn,
firewall and wireless.
- added etc/ on each image directory to the user copy your custom etc
configuration.
0.3:
- fix named directory missing on etc build.
0.2:
- added "device ath_rate_onoe" on kernel config file to be compiled on
FreeBSD 6.
- added on tinybsd script a line to clean up kernel build directory
- added on tinybsd script a for function to copy correct pam depends.
0.1:
- TinyBSD released

253
tools/tools/tinybsd/README Normal file
View File

@ -0,0 +1,253 @@
# $FreeBSD$
- TinyBSD
You must read this to know how to build embedded systems with TinyBSD.
- TinyBSD files
TinyBSD's creation conf files are available under /usr/src/tools/tools/tinybsd/conf
and the script are available under /usr/src/tools/tools/tinybsd/tinybsd.
The system has been entirely based on the ease of image customization from
PicoBSD, and the compilation script based on NanoBSD's.
# ls /usr/src/tools/tools/tinybsd/conf
bridge/ default/ firewall/ minimal/ vpn/ wireless/ wrap/
We have these six pre configured images to build. On each directory we have 3
main files in there. Let's see what each of them are:
# ls /usr/src/tools/tools/tinybsd/conf/default
TINYBSD etc/ tinybsd.basefiles
TINYBSD: Just like PicoBSD had its kernel previously compiled, we call ours
TINYBSD.
# more TINYBSD
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident TINYBSD
#To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" #Default places to look for devices.
...
As you can see, it's a kernel file identical to your system's, leaving only
the task of enabling or disabling options, according to your needs.
tinybsd.basefiles: Just like PicoBSD had its crunch.conf file to define which
files we'd want the new system to have, in this one we'll have all files to be
put into our embedded system, already having all available files for running
the system well. Put in or take out the files you need according to your
needs. Let's see it:
# more tinybsd.basefiles
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
...
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
...
And so on. In case you'd want to add the binary "setkey", sitting on
/usr/sbin, you'd only need to add the following line inside the /usr/sbin part
of the file, like this:
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/setkey
etc/: This is the directory where you can put your custom /etc configuration.
# ls /usr/src/tools/tools/tinybsd/tinybsd
tinybsd
tinybsd: This is the script that builds the entire system. You'll hardly
need to modify it at all. The idea is for it to create a temporary work
directory for it to create the entire system tree. Once done, it'll copy all
files listed in tinybsd.basefiles to this tree, then it'll compile a new
kernel using the definitions in the TINYBSD file, and finally copy the library
dependencies the binaries will have. We'll then populate /etc on that
temporary tree and put in a few important default configurations inside on
/usr/src/tools/tools/tinybsd/conf/YOURCHOICE/etc/ like rc.conf, fstab and others.
Finally, we create an empty image, according to your media's specifications,
passed on to the script on the command line, and copy the entire temporary
work tree into the image mounted on /mnt.
- Running TinyBSD
Now that we know how it works, it's time for us to build our own image. Let's
do that step-by-step.
1) Choose what pre-configured image you want.
2) Edit the TINYBSD kernel file and add/remove all options you'll need.
3) Edit the tinybsd.basefiles file and add/remove all binaries you'll need on
your system.
4) Copy all your /etc configuration wich you want to conf/YOURIMAGE/etc/.
5) Gather the right information on your destination media. To do that, plug in
the device on the system and fetch the information using diskinfo(8):
# diskinfo -v /dev/ad2
ad2
512 # sectorsize
20060135424 # mediasize in bytes (19G)
39179952 # mediasize in sectors
38869 # Cylinders according to firmware.
16 # Heads according to firmware.
63 # Sectors according to firmware.
To create my image, I'll need to know the media size in sectors, Heads
according to firmware and Sectors according to firmware. Optionally, you may
define the name of the generated image's file, but if you don't, it'll be
named tinybsd.bin. Now that we have gathered these informations through
diskinfo, all we need to do is run tinybsd. Remember that it has 3
parameters plus 1 optional, and if you don't pass on the required ones, the
script will warn you about it:
# /usr/src/tools/tools/tinybsd/tinybsd
Woops!
Usage: tinybsd <mediasize in sectors> <heads according to firmware>
<sectors according to firmware> <conf> [<tinybsd image name>]
Example: tinybsd 62592 4 32
or
/usr/src/tools/tools/tinybsd/tinybsd 62592 4 32 wireless
Run diskinfo(8) -v against your CF device to get correct information
about your disk.
Passing on the parameters correctly:
# /usr/src/tools/tools/tinybsd/tinybsd 39179952 16 63 wireless
Creating directory hierarchy...
./bin missing (created)
./boot missing (created)
./boot/defaults missing (created)
./boot/kernel missing (created)
./boot/modules missing (created)
./dev missing (created)
./etc missing (created)
...
In the end, we have the generated tinybsd.bin image. Now we have to copy it to
its final destination:
# dd if=/usr/src/tools/tools/tinybsd/tinybsd.bin of=/dev/ad2
Boot up your new embedded system and log on it. If you're ever going to modify
it, you must first remount the root slice as read-write, as it operates by
default on read-only mode, saving disk writes and preventing data-loss in case
of power failures. To mount it for read-write, use mount:
# mount -u -o rw /
Once you're done, return it to read-only mode:
# mount -u -o ro /
The first thing you need to do after logging for the first time, is to set a
root password. By default, it's created with no root password.
If you run df(1), you'll see the following partitions:
# df
Filesystem 1K-blocks Used Avail Capacity Mounted on
/dev/ad0a 29359 19446 7565 72% /
devfs 1 1 0 100% /dev
procfs 4 4 0 100% /proc
/dev/md0 3694 114 3286 3% /var
/dev/md1 19566 6 17996 0% /tmp
As you can see, /var and /tmp are mounted on /dev/md0 and /dev/md1
respectively, using memory disk devices. That's because both /var and /tmp are
write-intensive, and as our system works mostly on read-only mode, we'd suffer
with writing problems there, so the memory disk approach works fine. On the
other hand, whenever you reboot the system, those directories' contents
(including logs on /var/log) will be lost. If you need to keep the contents of
those directories, I suggest you to always upload them to another box.
The configuration line that fires up the system script to create /var as a
memory disk partition is "varmfs="YES"", inside
/etc/rc.conf. Besides mounting /var as a memory disk device, it also populates
its tree with the necessary subdirectories. Initially, /var is created on
memory using only 32MB of space, and that's usually enough. Although, if you
find it necessary to tweak that configuration, you may edit this line of
/etc/rc.conf:
varsize="32m"
Change 32m to whatever value you see fit (in MBytes). Take care of not using
your entire memory for /var.
- Ports and TinyBSD
You can also install ports on the new system via ports. For that, you'll need
to set the PREFIX environment variable to the image's destination path. Let's
assume you want to install apache on the newly-created image. For that, I'd do
this:
# mdconfig -a -t vnode -f /usr/src/tools/tools/tinybsd/tinybsd.bin -u 0
That uses mdconfig to enable the memory disk 0.
# mount /dev/md0a /mnt
Now we've mounted the image on the temporary directory /mnt. Let's then
install apache via ports:
# cd /usr/ports/www/apache13
# make install PREFIX=/mnt/usr/local
===> Vulnerability check disabled
>> apache_1.3.31.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
>> Attempting to fetch from http://www.apache.org/dist/httpd/.
...
This port has installed the following startup scripts which may cause
these network services to be started at boot time.
/mnt/usr/local/etc/rc.d/apache.sh
....
Once the install is finished, let's verify that apache has indeed been
properly installed under our /mnt directory:
# cd /mnt/usr/local/sbin
# ls -lga httpd
-rwxr-xr-x 1 root wheel 252439 Jul 14 15:31 httpd
Our software has been successfully installed. You must notice that at the end
of the install, it shows the full path for the PREFIX variable we passed it.
The problem with that is that at boot-time, your system is going to look for
it under /mnt instead of /usr. So we need to edit apache's initialization
script under /usr/local/etc/rc.d (apache.sh) and remove all instances of
"/mnt" in it.
WARNING: A very important thing to care about are dependencies. Before
installing anything, check to see if it has any dependencies, and that you'll
have enough disk space on the destination system for both the application
you're installing and its dependencies.
- Script download
TinyBSD is still a project under heavy development, both the script itself and
its documentation.
In case you'd like to try or use the BETA version of the script, feel free to
download it from the project's official site at http://www.tinybsd.org.

169
tools/tools/tinybsd/conf/bridge/TINYBSD Normal file
View File

@ -0,0 +1,169 @@
# $FreeBSD$
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident TINYBSD
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device eisa
device pci
# Floppy drives
#device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
#device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
device cbb # cardbus (yenta) bridge
device pccard # PC Card (16-bit) bus
device cardbus # CardBus (32-bit) bus
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 adapter Gigabit Ethernet Card
device ixgb # Intel PRO/10GbE Ethernet Card
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device bfe # Broadcom BCM440x 10/100 Ethernet
device bge # Broadcom BCM570xx Gigabit Ethernet
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device lge # Level 1 LXT1001 gigabit ethernet
device nge # NatSemi DP83820 gigabit ethernet
device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
device ste # Sundance ST201 (D-Link DFE-550TX)
device ti # Alteon Networks Tigon I/II gigabit Ethernet
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170 ``EPIC'')
device vge # VIA VT612x gigabit ethernet
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
device ex # Intel EtherExpress Pro/10 and Pro/10+
device ep # Etherlink III based cards
device fe # Fujitsu MB8696x based cards
device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
device lnc # NE2100, NE32-VL Lance Ethernet cards
device sn # SMC's 9000 series of Ethernet chips
device xe # Xircom pccard Ethernet
# ISA devices that use the old ISA shims
#device le
# Wireless NIC cards
device wlan # 802.11 support
device an # Aironet 4500/4800 802.11 wireless NICs.
device awi # BayStack 660 and others
device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device wl # Older non 802.11 Wavelan wireless NIC.
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options BRIDGE
device ath
device ath_hal
device ath_rate_sample
# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254
# clock to actually be used.
options CLK_USE_I8254_CALIBRATION
# CPU_ELAN enables support for AMDs ElanSC520 CPU.
options CPU_ELAN
options CPU_SOEKRIS
options CPU_ELAN_XTAL=32768000
options CPU_ELAN_PPS

2
tools/tools/tinybsd/conf/bridge/etc/fstab Normal file
View File

@ -0,0 +1,2 @@
# $FreeBSD$
/dev/ad0a / ufs ro 1 1

12
tools/tools/tinybsd/conf/bridge/etc/rc.conf Normal file
View File

@ -0,0 +1,12 @@
# $FreeBSD$
hostname="tinybsd.freebsd.org"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"
inetd_enable="NO"
portmap_enable="NO"
update_motd="NO"
varmfs="YES"
populate_var="YES"
varsize="8192"

8
tools/tools/tinybsd/conf/bridge/etc/sysctl.conf Normal file
View File

@ -0,0 +1,8 @@
# $FreeBSD$
# BRIDGE Options
net.link.ether.bridge.enable=1
net.link.ether.bridge.ipfw=1
net.link.ether.bridge.config==xl0:0,xl1:0,fxp0:1,fxp1:1

242
tools/tools/tinybsd/conf/bridge/tinybsd.basefiles Normal file
View File

@ -0,0 +1,242 @@
# $FreeBSD$
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
boot/loader
boot/loader.4th
boot/loader.help
boot/loader.rc
boot/mbr
boot/support.4th
# contents of ${WORKDIR}/libexec
libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
bin/cp
bin/csh:bin/tcsh
bin/date
bin/dd
bin/df
bin/domainname
bin/echo
bin/ed:bin/red
bin/expr
bin/hostname
bin/kenv
bin/kill
bin/ln:bin/link
bin/ls
bin/mkdir
bin/mv
bin/pax
bin/ps
bin/pwd
bin/realpath
bin/rm:bin/unlink
bin/rmdir
bin/sh
bin/sleep
bin/stty
bin/sync
# contents of ${WORKDIR}/sbin
sbin/adjkerntz
sbin/comcontrol
sbin/disklabel
sbin/dmesg
sbin/fastboot:sbin/reboot
sbin/fasthalt:sbin/halt
sbin/fsck
sbin/fsck_ufs:sbin/fsck_ffs
sbin/fsck_ufs:sbin/fsck_4.2bsd
sbin/ifconfig
sbin/init
sbin/ipfw
sbin/kldconfig
sbin/kldload
sbin/kldstat
sbin/kldunload
sbin/ldconfig
sbin/md5
sbin/mdconfig
sbin/mknod
sbin/mdmfs
sbin/mount
sbin/mount_devfs:sbin/mount_fdescfs
sbin/mount_devfs:sbin/mount_linprocfs
sbin/mount_devfs:sbin/mount_procfs
sbin/mount_devfs:sbin/mount_std
sbin/mount_nfs
sbin/mount_nullfs
sbin/mount_umapfs
sbin/mount_unionfs
sbin/newfs
sbin/nextboot
sbin/nologin
sbin/nos-tun
sbin/ping
sbin/rcorder
sbin/route
sbin/shutdown
sbin/slattach
sbin/swapon
sbin/sysctl
sbin/umount
# contents of ${WORKDIR}/usr/sbin
usr/bin/at:usr/bin/atq
usr/bin/at:usr/bin/atrm
usr/bin/at:usr/bin/batch
usr/bin/awk
usr/bin/basename
usr/bin/bunzip2:usr/bin/bzcat
usr/bin/bunzip2:usr/bin/bzip2
usr/bin/chat
usr/bin/chfn:usr/bin/chpass
usr/bin/chfn:usr/bin/chsh
usr/bin/chgrp
usr/bin/cksum
usr/bin/clear
usr/bin/cmp
usr/bin/compress:usr/bin/uncompress
usr/bin/cpio
usr/bin/crontab
usr/bin/cu
usr/bin/dig
usr/bin/dirname
usr/bin/du
usr/bin/ee
usr/bin/egrep:usr/bin/fgrep
usr/bin/egrep:usr/bin/grep
usr/bin/env
usr/bin/false
usr/bin/fetch
usr/bin/find
usr/bin/finger
usr/bin/fstat
usr/bin/fsync
usr/bin/ftp
usr/bin/gunzip:usr/bin/gzcat
usr/bin/gunzip:usr/bin/gzip
usr/bin/gzexe
usr/bin/head
usr/bin/hexdump
usr/bin/id:usr/bin/whoami
usr/bin/ident
usr/bin/killall
usr/bin/last
usr/bin/less:usr/bin/more
usr/bin/limits
usr/bin/lock
usr/bin/lockf
usr/bin/logger
usr/bin/login
usr/bin/logname
usr/bin/mesg
usr/bin/minigzip
usr/bin/mkfifo
usr/bin/mktemp
usr/bin/msgs
usr/bin/netstat
usr/bin/nfsstat
usr/bin/nice
usr/bin/nslookup
usr/bin/nsupdate
usr/bin/nohup
usr/bin/objformat
usr/bin/openssl
usr/bin/passwd
usr/bin/printf
usr/bin/renice
usr/bin/reset:usr/sbin/tset
usr/bin/scp
usr/bin/script
usr/bin/sed
usr/bin/sftp
usr/bin/shar
usr/bin/slogin:usr/bin/ssh
usr/bin/sort
usr/bin/split
usr/bin/ssh-keygen
usr/bin/su
usr/bin/tail
usr/bin/tar
usr/bin/tee
usr/bin/telnet
usr/bin/tftp
usr/bin/time
usr/bin/top
usr/bin/touch
usr/bin/tput
usr/bin/tr
usr/bin/true
usr/bin/tty
usr/bin/uname
usr/bin/uptime:usr/bin/w
usr/bin/users
usr/bin/uudecode
usr/bin/uuencode
usr/bin/vi
usr/bin/vmstat
usr/bin/wall
usr/bin/who
usr/bin/whois
usr/bin/write
usr/bin/yes
# contents of ${WORKDIR}/usr/sbin
usr/sbin/arp
usr/sbin/boot0cfg
usr/sbin/chown
usr/sbin/chroot
usr/sbin/cron
usr/sbin/idprio:usr/sbin/rtprio
usr/sbin/inetd
usr/sbin/iostat
usr/sbin/kbdcontrol
usr/sbin/lastlogin
usr/sbin/memcontrol
usr/sbin/mountd
usr/sbin/mtree
usr/sbin/newsyslog
usr/sbin/ngctl
usr/sbin/nghook
usr/sbin/ntpdate
usr/sbin/pciconf
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/slstat
usr/sbin/sshd
usr/sbin/syslogd
usr/sbin/tcpdchk
usr/sbin/tcpdmatch
usr/sbin/tcpdump
usr/sbin/traceroute
usr/sbin/vidcontrol
usr/sbin/vipw
usr/sbin/vnconfig
usr/sbin/watch
usr/sbin/wicontrol
usr/sbin/pccardc
usr/sbin/pccardd
# contents of ${WORKDIR}/usr/libexec
usr/libexec/atrun
usr/libexec/ftpd
usr/libexec/getty
usr/libexec/sftp-server
usr/libexec/telnetd
usr/libexec/tftpd
# contents of ${WORKDIR}/usr/share
usr/share/misc/termcap

186
tools/tools/tinybsd/conf/default/TINYBSD Normal file
View File

@ -0,0 +1,186 @@
# $FreeBSD$
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident TINYBSD
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options MSDOSFS # MSDOS Filesystem
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device eisa
device pci
# Floppy drives
#device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
#device ataraid # ATA RAID drives
#device atapicd # ATAPI CDROM drives
#device atapifd # ATAPI floppy drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
#device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
device cbb # cardbus (yenta) bridge
device pccard # PC Card (16-bit) bus
device cardbus # CardBus (32-bit) bus
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 adapter Gigabit Ethernet Card
device ixgb # Intel PRO/10GbE Ethernet Card
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device bfe # Broadcom BCM440x 10/100 Ethernet
device bge # Broadcom BCM570xx Gigabit Ethernet
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device lge # Level 1 LXT1001 gigabit ethernet
device nge # NatSemi DP83820 gigabit ethernet
device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
device ste # Sundance ST201 (D-Link DFE-550TX)
device ti # Alteon Networks Tigon I/II gigabit Ethernet
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170 ``EPIC'')
device vge # VIA VT612x gigabit ethernet
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
device ex # Intel EtherExpress Pro/10 and Pro/10+
device ep # Etherlink III based cards
device fe # Fujitsu MB8696x based cards
device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
device lnc # NE2100, NE32-VL Lance Ethernet cards
device sn # SMC's 9000 series of Ethernet chips
device xe # Xircom pccard Ethernet
# ISA devices that use the old ISA shims
#device le
# Wireless NIC cards
device wlan # 802.11 support
device an # Aironet 4500/4800 802.11 wireless NICs.
device awi # BayStack 660 and others
device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device wl # Older non 802.11 Wavelan wireless NIC.
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
#device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET
options BRIDGE
device ath
device ath_hal
device ath_rate_sample
# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254
# clock to actually be used.
options CLK_USE_I8254_CALIBRATION
# CPU_ELAN enables support for AMDs ElanSC520 CPU.
options CPU_ELAN
options CPU_SOEKRIS
options CPU_ELAN_XTAL=32768000
options CPU_ELAN_PPS

2
tools/tools/tinybsd/conf/default/etc/fstab Normal file
View File

@ -0,0 +1,2 @@
# $FreeBSD$
/dev/ad0a / ufs ro 1 1

12
tools/tools/tinybsd/conf/default/etc/rc.conf Normal file
View File

@ -0,0 +1,12 @@
# $FreeBSD$
hostname="tinybsd.freebsd.org"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"
inetd_enable="NO"
portmap_enable="NO"
update_motd="NO"
varmfs="YES"
populate_var="YES"
varsize="8192"

253
tools/tools/tinybsd/conf/default/tinybsd.basefiles Normal file
View File

@ -0,0 +1,253 @@
# $FreeBSD$
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
boot/loader
boot/loader.4th
boot/loader.help
boot/loader.rc
boot/mbr
boot/support.4th
# contents of ${WORKDIR}/libexec
libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
bin/cp
bin/csh:bin/tcsh
bin/date
bin/dd
bin/df
bin/domainname
bin/echo
bin/ed:bin/red
bin/expr
bin/hostname
bin/kenv
bin/kill
bin/ln:bin/link
bin/ls
bin/mkdir
bin/mv
bin/pax
bin/ps
bin/pwd
bin/realpath
bin/rm:bin/unlink
bin/rmdir
bin/sh
bin/sleep
bin/stty
bin/sync
# contents of ${WORKDIR}/sbin
sbin/adjkerntz
sbin/comcontrol
sbin/dhclient
sbin/dhclient-script
sbin/disklabel
sbin/dmesg
sbin/fastboot:sbin/reboot
sbin/fasthalt:sbin/halt
sbin/fsck
sbin/fsck_ufs:sbin/fsck_ffs
sbin/fsck_ufs:sbin/fsck_4.2bsd
sbin/ifconfig
sbin/init
sbin/ipfw
sbin/kldconfig
sbin/kldload
sbin/kldstat
sbin/kldunload
sbin/ldconfig
sbin/md5
sbin/mdconfig
sbin/mknod
sbin/mdmfs
sbin/mount
sbin/mount_devfs:sbin/mount_fdescfs
sbin/mount_devfs:sbin/mount_linprocfs
sbin/mount_devfs:sbin/mount_procfs
sbin/mount_devfs:sbin/mount_std
sbin/mount_nfs
sbin/mount_nullfs
sbin/mount_umapfs
sbin/mount_unionfs
sbin/natd
sbin/nfsiod
sbin/newfs
sbin/nextboot
sbin/nologin
sbin/nos-tun
sbin/ping
sbin/rcorder
sbin/route
sbin/shutdown
sbin/slattach
sbin/swapon
sbin/sysctl
sbin/umount
# contents of ${WORKDIR}/usr/sbin
usr/bin/at:usr/bin/atq
usr/bin/at:usr/bin/atrm
usr/bin/at:usr/bin/batch
usr/bin/awk
usr/bin/basename
usr/bin/bunzip2:usr/bin/bzcat
usr/bin/bunzip2:usr/bin/bzip2
usr/bin/chat
usr/bin/chfn:usr/bin/chpass
usr/bin/chfn:usr/bin/chsh
usr/bin/chgrp
usr/bin/cksum
usr/bin/clear
usr/bin/cmp
usr/bin/compress:usr/bin/uncompress
usr/bin/cpio
usr/bin/crontab
usr/bin/cu
usr/bin/dig
usr/bin/dirname
usr/bin/du
usr/bin/ee
usr/bin/egrep:usr/bin/fgrep
usr/bin/egrep:usr/bin/grep
usr/bin/env
usr/bin/false
usr/bin/fetch
usr/bin/find
usr/bin/finger
usr/bin/fstat
usr/bin/fsync
usr/bin/ftp
usr/bin/gunzip:usr/bin/gzcat
usr/bin/gunzip:usr/bin/gzip
usr/bin/gzexe
usr/bin/head
usr/bin/hexdump
usr/bin/id:usr/bin/whoami
usr/bin/ident
usr/bin/killall
usr/bin/last
usr/bin/less:usr/bin/more
usr/bin/limits
usr/bin/lock
usr/bin/lockf
usr/bin/logger
usr/bin/login
usr/bin/logname
usr/bin/mesg
usr/bin/minigzip
usr/bin/mkfifo
usr/bin/mktemp
usr/bin/msgs
usr/bin/netstat
usr/bin/nfsstat
usr/bin/nice
usr/bin/nslookup
usr/bin/nsupdate
usr/bin/nohup
usr/bin/objformat
usr/bin/openssl
usr/bin/passwd
usr/bin/printf
usr/bin/renice
usr/bin/reset:usr/sbin/tset
usr/bin/scp
usr/bin/script
usr/bin/sed
usr/bin/sftp
usr/bin/shar
usr/bin/slogin:usr/bin/ssh
usr/bin/sort
usr/bin/split
usr/bin/ssh-keygen
usr/bin/su
usr/bin/tail
usr/bin/tar
usr/bin/tee
usr/bin/telnet
usr/bin/tftp
usr/bin/time
usr/bin/top
usr/bin/touch
usr/bin/tput
usr/bin/tr
usr/bin/true
usr/bin/tty
usr/bin/uname
usr/bin/uptime:usr/bin/w
usr/bin/users
usr/bin/uudecode
usr/bin/uuencode
usr/bin/vi
usr/bin/vmstat
usr/bin/wall
usr/bin/who
usr/bin/whois
usr/bin/write
usr/bin/yes
# contents of ${WORKDIR}/usr/sbin
usr/sbin/arp
usr/sbin/boot0cfg
usr/sbin/chown
usr/sbin/chroot
usr/sbin/cron
usr/sbin/idprio:usr/sbin/rtprio
usr/sbin/inetd
usr/sbin/iostat
usr/sbin/kbdcontrol
usr/sbin/lastlogin
usr/sbin/memcontrol
usr/sbin/mountd
usr/sbin/mtree
usr/sbin/named
usr/sbin/named.reload
usr/sbin/newsyslog
usr/sbin/nfsd
usr/sbin/ngctl
usr/sbin/nghook
usr/sbin/ntpdate
usr/sbin/pciconf
usr/sbin/ppp
usr/sbin/pppctl
usr/sbin/pppstats
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/rpcbind
usr/sbin/slstat
usr/sbin/sshd
usr/sbin/syslogd
usr/sbin/tcpdchk
usr/sbin/tcpdmatch
usr/sbin/tcpdump
usr/sbin/traceroute
usr/sbin/vidcontrol
usr/sbin/vipw
usr/sbin/vnconfig
usr/sbin/watch
usr/sbin/wicontrol
usr/sbin/pccardc
usr/sbin/pccardd
# contents of ${WORKDIR}/usr/libexec
usr/libexec/atrun
usr/libexec/ftpd
usr/libexec/getty
usr/libexec/sftp-server
usr/libexec/telnetd
usr/libexec/tftpd
# contents of ${WORKDIR}/usr/share
usr/share/misc/termcap

183
tools/tools/tinybsd/conf/firewall/TINYBSD Normal file
View File

@ -0,0 +1,183 @@
# $FreeBSD$
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident TINYBSD
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device eisa
device pci
# Floppy drives
#device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
#device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
#device cbb # cardbus (yenta) bridge
#device pccard # PC Card (16-bit) bus
#device cardbus # CardBus (32-bit) bus
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 adapter Gigabit Ethernet Card
device ixgb # Intel PRO/10GbE Ethernet Card
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device bfe # Broadcom BCM440x 10/100 Ethernet
device bge # Broadcom BCM570xx Gigabit Ethernet
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device lge # Level 1 LXT1001 gigabit ethernet
device nge # NatSemi DP83820 gigabit ethernet
device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
device ste # Sundance ST201 (D-Link DFE-550TX)
device ti # Alteon Networks Tigon I/II gigabit Ethernet
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170 ``EPIC'')
device vge # VIA VT612x gigabit ethernet
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
device ex # Intel EtherExpress Pro/10 and Pro/10+
device ep # Etherlink III based cards
device fe # Fujitsu MB8696x based cards
device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
device lnc # NE2100, NE32-VL Lance Ethernet cards
device sn # SMC's 9000 series of Ethernet chips
device xe # Xircom pccard Ethernet
# ISA devices that use the old ISA shims
#device le
# Wireless NIC cards
#device wlan # 802.11 support
#device an # Aironet 4500/4800 802.11 wireless NICs.
#device awi # BayStack 660 and others
#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device wl # Older non 802.11 Wavelan wireless NIC.
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET
device pf #PF OpenBSD packet-filter firewall
device pflog #logging support interface for PF
device pfsync #synchronization interface for PF
device carp #Common Address Redundancy Protocol
options ALTQ
options ALTQ_CBQ # Class Bases Queueing
options ALTQ_RED # Random Early Detection
options ALTQ_RIO # RED In/Out
options ALTQ_HFSC # Hierarchical Packet Scheduler
options ALTQ_CDNR # Traffic conditioner
options ALTQ_PRIQ # Priority Queueing
options ALTQ_NOPCC # Required for SMP build
device ath
device ath_hal
device ath_rate_sample
# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254
# clock to actually be used.
options CLK_USE_I8254_CALIBRATION
# CPU_ELAN enables support for AMDs ElanSC520 CPU.
options CPU_ELAN
options CPU_SOEKRIS
options CPU_ELAN_XTAL=32768000
options CPU_ELAN_PPS

1
tools/tools/tinybsd/conf/firewall/etc/authpf/authpf.rules Normal file
View File

@ -0,0 +1 @@
# $FreeBSD$

2
tools/tools/tinybsd/conf/firewall/etc/fstab Normal file
View File

@ -0,0 +1,2 @@
# $FreeBSD$
/dev/ad0a / ufs ro 1 1

1
tools/tools/tinybsd/conf/firewall/etc/natd.conf Normal file
View File

@ -0,0 +1 @@
# $FreeBSD$

78
tools/tools/tinybsd/conf/firewall/etc/pf.conf Normal file
View File

@ -0,0 +1,78 @@
# $FreeBSD$
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Required order: options, normalization, queueing, translation, filtering.
# Macros and tables may be defined and used anywhere.
# Note that translation rules are first match while filter rules are last match.
# Macros: define common values, so they can be referenced and changed easily.
#ext_if="ext0" # replace with actual external interface name i.e., dc0
#int_if="int0" # replace with actual internal interface name i.e., dc1
#internal_net="10.1.1.1/8"
#external_addr="192.168.1.1"
# Tables: similar to macros, but more flexible for many addresses.
#table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }
# Options: tune the behavior of pf, default values are given.
#set timeout { interval 10, frag 30 }
#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
#set timeout { icmp.first 20, icmp.error 10 }
#set timeout { other.first 60, other.single 30, other.multiple 60 }
#set timeout { adaptive.start 0, adaptive.end 0 }
#set limit { states 10000, frags 5000 }
#set loginterface none
#set optimization normal
#set block-policy drop
#set require-order yes
#set fingerprints "/etc/pf.os"
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
#scrub in all
# Queueing: rule-based bandwidth control.
#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
#queue dflt bandwidth 5% cbq(default)
#queue developers bandwidth 80%
#queue marketing bandwidth 15%
# Translation: specify how addresses are to be mapped or redirected.
# nat: packets going out through $ext_if with source address $internal_net will
# get translated as coming from the address of $ext_if, a state is created for
# such packets, and incoming packets will be redirected to the internal address.
#nat on $ext_if from $internal_net to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination $external_addr:1234 will
# be redirected to 10.1.1.1:5678. A state is created for such packets, and
# outgoing packets will be translated as coming from the external address.
#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678
# rdr outgoing FTP requests to the ftp-proxy
#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# spamd-setup puts addresses to be redirected into table <spamd>.
#table <spamd> persist
#no rdr on { lo0, lo1 } from any to any
#rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025
# Filtering: the implicit first two rules are
#pass in all
#pass out all
# block all incoming packets but allow ssh, pass all outgoing tcp and udp
# connections and keep state, logging blocked packets.
#block in log all
#pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
#pass out on $ext_if proto { tcp, udp } all keep state
# pass incoming packets destined to the addresses given in table <foo>.
#pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state
# pass incoming ports for ftp-proxy
#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
# assign packets to a queue.
#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing

549
tools/tools/tinybsd/conf/firewall/etc/pf.os Normal file
View File

@ -0,0 +1,549 @@
# $FreeBSD$
# passive OS fingerprinting
# -------------------------
#
# SYN signatures. Those signatures work for SYN packets only (duh!).
#
# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#
# This fingerprint database is adapted from Michal Zalewski's p0f passive
# operating system package.
#
#
# Each line in this file specifies a single fingerprint. Please read the
# information below carefully before attempting to append any signatures
# reported as UNKNOWN to this file to avoid mistakes.
#
# We use the following set metrics for fingerprinting:
#
# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
# performance control (max. amount of data to be sent without ACK).
# Some systems use a fixed value for initial packets. On other
# systems, it is a multiple of MSS or MTU (MSS+40). In some rare
# cases, the value is just arbitrary.
#
# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
# value of nn is not fixed (unlikely), just copy the Snn or Tnn token
# literally. If you know this device has a simple stack and a fixed
# MTU, you can however multiply S value by MSS, or T value by MSS+40,
# and put it instead of Snn or Tnn.
#
# If WSS otherwise looks like a fixed value (for example a multiple
# of two), or if you can confirm the value is fixed, please quote
# it literally. If there's no apparent pattern in WSS chosen, you
# should consider wildcarding this value.
#
# - Overall packet size - a function of all IP and TCP options and bugs.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Initial TTL - We check the actual TTL of a received packet. It can't
# be higher than the initial TTL, and also shouldn't be dramatically
# lower (maximum distance is defined as 40 hops).
#
# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
# You need to determine the initial TTL. The best way to do it is to
# check the documentation for a remote system, or check its settings.
# A fairly good method is to simply round the observed TTL up to
# 32, 64, 128, or 255, but it should be noted that some obscure devices
# might not use round TTLs (in particular, some shoddy appliances use
# "original" initial TTL settings). If not sure, you can see how many
# hops you're away from the remote party with traceroute or mtr.
#
# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
# discovery. Others do not bother.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
# uses it to determine link type of the remote host.
#
# NEW SIGNATURE: Always wildcard this value, except for rare cases when
# you have an appliance with a fixed value, know the system supports only
# a very limited number of network interface types, or know the system
# is using a value it pulled out of nowhere. Specific unique MSS
# can be used to tell Google crawlbots from the rest of the population.
#
# - Window scaling (WSCALE) - this feature is used to scale WSS.
# It extends the size of a TCP/IP window to 32 bits. Some modern
# systems implement this feature.
#
# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
# to zero or other low value. There's usually no need to wildcard this
# parameter.
#
# - Timestamp - some systems that implement timestamps set them to
# zero in the initial SYN. This case is detected and handled appropriately.
#
# - Selective ACK permitted - a flag set by systems that implement
# selective ACK functionality.
#
# - The sequence of TCP all options (MSS, window scaling, selective ACK
# permitted, timestamp, NOP). Other than the options previously
# discussed, p0f also checks for timestamp option (a silly
# extension to broadcast your uptime ;-), NOP options (used for
# header padding) and sackOK option (selective ACK feature).
#
# NEW SIGNATURE: Copy the sequence literally.
#
# To wildcard any value (except for initial TTL or TCP options), replace
# it with '*'. You can also use a modulo operator to match any values
# that divide by nnn - '%nnn'.
#
# Fingerprint entry format:
#
# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
#
# wwww - window size (can be *, %nnn, Snn or Tnn). The special values
# "S" and "T" which are a multiple of MSS or a multiple of MTU
# respectively.
# ttt - initial TTL
# D - don't fragment bit (0 - not set, 1 - set)
# ss - overall SYN packet size
# OOO - option value and order specification (see below)
# OS - OS genre (Linux, Solaris, Windows)
# Version - OS Version (2.0.27 on x86, etc)
# Subtype - OS subtype or patchlevel (SP3, lo0)
# details - Generic OS details
#
# If OS genre starts with '*', p0f will not show distance, link type
# and timestamp data. It is useful for userland TCP/IP stacks of
# network scanners and so on, where many settings are randomized or
# bogus.
#
# If OS genre starts with @, it denotes an approximate hit for a group
# of operating systems (signature reporting still enabled in this case).
# Use this feature at the end of this file to catch cases for which
# you don't have a precise match, but can tell it's Windows or FreeBSD
# or whatnot by looking at, say, flag layout alone.
#
# Option block description is a list of comma or space separated
# options in the order they appear in the packet:
#
# N - NOP option
# Wnnn - window scaling option, value nnn (or * or %nnn)
# Mnnn - maximum segment size option, value nnn (or * or %nnn)
# S - selective ACK OK
# T - timestamp
# T0 - timestamp with a zero value
#
# To denote no TCP options, use a single '.'.
#
# Please report any additions to this file, or any inaccuracies or
# problems spotted, to the maintainers: lcamtuf@coredump.cx,
# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
# capture of the relevant SYN packet(s)
#
# WARNING WARNING WARNING
# -----------------------
#
# Do not add a system X as OS Y just because NMAP says so. It is often
# the case that X is a NAT firewall. While nmap is talking to the
# device itself, p0f is fingerprinting the guy behind the firewall
# instead.
#
# When in doubt, use common sense, don't add something that looks like
# a completely different system as Linux or FreeBSD or LinkSys router.
# Check DNS name, establish a connection to the remote host and look
# at SYN+ACK - does it look similar?
#
# Some users tweak their TCP/IP settings - enable or disable RFC1323
# functionality, enable or disable timestamps or selective ACK,
# disable PMTU discovery, change MTU and so on. Always compare a new rule
# to other fingerprints for this system, and verify the system isn't
# "customized" before adding it. It is OK to add signature variants
# caused by a commonly used software (personal firewalls, security
# packages, etc), but it makes no sense to try to add every single
# possible /proc/sys/net/ipv4 tweak on Linux or so.
#
# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
# normalize packets. Signatures will not correspond to the originating
# system (and probably not quite to the firewall either).
#
# NOTE: Try to keep this file in some reasonable order, from most to
# least likely systems. This will speed up operation. Also keep most
# generic and broad rules near the end.
#
##########################
# Standard OS signatures #
##########################
# ----------------- AIX ---------------------
# AIX is first because its signatures are close to NetBSD, MacOS X and
# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
# This is a shoddy hack, though.
16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier
16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1
# ----------------- Linux -------------------
512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
# Endian snafu! Nelson says "ha-ha":
2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot)
S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
S3:64:1:60:M*,S,T,N,W0: Linux:2.4:18-21:Linux 2.4.18 and newer
S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6
S4:64:1:60:M*,S,T,N,W0: Linux:2.6::Linux 2.4/2.6
S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5
S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer
S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
# Popular cluster config scripts disable timestamps and
# selective ACK:
S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster
# This needs to be investigated. On some systems, WSS
# is selected as a multiple of MTU instead of MSS. I got
# many submissions for this for many late versions of 2.4:
T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon)
# This happens only over loopback, but let's make folks happy:
32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local)
S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local)
# Opera visitors:
16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?)
32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?)
# Some fairly common mods:
S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps
S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
# ----------------- FreeBSD -----------------
16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.1
16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.1
16384:64:1:44:M*: FreeBSD:4.0-4.1::FreeBSD 2.0-4.1
16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.8::FreeBSD 4.6-4.8
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.9::FreeBSD 4.7-5.1
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.7-5.1
# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
# ----------------- NetBSD ------------------
65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera)
16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6
16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF)
16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3
65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF)
# ----------------- OpenBSD -----------------
16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4::OpenBSD 3.0-3.4
16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:no-df:OpenBSD 3.0-3.4 (scrub no-df)
57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4::OpenBSD 3.3-3.4
57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4:no-df:OpenBSD 3.3-3.4 (scrub no-df)
65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:opera:OpenBSD 3.0-3.4 (Opera)
# ----------------- Solaris -----------------
S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323
S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8
S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7
S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7
S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1
S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9
S44:255:1:44:M*: Solaris:2.7::Solaris 7
# ----------------- IRIX --------------------
49152:64:0:44:M*: IRIX:6.4::IRIX 6.4
61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5
49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
# ----------------- Tru64 -------------------
32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0
32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0
8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
# This looks awfully Linuxish :/
# S22:64:0:60:M*,S,T,N,W0: Tru64:5.0:a:Tru64 5.0a
61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
# ----------------- OpenVMS -----------------
6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
# ----------------- MacOS -------------------
16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
32768:255:1:48:M*,W0,N: MacOS:9.1-9.2::MacOS 9.1/9.2
32768:64:0:60:M*,N,W0,N,N,T: MacOS:X:10.2:MacOS X 10.2
# ----------------- Windows -----------------
# Windows 95 - need more:
8192:32:1:44:M*: Windows:95::Windows 95 (low TTL)
# Windows 98 - plenty of silly signatures:
S44:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL)
8192:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL)
%8192:64:1:48:M*,N,N,S: Windows:98::Windows 98 (or newer XP/2000 with tweaked TTL)
S4:64:1:48:M*,N,N,S: Windows:98::Windows 98
S6:64:1:48:M*,N,N,S: Windows:98::Windows 98
S12:64:1:48:M*,N,N,S: Windows:98::Windows 98
32767:64:1:48:M*,N,N,S: Windows:98::Windows 98
37300:64:1:48:M*,N,N,S: Windows:98::Windows 98
46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323)
65535:64:1:44:M*: Windows:98:noSACK:Windows 98 (no sack)
S16:128:1:48:M*,N,N,S: Windows:98::Windows 98
S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
S26:128:1:48:M*,N,N,S: Windows:98::Windows 98
T30:128:1:48:M*,N,N,S: Windows:98::Windows 98
32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98
60352:128:1:48:M*,N,N,S: Windows:98::Windows 98
60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98
# Windows NT 4.0 - need more:
64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older)
6144:128:1:52:M*,W0,N,S,N,N: Windows:NT:4.0:Windows NT 4.0 (RFC1323)
# Windows XP and 2000. Most of the signatures that were
# either dubious or non-specific (no service pack data)
# were deleted and replaced with generics at the end.
65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4
S6:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows XP SP1, 2000 SP4
S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows XP Pro SP1, 2000 SP3
S6:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1, 2000 SP4
S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP Pro SP1, 2000 SP3
64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1
32767:128:1:48:M1452,N,N,S: Windows:XP:SP1:Windows XP SP1
65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
# Odds, ends, mods:
S52:128:1:48:M1260,N,N,S: Windows:XP:Cisco:Windows XP/2000 via Cisco
S52:128:1:48:M1260,N,N,S: Windows:2000:Cisco:Windows XP/2000 via Cisco
# HUNT DOWN:
# *:128:1:48:M*,N,N,S:U:@Windows:XP (leak) (PLEASE REPORT)
# ----------------- HP/UX -------------------
32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20
32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0
32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11
32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11
# Whoa. Hardcore WSS.
0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
# ----------------- RiscOS ------------------
# We don't yet support the ?12 TCP option
#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36
# ----------------- BSD/OS ------------------
# Once again, power of two WSS is also shared by MacOS X with DF set
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
# ---------------- NewtonOS -----------------
4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1
# ---------------- NeXTSTEP -----------------
S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3
# ------------------ BeOS -------------------
1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1
12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x
# ------------------ OS/400 -----------------
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5
4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
# ------------------ ULTRIX -----------------
16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5
# ------------------- QNX -------------------
S16:64:0:44:M512: QNX:::QNX demodisk
# ------------------ Novell -----------------
16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0
6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11
# ----------------- SCO ------------------
S17:64:1:44:M1460: SCO:Unixware:7.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
S17:64:1:44:M1460: SCO:OpenServer:5.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1
# ------------------- DOS -------------------
2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
###########################################
# Appliance / embedded / other signatures #
###########################################
# ---------- Firewalls / routers ------------
S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1)
S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2)
4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x
60352:64:0:52:M1460,N,W2,N,N,S: Clavister:7::Clavister firewall 7.x
# ------- Switches and other stuff ----------
4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc
S8:255:0:44:M*: Cisco:12008::Cisco 12008
60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch
64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client
# ---------- Caches and whatnots ------------
S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache
32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x
16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:64:M1460,N,N,S,N,W3,N,N,T: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow
8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1
S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine
27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based)
65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler
S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg
16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?)
# ----------- Embedded systems --------------
S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C
S5:255:0:44:M536: PalmOS:3::PalmOS 3/4
S5:255:0:44:M536: PalmOS:4::PalmOS 3/4
S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5
2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera)
S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7
8192:255:0:44:M1460: SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?)
8192:255:0:44:M536: SymbianOS:::SymbianOS (on Nokia 9210?)
# Perhaps S4?
5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10
32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002
S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0
4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
####################
# Fancy signatures #
####################
1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1)
2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2)
3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3)
4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4)
1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1)
2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2)
3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3)
4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4)
#####################################
# Generic signatures - just in case #
#####################################
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+)
*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000
*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000

40
tools/tools/tinybsd/conf/firewall/etc/rc.conf Normal file
View File

@ -0,0 +1,40 @@
# $FreeBSD$
hostname="tinybsd.freebsd.org"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"
inetd_enable="NO"
portmap_enable="NO"
update_motd="NO"
varmfs="YES"
populate_var="YES"
varsize="8192"
# IPFW
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="closed"
# NAT
natd_enable="NO"
natd_interface=""
natd_flags=""
# PF
pf_enable="NO"
pf_rules="/etc/pf.conf"
pf_program="/sbin/pfctl"
pf_flags=""
pflog_enable="NO"
pflog_logfile="/var/log/pflog"
pflog_program="/sbin/pflogd"
pflog_flags=""
# CARP Example
#cloned_interfaces="carp0"
#ifconfig_carp0="vhid 1 pass xalala 192.168.1.1/24"

302
tools/tools/tinybsd/conf/firewall/etc/rc.firewall Normal file
View File

@ -0,0 +1,302 @@
#!/bin/sh -
# Copyright (c) 1996 Poul-Henning Kamp
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
#
# Setup system for firewall service.
#
# Suck in the configuration variables.
if [ -z "${source_rc_confs_defined}" ]; then
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
fi
############
# Define the firewall type in /etc/rc.conf. Valid values are:
# open - will allow anyone in
# client - will try to protect just this machine
# simple - will try to protect a whole network
# closed - totally disables IP services except via lo0 interface
# UNKNOWN - disables the loading of firewall rules.
# filename - will load the rules in the given filename (full path required)
#
# For ``client'' and ``simple'' the entries below should be customized
# appropriately.
############
#
# If you don't know enough about packet filtering, we suggest that you
# take time to read this book:
#
# Building Internet Firewalls, 2nd Edition
# Brent Chapman and Elizabeth Zwicky
#
# O'Reilly & Associates, Inc
# ISBN 1-56592-871-7
# http://www.ora.com/
# http://www.oreilly.com/catalog/fire2/
#
# For a more advanced treatment of Internet Security read:
#
# Firewalls & Internet Security
# Repelling the wily hacker
# William R. Cheswick, Steven M. Bellowin
#
# Addison-Wesley
# ISBN 0-201-63357-4
# http://www.awl.com/
# http://www.awlonline.com/product/0%2C2627%2C0201633574%2C00.html
#
setup_loopback () {
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
}
if [ -n "${1}" ]; then
firewall_type="${1}"
fi
############
# Set quiet mode if requested
#
case ${firewall_quiet} in
[Yy][Ee][Ss])
fwcmd="/sbin/ipfw -q"
;;
*)
fwcmd="/sbin/ipfw"
;;
esac
############
# Flush out the list before we begin.
#
${fwcmd} -f flush
############
# Network Address Translation. All packets are passed to natd(8)
# before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd
# starting at the rule number following the divert rule.
#
# For ``simple'' firewall type the divert rule should be put to a
# different place to not interfere with address-checking rules.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
fi
;;
esac
esac
############
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic
# then you will want to change the default policy to open. You can also
# do this as your only action by setting the firewall_type to ``open''.
#
# ${fwcmd} add 65000 pass all from any to any
# Prototype setups.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn])
setup_loopback
${fwcmd} add 65000 pass all from any to any
;;
[Cc][Ll][Ii][Ee][Nn][Tt])
############
# This is a prototype setup that will protect your system somewhat
# against people from outside your own network.
############
# set these to your network and netmask and ip
net="192.0.2.0"
mask="255.255.255.0"
ip="192.0.2.1"
setup_loopback
# Allow any traffic to or from my own net.
${fwcmd} add pass all from ${ip} to ${net}:${mask}
${fwcmd} add pass all from ${net}:${mask} to ${ip}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
${fwcmd} add pass tcp from any to ${ip} 25 setup
# Allow setup of outgoing TCP connections only
${fwcmd} add pass tcp from ${ip} to any setup
# Disallow setup of all other TCP connections
${fwcmd} add deny tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${ip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${ip} to any 123 keep-state
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
;;
[Ss][Ii][Mm][Pp][Ll][Ee])
############
# This is a prototype setup for a simple firewall. Configure this
# machine as a DNS and NTP server, and point all the machines
# on the inside at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="ed0"
onet="192.0.2.0"
omask="255.255.255.240"
oip="192.0.2.1"
# set these to your inside interface network and netmask and ip
iif="ed1"
inet="192.0.2.16"
imask="255.255.255.240"
iip="192.0.2.17"
setup_loopback
# Stop spoofing
${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}
# Network Address Translation. This rule is placed here deliberately
# so that it does not interfere with the surrounding address-checking
# rules. If for example one of your internal LAN machines had its IP
# address set to 192.0.2.1 then an incoming packet for it after being
# translated by natd(8) would match the `deny' rule above. Similarly
# an outgoing packet originated from it before being translated would
# match the `deny' rule below.
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd all from any to any via ${natd_interface}
fi
;;
esac
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
${fwcmd} add pass tcp from any to ${oip} 25 setup
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53 setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
# Allow access to our WWW
${fwcmd} add pass tcp from any to ${oip} 80 setup
# Reject&Log all setup of incoming connections from the outside
${fwcmd} add deny log tcp from any to any in via ${oif} setup
# Allow setup of any other TCP connection
${fwcmd} add pass tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${oip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${oip} to any 123 keep-state
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
;;
[Cc][Ll][Oo][Ss][Ee][Dd])
setup_loopback
;;
[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
;;
*)
if [ -r "${firewall_type}" ]; then
${fwcmd} ${firewall_flags} ${firewall_type}
fi
;;
esac

5
tools/tools/tinybsd/conf/firewall/etc/sysctl.conf Normal file
View File

@ -0,0 +1,5 @@
# $FreeBSD$
# CARP Options
#net.inet.carp.preempt=1
#net.inet.carp.arpbalance=1

245
tools/tools/tinybsd/conf/firewall/tinybsd.basefiles Normal file
View File

@ -0,0 +1,245 @@
# $FreeBSD$
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
boot/loader
boot/loader.4th
boot/loader.help
boot/loader.rc
boot/mbr
boot/support.4th
# contents of ${WORKDIR}/libexec
libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
bin/cp
bin/csh:bin/tcsh
bin/date
bin/dd
bin/df
bin/domainname
bin/echo
bin/ed:bin/red
bin/expr
bin/hostname
bin/kenv
bin/kill
bin/ln:bin/link
bin/ls
bin/mkdir
bin/mv
bin/pax
bin/ps
bin/pwd
bin/realpath
bin/rm:bin/unlink
bin/rmdir
bin/sh
bin/sleep
bin/stty
bin/sync
# contents of ${WORKDIR}/sbin
sbin/adjkerntz
sbin/comcontrol
sbin/disklabel
sbin/dmesg
sbin/fastboot:sbin/reboot
sbin/fasthalt:sbin/halt
sbin/fsck
sbin/fsck_ufs:sbin/fsck_ffs
sbin/fsck_ufs:sbin/fsck_4.2bsd
sbin/ifconfig
sbin/init
sbin/ipfw
sbin/kldconfig
sbin/kldload
sbin/kldstat
sbin/kldunload
sbin/ldconfig
sbin/md5
sbin/mdconfig
sbin/mknod
sbin/mdmfs
sbin/mount
sbin/mount_devfs:sbin/mount_fdescfs
sbin/mount_devfs:sbin/mount_linprocfs
sbin/mount_devfs:sbin/mount_procfs
sbin/mount_devfs:sbin/mount_std
sbin/mount_nfs
sbin/mount_nullfs
sbin/mount_umapfs
sbin/mount_unionfs
sbin/natd
sbin/newfs
sbin/nextboot
sbin/nologin
sbin/nos-tun
sbin/pfctl
sbin/pflogd
sbin/ping
sbin/rcorder
sbin/route
sbin/shutdown
sbin/slattach
sbin/swapon
sbin/sysctl
sbin/umount
# contents of ${WORKDIR}/usr/sbin
usr/bin/at:usr/bin/atq
usr/bin/at:usr/bin/atrm
usr/bin/at:usr/bin/batch
usr/bin/awk
usr/bin/basename
usr/bin/bunzip2:usr/bin/bzcat
usr/bin/bunzip2:usr/bin/bzip2
usr/bin/chat
usr/bin/chfn:usr/bin/chpass
usr/bin/chfn:usr/bin/chsh
usr/bin/chgrp
usr/bin/cksum
usr/bin/clear
usr/bin/cmp
usr/bin/compress:usr/bin/uncompress
usr/bin/cpio
usr/bin/crontab
usr/bin/cu
usr/bin/dig
usr/bin/dirname
usr/bin/du
usr/bin/ee
usr/bin/egrep:usr/bin/fgrep
usr/bin/egrep:usr/bin/grep
usr/bin/env
usr/bin/false
usr/bin/fetch
usr/bin/find
usr/bin/finger
usr/bin/fstat
usr/bin/fsync
usr/bin/ftp
usr/bin/gunzip:usr/bin/gzcat
usr/bin/gunzip:usr/bin/gzip
usr/bin/gzexe
usr/bin/head
usr/bin/hexdump
usr/bin/id:usr/bin/whoami
usr/bin/ident
usr/bin/killall
usr/bin/last
usr/bin/less:usr/bin/more
usr/bin/limits
usr/bin/lock
usr/bin/lockf
usr/bin/logger
usr/bin/login
usr/bin/logname
usr/bin/mesg
usr/bin/minigzip
usr/bin/mkfifo
usr/bin/mktemp
usr/bin/msgs
usr/bin/netstat
usr/bin/nfsstat
usr/bin/nice
usr/bin/nslookup
usr/bin/nsupdate
usr/bin/nohup
usr/bin/objformat
usr/bin/openssl
usr/bin/passwd
usr/bin/printf
usr/bin/renice
usr/bin/reset:usr/sbin/tset
usr/bin/scp
usr/bin/script
usr/bin/sed
usr/bin/sftp
usr/bin/shar
usr/bin/slogin:usr/bin/ssh
usr/bin/sort
usr/bin/split
usr/bin/ssh-keygen
usr/bin/su
usr/bin/tail
usr/bin/tar
usr/bin/tee
usr/bin/telnet
usr/bin/tftp
usr/bin/time
usr/bin/top
usr/bin/touch
usr/bin/tput
usr/bin/tr
usr/bin/true
usr/bin/tty
usr/bin/uname
usr/bin/uptime:usr/bin/w
usr/bin/users
usr/bin/uudecode
usr/bin/uuencode
usr/bin/vi
usr/bin/vmstat
usr/bin/wall
usr/bin/who
usr/bin/whois
usr/bin/write
usr/bin/yes
# contents of ${WORKDIR}/usr/sbin
usr/sbin/arp
usr/sbin/authpf
usr/sbin/boot0cfg
usr/sbin/chown
usr/sbin/chroot
usr/sbin/cron
usr/sbin/idprio:usr/sbin/rtprio
usr/sbin/inetd
usr/sbin/iostat
usr/sbin/kbdcontrol
usr/sbin/lastlogin
usr/sbin/memcontrol
usr/sbin/mountd
usr/sbin/mtree
usr/sbin/named
usr/sbin/named.reload
usr/sbin/newsyslog
usr/sbin/ngctl
usr/sbin/nghook
usr/sbin/ntpdate
usr/sbin/pciconf
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/slstat
usr/sbin/sshd
usr/sbin/syslogd
usr/sbin/tcpdchk
usr/sbin/tcpdmatch
usr/sbin/tcpdump
usr/sbin/traceroute
usr/sbin/vidcontrol
usr/sbin/vipw
usr/sbin/vnconfig
usr/sbin/watch
# contents of ${WORKDIR}/usr/libexec
usr/libexec/atrun
usr/libexec/ftpd
usr/libexec/getty
usr/libexec/sftp-server
usr/libexec/telnetd
usr/libexec/tftpd
# contents of ${WORKDIR}/usr/share
usr/share/misc/termcap

89
tools/tools/tinybsd/conf/minimal/TINYBSD Normal file
View File

@ -0,0 +1,89 @@
# $FreeBSD$
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident TINYBSD
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device pci
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
#device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254
# clock to actually be used.
options CLK_USE_I8254_CALIBRATION
# CPU_ELAN enables support for AMDs ElanSC520 CPU.
options CPU_ELAN
options CPU_SOEKRIS
options CPU_ELAN_XTAL=32768000
options CPU_ELAN_PPS

2
tools/tools/tinybsd/conf/minimal/etc/fstab Normal file
View File

@ -0,0 +1,2 @@
# $FreeBSD$
/dev/ad0a / ufs ro 1 1

12
tools/tools/tinybsd/conf/minimal/etc/rc.conf Normal file
View File

@ -0,0 +1,12 @@
# $FreeBSD$
hostname="tinybsd.freebsd.org"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"
inetd_enable="NO"
portmap_enable="NO"
update_motd="NO"
varmfs="YES"
populate_var="YES"
varsize="8192"

172
tools/tools/tinybsd/conf/minimal/tinybsd.basefiles Normal file
View File

@ -0,0 +1,172 @@
# $FreeBSD$
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
boot/loader
boot/loader.4th
boot/loader.help
boot/loader.rc
boot/mbr
boot/support.4th
# contents of ${WORKDIR}/libexec
libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
bin/cp
bin/csh:bin/tcsh
bin/date
bin/df
bin/domainname
bin/echo
bin/ed:bin/red
bin/expr
bin/hostname
bin/kenv
bin/kill
bin/ln:bin/link
bin/ls
bin/mkdir
bin/mv
bin/pax
bin/ps
bin/pwd
bin/realpath
bin/rm:bin/unlink
bin/rmdir
bin/sh
bin/sleep
bin/stty
bin/sync
# contents of ${WORKDIR}/sbin
sbin/adjkerntz
sbin/disklabel
sbin/dmesg
sbin/fastboot:sbin/reboot
sbin/fasthalt:sbin/halt
sbin/fsck
sbin/fsck_ufs:sbin/fsck_ffs
sbin/fsck_ufs:sbin/fsck_4.2bsd
sbin/ifconfig
sbin/init
sbin/kldconfig
sbin/kldload
sbin/kldstat
sbin/kldunload
sbin/ldconfig
sbin/mdconfig
sbin/mknod
sbin/mdmfs
sbin/mount
sbin/mount_devfs:sbin/mount_fdescfs
sbin/mount_devfs:sbin/mount_linprocfs
sbin/mount_devfs:sbin/mount_procfs
sbin/mount_devfs:sbin/mount_std
sbin/mount_nullfs
sbin/mount_umapfs
sbin/mount_unionfs
sbin/newfs
sbin/nextboot
sbin/nologin
sbin/rcorder
sbin/shutdown
sbin/swapon
sbin/sysctl
sbin/umount
# contents of ${WORKDIR}/usr/sbin
usr/bin/at:usr/bin/atq
usr/bin/at:usr/bin/atrm
usr/bin/at:usr/bin/batch
usr/bin/awk
usr/bin/basename
usr/bin/bunzip2:usr/bin/bzcat
usr/bin/bunzip2:usr/bin/bzip2
usr/bin/chfn:usr/bin/chpass
usr/bin/chfn:usr/bin/chsh
usr/bin/chgrp
usr/bin/cksum
usr/bin/clear
usr/bin/compress:usr/bin/uncompress
usr/bin/crontab
usr/bin/ee
usr/bin/egrep:usr/bin/fgrep
usr/bin/egrep:usr/bin/grep
usr/bin/env
usr/bin/false
usr/bin/fstat
usr/bin/fsync
usr/bin/gunzip:usr/bin/gzcat
usr/bin/gunzip:usr/bin/gzip
usr/bin/head
usr/bin/hexdump
usr/bin/id:usr/bin/whoami
usr/bin/killall
usr/bin/last
usr/bin/less:usr/bin/more
usr/bin/logger
usr/bin/login
usr/bin/logname
usr/bin/mesg
usr/bin/minigzip
usr/bin/mkfifo
usr/bin/mktemp
usr/bin/msgs
usr/bin/nice
usr/bin/nohup
usr/bin/objformat
usr/bin/passwd
usr/bin/printf
usr/bin/reset:usr/sbin/tset
usr/bin/scp
usr/bin/sed
usr/bin/slogin:usr/bin/ssh
usr/bin/su
usr/bin/tail
usr/bin/tar
usr/bin/tee
usr/bin/time
usr/bin/top
usr/bin/touch
usr/bin/true
usr/bin/tty
usr/bin/uname
usr/bin/uptime:usr/bin/w
usr/bin/users
usr/bin/uudecode
usr/bin/uuencode
usr/bin/vmstat
usr/bin/who
usr/bin/whois
# contents of ${WORKDIR}/usr/sbin
usr/sbin/boot0cfg
usr/sbin/chown
usr/sbin/cron
usr/sbin/idprio:usr/sbin/rtprio
usr/sbin/lastlogin
usr/sbin/memcontrol
usr/sbin/mtree
usr/sbin/newsyslog
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/syslogd
usr/sbin/vidcontrol
usr/sbin/vipw
# contents of ${WORKDIR}/usr/libexec
usr/libexec/atrun
usr/libexec/getty
# contents of ${WORKDIR}/usr/share
usr/share/misc/termcap

170
tools/tools/tinybsd/conf/vpn/TINYBSD Normal file
View File

@ -0,0 +1,170 @@
# $FreeBSD$
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident TINYBSD
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device eisa
device pci
# Floppy drives
#device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
#device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
#device cbb # cardbus (yenta) bridge
#device pccard # PC Card (16-bit) bus
#device cardbus # CardBus (32-bit) bus
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 adapter Gigabit Ethernet Card
device ixgb # Intel PRO/10GbE Ethernet Card
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device bfe # Broadcom BCM440x 10/100 Ethernet
device bge # Broadcom BCM570xx Gigabit Ethernet
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device lge # Level 1 LXT1001 gigabit ethernet
device nge # NatSemi DP83820 gigabit ethernet
device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
device ste # Sundance ST201 (D-Link DFE-550TX)
device ti # Alteon Networks Tigon I/II gigabit Ethernet
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170 ``EPIC'')
device vge # VIA VT612x gigabit ethernet
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
device ex # Intel EtherExpress Pro/10 and Pro/10+
device ep # Etherlink III based cards
device fe # Fujitsu MB8696x based cards
device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
device lnc # NE2100, NE32-VL Lance Ethernet cards
device sn # SMC's 9000 series of Ethernet chips
device xe # Xircom pccard Ethernet
# ISA devices that use the old ISA shims
#device le
# Wireless NIC cards
#device wlan # 802.11 support
#device an # Aironet 4500/4800 802.11 wireless NICs.
#device awi # BayStack 660 and others
#device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device wl # Older non 802.11 Wavelan wireless NIC.
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
#device sl # Kernel SLIP
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254
# clock to actually be used.
options CLK_USE_I8254_CALIBRATION
# CPU_ELAN enables support for AMDs ElanSC520 CPU.
options CPU_ELAN
options CPU_SOEKRIS
options CPU_ELAN_XTAL=32768000
options CPU_ELAN_PPS
# IPSEC
options IPSEC
options IPSEC_ESP

2
tools/tools/tinybsd/conf/vpn/etc/fstab Normal file
View File

@ -0,0 +1,2 @@
# $FreeBSD$
/dev/ad0a / ufs ro 1 1

21
tools/tools/tinybsd/conf/vpn/etc/rc.conf Normal file
View File

@ -0,0 +1,21 @@
# $FreeBSD$
hostname="tinybsd.freebsd.org"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"
inetd_enable="NO"
portmap_enable="NO"
update_motd="NO"
varmfs="YES"
populate_var="YES"
varsize="8192"
# VPN
ipsec_enable="YES"
ipsec_file="/etc/ipsec.conf"
# CONF
ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff"
static_routes="vpn"
route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00"

1
tools/tools/tinybsd/conf/vpn/etc/setkey.conf Normal file
View File

@ -0,0 +1 @@
# $FreeBSD$

227
tools/tools/tinybsd/conf/vpn/tinybsd.basefiles Normal file
View File

@ -0,0 +1,227 @@
# $FreeBSD$
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
boot/loader
boot/loader.4th
boot/loader.help
boot/loader.rc
boot/mbr
boot/support.4th
# contents of ${WORKDIR}/libexec
libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
bin/cp
bin/csh:bin/tcsh
bin/date
bin/df
bin/domainname
bin/echo
bin/ed:bin/red
bin/expr
bin/hostname
bin/kenv
bin/kill
bin/ln:bin/link
bin/ls
bin/mkdir
bin/mv
bin/pax
bin/ps
bin/pwd
bin/realpath
bin/rm:bin/unlink
bin/rmdir
bin/sh
bin/sleep
bin/stty
bin/sync
# contents of ${WORKDIR}/sbin
sbin/adjkerntz
sbin/comcontrol
sbin/disklabel
sbin/dmesg
sbin/fastboot:sbin/reboot
sbin/fasthalt:sbin/halt
sbin/fsck
sbin/fsck_ufs:sbin/fsck_ffs
sbin/fsck_ufs:sbin/fsck_4.2bsd
sbin/ifconfig
sbin/init
sbin/ipfw
sbin/kldconfig
sbin/kldload
sbin/kldstat
sbin/kldunload
sbin/ldconfig
sbin/md5
sbin/mdconfig
sbin/mknod
sbin/mdmfs
sbin/mount
sbin/mount_devfs:sbin/mount_fdescfs
sbin/mount_devfs:sbin/mount_linprocfs
sbin/mount_devfs:sbin/mount_procfs
sbin/mount_devfs:sbin/mount_std
sbin/mount_nullfs
sbin/mount_umapfs
sbin/mount_unionfs
sbin/newfs
sbin/nextboot
sbin/nologin
sbin/nos-tun
sbin/ping
sbin/rcorder
sbin/route
sbin/shutdown
sbin/slattach
sbin/swapon
sbin/sysctl
sbin/umount
# contents of ${WORKDIR}/usr/sbin
usr/bin/at:usr/bin/atq
usr/bin/at:usr/bin/atrm
usr/bin/at:usr/bin/batch
usr/bin/awk
usr/bin/basename
usr/bin/bunzip2:usr/bin/bzcat
usr/bin/bunzip2:usr/bin/bzip2
usr/bin/chat
usr/bin/chfn:usr/bin/chpass
usr/bin/chfn:usr/bin/chsh
usr/bin/chgrp
usr/bin/cksum
usr/bin/clear
usr/bin/cmp
usr/bin/compress:usr/bin/uncompress
usr/bin/cpio
usr/bin/crontab
usr/bin/cu
usr/bin/dig
usr/bin/dirname
usr/bin/du
usr/bin/ee
usr/bin/egrep:usr/bin/fgrep
usr/bin/egrep:usr/bin/grep
usr/bin/env
usr/bin/false
usr/bin/fetch
usr/bin/find
usr/bin/fstat
usr/bin/fsync
usr/bin/ftp
usr/bin/gunzip:usr/bin/gzcat
usr/bin/gunzip:usr/bin/gzip
usr/bin/gzexe
usr/bin/head
usr/bin/hexdump
usr/bin/id:usr/bin/whoami
usr/bin/ident
usr/bin/killall
usr/bin/last
usr/bin/less:usr/bin/more
usr/bin/limits
usr/bin/lock
usr/bin/lockf
usr/bin/logger
usr/bin/login
usr/bin/logname
usr/bin/mesg
usr/bin/minigzip
usr/bin/mkfifo
usr/bin/mktemp
usr/bin/msgs
usr/bin/netstat
usr/bin/nfsstat
usr/bin/nice
usr/bin/nslookup
usr/bin/nsupdate
usr/bin/nohup
usr/bin/objformat
usr/bin/openssl
usr/bin/passwd
usr/bin/printf
usr/bin/renice
usr/bin/reset:usr/sbin/tset
usr/bin/scp
usr/bin/script
usr/bin/sed
usr/bin/sftp
usr/bin/shar
usr/bin/slogin:usr/bin/ssh
usr/bin/sort
usr/bin/split
usr/bin/ssh-keygen
usr/bin/su
usr/bin/tail
usr/bin/tar
usr/bin/tee
usr/bin/telnet
usr/bin/time
usr/bin/top
usr/bin/touch
usr/bin/tput
usr/bin/tr
usr/bin/true
usr/bin/tty
usr/bin/uname
usr/bin/uptime:usr/bin/w
usr/bin/users
usr/bin/uudecode
usr/bin/uuencode
usr/bin/vi
usr/bin/vmstat
usr/bin/wall
usr/bin/who
usr/bin/whois
usr/bin/write
usr/bin/yes
# contents of ${WORKDIR}/usr/sbin
usr/sbin/boot0cfg
usr/sbin/chown
usr/sbin/cron
usr/sbin/idprio:usr/sbin/rtprio
usr/sbin/iostat
usr/sbin/kbdcontrol
usr/sbin/lastlogin
usr/sbin/memcontrol
usr/sbin/mtree
usr/sbin/newsyslog
usr/sbin/ntpdate
usr/sbin/pciconf
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/setkey
usr/sbin/slstat
usr/sbin/sshd
usr/sbin/syslogd
usr/sbin/tcpdchk
usr/sbin/tcpdmatch
usr/sbin/tcpdump
usr/sbin/traceroute
usr/sbin/vidcontrol
usr/sbin/vipw
usr/sbin/vnconfig
usr/sbin/watch
# contents of ${WORKDIR}/usr/libexec
usr/libexec/atrun
usr/libexec/getty
usr/libexec/sftp-server
# contents of ${WORKDIR}/usr/share
usr/share/misc/termcap

180
tools/tools/tinybsd/conf/wireless/TINYBSD Normal file
View File

@ -0,0 +1,180 @@
# $FreeBSD$
machine i386
cpu I486_CPU
cpu I586_CPU
cpu I686_CPU
ident TINYBSD
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device eisa
device pci
# Floppy drives
#device fdc
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
device atapist # ATAPI tape drives
options ATA_STATIC_ID # Static device numbering
# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse
device vga # VGA video card driver
#device splash # Splash screen and screen saver support
# syscons is the default console driver, resembling an SCO console
device sc
# Enable this for the pcvt (VT220 compatible) console driver
#device vt
#options XSERVER # support for X server on a vt console
#options FAT_CURSOR # start with block cursor
device agp # support several AGP chipsets
# Floating point support - do not disable.
device npx
# Power management support (see NOTES for more options)
#device apm
# Add suspend/resume support for the i8254.
device pmtimer
# PCCARD (PCMCIA) support
# PCMCIA and cardbus bridge support
device cbb # cardbus (yenta) bridge
device pccard # PC Card (16-bit) bus
device cardbus # CardBus (32-bit) bus
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# PCI Ethernet NICs.
#device de # DEC/Intel DC21x4x (``Tulip'')
#device em # Intel PRO/1000 adapter Gigabit Ethernet Card
#device ixgb # Intel PRO/10GbE Ethernet Card
#device txp # 3Com 3cR990 (``Typhoon'')
#device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
#device miibus # MII bus support
#device bfe # Broadcom BCM440x 10/100 Ethernet
#device bge # Broadcom BCM570xx Gigabit Ethernet
#device dc # DEC/Intel 21143 and various workalikes
#device fxp # Intel EtherExpress PRO/100B (82557, 82558)
#device lge # Level 1 LXT1001 gigabit ethernet
#device nge # NatSemi DP83820 gigabit ethernet
#device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
#device re # RealTek 8139C+/8169/8169S/8110S
#device rl # RealTek 8129/8139
#device sf # Adaptec AIC-6915 (``Starfire'')
#device sis # Silicon Integrated Systems SiS 900/SiS 7016
#device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
#device ste # Sundance ST201 (D-Link DFE-550TX)
#device ti # Alteon Networks Tigon I/II gigabit Ethernet
#device tl # Texas Instruments ThunderLAN
#device tx # SMC EtherPower II (83c170 ``EPIC'')
#device vge # VIA VT612x gigabit ethernet
#device vr # VIA Rhine, Rhine II
#device wb # Winbond W89C840F
#device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
#device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
#device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
#device ex # Intel EtherExpress Pro/10 and Pro/10+
#device ep # Etherlink III based cards
#device fe # Fujitsu MB8696x based cards
#device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
#device lnc # NE2100, NE32-VL Lance Ethernet cards
#device sn # SMC's 9000 series of Ethernet chips
#device xe # Xircom pccard Ethernet
# ISA devices that use the old ISA shims
#device le
# Wireless NIC cards
device wlan # 802.11 support
device wlan_wep #802.11 WEP support
device wlan_ccmp #802.11 CCMP support
device wlan_tkip #802.11 TKIP support
device wlan_xauth #802.11 external authenticator support
device wlan_acl #802.11 MAC ACL support
device an # Aironet 4500/4800 802.11 wireless NICs.
device awi # BayStack 660 and others
device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
#device wl # Older non 802.11 Wavelan wireless NIC.
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET
options BRIDGE
device pf #PF OpenBSD packet-filter firewall
device pflog #logging support interface for PF
device pfsync #synchronization interface for PF
device ath
device ath_hal
device ath_rate_sample
# CLK_USE_I8254_CALIBRATION causes the calibrated frequency of the i8254
# clock to actually be used.
options CLK_USE_I8254_CALIBRATION
# CPU_ELAN enables support for AMDs ElanSC520 CPU.
options CPU_ELAN
options CPU_SOEKRIS
options CPU_ELAN_XTAL=32768000
options CPU_ELAN_PPS

1
tools/tools/tinybsd/conf/wireless/etc/authpf/authpf.rules Normal file
View File

@ -0,0 +1 @@
# $FreeBSD$

2
tools/tools/tinybsd/conf/wireless/etc/fstab Normal file
View File

@ -0,0 +1,2 @@
# $FreeBSD$
/dev/ad0a / ufs ro 1 1

1
tools/tools/tinybsd/conf/wireless/etc/natd.conf Normal file
View File

@ -0,0 +1 @@
# $FreeBSD$

78
tools/tools/tinybsd/conf/wireless/etc/pf.conf Normal file
View File

@ -0,0 +1,78 @@
# $FreeBSD$
#
# See pf.conf(5) and /usr/share/examples/pf for syntax and examples.
# Required order: options, normalization, queueing, translation, filtering.
# Macros and tables may be defined and used anywhere.
# Note that translation rules are first match while filter rules are last match.
# Macros: define common values, so they can be referenced and changed easily.
#ext_if="ext0" # replace with actual external interface name i.e., dc0
#int_if="int0" # replace with actual internal interface name i.e., dc1
#internal_net="10.1.1.1/8"
#external_addr="192.168.1.1"
# Tables: similar to macros, but more flexible for many addresses.
#table <foo> { 10.0.0.0/8, !10.1.0.0/16, 192.168.0.0/24, 192.168.1.18 }
# Options: tune the behavior of pf, default values are given.
#set timeout { interval 10, frag 30 }
#set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
#set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
#set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
#set timeout { icmp.first 20, icmp.error 10 }
#set timeout { other.first 60, other.single 30, other.multiple 60 }
#set timeout { adaptive.start 0, adaptive.end 0 }
#set limit { states 10000, frags 5000 }
#set loginterface none
#set optimization normal
#set block-policy drop
#set require-order yes
#set fingerprints "/etc/pf.os"
# Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
#scrub in all
# Queueing: rule-based bandwidth control.
#altq on $ext_if bandwidth 2Mb cbq queue { dflt, developers, marketing }
#queue dflt bandwidth 5% cbq(default)
#queue developers bandwidth 80%
#queue marketing bandwidth 15%
# Translation: specify how addresses are to be mapped or redirected.
# nat: packets going out through $ext_if with source address $internal_net will
# get translated as coming from the address of $ext_if, a state is created for
# such packets, and incoming packets will be redirected to the internal address.
#nat on $ext_if from $internal_net to any -> ($ext_if)
# rdr: packets coming in on $ext_if with destination $external_addr:1234 will
# be redirected to 10.1.1.1:5678. A state is created for such packets, and
# outgoing packets will be translated as coming from the external address.
#rdr on $ext_if proto tcp from any to $external_addr/32 port 1234 -> 10.1.1.1 port 5678
# rdr outgoing FTP requests to the ftp-proxy
#rdr on $int_if proto tcp from any to any port ftp -> 127.0.0.1 port 8021
# spamd-setup puts addresses to be redirected into table <spamd>.
#table <spamd> persist
#no rdr on { lo0, lo1 } from any to any
#rdr inet proto tcp from <spamd> to any port smtp -> 127.0.0.1 port 8025
# Filtering: the implicit first two rules are
#pass in all
#pass out all
# block all incoming packets but allow ssh, pass all outgoing tcp and udp
# connections and keep state, logging blocked packets.
#block in log all
#pass in on $ext_if proto tcp from any to $ext_if port 22 keep state
#pass out on $ext_if proto { tcp, udp } all keep state
# pass incoming packets destined to the addresses given in table <foo>.
#pass in on $ext_if proto { tcp, udp } from any to <foo> port 80 keep state
# pass incoming ports for ftp-proxy
#pass in on $ext_if inet proto tcp from any to $ext_if user proxy keep state
# assign packets to a queue.
#pass out on $ext_if from 192.168.0.0/24 to any keep state queue developers
#pass out on $ext_if from 192.168.1.0/24 to any keep state queue marketing

549
tools/tools/tinybsd/conf/wireless/etc/pf.os Normal file
View File

@ -0,0 +1,549 @@
# $FreeBSD$
# passive OS fingerprinting
# -------------------------
#
# SYN signatures. Those signatures work for SYN packets only (duh!).
#
# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
#
#
# This fingerprint database is adapted from Michal Zalewski's p0f passive
# operating system package.
#
#
# Each line in this file specifies a single fingerprint. Please read the
# information below carefully before attempting to append any signatures
# reported as UNKNOWN to this file to avoid mistakes.
#
# We use the following set metrics for fingerprinting:
#
# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
# performance control (max. amount of data to be sent without ACK).
# Some systems use a fixed value for initial packets. On other
# systems, it is a multiple of MSS or MTU (MSS+40). In some rare
# cases, the value is just arbitrary.
#
# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
# value of nn is not fixed (unlikely), just copy the Snn or Tnn token
# literally. If you know this device has a simple stack and a fixed
# MTU, you can however multiply S value by MSS, or T value by MSS+40,
# and put it instead of Snn or Tnn.
#
# If WSS otherwise looks like a fixed value (for example a multiple
# of two), or if you can confirm the value is fixed, please quote
# it literally. If there's no apparent pattern in WSS chosen, you
# should consider wildcarding this value.
#
# - Overall packet size - a function of all IP and TCP options and bugs.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Initial TTL - We check the actual TTL of a received packet. It can't
# be higher than the initial TTL, and also shouldn't be dramatically
# lower (maximum distance is defined as 40 hops).
#
# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
# You need to determine the initial TTL. The best way to do it is to
# check the documentation for a remote system, or check its settings.
# A fairly good method is to simply round the observed TTL up to
# 32, 64, 128, or 255, but it should be noted that some obscure devices
# might not use round TTLs (in particular, some shoddy appliances use
# "original" initial TTL settings). If not sure, you can see how many
# hops you're away from the remote party with traceroute or mtr.
#
# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
# discovery. Others do not bother.
#
# NEW SIGNATURE: Copy this value literally.
#
# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
# uses it to determine link type of the remote host.
#
# NEW SIGNATURE: Always wildcard this value, except for rare cases when
# you have an appliance with a fixed value, know the system supports only
# a very limited number of network interface types, or know the system
# is using a value it pulled out of nowhere. Specific unique MSS
# can be used to tell Google crawlbots from the rest of the population.
#
# - Window scaling (WSCALE) - this feature is used to scale WSS.
# It extends the size of a TCP/IP window to 32 bits. Some modern
# systems implement this feature.
#
# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
# to zero or other low value. There's usually no need to wildcard this
# parameter.
#
# - Timestamp - some systems that implement timestamps set them to
# zero in the initial SYN. This case is detected and handled appropriately.
#
# - Selective ACK permitted - a flag set by systems that implement
# selective ACK functionality.
#
# - The sequence of TCP all options (MSS, window scaling, selective ACK
# permitted, timestamp, NOP). Other than the options previously
# discussed, p0f also checks for timestamp option (a silly
# extension to broadcast your uptime ;-), NOP options (used for
# header padding) and sackOK option (selective ACK feature).
#
# NEW SIGNATURE: Copy the sequence literally.
#
# To wildcard any value (except for initial TTL or TCP options), replace
# it with '*'. You can also use a modulo operator to match any values
# that divide by nnn - '%nnn'.
#
# Fingerprint entry format:
#
# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
#
# wwww - window size (can be *, %nnn, Snn or Tnn). The special values
# "S" and "T" which are a multiple of MSS or a multiple of MTU
# respectively.
# ttt - initial TTL
# D - don't fragment bit (0 - not set, 1 - set)
# ss - overall SYN packet size
# OOO - option value and order specification (see below)
# OS - OS genre (Linux, Solaris, Windows)
# Version - OS Version (2.0.27 on x86, etc)
# Subtype - OS subtype or patchlevel (SP3, lo0)
# details - Generic OS details
#
# If OS genre starts with '*', p0f will not show distance, link type
# and timestamp data. It is useful for userland TCP/IP stacks of
# network scanners and so on, where many settings are randomized or
# bogus.
#
# If OS genre starts with @, it denotes an approximate hit for a group
# of operating systems (signature reporting still enabled in this case).
# Use this feature at the end of this file to catch cases for which
# you don't have a precise match, but can tell it's Windows or FreeBSD
# or whatnot by looking at, say, flag layout alone.
#
# Option block description is a list of comma or space separated
# options in the order they appear in the packet:
#
# N - NOP option
# Wnnn - window scaling option, value nnn (or * or %nnn)
# Mnnn - maximum segment size option, value nnn (or * or %nnn)
# S - selective ACK OK
# T - timestamp
# T0 - timestamp with a zero value
#
# To denote no TCP options, use a single '.'.
#
# Please report any additions to this file, or any inaccuracies or
# problems spotted, to the maintainers: lcamtuf@coredump.cx,
# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
# capture of the relevant SYN packet(s)
#
# WARNING WARNING WARNING
# -----------------------
#
# Do not add a system X as OS Y just because NMAP says so. It is often
# the case that X is a NAT firewall. While nmap is talking to the
# device itself, p0f is fingerprinting the guy behind the firewall
# instead.
#
# When in doubt, use common sense, don't add something that looks like
# a completely different system as Linux or FreeBSD or LinkSys router.
# Check DNS name, establish a connection to the remote host and look
# at SYN+ACK - does it look similar?
#
# Some users tweak their TCP/IP settings - enable or disable RFC1323
# functionality, enable or disable timestamps or selective ACK,
# disable PMTU discovery, change MTU and so on. Always compare a new rule
# to other fingerprints for this system, and verify the system isn't
# "customized" before adding it. It is OK to add signature variants
# caused by a commonly used software (personal firewalls, security
# packages, etc), but it makes no sense to try to add every single
# possible /proc/sys/net/ipv4 tweak on Linux or so.
#
# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
# normalize packets. Signatures will not correspond to the originating
# system (and probably not quite to the firewall either).
#
# NOTE: Try to keep this file in some reasonable order, from most to
# least likely systems. This will speed up operation. Also keep most
# generic and broad rules near the end.
#
##########################
# Standard OS signatures #
##########################
# ----------------- AIX ---------------------
# AIX is first because its signatures are close to NetBSD, MacOS X and
# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
# This is a shoddy hack, though.
16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier
16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1
# ----------------- Linux -------------------
512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
# Endian snafu! Nelson says "ha-ha":
2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot)
S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
S3:64:1:60:M*,S,T,N,W0: Linux:2.4:18-21:Linux 2.4.18 and newer
S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6
S4:64:1:60:M*,S,T,N,W0: Linux:2.6::Linux 2.4/2.6
S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5
S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer
S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
# Popular cluster config scripts disable timestamps and
# selective ACK:
S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster
# This needs to be investigated. On some systems, WSS
# is selected as a multiple of MTU instead of MSS. I got
# many submissions for this for many late versions of 2.4:
T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon)
# This happens only over loopback, but let's make folks happy:
32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local)
S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local)
# Opera visitors:
16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?)
32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?)
# Some fairly common mods:
S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps
S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
# ----------------- FreeBSD -----------------
16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.1
16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.1
16384:64:1:44:M*: FreeBSD:4.0-4.1::FreeBSD 2.0-4.1
16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.8::FreeBSD 4.6-4.8
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.9::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.9::FreeBSD 4.7-5.1
65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.7-5.1
# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
# ----------------- NetBSD ------------------
65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera)
16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6
16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF)
16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3
65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF)
# ----------------- OpenBSD -----------------
16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4::OpenBSD 3.0-3.4
16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:no-df:OpenBSD 3.0-3.4 (scrub no-df)
57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4::OpenBSD 3.3-3.4
57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-3.4:no-df:OpenBSD 3.3-3.4 (scrub no-df)
65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-3.4:opera:OpenBSD 3.0-3.4 (Opera)
# ----------------- Solaris -----------------
S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323
S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8
S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7
S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7
S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1
S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9
S44:255:1:44:M*: Solaris:2.7::Solaris 7
# ----------------- IRIX --------------------
49152:64:0:44:M*: IRIX:6.4::IRIX 6.4
61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5
49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
# ----------------- Tru64 -------------------
32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0
32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0
8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
# This looks awfully Linuxish :/
# S22:64:0:60:M*,S,T,N,W0: Tru64:5.0:a:Tru64 5.0a
61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
# ----------------- OpenVMS -----------------
6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
# ----------------- MacOS -------------------
16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
32768:255:1:48:M*,W0,N: MacOS:9.1-9.2::MacOS 9.1/9.2
32768:64:0:60:M*,N,W0,N,N,T: MacOS:X:10.2:MacOS X 10.2
# ----------------- Windows -----------------
# Windows 95 - need more:
8192:32:1:44:M*: Windows:95::Windows 95 (low TTL)
# Windows 98 - plenty of silly signatures:
S44:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL)
8192:32:1:48:M*,N,N,S: Windows:98::Windows 98 (low TTL)
%8192:64:1:48:M*,N,N,S: Windows:98::Windows 98 (or newer XP/2000 with tweaked TTL)
S4:64:1:48:M*,N,N,S: Windows:98::Windows 98
S6:64:1:48:M*,N,N,S: Windows:98::Windows 98
S12:64:1:48:M*,N,N,S: Windows:98::Windows 98
32767:64:1:48:M*,N,N,S: Windows:98::Windows 98
37300:64:1:48:M*,N,N,S: Windows:98::Windows 98
46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323)
65535:64:1:44:M*: Windows:98:noSACK:Windows 98 (no sack)
S16:128:1:48:M*,N,N,S: Windows:98::Windows 98
S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
S26:128:1:48:M*,N,N,S: Windows:98::Windows 98
T30:128:1:48:M*,N,N,S: Windows:98::Windows 98
32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98
60352:128:1:48:M*,N,N,S: Windows:98::Windows 98
60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98
# Windows NT 4.0 - need more:
64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older)
6144:128:1:52:M*,W0,N,S,N,N: Windows:NT:4.0:Windows NT 4.0 (RFC1323)
# Windows XP and 2000. Most of the signatures that were
# either dubious or non-specific (no service pack data)
# were deleted and replaced with generics at the end.
65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4
S6:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows XP SP1, 2000 SP4
S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows XP Pro SP1, 2000 SP3
S6:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1, 2000 SP4
S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP Pro SP1, 2000 SP3
64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1
32767:128:1:48:M1452,N,N,S: Windows:XP:SP1:Windows XP SP1
65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
# Odds, ends, mods:
S52:128:1:48:M1260,N,N,S: Windows:XP:Cisco:Windows XP/2000 via Cisco
S52:128:1:48:M1260,N,N,S: Windows:2000:Cisco:Windows XP/2000 via Cisco
# HUNT DOWN:
# *:128:1:48:M*,N,N,S:U:@Windows:XP (leak) (PLEASE REPORT)
# ----------------- HP/UX -------------------
32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20
32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0
32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11
32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11
# Whoa. Hardcore WSS.
0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
# ----------------- RiscOS ------------------
# We don't yet support the ?12 TCP option
#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36
# ----------------- BSD/OS ------------------
# Once again, power of two WSS is also shared by MacOS X with DF set
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
# ---------------- NewtonOS -----------------
4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1
# ---------------- NeXTSTEP -----------------
S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3
# ------------------ BeOS -------------------
1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1
12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x
# ------------------ OS/400 -----------------
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5
8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5
4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
# ------------------ ULTRIX -----------------
16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5
# ------------------- QNX -------------------
S16:64:0:44:M512: QNX:::QNX demodisk
# ------------------ Novell -----------------
16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0
6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11
# ----------------- SCO ------------------
S17:64:1:44:M1460: SCO:Unixware:7.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
S17:64:1:44:M1460: SCO:OpenServer:5.0:SCO Unixware 7.0.0 or OpenServer 5.0.4-5.06
S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1
# ------------------- DOS -------------------
2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
###########################################
# Appliance / embedded / other signatures #
###########################################
# ---------- Firewalls / routers ------------
S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1)
S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2)
4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x
60352:64:0:52:M1460,N,W2,N,N,S: Clavister:7::Clavister firewall 7.x
# ------- Switches and other stuff ----------
4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc
S8:255:0:44:M*: Cisco:12008::Cisco 12008
60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch
64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client
# ---------- Caches and whatnots ------------
S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache
32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x
16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:64:M1460,N,N,S,N,W3,N,N,T: NetApp:5.3:1:NetApp 5.3.1
65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow
8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1
S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine
27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based)
65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler
S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg
16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?)
# ----------- Embedded systems --------------
S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C
S5:255:0:44:M536: PalmOS:3::PalmOS 3/4
S5:255:0:44:M536: PalmOS:4::PalmOS 3/4
S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5
2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera)
S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7
8192:255:0:44:M1460: SymbianOS:6048::SymbianOS 6048 (on Nokia 7650?)
8192:255:0:44:M536: SymbianOS:::SymbianOS (on Nokia 9210?)
# Perhaps S4?
5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10
32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002
S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0
4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
####################
# Fancy signatures #
####################
1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1)
2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2)
3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3)
4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4)
1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1)
2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2)
3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3)
4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4)
#####################################
# Generic signatures - just in case #
#####################################
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+)
*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000
*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000

31
tools/tools/tinybsd/conf/wireless/etc/rc.conf Normal file
View File

@ -0,0 +1,31 @@
# $FreeBSD$
hostname="tinybsd.freebsd.org"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"
inetd_enable="NO"
portmap_enable="NO"
update_motd="NO"
varmfs="YES"
populate_var="YES"
varsize="8192"
# IPFW
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="closed"
# NAT
natd_enable="NO"
natd_interface=""
natd_flags=""
# PF
pf_enable="NO"
pf_rules="/etc/pf.conf"
pf_program="/sbin/pfctl"
pf_flags=""
pflog_enable="NO"
pflog_logfile="/var/log/pflog"
pflog_program="/sbin/pflogd"
pflog_flags=""

302
tools/tools/tinybsd/conf/wireless/etc/rc.firewall Normal file
View File

@ -0,0 +1,302 @@
#!/bin/sh -
# Copyright (c) 1996 Poul-Henning Kamp
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
# $FreeBSD$
#
#
# Setup system for firewall service.
#
# Suck in the configuration variables.
if [ -z "${source_rc_confs_defined}" ]; then
if [ -r /etc/defaults/rc.conf ]; then
. /etc/defaults/rc.conf
source_rc_confs
elif [ -r /etc/rc.conf ]; then
. /etc/rc.conf
fi
fi
############
# Define the firewall type in /etc/rc.conf. Valid values are:
# open - will allow anyone in
# client - will try to protect just this machine
# simple - will try to protect a whole network
# closed - totally disables IP services except via lo0 interface
# UNKNOWN - disables the loading of firewall rules.
# filename - will load the rules in the given filename (full path required)
#
# For ``client'' and ``simple'' the entries below should be customized
# appropriately.
############
#
# If you don't know enough about packet filtering, we suggest that you
# take time to read this book:
#
# Building Internet Firewalls, 2nd Edition
# Brent Chapman and Elizabeth Zwicky
#
# O'Reilly & Associates, Inc
# ISBN 1-56592-871-7
# http://www.ora.com/
# http://www.oreilly.com/catalog/fire2/
#
# For a more advanced treatment of Internet Security read:
#
# Firewalls & Internet Security
# Repelling the wily hacker
# William R. Cheswick, Steven M. Bellowin
#
# Addison-Wesley
# ISBN 0-201-63357-4
# http://www.awl.com/
# http://www.awlonline.com/product/0%2C2627%2C0201633574%2C00.html
#
setup_loopback () {
############
# Only in rare cases do you want to change these rules
#
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
}
if [ -n "${1}" ]; then
firewall_type="${1}"
fi
############
# Set quiet mode if requested
#
case ${firewall_quiet} in
[Yy][Ee][Ss])
fwcmd="/sbin/ipfw -q"
;;
*)
fwcmd="/sbin/ipfw"
;;
esac
############
# Flush out the list before we begin.
#
${fwcmd} -f flush
############
# Network Address Translation. All packets are passed to natd(8)
# before they encounter your remaining rules. The firewall rules
# will then be run again on each packet after translation by natd
# starting at the rule number following the divert rule.
#
# For ``simple'' firewall type the divert rule should be put to a
# different place to not interfere with address-checking rules.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add 50 divert natd all from any to any via ${natd_interface}
fi
;;
esac
esac
############
# If you just configured ipfw in the kernel as a tool to solve network
# problems or you just want to disallow some particular kinds of traffic
# then you will want to change the default policy to open. You can also
# do this as your only action by setting the firewall_type to ``open''.
#
# ${fwcmd} add 65000 pass all from any to any
# Prototype setups.
#
case ${firewall_type} in
[Oo][Pp][Ee][Nn])
setup_loopback
${fwcmd} add 65000 pass all from any to any
;;
[Cc][Ll][Ii][Ee][Nn][Tt])
############
# This is a prototype setup that will protect your system somewhat
# against people from outside your own network.
############
# set these to your network and netmask and ip
net="192.0.2.0"
mask="255.255.255.0"
ip="192.0.2.1"
setup_loopback
# Allow any traffic to or from my own net.
${fwcmd} add pass all from ${ip} to ${net}:${mask}
${fwcmd} add pass all from ${net}:${mask} to ${ip}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
${fwcmd} add pass tcp from any to ${ip} 25 setup
# Allow setup of outgoing TCP connections only
${fwcmd} add pass tcp from ${ip} to any setup
# Disallow setup of all other TCP connections
${fwcmd} add deny tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${ip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${ip} to any 123 keep-state
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
;;
[Ss][Ii][Mm][Pp][Ll][Ee])
############
# This is a prototype setup for a simple firewall. Configure this
# machine as a DNS and NTP server, and point all the machines
# on the inside at this machine for those services.
############
# set these to your outside interface network and netmask and ip
oif="ed0"
onet="192.0.2.0"
omask="255.255.255.240"
oip="192.0.2.1"
# set these to your inside interface network and netmask and ip
iif="ed1"
inet="192.0.2.16"
imask="255.255.255.240"
iip="192.0.2.17"
setup_loopback
# Stop spoofing
${fwcmd} add deny all from ${inet}:${imask} to any in via ${oif}
${fwcmd} add deny all from ${onet}:${omask} to any in via ${iif}
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}
# Network Address Translation. This rule is placed here deliberately
# so that it does not interfere with the surrounding address-checking
# rules. If for example one of your internal LAN machines had its IP
# address set to 192.0.2.1 then an incoming packet for it after being
# translated by natd(8) would match the `deny' rule above. Similarly
# an outgoing packet originated from it before being translated would
# match the `deny' rule below.
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
${fwcmd} add divert natd all from any to any via ${natd_interface}
fi
;;
esac
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
# Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
# DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
# on the outside interface
${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
# Allow IP fragments to pass through
${fwcmd} add pass all from any to any frag
# Allow setup of incoming email
${fwcmd} add pass tcp from any to ${oip} 25 setup
# Allow access to our DNS
${fwcmd} add pass tcp from any to ${oip} 53 setup
${fwcmd} add pass udp from any to ${oip} 53
${fwcmd} add pass udp from ${oip} 53 to any
# Allow access to our WWW
${fwcmd} add pass tcp from any to ${oip} 80 setup
# Reject&Log all setup of incoming connections from the outside
${fwcmd} add deny log tcp from any to any in via ${oif} setup
# Allow setup of any other TCP connection
${fwcmd} add pass tcp from any to any setup
# Allow DNS queries out in the world
${fwcmd} add pass udp from ${oip} to any 53 keep-state
# Allow NTP queries out in the world
${fwcmd} add pass udp from ${oip} to any 123 keep-state
# Everything else is denied by default, unless the
# IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
# config file.
;;
[Cc][Ll][Oo][Ss][Ee][Dd])
setup_loopback
;;
[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
;;
*)
if [ -r "${firewall_type}" ]; then
${fwcmd} ${firewall_flags} ${firewall_type}
fi
;;
esac

238
tools/tools/tinybsd/conf/wireless/tinybsd.basefiles Normal file
View File

@ -0,0 +1,238 @@
# $FreeBSD$
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
boot/loader
boot/loader.4th
boot/loader.help
boot/loader.rc
boot/mbr
boot/support.4th
# contents of ${WORKDIR}/libexec
libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
bin/cp
bin/csh:bin/tcsh
bin/date
bin/dd
bin/df
bin/domainname
bin/echo
bin/ed:bin/red
bin/expr
bin/hostname
bin/kenv
bin/kill
bin/ln:bin/link
bin/ls
bin/mkdir
bin/mv
bin/pax
bin/ps
bin/pwd
bin/realpath
bin/rm:bin/unlink
bin/rmdir
bin/sh
bin/sleep
bin/stty
bin/sync
# contents of ${WORKDIR}/sbin
sbin/adjkerntz
sbin/comcontrol
sbin/disklabel
sbin/dmesg
sbin/fastboot:sbin/reboot
sbin/fasthalt:sbin/halt
sbin/fsck
sbin/fsck_ufs:sbin/fsck_ffs
sbin/fsck_ufs:sbin/fsck_4.2bsd
sbin/ifconfig
sbin/init
sbin/ipfw
sbin/kldconfig
sbin/kldload
sbin/kldstat
sbin/kldunload
sbin/ldconfig
sbin/md5
sbin/mdconfig
sbin/mknod
sbin/mdmfs
sbin/mount
sbin/mount_devfs:sbin/mount_fdescfs
sbin/mount_devfs:sbin/mount_linprocfs
sbin/mount_devfs:sbin/mount_procfs
sbin/mount_devfs:sbin/mount_std
sbin/mount_nullfs
sbin/mount_umapfs
sbin/mount_unionfs
sbin/natd
sbin/newfs
sbin/nextboot
sbin/nologin
sbin/nos-tun
sbin/pfctl
sbin/pflogd
sbin/ping
sbin/rcorder
sbin/route
sbin/shutdown
sbin/slattach
sbin/swapon
sbin/sysctl
sbin/umount
# contents of ${WORKDIR}/usr/sbin
usr/bin/at:usr/bin/atq
usr/bin/at:usr/bin/atrm
usr/bin/at:usr/bin/batch
usr/bin/awk
usr/bin/basename
usr/bin/bunzip2:usr/bin/bzcat
usr/bin/bunzip2:usr/bin/bzip2
usr/bin/chat
usr/bin/chfn:usr/bin/chpass
usr/bin/chfn:usr/bin/chsh
usr/bin/chgrp
usr/bin/cksum
usr/bin/clear
usr/bin/cmp
usr/bin/compress:usr/bin/uncompress
usr/bin/cpio
usr/bin/crontab
usr/bin/cu
usr/bin/dig
usr/bin/dirname
usr/bin/du
usr/bin/ee
usr/bin/egrep:usr/bin/fgrep
usr/bin/egrep:usr/bin/grep
usr/bin/env
usr/bin/false
usr/bin/fetch
usr/bin/find
usr/bin/finger
usr/bin/fstat
usr/bin/fsync
usr/bin/ftp
usr/bin/gunzip:usr/bin/gzcat
usr/bin/gunzip:usr/bin/gzip
usr/bin/gzexe
usr/bin/head
usr/bin/hexdump
usr/bin/id:usr/bin/whoami
usr/bin/ident
usr/bin/killall
usr/bin/last
usr/bin/less:usr/bin/more
usr/bin/limits
usr/bin/lock
usr/bin/lockf
usr/bin/logger
usr/bin/login
usr/bin/logname
usr/bin/mesg
usr/bin/minigzip
usr/bin/mkfifo
usr/bin/mktemp
usr/bin/msgs
usr/bin/netstat
usr/bin/nfsstat
usr/bin/nice
usr/bin/nslookup
usr/bin/nsupdate
usr/bin/nohup
usr/bin/objformat
usr/bin/openssl
usr/bin/passwd
usr/bin/printf
usr/bin/renice
usr/bin/reset:usr/sbin/tset
usr/bin/scp
usr/bin/script
usr/bin/sed
usr/bin/sftp
usr/bin/shar
usr/bin/slogin:usr/bin/ssh
usr/bin/sort
usr/bin/split
usr/bin/ssh-keygen
usr/bin/su
usr/bin/tail
usr/bin/tar
usr/bin/tee
usr/bin/telnet
usr/bin/time
usr/bin/top
usr/bin/touch
usr/bin/tput
usr/bin/tr
usr/bin/true
usr/bin/tty
usr/bin/uname
usr/bin/uptime:usr/bin/w
usr/bin/users
usr/bin/uudecode
usr/bin/uuencode
usr/bin/vi
usr/bin/vmstat
usr/bin/wall
usr/bin/who
usr/bin/whois
usr/bin/write
usr/bin/yes
# contents of ${WORKDIR}/usr/sbin
usr/sbin/arp
usr/sbin/authpf
usr/sbin/boot0cfg
usr/sbin/chown
usr/sbin/cron
usr/sbin/idprio:usr/sbin/rtprio
usr/sbin/inetd
usr/sbin/iostat
usr/sbin/kbdcontrol
usr/sbin/lastlogin
usr/sbin/memcontrol
usr/sbin/mtree
usr/sbin/newsyslog
usr/sbin/ntpdate
usr/sbin/pciconf
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/slstat
usr/sbin/sshd
usr/sbin/syslogd
usr/sbin/tcpdchk
usr/sbin/tcpdmatch
usr/sbin/tcpdump
usr/sbin/traceroute
usr/sbin/vidcontrol
usr/sbin/vipw
usr/sbin/vnconfig
usr/sbin/watch
usr/sbin/wicontrol
usr/sbin/pccardc
usr/sbin/pccardd
# contents of ${WORKDIR}/usr/libexec
usr/libexec/atrun
usr/libexec/ftpd
usr/libexec/getty
usr/libexec/sftp-server
# contents of ${WORKDIR}/usr/share
usr/share/misc/termcap

149
tools/tools/tinybsd/conf/wrap/TINYBSD Normal file
View File

@ -0,0 +1,149 @@
# $FreeBSD$
machine i386
cpu I586_CPU
ident TINYBSD
maxusers 8
options CPU_GEODE
# To statically compile in device wiring instead of /boot/device.hints
#hints "GENERIC.hints" # Default places to look for devices.
options SCHED_4BSD # 4BSD scheduler
options INET # InterNETworking
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options MD_ROOT # MD is a potential root device
options NFSCLIENT # Network Filesystem Client
options NFSSERVER # Network Filesystem Server
options NFS_ROOT # NFS usable as /, requires NFSCLIENT
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_GPT # GUID Partition Tables.
options COMPAT_43 # Compatible with BSD 4.3 [KEEP THIS!]
options COMPAT_FREEBSD4 # Compatible with FreeBSD4
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options AHC_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~128k to driver.
options AHD_REG_PRETTY_PRINT # Print register bitfields in debug
# output. Adds ~215k to driver.
options ADAPTIVE_GIANT # Giant mutex is adaptive.
#device apic # I/O APIC
# Bus support. Do not remove isa, even if you have no isa slots
device isa
device pci
# ATA and ATAPI devices
device ata
device atadisk # ATA disk drives
options ATA_STATIC_ID # Static device numbering
# Floating point support - do not disable.
device npx
# Serial (COM) ports
device sio # 8250, 16[45]50 based serial ports
# PCI Ethernet NICs.
device de # DEC/Intel DC21x4x (``Tulip'')
device em # Intel PRO/1000 adapter Gigabit Ethernet Card
device ixgb # Intel PRO/10GbE Ethernet Card
device txp # 3Com 3cR990 (``Typhoon'')
device vx # 3Com 3c590, 3c595 (``Vortex'')
# PCI Ethernet NICs that use the common MII bus controller code.
# NOTE: Be sure to keep the 'device miibus' line in order to use these NICs!
device miibus # MII bus support
device bfe # Broadcom BCM440x 10/100 Ethernet
device bge # Broadcom BCM570xx Gigabit Ethernet
device dc # DEC/Intel 21143 and various workalikes
device fxp # Intel EtherExpress PRO/100B (82557, 82558)
device lge # Level 1 LXT1001 gigabit ethernet
device nge # NatSemi DP83820 gigabit ethernet
device pcn # AMD Am79C97x PCI 10/100 (precedence over 'lnc')
device re # RealTek 8139C+/8169/8169S/8110S
device rl # RealTek 8129/8139
device sf # Adaptec AIC-6915 (``Starfire'')
device sis # Silicon Integrated Systems SiS 900/SiS 7016
device sk # SysKonnect SK-984x & SK-982x gigabit Ethernet
device ste # Sundance ST201 (D-Link DFE-550TX)
device ti # Alteon Networks Tigon I/II gigabit Ethernet
device tl # Texas Instruments ThunderLAN
device tx # SMC EtherPower II (83c170 ``EPIC'')
device vge # VIA VT612x gigabit ethernet
device vr # VIA Rhine, Rhine II
device wb # Winbond W89C840F
device xl # 3Com 3c90x (``Boomerang'', ``Cyclone'')
# ISA Ethernet NICs. pccard NICs included.
device cs # Crystal Semiconductor CS89x0 NIC
# 'device ed' requires 'device miibus'
device ed # NE[12]000, SMC Ultra, 3c503, DS8390 cards
device ex # Intel EtherExpress Pro/10 and Pro/10+
device ep # Etherlink III based cards
device fe # Fujitsu MB8696x based cards
device ie # EtherExpress 8/16, 3C507, StarLAN 10 etc.
device lnc # NE2100, NE32-VL Lance Ethernet cards
device sn # SMC's 9000 series of Ethernet chips
device xe # Xircom pccard Ethernet
# Wireless NIC cards
device wlan # 802.11 support
device wlan_wep #802.11 WEP support
device wlan_ccmp #802.11 CCMP support
device wlan_tkip #802.11 TKIP support
device wlan_xauth #802.11 external authenticator support
device wlan_acl #802.11 MAC ACL support
device an # Aironet 4500/4800 802.11 wireless NICs.
device awi # BayStack 660 and others
device wi # WaveLAN/Intersil/Symbol 802.11 wireless NICs.
device ath
device ath_hal
device ath_rate_sample
# Pseudo devices.
device loop # Network loopback
device mem # Memory and kernel memory devices
device io # I/O device
device random # Entropy device
device ether # Ethernet support
device ppp # Kernel PPP
device tun # Packet tunnel.
device pty # Pseudo-ttys (telnet etc)
device md # Memory "disks"
device gif # IPv6 and IPv4 tunneling
device faith # IPv6-to-IPv4 relaying (translation)
# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter
options INCLUDE_CONFIG_FILE
options IPFIREWALL
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPDIVERT
options DUMMYNET
options BRIDGE
options ALTQ
options ALTQ_CBQ
options ALTQ_RED
options ALTQ_RIO
options ALTQ_HFSC
options ALTQ_CDNR
options ALTQ_PRIQ
device pf
device pflog
device pfsync
device carp
options DEVICE_POLLING

2
tools/tools/tinybsd/conf/wrap/etc/fstab Normal file
View File

@ -0,0 +1,2 @@
# $FreeBSD$
/dev/ad0a / ufs ro 1 1

12
tools/tools/tinybsd/conf/wrap/etc/rc.conf Normal file
View File

@ -0,0 +1,12 @@
# $FreeBSD$
hostname="tinybsd.freebsd.org"
sendmail_enable="NONE"
sshd_enable="YES"
usbd_enable="NO"
inetd_enable="NO"
portmap_enable="NO"
update_motd="NO"
varmfs="YES"
populate_var="YES"
varsize="8192"

308
tools/tools/tinybsd/conf/wrap/etc/ttys Normal file
View File

@ -0,0 +1,308 @@
#
# $FreeBSD$
#
# This file specifies various information about terminals on the system.
# It is used by several different programs. Common entries for the
# various columns include:
#
# name The name of the terminal device.
#
# getty The program to start running on the terminal. Typically a
# getty program, as the name implies. Other common entries
# include none, when no getty is needed, and xdm, to start the
# X Window System.
#
# type The initial terminal type for this port. For hardwired
# terminal lines, this will contain the type of terminal used.
# For virtual consoles, the correct type is typically cons25, but
# vt220 will work better if you need interoperability with other
# systems like Solaris or GNU/Linux.
# Other common values include network for network connections on
# pseudo-terminals, dialup for incoming modem ports, and unknown
# when the terminal type cannot be predetermined.
#
# status Must be on or off. If on, init will run the getty program on
# the specified port. If the word "secure" appears, this tty
# allows root login.
#
# name getty type status comments
#
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure
#
ttyv0 "/usr/libexec/getty Pc" cons25 off secure
# Virtual terminals
ttyv1 "/usr/libexec/getty Pc" cons25 off secure
ttyv2 "/usr/libexec/getty Pc" cons25 off secure
ttyv3 "/usr/libexec/getty Pc" cons25 off secure
ttyv4 "/usr/libexec/getty Pc" cons25 off secure
ttyv5 "/usr/libexec/getty Pc" cons25 off secure
ttyv6 "/usr/libexec/getty Pc" cons25 off secure
ttyv7 "/usr/libexec/getty Pc" cons25 off secure
ttyv8 "/usr/X11R6/bin/xdm -nodaemoff" xterm off secure
# Serial terminals
# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
ttyd0 "/usr/libexec/getty std.9600" dialup on secure
ttyd1 "/usr/libexec/getty std.9600" dialup off secure
ttyd2 "/usr/libexec/getty std.9600" dialup off secure
ttyd3 "/usr/libexec/getty std.9600" dialup off secure
# Dumb console
dcons "/usr/libexec/getty std.9600" vt100 off secure
# Pseudo terminals
ttyp0 none network
ttyp1 none network
ttyp2 none network
ttyp3 none network
ttyp4 none network
ttyp5 none network
ttyp6 none network
ttyp7 none network
ttyp8 none network
ttyp9 none network
ttypa none network
ttypb none network
ttypc none network
ttypd none network
ttype none network
ttypf none network
ttypg none network
ttyph none network
ttypi none network
ttypj none network
ttypk none network
ttypl none network
ttypm none network
ttypn none network
ttypo none network
ttypp none network
ttypq none network
ttypr none network
ttyps none network
ttypt none network
ttypu none network
ttypv none network
ttyq0 none network
ttyq1 none network
ttyq2 none network
ttyq3 none network
ttyq4 none network
ttyq5 none network
ttyq6 none network
ttyq7 none network
ttyq8 none network
ttyq9 none network
ttyqa none network
ttyqb none network
ttyqc none network
ttyqd none network
ttyqe none network
ttyqf none network
ttyqg none network
ttyqh none network
ttyqi none network
ttyqj none network
ttyqk none network
ttyql none network
ttyqm none network
ttyqn none network
ttyqo none network
ttyqp none network
ttyqq none network
ttyqr none network
ttyqs none network
ttyqt none network
ttyqu none network
ttyqv none network
ttyr0 none network
ttyr1 none network
ttyr2 none network
ttyr3 none network
ttyr4 none network
ttyr5 none network
ttyr6 none network
ttyr7 none network
ttyr8 none network
ttyr9 none network
ttyra none network
ttyrb none network
ttyrc none network
ttyrd none network
ttyre none network
ttyrf none network
ttyrg none network
ttyrh none network
ttyri none network
ttyrj none network
ttyrk none network
ttyrl none network
ttyrm none network
ttyrn none network
ttyro none network
ttyrp none network
ttyrq none network
ttyrr none network
ttyrs none network
ttyrt none network
ttyru none network
ttyrv none network
ttys0 none network
ttys1 none network
ttys2 none network
ttys3 none network
ttys4 none network
ttys5 none network
ttys6 none network
ttys7 none network
ttys8 none network
ttys9 none network
ttysa none network
ttysb none network
ttysc none network
ttysd none network
ttyse none network
ttysf none network
ttysg none network
ttysh none network
ttysi none network
ttysj none network
ttysk none network
ttysl none network
ttysm none network
ttysn none network
ttyso none network
ttysp none network
ttysq none network
ttysr none network
ttyss none network
ttyst none network
ttysu none network
ttysv none network
ttyP0 none network
ttyP1 none network
ttyP2 none network
ttyP3 none network
ttyP4 none network
ttyP5 none network
ttyP6 none network
ttyP7 none network
ttyP8 none network
ttyP9 none network
ttyPa none network
ttyPb none network
ttyPc none network
ttyPd none network
ttyPe none network
ttyPf none network
ttyPg none network
ttyPh none network
ttyPi none network
ttyPj none network
ttyPk none network
ttyPl none network
ttyPm none network
ttyPn none network
ttyPo none network
ttyPp none network
ttyPq none network
ttyPr none network
ttyPs none network
ttyPt none network
ttyPu none network
ttyPv none network
ttyQ0 none network
ttyQ1 none network
ttyQ2 none network
ttyQ3 none network
ttyQ4 none network
ttyQ5 none network
ttyQ6 none network
ttyQ7 none network
ttyQ8 none network
ttyQ9 none network
ttyQa none network
ttyQb none network
ttyQc none network
ttyQd none network
ttyQe none network
ttyQf none network
ttyQg none network
ttyQh none network
ttyQi none network
ttyQj none network
ttyQk none network
ttyQl none network
ttyQm none network
ttyQn none network
ttyQo none network
ttyQp none network
ttyQq none network
ttyQr none network
ttyQs none network
ttyQt none network
ttyQu none network
ttyQv none network
ttyR0 none network
ttyR1 none network
ttyR2 none network
ttyR3 none network
ttyR4 none network
ttyR5 none network
ttyR6 none network
ttyR7 none network
ttyR8 none network
ttyR9 none network
ttyRa none network
ttyRb none network
ttyRc none network
ttyRd none network
ttyRe none network
ttyRf none network
ttyRg none network
ttyRh none network
ttyRi none network
ttyRj none network
ttyRk none network
ttyRl none network
ttyRm none network
ttyRn none network
ttyRo none network
ttyRp none network
ttyRq none network
ttyRr none network
ttyRs none network
ttyRt none network
ttyRu none network
ttyRv none network
ttyS0 none network
ttyS1 none network
ttyS2 none network
ttyS3 none network
ttyS4 none network
ttyS5 none network
ttyS6 none network
ttyS7 none network
ttyS8 none network
ttyS9 none network
ttySa none network
ttySb none network
ttySc none network
ttySd none network
ttySe none network
ttySf none network
ttySg none network
ttySh none network
ttySi none network
ttySj none network
ttySk none network
ttySl none network
ttySm none network
ttySn none network
ttySo none network
ttySp none network
ttySq none network
ttySr none network
ttySs none network
ttySt none network
ttySu none network
ttySv none network

238
tools/tools/tinybsd/conf/wrap/tinybsd.basefiles Normal file
View File

@ -0,0 +1,238 @@
# $FreeBSD$
# contents of ${WORKDIR}/boot
boot/boot0
boot/boot1
boot/boot2
boot/defaults/loader.conf
boot/device.hints
boot/loader
boot/loader.4th
boot/loader.help
boot/loader.rc
boot/mbr
boot/support.4th
# contents of ${WORKDIR}/libexec
libexec/ld-elf.so.1:usr/libexec/ld-elf.so.1
# contents of ${WORKDIR}/bin
bin/[:bin/test
bin/cat
bin/chflags
bin/chio
bin/chmod
bin/cp
bin/csh:bin/tcsh
bin/date
bin/dd
bin/df
bin/domainname
bin/echo
bin/ed:bin/red
bin/expr
bin/hostname
bin/kenv
bin/kill
bin/ln:bin/link
bin/ls
bin/mkdir
bin/mv
bin/pax
bin/ps
bin/pwd
bin/realpath
bin/rm:bin/unlink
bin/rmdir
bin/sh
bin/sleep
bin/stty
bin/sync
# contents of ${WORKDIR}/sbin
sbin/adjkerntz
sbin/comcontrol
sbin/disklabel
sbin/dmesg
sbin/fastboot:sbin/reboot
sbin/fasthalt:sbin/halt
sbin/fsck
sbin/fsck_ufs:sbin/fsck_ffs
sbin/fsck_ufs:sbin/fsck_4.2bsd
sbin/ifconfig
sbin/init
sbin/ipfw
sbin/kldconfig
sbin/kldload
sbin/kldstat
sbin/kldunload
sbin/ldconfig
sbin/md5
sbin/mdconfig
sbin/mknod
sbin/mdmfs
sbin/mount
sbin/mount_devfs:sbin/mount_fdescfs
sbin/mount_devfs:sbin/mount_linprocfs
sbin/mount_devfs:sbin/mount_procfs
sbin/mount_devfs:sbin/mount_std
sbin/mount_nullfs
sbin/mount_umapfs
sbin/mount_unionfs
sbin/natd
sbin/newfs
sbin/nextboot
sbin/nologin
sbin/nos-tun
sbin/pfctl
sbin/pflogd
sbin/ping
sbin/rcorder
sbin/route
sbin/shutdown
sbin/slattach
sbin/swapon
sbin/sysctl
sbin/umount
# contents of ${WORKDIR}/usr/sbin
usr/bin/at:usr/bin/atq
usr/bin/at:usr/bin/atrm
usr/bin/at:usr/bin/batch
usr/bin/awk
usr/bin/basename
usr/bin/bunzip2:usr/bin/bzcat
usr/bin/bunzip2:usr/bin/bzip2
usr/bin/chat
usr/bin/chfn:usr/bin/chpass
usr/bin/chfn:usr/bin/chsh
usr/bin/chgrp
usr/bin/cksum
usr/bin/clear
usr/bin/cmp
usr/bin/compress:usr/bin/uncompress
usr/bin/cpio
usr/bin/crontab
usr/bin/cu
usr/bin/dig
usr/bin/dirname
usr/bin/du
usr/bin/ee
usr/bin/egrep:usr/bin/fgrep
usr/bin/egrep:usr/bin/grep
usr/bin/env
usr/bin/false
usr/bin/fetch
usr/bin/find
usr/bin/finger
usr/bin/fstat
usr/bin/fsync
usr/bin/ftp
usr/bin/gunzip:usr/bin/gzcat
usr/bin/gunzip:usr/bin/gzip
usr/bin/gzexe
usr/bin/head
usr/bin/hexdump
usr/bin/id:usr/bin/whoami
usr/bin/ident
usr/bin/killall
usr/bin/last
usr/bin/less:usr/bin/more
usr/bin/limits
usr/bin/lock
usr/bin/lockf
usr/bin/logger
usr/bin/login
usr/bin/logname
usr/bin/mesg
usr/bin/minigzip
usr/bin/mkfifo
usr/bin/mktemp
usr/bin/msgs
usr/bin/netstat
usr/bin/nfsstat
usr/bin/nice
usr/bin/nslookup
usr/bin/nsupdate
usr/bin/nohup
usr/bin/objformat
usr/bin/openssl
usr/bin/passwd
usr/bin/printf
usr/bin/renice
usr/bin/reset:usr/sbin/tset
usr/bin/scp
usr/bin/script
usr/bin/sed
usr/bin/sftp
usr/bin/shar
usr/bin/slogin:usr/bin/ssh
usr/bin/sort
usr/bin/split
usr/bin/ssh-keygen
usr/bin/su
usr/bin/tail
usr/bin/tar
usr/bin/tee
usr/bin/telnet
usr/bin/time
usr/bin/top
usr/bin/touch
usr/bin/tput
usr/bin/tr
usr/bin/true
usr/bin/tty
usr/bin/uname
usr/bin/uptime:usr/bin/w
usr/bin/users
usr/bin/uudecode
usr/bin/uuencode
usr/bin/vi
usr/bin/vmstat
usr/bin/wall
usr/bin/who
usr/bin/whois
usr/bin/write
usr/bin/yes
# contents of ${WORKDIR}/usr/sbin
usr/sbin/arp
usr/sbin/authpf
usr/sbin/boot0cfg
usr/sbin/chown
usr/sbin/cron
usr/sbin/idprio:usr/sbin/rtprio
usr/sbin/inetd
usr/sbin/iostat
usr/sbin/kbdcontrol
usr/sbin/lastlogin
usr/sbin/memcontrol
usr/sbin/mtree
usr/sbin/newsyslog
usr/sbin/ntpdate
usr/sbin/pciconf
usr/sbin/pw
usr/sbin/pwd_mkdb
usr/sbin/slstat
usr/sbin/sshd
usr/sbin/syslogd
usr/sbin/tcpdchk
usr/sbin/tcpdmatch
usr/sbin/tcpdump
usr/sbin/traceroute
usr/sbin/vidcontrol
usr/sbin/vipw
usr/sbin/vnconfig
usr/sbin/watch
usr/sbin/wicontrol
usr/sbin/pccardc
usr/sbin/pccardd
# contents of ${WORKDIR}/usr/libexec
usr/libexec/atrun
usr/libexec/ftpd
usr/libexec/getty
usr/libexec/sftp-server
# contents of ${WORKDIR}/usr/share
usr/share/misc/termcap

220
tools/tools/tinybsd/tinybsd Executable file
View File

@ -0,0 +1,220 @@
#!/bin/sh -
# Copyright (c) 2006 Jean Milanez Melo <jmelo@freebsdbrasil.com.br>
# <jmelo@FreeBSD.org>
# Patrick Tracanelli <eksffa@freebsdbrasil.com.br>
#
# $FreeBSD$
#set -xv
CURRENTDIR=/usr/src/tools/tools/tinybsd
WORKDIR=/usr/obj/tinybsdbuild
KERNCONF=TINYBSD
DEFINSTARGS="-o 0 -g 0 -m 555"
SECTUNIT=$1
TRACKCYL=$2
SECTRACK=$3
CONF=$4
IMG=$5
TS="=====>"
if [ "$#" -lt 3 ]
then
echo "Woops!
Usage: $0 <mediasize in sectors> <heads according to firmware>
<sectors according to firmware> <conf> [<tinybsd image name>]
Example: $0 62592 4 32
or
$0 62592 4 32 wireless
Run diskinfo(8) -v against your CF device to get correct information
about your disk."
exit 1
fi
check_conf() {
if [ -z ${CONF} ]
then
CONF="default"
echo "${TS} Alternative conf name not set; defaulting to 'default'"
fi
}
check_alt_imgname() {
if [ -z ${IMG} ]
then
IMG="tinybsd.bin"
echo "${TS} Alternative image name not set; defaulting to 'tinybsd.bin'"
fi
}
remove_workdir() {
chflags -R noschg ${WORKDIR}
echo "${TS} Removing "${WORKDIR}
rm -rf ${WORKDIR}
echo "${TS} Removing Build Kernel Directory"
rm -rf /usr/obj/usr/src/sys/${KERNCONF}
echo "${TS} done."
}
prework() {
remove_workdir
mkdir -p ${WORKDIR}
}
create_tree() {
echo "${TS} Creating directory hierarchy... "
mtree -deU -f /etc/mtree/BSD.root.dist -p ${WORKDIR}
mtree -deU -f /etc/mtree/BSD.usr.dist -p ${WORKDIR}/usr
mtree -deU -f /etc/mtree/BSD.var.dist -p ${WORKDIR}/var
}
copy_binaries() {
#set -xv
for file in `cat ${CURRENTDIR}/conf/${CONF}/tinybsd.basefiles | grep -v "#" | \
cut -f1 -d":" | sort | uniq` ; do
echo "${TS} Copying "/${file}" to "${WORKDIR}/${file}
cp -fp /${file} ${WORKDIR}/${file} ;
done
#set +xv
}
make_kernel() {
echo "${TS} Building customized tiny beastie kernel... "
cp -p ${CURRENTDIR}/conf/${CONF}/${KERNCONF} /usr/src/sys/i386/conf
cd /usr/src
make buildkernel KERNCONF=${KERNCONF} || exit 1
gzip -9 /usr/obj/usr/src/sys/${KERNCONF}/kernel
install ${DEFINSTARGS} /usr/obj/usr/src/sys/${KERNCONF}/kernel.gz ${WORKDIR}/boot/kernel/
install ${DEFINSTARGS} \
/usr/obj/usr/src/sys/${KERNCONF}/modules/usr/src/sys/modules/acpi/acpi/acpi.ko \
${WORKDIR}/boot/kernel
install -o 0 -g 0 -m 444 /sys/i386/conf/GENERIC.hints ${WORKDIR}/boot/device.hints
}
copy_libraries() {
#set -xv
TDEPFILE="`mktemp -t deps`"
TDEPFILES="`mktemp -t depsymlnk`"
cd ${CURRENTDIR}/conf/${CONF}
for file in `cat tinybsd.basefiles | grep -v "#" | cut -f1 -d":"`; do
ldd -f "%p\n" /${file} >> ${TDEPFILE} ; # don't worry on progs been "not dynamic"
done
for libdeplib in `cat ${TDEPFILE} | sort | uniq`; do
ldd -f "%p\n" /${libdeplib} >> ${TDEPFILE} ;
done
for pamdep in `ls -1 /usr/lib/pam*`; do
echo $pamdep >> ${TDEPFILE} ;
ldd -f "%p\n" /${pamdep} >> ${TDEPFILE} ;
done
for lib in `cat ${TDEPFILE} | sort | uniq`; do
echo "${TS} Copying "${lib}" to "${WORKDIR}${lib}
cp -fp ${lib} ${WORKDIR}${lib} ;
done
for depsymlink in `cat ${TDEPFILE}`; do
echo "${TS} Checking if ${depsymlink} is a symbolic link"
/bin/ls -l $depsymlink | grep "\->" | awk '{print $11":"$9}' >> ${TDEPFILES}
done
for i in `cat ${TDEPFILES}`; do
SOURCE_FILE=`echo $i | awk -F ":" '{print $1}'`
TARGET_FILE=`echo $i | awk -F ":" '{print $2}'`
echo "${TS} Unlinking ${WORKDIR}${TARGET_FILE}"
chroot ${WORKDIR} /bin/rm -f ${TARGET_FILE}
echo "${TS} Symlinking ${SOURCE_FILE} to ${TARGET_FILE}"
chroot ${WORKDIR} /bin/ln -s ${SOURCE_FILE} ${TARGET_FILE}
done
echo -n "${TS} Unlinking "
rm -fv ${TDEPFILE} ${TDEPFILES}
#set +xv
}
create_etc() {
cd /usr/src/etc/sendmail/
make freebsd.cf freebsd.submit.cf
cd /usr/src/etc/
mkdir -p ${WORKDIR}/var/named/etc/namedb
make distribution DESTDIR=${WORKDIR}
}
personal_directories() {
echo "${TS} Copying your custom configuration on conf/ ..."
for custom in `find ${CURRENTDIR}/conf/${CONF}/ -type d -depth 1`; do
cp -Rp ${custom}/* ${WORKDIR}/${custom#${CURRENTDIR}/conf/${CONF}/}/
done
}
symlinks() {
#set -xv
for i in `cat tinybsd.basefiles | grep -v "#" | grep ":"`; do
SOURCE_FILE=`echo $i | awk -F ":" {'print $1'}`
TARGET_FILE=`echo $i | awk -F ":" {'print $2'}`
chroot ${WORKDIR} /bin/ln -vs /${SOURCE_FILE} ${TARGET_FILE}
done
#set +xv
}
create_image() {
#set -ex
VNODEFILE=`mktemp -t tinybsd`
IMGMNT=`mktemp -d -t tinybsd`
dd if=/dev/zero of=${VNODEFILE} count=${SECTUNIT}
MD=`mdconfig -a -t vnode -f ${VNODEFILE} -x ${SECTRACK} -y ${TRACKCYL}`
diskinfo -v /dev/${MD}
fdisk -I /dev/${MD}
fdisk /dev/${MD}
cp -p /boot/boot0 ${WORKDIR}/boot/boot0
bsdlabel -w -B /dev/${MD}
newfs -O2 -U /dev/${MD}a
mount /dev/${MD}a ${IMGMNT}
( cd ${WORKDIR} && find . -print | cpio -dump ${IMGMNT} ) || true
df ${IMGMNT}
umount ${IMGMNT}
dd if=/dev/${MD} of=${CURRENTDIR}/${IMG} bs=64k
rm -vf ${VNODEFILE}
rm -rvf ${IMGMNT}
mdconfig -d -u ${MD}
}
##########################
# run things
prework
check_conf
check_alt_imgname
create_tree
copy_binaries
make_kernel
copy_libraries
symlinks
create_etc
personal_directories
create_image
#set +xv