summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBill Marquette <bill.marquette@gmail.com>2009-03-14 20:01:54 -0500
committerBill Marquette <bill.marquette@gmail.com>2009-03-14 20:03:13 -0500
commitc755c016205898f13b7c7e282f2b6a1758bb4a6f (patch)
tree796086188d555d907cb44667d11d513701236b59
parent4b805dbe77242f1c1babf5fd8678ddee8bc513dc (diff)
downloadpfsense-c755c016205898f13b7c7e282f2b6a1758bb4a6f.zip
pfsense-c755c016205898f13b7c7e282f2b6a1758bb4a6f.tar.gz
Remove duplicate config.xml and restore conf.default/config.xml if /conf/config.xml and no backups exist
-rw-r--r--cf/conf/config.xml788
-rw-r--r--etc/inc/config.inc16
2 files changed, 2 insertions, 802 deletions
diff --git a/cf/conf/config.xml b/cf/conf/config.xml
deleted file mode 100644
index fc2862e..0000000
--- a/cf/conf/config.xml
+++ /dev/null
@@ -1,788 +0,0 @@
-<?xml version="1.0"?>
-<!-- pfSense default system configuration -->
-<pfsense>
- <version>5.7</version>
- <lastchange></lastchange>
- <theme>nervecenter</theme>
- <sysctl>
- <item>
- <desc>Set the ephemeral port range to be lower.</desc>
- <tunable>net.inet.ip.portrange.first</tunable>
- <value>1024</value>
- </item>
- <item>
- <desc>Drop packets to closed TCP ports without returning a RST</desc>
- <tunable>net.inet.tcp.blackhole</tunable>
- <value>2</value>
- </item>
- <item>
- <desc>Do not send ICMP port unreachable messages for closed UDP ports</desc>
- <tunable>net.inet.udp.blackhole</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc>
- <tunable>net.inet.ip.random_id</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc>
- <tunable>net.inet.tcp.drop_synfin</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Enable sending IPv4 redirects</desc>
- <tunable>net.inet.ip.redirect</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Enable sending IPv6 redirects</desc>
- <tunable>net.inet6.ip6.redirect</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Generate SYN cookies for outbound SYN-ACK packets</desc>
- <tunable>net.inet.tcp.syncookies</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Maximum incoming/outgoing TCP datagram size (receive)</desc>
- <tunable>net.inet.tcp.recvspace</tunable>
- <value>65228</value>
- </item>
- <item>
- <desc>Maximum incoming/outgoing TCP datagram size (send)</desc>
- <tunable>net.inet.tcp.sendspace</tunable>
- <value>65228</value>
- </item>
- <item>
- <desc>IP Fastforwarding</desc>
- <tunable>net.inet.ip.fastforwarding</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Do not delay ACK to try and piggyback it onto a data packet</desc>
- <tunable>net.inet.tcp.delayed_ack</tunable>
- <value>0</value>
- </item>
- <item>
- <desc>Maximum outgoing UDP datagram size</desc>
- <tunable>net.inet.udp.maxdgram</tunable>
- <value>57344</value>
- </item>
- <item>
- <desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc>
- <tunable>net.link.bridge.pfil_onlyip</tunable>
- <value>0</value>
- </item>
- <item>
- <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc>
- <tunable>net.link.bridge.pfil_member</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Set to 1 to enable filtering on the bridge interface</desc>
- <tunable>net.link.bridge.pfil_bridge</tunable>
- <value>0</value>
- </item>
- <item>
- <desc>Allow unprivileged access to tap(4) device nodes</desc>
- <tunable>net.link.tap.user_open</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Verbosity of the rndtest driver (0: do not display results on console)</desc>
- <tunable>kern.rndtest.verbose</tunable>
- <value>0</value>
- </item>
- <item>
- <desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc>
- <tunable>kern.randompid</tunable>
- <value>347</value>
- </item>
- <item>
- <desc>Maximum size of the IP input queue</desc>
- <tunable>net.inet.ip.intr_queue_maxlen</tunable>
- <value>1000</value>
- </item>
- <item>
- <desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc>
- <tunable>hw.syscons.kbd_reboot</tunable>
- <value>0</value>
- </item>
- <item>
- <desc>Enable TCP Inflight mode</desc>
- <tunable>net.inet.tcp.inflight.enable</tunable>
- <value>1</value>
- </item>
- <item>
- <desc>Enable TCP extended debugging</desc>
- <tunable>net.inet.tcp.log_debug</tunable>
- <value>0</value>
- </item>
- <item>
- <desc>Set ICMP Limits</desc>
- <tunable>net.inet.icmp.icmplim</tunable>
- <value>750</value>
- </item>
- <item>
- <desc>TCP Offload Engine</desc>
- <tunable>net.inet.tcp.tso</tunable>
- <value>0</value>
- </item>
- <item>
- <desc>TCP Offload Engine - BCE</desc>
- <tunable>hw.bce.tso_enable</tunable>
- <value>0</value>
- </item>
- </sysctl>
- <system>
- <optimization>normal</optimization>
- <hostname>pfSense</hostname>
- <domain>local</domain>
- <dnsserver></dnsserver>
- <dnsallowoverride/>
- <group>
- <name>all</name>
- <description>All Users</description>
- <scope>system</scope>
- <gid>1998</gid>
- <member>0</member>
- </group>
- <group>
- <name>admins</name>
- <description>System Administrators</description>
- <scope>system</scope>
- <gid>1999</gid>
- <member>0</member>
- <priv>page-all</priv>
- </group>
- <user>
- <name>admin</name>
- <fullname>System Administrator</fullname>
- <scope>system</scope>
- <groupname>admins</groupname>
- <password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password>
- <uid>0</uid>
- <priv>user-shell-access</priv>
- </user>
- <nextuid>2000</nextuid>
- <nextgid>2000</nextgid>
- <timezone>Etc/UTC</timezone>
- <time-update-interval>300</time-update-interval>
- <timeservers>0.pfsense.pool.ntp.org</timeservers>
- <webgui>
- <protocol>http</protocol>
- <!--
- <port></port>
- <certificate></certificate>
- <private-key></private-key>
- <noassigninterfaces/>
- <expanddiags/>
- <noantilockout></noantilockout>
- -->
- </webgui>
- <disablenatreflection>yes</disablenatreflection>
- <!-- <disableconsolemenu/> -->
- <!-- <disablefirmwarecheck/> -->
- <!-- <shellcmd></shellcmd> -->
- <!-- <earlyshellcmd></earlyshellcmd> -->
- <!-- <harddiskstandby></harddiskstandby> -->
- </system>
- <interfaces>
- <wan>
- <if>sis1</if>
- <mtu></mtu>
- <ipaddr>dhcp</ipaddr>
- <!-- *or* ipv4-address *or* 'pppoe' *or* 'pptp' *or* 'bigpond' -->
- <subnet></subnet>
- <gateway></gateway>
- <blockpriv/>
- <blockbogons/>
- <disableftpproxy/>
- <dhcphostname></dhcphostname>
- <media></media>
- <mediaopt></mediaopt>
- <bandwidth>100</bandwidth>
- <bandwidthtype>Mb</bandwidthtype>
- <!--
- <wireless>
- *see below (opt[n])*
- </wireless>
- -->
- </wan>
- <lan>
- <if>sis0</if>
- <ipaddr>192.168.1.1</ipaddr>
- <subnet>24</subnet>
- <media></media>
- <mediaopt></mediaopt>
- <bandwidth>100</bandwidth>
- <bandwidthtype>Mb</bandwidthtype>
- <!--
- <wireless>
- *see below (opt[n])*
- </wireless>
- -->
- </lan>
- <!--
- <opt[n]>
- <enable/>
- <descr></descr>
- <if></if>
- <ipaddr></ipaddr>
- <subnet></subnet>
- <media></media>
- <mediaopt></mediaopt>
- <bridge>lan|wan|opt[n]</bridge>
- <wireless>
- <mode>hostap *or* bss *or* ibss</mode>
- <ssid></ssid>
- <channel></channel>
- <wep>
- <enable/>
- <key>
- <txkey/>
- <value></value>
- </key>
- </wep>
- </wireless>
- </opt[n]>
- -->
- </interfaces>
- <!--
- <vlans>
- <vlan>
- <tag></tag>
- <if></if>
- <descr></descr>
- </vlan>
- </vlans>
- -->
- <staticroutes>
- <!--
- <route>
- <interface>lan|opt[n]|pptp</interface>
- <network>xxx.xxx.xxx.xxx/xx</network>
- <gateway>xxx.xxx.xxx.xxx</gateway>
- <descr></descr>
- </route>
- -->
- </staticroutes>
- <pppoe>
- <username></username>
- <password></password>
- <provider></provider>
- <!--
- <ondemand/>
- <timeout></timeout>
- -->
- </pppoe>
- <pptp>
- <username></username>
- <password></password>
- <local></local>
- <subnet></subnet>
- <remote></remote>
- <!--
- <ondemand/>
- <timeout></timeout>
- -->
- </pptp>
- <bigpond>
- <username></username>
- <password></password>
- <authserver></authserver>
- <authdomain></authdomain>
- <minheartbeatinterval></minheartbeatinterval>
- </bigpond>
- <dyndns>
- <!-- <enable/> -->
- <type>dyndns</type>
- <username></username>
- <password></password>
- <host></host>
- <mx></mx>
- <!-- <wildcard/> -->
- </dyndns>
- <dhcpd>
- <lan>
- <enable/>
- <range>
- <from>192.168.1.100</from>
- <to>192.168.1.199</to>
- </range>
- <!--
- <winsserver>xxx.xxx.xxx.xxx</winsserver>
- <defaultleasetime></defaultleasetime>
- <maxleasetime></maxleasetime>
- <gateway>xxx.xxx.xxx.xxx</gateway>
- <domain></domain>
- <dnsserver></dnsserver>
- <ntpserver>xxx.xxx.xxx.xxx</ntpserver>
- <next-server></next-server>
- <filename></filename>
- -->
- </lan>
- <!--
- <opt[n]>
- ...
- </opt[n]>
- -->
- <!--
- <staticmap>
- <mac>xx:xx:xx:xx:xx:xx</mac>
- <ipaddr>xxx.xxx.xxx.xxx</ipaddr>
- <descr></descr>
- </staticmap>
- -->
- </dhcpd>
- <pptpd>
- <mode><!-- off *or* server *or* redir --></mode>
- <redir></redir>
- <localip></localip>
- <remoteip></remoteip>
- <!-- <accounting/> -->
- <!--
- <user>
- <name></name>
- <password></password>
- </user>
- -->
- </pptpd>
- <ovpn>
- <!--
- <server>
- <enable/>
- <ca_cert></ca_cert>
- <srv_cert></srv_cert>
- <srv_key></srv_key>
- <dh_param></dh_param>
- <verb></verb>
- <tun_iface></tun_iface>
- <port></port>
- <bind_iface></bind_iface>
- <cli2cli/>
- <maxcli></maxcli>
- <prefix></prefix>
- <ipblock></ipblock>
- <crypto></crypto>
- <dupcn/>
- <psh_options>
- <redir></redir>
- <redir_loc></redir_loc>
- <rte_delay></rte_delay>
- <ping></ping>
- <pingrst></pingrst>
- <pingexit></pingexit>
- <inact></inact>
- </psh_options>
- </server>
- <client>
- <tunnel></tunnel>
- <ca_cert></ca_cert>
- <cli_cert></cli_cert>
- <cli_key></cli_key>
- <type></type>
- <tunnel>
- <if></if>
- <proto></proto>
- <cport></cport>
- <saddr></saddr>
- <sport></sport>
- <crypto></crypto>
- </tunnel>
- </client>
- -->
- </ovpn>
- <dnsmasq>
- <enable/>
- <!--
- <hosts>
- <host></host>
- <domain></domain>
- <ip></ip>
- <descr></descr>
- </hosts>
- -->
- </dnsmasq>
- <snmpd>
- <!-- <enable/> -->
- <syslocation></syslocation>
- <syscontact></syscontact>
- <rocommunity>public</rocommunity>
- </snmpd>
- <diag>
- <ipv6nat>
- <!-- <enable/> -->
- <ipaddr></ipaddr>
- </ipv6nat>
- </diag>
- <bridge>
- <!-- <filteringbridge/> -->
- </bridge>
- <syslog>
- <!--
- <reverse/>
- <enable/>
- <remoteserver>xxx.xxx.xxx.xxx</remoteserver>
- <filter/>
- <dhcp/>
- <system/>
- <nologdefaultblock/>
- -->
- </syslog>
- <!--
- <captiveportal>
- <enable/>
- <interface>lan|opt[n]</interface>
- <idletimeout>minutes</idletimeout>
- <timeout>minutes</timeout>
- <page>
- <htmltext></htmltext>
- <errtext></errtext>
- </page>
- <httpslogin/>
- <httpsname></httpsname>
- <certificate></certificate>
- <private-key></private-key>
- <redirurl></redirurl>
- <radiusip></radiusip>
- <radiusport></radiusport>
- <radiuskey></radiuskey>
- <nomacfilter/>
- </captiveportal>
- -->
- <nat>
- <ipsecpassthru>
- <enable/>
- </ipsecpassthru>
- <!--
- <rule>
- <interface></interface>
- <external-address></external-address>
- <protocol></protocol>
- <external-port></external-port>
- <target></target>
- <local-port></local-port>
- <descr></descr>
- </rule>
- -->
- <!--
- <onetoone>
- <interface></interface>
- <external>xxx.xxx.xxx.xxx</external>
- <internal>xxx.xxx.xxx.xxx</internal>
- <subnet></subnet>
- <descr></descr>
- </onetoone>
- -->
- <!--
- <advancedoutbound>
- <enable/>
- <rule>
- <interface></interface>
- <source>
- <network>xxx.xxx.xxx.xxx/xx</network>
- </source>
- <destination>
- <not/>
- <any/>
- *or*
- <network>xxx.xxx.xxx.xxx/xx</network>
- </destination>
- <target>xxx.xxx.xxx.xxx</target>
- <descr></descr>
- </rule>
- </advancedoutbound>
- -->
- <!--
- <servernat>
- <ipaddr></ipaddr>
- <descr></descr>
- </servernat>
- -->
- </nat>
- <filter>
- <!-- <tcpidletimeout></tcpidletimeout> -->
- <rule>
- <type>pass</type>
- <descr>Default allow LAN to any rule</descr>
- <interface>lan</interface>
- <source>
- <network>lan</network>
- </source>
- <destination>
- <any/>
- </destination>
- </rule>
- <!-- rule syntax:
- <rule>
- <disabled/>
- <type>pass|block|reject</type>
- <descr>...</descr>
- <interface>lan|opt[n]|wan|pptp</interface>
- <protocol>tcp|udp|tcp/udp|...</protocol>
- <icmptype></icmptype>
- <source>
- <not/>
-
- <address>xxx.xxx.xxx.xxx(/xx) or alias</address>
- *or*
- <network>lan|opt[n]|pptp</network>
- *or*
- <any/>
-
- <port>a[-b]</port>
- </source>
- <destination>
- *same as for source*
- </destination>
- <frags/>
- <log/>
- </rule>
- -->
- </filter>
- <shaper>
- <!-- <enable/> -->
- <!-- <schedulertype>hfsc</schedulertype> -->
- <!-- rule syntax:
- <rule>
- <disabled/>
- <descr></descr>
-
- <targetpipe>number (zero based)</targetpipe>
- *or*
- <targetqueue>number (zero based)</targetqueue>
-
- <interface>lan|wan|opt[n]|pptp</interface>
- <protocol>tcp|udp</protocol>
- <direction>in|out</direction>
- <source>
- <not/>
-
- <address>xxx.xxx.xxx.xxx(/xx)</address>
- *or*
- <network>lan|opt[n]|pptp</network>
- *or*
- <any/>
-
- <port>a[-b]</port>
- </source>
- <destination>
- *same as for source*
- </destination>
-
- <iplen>from[-to]</iplen>
- <iptos>(!)lowdelay,throughput,reliability,mincost,congestion</iptos>
- <tcpflags>(!)fin,syn,rst,psh,ack,urg</tcpflags>
- </rule>
- <pipe>
- <descr></descr>
- <bandwidth></bandwidth>
- <delay></delay>
- <mask>source|destination</mask>
- </pipe>
- <queue>
- <descr></descr>
- <targetpipe>number (zero based)</targetpipe>
- <weight></weight>
- <mask>source|destination</mask>
- </queue>
- -->
- </shaper>
- <ipsec>
- <preferredoldsa/>
- <!-- <enable/> -->
- <!-- syntax:
- <tunnel>
- <disabled/>
- <auto/>
- <descr></descr>
- <interface>lan|wan|opt[n]</interface>
- <local-subnet>
- <address>xxx.xxx.xxx.xxx(/xx)</address>
- *or*
- <network>lan|opt[n]</network>
- </local-subnet>
- <remote-subnet>xxx.xxx.xxx.xxx/xx</remote-subnet>
- <remote-gateway></remote-gateway>
- <p1>
- <mode></mode>
- <myident>
- <myaddress/>
- *or*
- <address>xxx.xxx.xxx.xxx</address>
- *or*
- <fqdn>the.fq.dn</fqdn>
- </myident>
- <encryption-algorithm></encryption-algorithm>
- <hash-algorithm></hash-algorithm>
- <dhgroup></dhgroup>
- <lifetime></lifetime>
- <pre-shared-key></pre-shared-key>
- </p1>
- <p2>
- <protocol></protocol>
- <encryption-algorithm-option></encryption-algorithm-option>
- <hash-algorithm-option></hash-algorithm-option>
- <pfsgroup></pfsgroup>
- <lifetime></lifetime>
- </p2>
- </tunnel>
- <mobileclients>
- <enable/>
- <p1>
- <mode></mode>
- <myident>
- <myaddress/>
- *or*
- <address>xxx.xxx.xxx.xxx</address>
- *or*
- <fqdn>the.fq.dn</fqdn>
- </myident>
- <encryption-algorithm></encryption-algorithm>
- <hash-algorithm></hash-algorithm>
- <dhgroup></dhgroup>
- <lifetime></lifetime>
- </p1>
- <p2>
- <protocol></protocol>
- <encryption-algorithm-option></encryption-algorithm-option>
- <hash-algorithm-option></hash-algorithm-option>
- <pfsgroup></pfsgroup>
- <lifetime></lifetime>
- </p2>
- </mobileclients>
- <mobilekey>
- <ident></ident>
- <pre-shared-key></pre-shared-key>
- </mobilekey>
- -->
- </ipsec>
- <aliases>
- <!--
- <alias>
- <name></name>
- <address>xxx.xxx.xxx.xxx(/xx)</address>
- <descr></descr>
- </alias>
- -->
- </aliases>
- <proxyarp>
- <!--
- <proxyarpnet>
- <network>xxx.xxx.xxx.xxx/xx</network>
- *or*
- <range>
- <from>xxx.xxx.xxx.xxx</from>
- <to>xxx.xxx.xxx.xxx</to>
- </range>
- </proxyarpnet>
- -->
- </proxyarp>
- <cron>
- <item>
- <minute>0</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 newsyslog</command>
- </item>
- <item>
- <minute>1,31</minute>
- <hour>0-5</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 adjkerntz -a</command>
- </item>
- <item>
- <minute>1</minute>
- <hour>3</hour>
- <mday>1</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
- </item>
- <item>
- <minute>*/60</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
- </item>
- <item>
- <minute>1</minute>
- <hour>1</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
- </item>
- <item>
- <minute>*/60</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
- </item>
- <item>
- <minute>*/60</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c</command>
- </item>
- <item>
- <minute>*/5</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/local/bin/checkreload.sh</command>
- </item>
- <item>
- <minute>*/5</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/etc/ping_hosts.sh</command>
- </item>
- <item>
- <minute>*/140</minute>
- <hour>*</hour>
- <mday>*</mday>
- <month>*</month>
- <wday>*</wday>
- <who>root</who>
- <command>/usr/local/sbin/reset_slbd.sh</command>
- </item>
- </cron>
- <wol>
- <!--
- <wolentry>
- <interface>lan|opt[n]</interface>
- <mac>xx:xx:xx:xx:xx:xx</mac>
- <descr></descr>
- </wolentry>
- -->
- </wol>
- <rrd>
- <enable/>
- </rrd>
-</pfsense>
diff --git a/etc/inc/config.inc b/etc/inc/config.inc
index 026b90f..4f45cbd 100644
--- a/etc/inc/config.inc
+++ b/etc/inc/config.inc
@@ -167,20 +167,8 @@ if ($g['booting'] and !file_exists($g['cf_conf_path'] . "/config.xml") ) {
file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", "");
restore_backup("/cf/conf/backup/{$last_backup}");
} else {
- /* no device found, print an error and die */
- echo <<<EOD
-
-*******************************************************************************
-* FATAL ERROR *
-* The device that contains the configuration file (config.xml) could not be *
-* found. {$g['product_name']} cannot continue booting. *
-*******************************************************************************
-
-
-EOD;
-
- mwexec("/sbin/halt");
- exit;
+ log_error("No config.xml or config backups found, resetting to factory defaults.")
+ restore_backup('/conf.default/config.xml');
}
}
OpenPOWER on IntegriCloud