diff options
| author | Bill Marquette <bill.marquette@gmail.com> | 2009-03-14 20:01:54 -0500 |
|---|---|---|
| committer | Bill Marquette <bill.marquette@gmail.com> | 2009-03-14 20:03:13 -0500 |
| commit | c755c016205898f13b7c7e282f2b6a1758bb4a6f (patch) | |
| tree | 796086188d555d907cb44667d11d513701236b59 | |
| parent | 4b805dbe77242f1c1babf5fd8678ddee8bc513dc (diff) | |
| download | pfsense-c755c016205898f13b7c7e282f2b6a1758bb4a6f.zip pfsense-c755c016205898f13b7c7e282f2b6a1758bb4a6f.tar.gz | |
Remove duplicate config.xml and restore conf.default/config.xml if /conf/config.xml and no backups exist
| -rw-r--r-- | cf/conf/config.xml | 788 | ||||
| -rw-r--r-- | etc/inc/config.inc | 16 |
2 files changed, 2 insertions, 802 deletions
diff --git a/cf/conf/config.xml b/cf/conf/config.xml deleted file mode 100644 index fc2862e..0000000 --- a/cf/conf/config.xml +++ /dev/null @@ -1,788 +0,0 @@ -<?xml version="1.0"?> -<!-- pfSense default system configuration --> -<pfsense> - <version>5.7</version> - <lastchange></lastchange> - <theme>nervecenter</theme> - <sysctl> - <item> - <desc>Set the ephemeral port range to be lower.</desc> - <tunable>net.inet.ip.portrange.first</tunable> - <value>1024</value> - </item> - <item> - <desc>Drop packets to closed TCP ports without returning a RST</desc> - <tunable>net.inet.tcp.blackhole</tunable> - <value>2</value> - </item> - <item> - <desc>Do not send ICMP port unreachable messages for closed UDP ports</desc> - <tunable>net.inet.udp.blackhole</tunable> - <value>1</value> - </item> - <item> - <desc>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</desc> - <tunable>net.inet.ip.random_id</tunable> - <value>1</value> - </item> - <item> - <desc>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</desc> - <tunable>net.inet.tcp.drop_synfin</tunable> - <value>1</value> - </item> - <item> - <desc>Enable sending IPv4 redirects</desc> - <tunable>net.inet.ip.redirect</tunable> - <value>1</value> - </item> - <item> - <desc>Enable sending IPv6 redirects</desc> - <tunable>net.inet6.ip6.redirect</tunable> - <value>1</value> - </item> - <item> - <desc>Generate SYN cookies for outbound SYN-ACK packets</desc> - <tunable>net.inet.tcp.syncookies</tunable> - <value>1</value> - </item> - <item> - <desc>Maximum incoming/outgoing TCP datagram size (receive)</desc> - <tunable>net.inet.tcp.recvspace</tunable> - <value>65228</value> - </item> - <item> - <desc>Maximum incoming/outgoing TCP datagram size (send)</desc> - <tunable>net.inet.tcp.sendspace</tunable> - <value>65228</value> - </item> - <item> - <desc>IP Fastforwarding</desc> - <tunable>net.inet.ip.fastforwarding</tunable> - <value>1</value> - </item> - <item> - <desc>Do not delay ACK to try and piggyback it onto a data packet</desc> - <tunable>net.inet.tcp.delayed_ack</tunable> - <value>0</value> - </item> - <item> - <desc>Maximum outgoing UDP datagram size</desc> - <tunable>net.inet.udp.maxdgram</tunable> - <value>57344</value> - </item> - <item> - <desc>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</desc> - <tunable>net.link.bridge.pfil_onlyip</tunable> - <value>0</value> - </item> - <item> - <desc>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</desc> - <tunable>net.link.bridge.pfil_member</tunable> - <value>1</value> - </item> - <item> - <desc>Set to 1 to enable filtering on the bridge interface</desc> - <tunable>net.link.bridge.pfil_bridge</tunable> - <value>0</value> - </item> - <item> - <desc>Allow unprivileged access to tap(4) device nodes</desc> - <tunable>net.link.tap.user_open</tunable> - <value>1</value> - </item> - <item> - <desc>Verbosity of the rndtest driver (0: do not display results on console)</desc> - <tunable>kern.rndtest.verbose</tunable> - <value>0</value> - </item> - <item> - <desc>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</desc> - <tunable>kern.randompid</tunable> - <value>347</value> - </item> - <item> - <desc>Maximum size of the IP input queue</desc> - <tunable>net.inet.ip.intr_queue_maxlen</tunable> - <value>1000</value> - </item> - <item> - <desc>Disable CTRL+ALT+Delete reboot from keyboard.</desc> - <tunable>hw.syscons.kbd_reboot</tunable> - <value>0</value> - </item> - <item> - <desc>Enable TCP Inflight mode</desc> - <tunable>net.inet.tcp.inflight.enable</tunable> - <value>1</value> - </item> - <item> - <desc>Enable TCP extended debugging</desc> - <tunable>net.inet.tcp.log_debug</tunable> - <value>0</value> - </item> - <item> - <desc>Set ICMP Limits</desc> - <tunable>net.inet.icmp.icmplim</tunable> - <value>750</value> - </item> - <item> - <desc>TCP Offload Engine</desc> - <tunable>net.inet.tcp.tso</tunable> - <value>0</value> - </item> - <item> - <desc>TCP Offload Engine - BCE</desc> - <tunable>hw.bce.tso_enable</tunable> - <value>0</value> - </item> - </sysctl> - <system> - <optimization>normal</optimization> - <hostname>pfSense</hostname> - <domain>local</domain> - <dnsserver></dnsserver> - <dnsallowoverride/> - <group> - <name>all</name> - <description>All Users</description> - <scope>system</scope> - <gid>1998</gid> - <member>0</member> - </group> - <group> - <name>admins</name> - <description>System Administrators</description> - <scope>system</scope> - <gid>1999</gid> - <member>0</member> - <priv>page-all</priv> - </group> - <user> - <name>admin</name> - <fullname>System Administrator</fullname> - <scope>system</scope> - <groupname>admins</groupname> - <password>$1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re.</password> - <uid>0</uid> - <priv>user-shell-access</priv> - </user> - <nextuid>2000</nextuid> - <nextgid>2000</nextgid> - <timezone>Etc/UTC</timezone> - <time-update-interval>300</time-update-interval> - <timeservers>0.pfsense.pool.ntp.org</timeservers> - <webgui> - <protocol>http</protocol> - <!-- - <port></port> - <certificate></certificate> - <private-key></private-key> - <noassigninterfaces/> - <expanddiags/> - <noantilockout></noantilockout> - --> - </webgui> - <disablenatreflection>yes</disablenatreflection> - <!-- <disableconsolemenu/> --> - <!-- <disablefirmwarecheck/> --> - <!-- <shellcmd></shellcmd> --> - <!-- <earlyshellcmd></earlyshellcmd> --> - <!-- <harddiskstandby></harddiskstandby> --> - </system> - <interfaces> - <wan> - <if>sis1</if> - <mtu></mtu> - <ipaddr>dhcp</ipaddr> - <!-- *or* ipv4-address *or* 'pppoe' *or* 'pptp' *or* 'bigpond' --> - <subnet></subnet> - <gateway></gateway> - <blockpriv/> - <blockbogons/> - <disableftpproxy/> - <dhcphostname></dhcphostname> - <media></media> - <mediaopt></mediaopt> - <bandwidth>100</bandwidth> - <bandwidthtype>Mb</bandwidthtype> - <!-- - <wireless> - *see below (opt[n])* - </wireless> - --> - </wan> - <lan> - <if>sis0</if> - <ipaddr>192.168.1.1</ipaddr> - <subnet>24</subnet> - <media></media> - <mediaopt></mediaopt> - <bandwidth>100</bandwidth> - <bandwidthtype>Mb</bandwidthtype> - <!-- - <wireless> - *see below (opt[n])* - </wireless> - --> - </lan> - <!-- - <opt[n]> - <enable/> - <descr></descr> - <if></if> - <ipaddr></ipaddr> - <subnet></subnet> - <media></media> - <mediaopt></mediaopt> - <bridge>lan|wan|opt[n]</bridge> - <wireless> - <mode>hostap *or* bss *or* ibss</mode> - <ssid></ssid> - <channel></channel> - <wep> - <enable/> - <key> - <txkey/> - <value></value> - </key> - </wep> - </wireless> - </opt[n]> - --> - </interfaces> - <!-- - <vlans> - <vlan> - <tag></tag> - <if></if> - <descr></descr> - </vlan> - </vlans> - --> - <staticroutes> - <!-- - <route> - <interface>lan|opt[n]|pptp</interface> - <network>xxx.xxx.xxx.xxx/xx</network> - <gateway>xxx.xxx.xxx.xxx</gateway> - <descr></descr> - </route> - --> - </staticroutes> - <pppoe> - <username></username> - <password></password> - <provider></provider> - <!-- - <ondemand/> - <timeout></timeout> - --> - </pppoe> - <pptp> - <username></username> - <password></password> - <local></local> - <subnet></subnet> - <remote></remote> - <!-- - <ondemand/> - <timeout></timeout> - --> - </pptp> - <bigpond> - <username></username> - <password></password> - <authserver></authserver> - <authdomain></authdomain> - <minheartbeatinterval></minheartbeatinterval> - </bigpond> - <dyndns> - <!-- <enable/> --> - <type>dyndns</type> - <username></username> - <password></password> - <host></host> - <mx></mx> - <!-- <wildcard/> --> - </dyndns> - <dhcpd> - <lan> - <enable/> - <range> - <from>192.168.1.100</from> - <to>192.168.1.199</to> - </range> - <!-- - <winsserver>xxx.xxx.xxx.xxx</winsserver> - <defaultleasetime></defaultleasetime> - <maxleasetime></maxleasetime> - <gateway>xxx.xxx.xxx.xxx</gateway> - <domain></domain> - <dnsserver></dnsserver> - <ntpserver>xxx.xxx.xxx.xxx</ntpserver> - <next-server></next-server> - <filename></filename> - --> - </lan> - <!-- - <opt[n]> - ... - </opt[n]> - --> - <!-- - <staticmap> - <mac>xx:xx:xx:xx:xx:xx</mac> - <ipaddr>xxx.xxx.xxx.xxx</ipaddr> - <descr></descr> - </staticmap> - --> - </dhcpd> - <pptpd> - <mode><!-- off *or* server *or* redir --></mode> - <redir></redir> - <localip></localip> - <remoteip></remoteip> - <!-- <accounting/> --> - <!-- - <user> - <name></name> - <password></password> - </user> - --> - </pptpd> - <ovpn> - <!-- - <server> - <enable/> - <ca_cert></ca_cert> - <srv_cert></srv_cert> - <srv_key></srv_key> - <dh_param></dh_param> - <verb></verb> - <tun_iface></tun_iface> - <port></port> - <bind_iface></bind_iface> - <cli2cli/> - <maxcli></maxcli> - <prefix></prefix> - <ipblock></ipblock> - <crypto></crypto> - <dupcn/> - <psh_options> - <redir></redir> - <redir_loc></redir_loc> - <rte_delay></rte_delay> - <ping></ping> - <pingrst></pingrst> - <pingexit></pingexit> - <inact></inact> - </psh_options> - </server> - <client> - <tunnel></tunnel> - <ca_cert></ca_cert> - <cli_cert></cli_cert> - <cli_key></cli_key> - <type></type> - <tunnel> - <if></if> - <proto></proto> - <cport></cport> - <saddr></saddr> - <sport></sport> - <crypto></crypto> - </tunnel> - </client> - --> - </ovpn> - <dnsmasq> - <enable/> - <!-- - <hosts> - <host></host> - <domain></domain> - <ip></ip> - <descr></descr> - </hosts> - --> - </dnsmasq> - <snmpd> - <!-- <enable/> --> - <syslocation></syslocation> - <syscontact></syscontact> - <rocommunity>public</rocommunity> - </snmpd> - <diag> - <ipv6nat> - <!-- <enable/> --> - <ipaddr></ipaddr> - </ipv6nat> - </diag> - <bridge> - <!-- <filteringbridge/> --> - </bridge> - <syslog> - <!-- - <reverse/> - <enable/> - <remoteserver>xxx.xxx.xxx.xxx</remoteserver> - <filter/> - <dhcp/> - <system/> - <nologdefaultblock/> - --> - </syslog> - <!-- - <captiveportal> - <enable/> - <interface>lan|opt[n]</interface> - <idletimeout>minutes</idletimeout> - <timeout>minutes</timeout> - <page> - <htmltext></htmltext> - <errtext></errtext> - </page> - <httpslogin/> - <httpsname></httpsname> - <certificate></certificate> - <private-key></private-key> - <redirurl></redirurl> - <radiusip></radiusip> - <radiusport></radiusport> - <radiuskey></radiuskey> - <nomacfilter/> - </captiveportal> - --> - <nat> - <ipsecpassthru> - <enable/> - </ipsecpassthru> - <!-- - <rule> - <interface></interface> - <external-address></external-address> - <protocol></protocol> - <external-port></external-port> - <target></target> - <local-port></local-port> - <descr></descr> - </rule> - --> - <!-- - <onetoone> - <interface></interface> - <external>xxx.xxx.xxx.xxx</external> - <internal>xxx.xxx.xxx.xxx</internal> - <subnet></subnet> - <descr></descr> - </onetoone> - --> - <!-- - <advancedoutbound> - <enable/> - <rule> - <interface></interface> - <source> - <network>xxx.xxx.xxx.xxx/xx</network> - </source> - <destination> - <not/> - <any/> - *or* - <network>xxx.xxx.xxx.xxx/xx</network> - </destination> - <target>xxx.xxx.xxx.xxx</target> - <descr></descr> - </rule> - </advancedoutbound> - --> - <!-- - <servernat> - <ipaddr></ipaddr> - <descr></descr> - </servernat> - --> - </nat> - <filter> - <!-- <tcpidletimeout></tcpidletimeout> --> - <rule> - <type>pass</type> - <descr>Default allow LAN to any rule</descr> - <interface>lan</interface> - <source> - <network>lan</network> - </source> - <destination> - <any/> - </destination> - </rule> - <!-- rule syntax: - <rule> - <disabled/> - <type>pass|block|reject</type> - <descr>...</descr> - <interface>lan|opt[n]|wan|pptp</interface> - <protocol>tcp|udp|tcp/udp|...</protocol> - <icmptype></icmptype> - <source> - <not/> - - <address>xxx.xxx.xxx.xxx(/xx) or alias</address> - *or* - <network>lan|opt[n]|pptp</network> - *or* - <any/> - - <port>a[-b]</port> - </source> - <destination> - *same as for source* - </destination> - <frags/> - <log/> - </rule> - --> - </filter> - <shaper> - <!-- <enable/> --> - <!-- <schedulertype>hfsc</schedulertype> --> - <!-- rule syntax: - <rule> - <disabled/> - <descr></descr> - - <targetpipe>number (zero based)</targetpipe> - *or* - <targetqueue>number (zero based)</targetqueue> - - <interface>lan|wan|opt[n]|pptp</interface> - <protocol>tcp|udp</protocol> - <direction>in|out</direction> - <source> - <not/> - - <address>xxx.xxx.xxx.xxx(/xx)</address> - *or* - <network>lan|opt[n]|pptp</network> - *or* - <any/> - - <port>a[-b]</port> - </source> - <destination> - *same as for source* - </destination> - - <iplen>from[-to]</iplen> - <iptos>(!)lowdelay,throughput,reliability,mincost,congestion</iptos> - <tcpflags>(!)fin,syn,rst,psh,ack,urg</tcpflags> - </rule> - <pipe> - <descr></descr> - <bandwidth></bandwidth> - <delay></delay> - <mask>source|destination</mask> - </pipe> - <queue> - <descr></descr> - <targetpipe>number (zero based)</targetpipe> - <weight></weight> - <mask>source|destination</mask> - </queue> - --> - </shaper> - <ipsec> - <preferredoldsa/> - <!-- <enable/> --> - <!-- syntax: - <tunnel> - <disabled/> - <auto/> - <descr></descr> - <interface>lan|wan|opt[n]</interface> - <local-subnet> - <address>xxx.xxx.xxx.xxx(/xx)</address> - *or* - <network>lan|opt[n]</network> - </local-subnet> - <remote-subnet>xxx.xxx.xxx.xxx/xx</remote-subnet> - <remote-gateway></remote-gateway> - <p1> - <mode></mode> - <myident> - <myaddress/> - *or* - <address>xxx.xxx.xxx.xxx</address> - *or* - <fqdn>the.fq.dn</fqdn> - </myident> - <encryption-algorithm></encryption-algorithm> - <hash-algorithm></hash-algorithm> - <dhgroup></dhgroup> - <lifetime></lifetime> - <pre-shared-key></pre-shared-key> - </p1> - <p2> - <protocol></protocol> - <encryption-algorithm-option></encryption-algorithm-option> - <hash-algorithm-option></hash-algorithm-option> - <pfsgroup></pfsgroup> - <lifetime></lifetime> - </p2> - </tunnel> - <mobileclients> - <enable/> - <p1> - <mode></mode> - <myident> - <myaddress/> - *or* - <address>xxx.xxx.xxx.xxx</address> - *or* - <fqdn>the.fq.dn</fqdn> - </myident> - <encryption-algorithm></encryption-algorithm> - <hash-algorithm></hash-algorithm> - <dhgroup></dhgroup> - <lifetime></lifetime> - </p1> - <p2> - <protocol></protocol> - <encryption-algorithm-option></encryption-algorithm-option> - <hash-algorithm-option></hash-algorithm-option> - <pfsgroup></pfsgroup> - <lifetime></lifetime> - </p2> - </mobileclients> - <mobilekey> - <ident></ident> - <pre-shared-key></pre-shared-key> - </mobilekey> - --> - </ipsec> - <aliases> - <!-- - <alias> - <name></name> - <address>xxx.xxx.xxx.xxx(/xx)</address> - <descr></descr> - </alias> - --> - </aliases> - <proxyarp> - <!-- - <proxyarpnet> - <network>xxx.xxx.xxx.xxx/xx</network> - *or* - <range> - <from>xxx.xxx.xxx.xxx</from> - <to>xxx.xxx.xxx.xxx</to> - </range> - </proxyarpnet> - --> - </proxyarp> - <cron> - <item> - <minute>0</minute> - <hour>*</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/bin/nice -n20 newsyslog</command> - </item> - <item> - <minute>1,31</minute> - <hour>0-5</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/bin/nice -n20 adjkerntz -a</command> - </item> - <item> - <minute>1</minute> - <hour>3</hour> - <mday>1</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command> - </item> - <item> - <minute>*/60</minute> - <hour>*</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command> - </item> - <item> - <minute>1</minute> - <hour>1</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command> - </item> - <item> - <minute>*/60</minute> - <hour>*</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command> - </item> - <item> - <minute>*/60</minute> - <hour>*</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c</command> - </item> - <item> - <minute>*/5</minute> - <hour>*</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/local/bin/checkreload.sh</command> - </item> - <item> - <minute>*/5</minute> - <hour>*</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/etc/ping_hosts.sh</command> - </item> - <item> - <minute>*/140</minute> - <hour>*</hour> - <mday>*</mday> - <month>*</month> - <wday>*</wday> - <who>root</who> - <command>/usr/local/sbin/reset_slbd.sh</command> - </item> - </cron> - <wol> - <!-- - <wolentry> - <interface>lan|opt[n]</interface> - <mac>xx:xx:xx:xx:xx:xx</mac> - <descr></descr> - </wolentry> - --> - </wol> - <rrd> - <enable/> - </rrd> -</pfsense> diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 026b90f..4f45cbd 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -167,20 +167,8 @@ if ($g['booting'] and !file_exists($g['cf_conf_path'] . "/config.xml") ) { file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); restore_backup("/cf/conf/backup/{$last_backup}"); } else { - /* no device found, print an error and die */ - echo <<<EOD - -******************************************************************************* -* FATAL ERROR * -* The device that contains the configuration file (config.xml) could not be * -* found. {$g['product_name']} cannot continue booting. * -******************************************************************************* - - -EOD; - - mwexec("/sbin/halt"); - exit; + log_error("No config.xml or config backups found, resetting to factory defaults.") + restore_backup('/conf.default/config.xml'); } } |
