From c755c016205898f13b7c7e282f2b6a1758bb4a6f Mon Sep 17 00:00:00 2001 From: Bill Marquette Date: Sat, 14 Mar 2009 20:01:54 -0500 Subject: Remove duplicate config.xml and restore conf.default/config.xml if /conf/config.xml and no backups exist --- cf/conf/config.xml | 788 ----------------------------------------------------- etc/inc/config.inc | 16 +- 2 files changed, 2 insertions(+), 802 deletions(-) delete mode 100644 cf/conf/config.xml diff --git a/cf/conf/config.xml b/cf/conf/config.xml deleted file mode 100644 index fc2862e..0000000 --- a/cf/conf/config.xml +++ /dev/null @@ -1,788 +0,0 @@ - - - - 5.7 - - nervecenter - - - Set the ephemeral port range to be lower. - net.inet.ip.portrange.first - 1024 - - - Drop packets to closed TCP ports without returning a RST - net.inet.tcp.blackhole - 2 - - - Do not send ICMP port unreachable messages for closed UDP ports - net.inet.udp.blackhole - 1 - - - Randomize the ID field in IP packets (default is 0: sequential IP IDs) - net.inet.ip.random_id - 1 - - - Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway) - net.inet.tcp.drop_synfin - 1 - - - Enable sending IPv4 redirects - net.inet.ip.redirect - 1 - - - Enable sending IPv6 redirects - net.inet6.ip6.redirect - 1 - - - Generate SYN cookies for outbound SYN-ACK packets - net.inet.tcp.syncookies - 1 - - - Maximum incoming/outgoing TCP datagram size (receive) - net.inet.tcp.recvspace - 65228 - - - Maximum incoming/outgoing TCP datagram size (send) - net.inet.tcp.sendspace - 65228 - - - IP Fastforwarding - net.inet.ip.fastforwarding - 1 - - - Do not delay ACK to try and piggyback it onto a data packet - net.inet.tcp.delayed_ack - 0 - - - Maximum outgoing UDP datagram size - net.inet.udp.maxdgram - 57344 - - - Handling of non-IP packets which are not passed to pfil (see if_bridge(4)) - net.link.bridge.pfil_onlyip - 0 - - - Set to 0 to disable filtering on the incoming and outgoing member interfaces. - net.link.bridge.pfil_member - 1 - - - Set to 1 to enable filtering on the bridge interface - net.link.bridge.pfil_bridge - 0 - - - Allow unprivileged access to tap(4) device nodes - net.link.tap.user_open - 1 - - - Verbosity of the rndtest driver (0: do not display results on console) - kern.rndtest.verbose - 0 - - - Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid()) - kern.randompid - 347 - - - Maximum size of the IP input queue - net.inet.ip.intr_queue_maxlen - 1000 - - - Disable CTRL+ALT+Delete reboot from keyboard. - hw.syscons.kbd_reboot - 0 - - - Enable TCP Inflight mode - net.inet.tcp.inflight.enable - 1 - - - Enable TCP extended debugging - net.inet.tcp.log_debug - 0 - - - Set ICMP Limits - net.inet.icmp.icmplim - 750 - - - TCP Offload Engine - net.inet.tcp.tso - 0 - - - TCP Offload Engine - BCE - hw.bce.tso_enable - 0 - - - - normal - pfSense - local - - - - all - All Users - system - 1998 - 0 - - - admins - System Administrators - system - 1999 - 0 - page-all - - - admin - System Administrator - system - admins - $1$dSJImFph$GvZ7.1UbuWu.Yb8etC0re. - 0 - user-shell-access - - 2000 - 2000 - Etc/UTC - 300 - 0.pfsense.pool.ntp.org - - http - - - yes - - - - - - - - - sis1 - - dhcp - - - - - - - - - - 100 - Mb - - - - sis0 - 192.168.1.1 - 24 - - - 100 - Mb - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - dyndns - - - - - - - - - - - 192.168.1.100 - 192.168.1.199 - - - - - - - - - - - - - - - - - - - - - - - - - - public - - - - - - - - - - - - - - - - - - - - - - - - - - - pass - Default allow LAN to any rule - lan - - lan - - - - - - - - - - - - - - - - - - - - - - - - - - 0 - * - * - * - * - root - /usr/bin/nice -n20 newsyslog - - - 1,31 - 0-5 - * - * - * - root - /usr/bin/nice -n20 adjkerntz -a - - - 1 - 3 - 1 - * - * - root - /usr/bin/nice -n20 /etc/rc.update_bogons.sh - - - */60 - * - * - * - * - root - /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout - - - 1 - 1 - * - * - * - root - /usr/bin/nice -n20 /etc/rc.dyndns.update - - - */60 - * - * - * - * - root - /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot - - - */60 - * - * - * - * - root - /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c - - - */5 - * - * - * - * - root - /usr/local/bin/checkreload.sh - - - */5 - * - * - * - * - root - /etc/ping_hosts.sh - - - */140 - * - * - * - * - root - /usr/local/sbin/reset_slbd.sh - - - - - - - - - diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 026b90f..4f45cbd 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -167,20 +167,8 @@ if ($g['booting'] and !file_exists($g['cf_conf_path'] . "/config.xml") ) { file_notice("config.xml", "No config.xml found, attempting last known config restore.", "pfSenseConfigurator", ""); restore_backup("/cf/conf/backup/{$last_backup}"); } else { - /* no device found, print an error and die */ - echo <<