Version 0.1

Author: rsjrs

etc/config/dhcp

@@ -0,0 +1,42 @@
+
+config dnsmasq
+	option domainneeded '1'
+	option boguspriv '1'
+	option filterwin2k '0'
+	option localise_queries '1'
+	option rebind_protection '1'
+	option rebind_localhost '1'
+	option local '/lan/'
+	option domain 'lan'
+	option expandhosts '1'
+	option nonegcache '0'
+	option authoritative '1'
+	option readethers '1'
+	option leasefile '/tmp/dhcp.leases'
+	option resolvfile '/tmp/resolv.conf.auto'
+
+config dhcp 'lan'
+	option interface 'lan'
+	option start '100'
+	option limit '150'
+	option leasetime '12h'
+	option dhcpv6 'server'
+	option ra 'server'
+
+config dhcp 'wlan'
+	option interface 'wlan'
+	option start 100
+	option limit 150
+	option leastime 12h
+	option ignore 0
+
+config dhcp 'wan'
+	option interface 'wan'
+	option ignore '1'
+
+config odhcpd 'odhcpd'
+	option maindhcp '0'
+	option leasefile '/tmp/hosts/odhcpd'
+	option leasetrigger '/usr/sbin/odhcpd-update'
+
+

etc/config/firewall

@@ -0,0 +1,108 @@
+config defaults
+        option syn_flood        1
+        option input            ACCEPT
+        option output           ACCEPT
+        option forward          REJECT
+        option disable_ipv6     1
+
+config zone
+        option name             lan
+        list   network          'lan'
+        option input            ACCEPT
+        option output           ACCEPT
+        option forward          REJECT
+
+config zone
+        option name 'wlan'
+        option network 'wlan'
+        option input ACCEPT
+        option output ACCEPT
+        option forward REJECT
+
+config zone
+        option name             wan
+        list   network          'wan'
+        option input            REJECT
+        option output           ACCEPT
+        option forward          REJECT
+        option masq             1
+        option mtu_fix          1
+        option network 'wan wwan'
+    
+# CAPTIVE WEB
+config redirect
+        option src              'wlan'
+        option proto            'tcp'
+        option src_dip          '!192.168.101.0/24'
+        option dest_port        '80'
+        option enabled          '1'
+
+# ROUTER MODE
+config forwarding
+        option src              'wlan'
+        option dest             'wan'
+        option enabled          '0'
+
+# TOR DNS
+config redirect
+        option src              'wlan'
+        option proto            'udp'
+        option src_port         '53'
+        option dest_port        '9053'
+        option enabled          '0'
+
+# TOR PROXY
+config redirect
+        option src              'wlan'
+        option proto            'tcp'
+        option src_dip          !192.168.101.0/24
+        option dest_port        '9040'
+        option enabled          '0'
+
+
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+        option name             Allow-DHCP-Renew
+        option src              wan
+        option proto            udp
+        option dest_port        68
+        option target           ACCEPT
+        option family           ipv4
+
+# Allow IPv4 ping
+config rule
+        option name             Allow-Ping
+        option src              wan
+        option proto            icmp
+        option icmp_type        echo-request
+        option family           ipv4
+        option target           ACCEPT
+        
+config rule                                
+        option name 'Allow-Tor-DNS'        
+        option src 'wlan'                  
+        option proto 'udp'                 
+        option dest_port '9053'            
+        option target 'ACCEPT'                   
+        option family 'ipv4'                     
+                                                 
+config rule                                      
+        option name 'Allow-Tor-Transparent'      
+        option src 'wlan'                        
+        option proto 'tcp'                       
+        option dest_port '9040'                  
+        option target 'ACCEPT'                   
+        option family 'ipv4'                     
+                                                 
+config rule                                      
+        option name 'Allow-Tor-Socks'            
+        option src 'wlan'                        
+        option proto 'tcp'                       
+        option dest_port '9050'                  
+        option target 'ACCEPT'                   
+        option family 'ipv4'                     
+                                                 
+# include a file with users custom iptables rules
+config include                        
+        option path /etc/firewall.user

etc/config/network

@@ -0,0 +1,27 @@
+config interface 'loopback'
+        option ifname 'lo'
+        option proto 'static'
+        option ipaddr '127.0.0.1'
+        option netmask '255.0.0.0'
+
+config interface 'wlan'
+        option ifname 'eth0'
+        option type 'bridge'
+        option proto 'static'
+        option ipaddr '192.168.101.1'
+        option netmask '255.255.255.0'
+
+config interface 'lan'
+        option ifname 'eth1'
+        #option force_link '1'
+        #option type 'bridge'
+        option proto 'static'
+        option ipaddr '192.168.100.1'
+        option netmask '255.255.255.0'
+
+config interface 'wan'
+        option ifname 'eth0'
+        option proto 'dhcp'
+
+config interface 'wwan'
+        option proto 'dhcp'

etc/config/wireless

@@ -0,0 +1,22 @@
+config wifi-device  radio0
+	option type     mac80211
+	option channel  11
+	option hwmode	11g
+	option path	'platform/ar933x_wmac'
+	option htmode	HT20
+	# REMOVE THIS LINE TO ENABLE WIFI:
+	# option disabled 1
+
+config wifi-iface
+	option device   radio0
+	option network  wwan
+	option mode     sta
+
+config wifi-iface
+	option device radio0
+	option mode ap
+	option ssid NETAIDKIT
+	option encryption psk2
+	option key s3cr3tp4ss
+	option network wlan
+

etc/dnsmasq.conf

@@ -0,0 +1 @@
+address=/#/192.168.101.1

etc/lighttpd/conf.d/30-cgi.conf

@@ -0,0 +1,29 @@
+#######################################################################
+##
+##  CGI modules
+## ---------------
+##
+## http://www.lighttpd.net/documentation/cgi.html
+##
+server.modules += ( "mod_cgi" )
+
+##
+## Plain old CGI handling
+##
+## For PHP don't forget to set cgi.fix_pathinfo = 1 in the php.ini.
+##
+cgi.assign                 = ( ".php" => "/usr/bin/php-cgi" )
+
+##
+## to get the old cgi-bin behavior of apache
+##
+## Note: make sure that mod_alias is loaded if you uncomment the
+##       next line. (see modules.conf)
+##
+#alias.url += ( "/cgi-bin" => server_root + "/cgi-bin" )
+#$HTTP["url"] =~ "^/cgi-bin" {
+#   cgi.assign = ( "" => "" )
+#}
+
+##
+#######################################################################

etc/lighttpd/lighttpd.conf

@@ -0,0 +1,35 @@
+server.modules = (
+)
+
+server.document-root        = "/www"
+server.upload-dirs          = ( "/tmp" )
+server.errorlog             = "/var/log/lighttpd/error.log"
+server.pid-file             = "/var/run/lighttpd.pid"
+server.username             = "http"
+server.groupname            = "www-data"
+
+index-file.names            = ( "index.php", "index.html",
+                                "index.htm", "default.htm",
+                                "index.lighttpd.html" )
+
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+### Options that are useful but not always necessary:
+#server.chroot               = "/"
+#server.port                 = 81
+#server.bind                 = "localhost"
+#server.tag                  = "lighttpd"
+#server.errorlog-use-syslog  = "enable"
+#server.network-backend      = "write"
+
+### Use IPv6 if available
+#include_shell "/usr/share/lighttpd/use-ipv6.pl"
+
+#dir-listing.encoding        = "utf-8"
+#server.dir-listing          = "enable"
+
+include       "/etc/lighttpd/mime.conf"
+include_shell "cat /etc/lighttpd/conf.d/*.conf"
+
+url.rewrite-if-not-file = ( "/(.*)$" => "/index.php?query=$1", )
+

etc/shadow

@@ -0,0 +1,7 @@
+root:$1$2YYqAk8V$GtJCs.DegSAfMf/nulCC//:16407:0:99999:7:::
+daemon:*:0:0:99999:7:::
+ftp:*:0:0:99999:7:::
+network:*:0:0:99999:7:::
+nobody:*:0:0:99999:7:::
+http:x:0:0:99999:7:::
+