config files

/etc/rc.conf

hostname="FreeBSD"
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
# ifconfig_wlan0_ipv6="inet6 accept_rtadv"
local_unbound_enable="YES"
sshd_enable="YES"
pf_enable="YES"
# ntpd_enable="YES"
# moused_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
kld_list="/boot/modules/i915kms.ko"
hald_enable="YES"
dbus_enable="YES"
slim_enable="YES"


/boot/loader.conf

autoboot_delay="3"
loader_logo="beastiebw"

pf.conf

# The name of our network interface as seen in `ifconfig`
ext_if="re0"

# Macros to define the set of TCP and UDP ports to open.
# Add additional ports or ranges separated by commas.
# UDP 60000-60010 is mosh control http://mosh.mit.edu/
tcp_services = "{ssh, https}"
udp_services = "{60000:60010}"

# If you block all ICMP requests you will break things like path MTU
# discovery. These macros define allowed ICMP types. The additional
# ICMPv6 types are for neighbor discovery (RFC 4861)
icmp_types = "{echoreq, unreach}"
icmp6_types="{echoreq, unreach, 133, 134, 135, 136, 137}"

# Modulate the initial sequence number of TCP packets.
# Broken operating systems sometimes don't randomize this number,
# making it guessable.
tcp_state="flags S/SA keep state"
udp_state="keep state"

# Don't send rejections. Just drop.
set block-policy drop

# Exempt the loopback interface to prevent services utilizing the
# local loop from being blocked accidentally.
set skip on lo0

# all incoming traffic on external interface is normalized and fragmented
# packets are reassembled.
scrub in on $ext_if all fragment reassemble

# set a default deny policy.
block in log all

# This is a desktop so be permissive in allowing outgoing connections.
pass out quick modulate state

# Enable antispoofing on the external interface
antispoof for $ext_if inet
antispoof for $ext_if inet6

# block packets that fail a reverse path check. we look up the routing
# table, check to make sure that the outbound is the same as the source
# it came in on. if not, it is probably source address spoofed.
block in from urpf-failed to any

# drop broadcast requests quietly.
block in quick on $ext_if from any to 255.255.255.255

# Allow the services defined in the macros at the top of the file
pass in on $ext_if inet proto tcp from any to any port $tcp_services $tcp_state
pass in on $ext_if inet6 proto tcp from any to any port $tcp_services $tcp_state

pass in on $ext_if inet proto udp from any to any port $udp_services $udp_state
pass in on $ext_if inet6 proto udp from any to any port $udp_services $udp_state

# Allow ICMP
pass inet proto icmp all icmp-type $icmp_types keep state
pass inet6 proto icmp6 all icmp6-type $icmp6_types keep state

.xinitrc

exec mate-session

.cshrc

/usr/bin/fortune


extra software

xorg
drm-kmod
mate slim
urwfonts
fortune-mod-bofh fortune-mod-epictetus fortune-mod-freebsd-classic
firefox thunderbird gimp filezilla geany bluefish vlc


slim

/usr/local/share/slim/themes/default/
background


Home