diff options
| author | ache <ache@FreeBSD.org> | 1999-11-17 22:38:02 +0000 |
|---|---|---|
| committer | ache <ache@FreeBSD.org> | 1999-11-17 22:38:02 +0000 |
| commit | ef80f4fe7698628a9772de9a6108332d6524975f (patch) | |
| tree | ad00efb84c9fb511bd7a75c297261394cf2272ea | |
| parent | aeb2d2626b24c89dbb68adb9caebd10bbe02dd43 (diff) | |
| download | FreeBSD-src-ef80f4fe7698628a9772de9a6108332d6524975f.zip FreeBSD-src-ef80f4fe7698628a9772de9a6108332d6524975f.tar.gz | |
Add network pass4 - after all local (/usr/local/etc/rc.d f.e.)
daemons started. Move log_in_vain option there. It is needed to avoid
lot of connections to port 80 logged on production WWW server prior
Apache started from /usr/local/etc/rc.d
| -rw-r--r-- | etc/network.subr | 26 | ||||
| -rw-r--r-- | etc/rc | 4 | ||||
| -rw-r--r-- | etc/rc.d/netoptions | 26 | ||||
| -rw-r--r-- | etc/rc.d/network1 | 26 | ||||
| -rw-r--r-- | etc/rc.d/network2 | 26 | ||||
| -rw-r--r-- | etc/rc.d/network3 | 26 | ||||
| -rw-r--r-- | etc/rc.d/routing | 26 | ||||
| -rw-r--r-- | etc/rc.network | 26 |
8 files changed, 116 insertions, 70 deletions
diff --git a/etc/network.subr b/etc/network.subr index d17f6ef..e98b40a 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -256,16 +256,6 @@ network_pass1() { ;; esac - case ${log_in_vain} in - [Nn][Oo] | '') - ;; - *) - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - ;; - esac - case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' @@ -591,3 +581,19 @@ network_pass3() { echo '.' network_pass3_done=YES } + +network_pass4() { + echo -n 'Additional TCP options:' + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + echo '.' + network_pass4_done=YES +} @@ -523,6 +523,10 @@ case ${local_startup} in ;; esac +if [ -n "${network_pass3_done}" ]; then + network_pass4 +fi + # Raise kernel security level. This should be done only after `fsck' has # repaired local file systems if you want the securelevel to be greater than 1. # diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index d17f6ef..e98b40a 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -256,16 +256,6 @@ network_pass1() { ;; esac - case ${log_in_vain} in - [Nn][Oo] | '') - ;; - *) - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - ;; - esac - case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' @@ -591,3 +581,19 @@ network_pass3() { echo '.' network_pass3_done=YES } + +network_pass4() { + echo -n 'Additional TCP options:' + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + echo '.' + network_pass4_done=YES +} diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index d17f6ef..e98b40a 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -256,16 +256,6 @@ network_pass1() { ;; esac - case ${log_in_vain} in - [Nn][Oo] | '') - ;; - *) - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - ;; - esac - case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' @@ -591,3 +581,19 @@ network_pass3() { echo '.' network_pass3_done=YES } + +network_pass4() { + echo -n 'Additional TCP options:' + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + echo '.' + network_pass4_done=YES +} diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index d17f6ef..e98b40a 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -256,16 +256,6 @@ network_pass1() { ;; esac - case ${log_in_vain} in - [Nn][Oo] | '') - ;; - *) - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - ;; - esac - case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' @@ -591,3 +581,19 @@ network_pass3() { echo '.' network_pass3_done=YES } + +network_pass4() { + echo -n 'Additional TCP options:' + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + echo '.' + network_pass4_done=YES +} diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index d17f6ef..e98b40a 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -256,16 +256,6 @@ network_pass1() { ;; esac - case ${log_in_vain} in - [Nn][Oo] | '') - ;; - *) - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - ;; - esac - case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' @@ -591,3 +581,19 @@ network_pass3() { echo '.' network_pass3_done=YES } + +network_pass4() { + echo -n 'Additional TCP options:' + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + echo '.' + network_pass4_done=YES +} diff --git a/etc/rc.d/routing b/etc/rc.d/routing index d17f6ef..e98b40a 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -256,16 +256,6 @@ network_pass1() { ;; esac - case ${log_in_vain} in - [Nn][Oo] | '') - ;; - *) - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - ;; - esac - case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' @@ -591,3 +581,19 @@ network_pass3() { echo '.' network_pass3_done=YES } + +network_pass4() { + echo -n 'Additional TCP options:' + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + echo '.' + network_pass4_done=YES +} diff --git a/etc/rc.network b/etc/rc.network index d17f6ef..e98b40a 100644 --- a/etc/rc.network +++ b/etc/rc.network @@ -256,16 +256,6 @@ network_pass1() { ;; esac - case ${log_in_vain} in - [Nn][Oo] | '') - ;; - *) - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - ;; - esac - case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' @@ -591,3 +581,19 @@ network_pass3() { echo '.' network_pass3_done=YES } + +network_pass4() { + echo -n 'Additional TCP options:' + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + echo '.' + network_pass4_done=YES +} |
