summaryrefslogtreecommitdiffstats
path: root/etc
diff options
context:
space:
mode:
Diffstat (limited to 'etc')
-rw-r--r--etc/Makefile320
-rw-r--r--etc/amd.map4
-rw-r--r--etc/apmd.conf55
-rw-r--r--etc/auth.conf8
-rw-r--r--etc/bluetooth/Makefile9
-rw-r--r--etc/bluetooth/hcsecd.conf56
-rw-r--r--etc/bluetooth/hosts10
-rw-r--r--etc/bluetooth/protocols22
-rw-r--r--etc/crontab25
-rw-r--r--etc/csh.cshrc3
-rw-r--r--etc/csh.login15
-rw-r--r--etc/csh.logout3
-rw-r--r--etc/ddb.conf15
-rw-r--r--etc/defaults/Makefile7
-rw-r--r--etc/defaults/bluetooth.device.conf111
-rw-r--r--etc/defaults/devfs.rules86
-rw-r--r--etc/defaults/periodic.conf290
-rw-r--r--etc/defaults/rc.conf725
-rw-r--r--etc/devd.conf326
-rw-r--r--etc/devd/Makefile17
-rw-r--r--etc/devd/apple.conf46
-rw-r--r--etc/devd/asus.conf74
-rw-r--r--etc/devd/uath.conf146
-rw-r--r--etc/devd/usb.conf4331
-rw-r--r--etc/devfs.conf43
-rw-r--r--etc/dhclient.conf8
-rw-r--r--etc/disktab198
-rw-r--r--etc/etc.amd64/ttys49
-rw-r--r--etc/etc.arm/ttys49
-rw-r--r--etc/etc.i386/ttys49
-rw-r--r--etc/etc.ia64/ttys49
-rw-r--r--etc/etc.mips/ttys36
-rw-r--r--etc/etc.pc98/ttys49
-rw-r--r--etc/etc.powerpc/ttys49
-rw-r--r--etc/etc.sparc64/ttys54
-rw-r--r--etc/fbtab4
-rw-r--r--etc/freebsd-update.conf76
-rw-r--r--etc/ftpusers26
-rw-r--r--etc/gettytab233
-rw-r--r--etc/group32
-rw-r--r--etc/gss/Makefile7
-rw-r--r--etc/gss/mech6
-rw-r--r--etc/gss/qop3
-rw-r--r--etc/hosts31
-rw-r--r--etc/hosts.allow91
-rw-r--r--etc/hosts.equiv4
-rw-r--r--etc/hosts.lpd4
-rw-r--r--etc/inetd.conf118
-rw-r--r--etc/libalias.conf8
-rw-r--r--etc/login.access46
-rw-r--r--etc/login.conf318
-rw-r--r--etc/mac.conf18
-rw-r--r--etc/mail/Makefile248
-rw-r--r--etc/mail/README58
-rw-r--r--etc/mail/access.sample17
-rw-r--r--etc/mail/aliases78
-rw-r--r--etc/mail/mailer.conf10
-rw-r--r--etc/mail/mailertable.sample7
-rw-r--r--etc/mail/virtusertable.sample11
-rw-r--r--etc/man.alias4
-rw-r--r--etc/master.passwd24
-rw-r--r--etc/minfree1
-rw-r--r--etc/motd25
-rw-r--r--etc/mtree/BIND.chroot.dist35
-rw-r--r--etc/mtree/BIND.include.dist22
-rw-r--r--etc/mtree/BSD.groff.dist48
-rw-r--r--etc/mtree/BSD.include.dist332
-rw-r--r--etc/mtree/BSD.release.dist22
-rw-r--r--etc/mtree/BSD.root.dist96
-rw-r--r--etc/mtree/BSD.sendmail.dist14
-rw-r--r--etc/mtree/BSD.usr.dist1362
-rw-r--r--etc/mtree/BSD.var.dist96
-rw-r--r--etc/mtree/Makefile29
-rw-r--r--etc/mtree/README50
-rw-r--r--etc/namedb/Makefile11
-rw-r--r--etc/namedb/master/Makefile9
-rw-r--r--etc/namedb/master/empty.db11
-rw-r--r--etc/namedb/master/localhost-forward.db11
-rw-r--r--etc/namedb/master/localhost-reverse.db13
-rw-r--r--etc/namedb/named.conf294
-rw-r--r--etc/namedb/named.root92
-rw-r--r--etc/netconfig19
-rwxr-xr-xetc/netstart65
-rw-r--r--etc/network.subr1411
-rw-r--r--etc/networks17
-rw-r--r--etc/newsyslog.conf38
-rw-r--r--etc/nls.alias4
-rw-r--r--etc/nscd.conf12
-rw-r--r--etc/nsmb.conf56
-rw-r--r--etc/nsswitch.conf15
-rw-r--r--etc/ntp.conf64
-rw-r--r--etc/opieaccess13
-rw-r--r--etc/pam.d/Makefile24
-rw-r--r--etc/pam.d/README62
-rw-r--r--etc/pam.d/atrun10
-rw-r--r--etc/pam.d/convert.pl87
-rw-r--r--etc/pam.d/cron9
-rw-r--r--etc/pam.d/ftpd20
-rw-r--r--etc/pam.d/imap14
-rw-r--r--etc/pam.d/kde19
-rw-r--r--etc/pam.d/login20
-rw-r--r--etc/pam.d/other25
-rw-r--r--etc/pam.d/passwd11
-rw-r--r--etc/pam.d/pop314
-rw-r--r--etc/pam.d/rsh18
-rw-r--r--etc/pam.d/sshd26
-rw-r--r--etc/pam.d/su17
-rw-r--r--etc/pam.d/system25
-rw-r--r--etc/pam.d/telnetd26
-rw-r--r--etc/pam.d/xdm22
-rwxr-xr-xetc/pccard_ether126
-rw-r--r--etc/periodic/Makefile5
-rw-r--r--etc/periodic/Makefile.inc5
-rwxr-xr-xetc/periodic/daily/100.clean-disks55
-rwxr-xr-xetc/periodic/daily/110.clean-tmps60
-rwxr-xr-xetc/periodic/daily/120.clean-preserve53
-rwxr-xr-xetc/periodic/daily/130.clean-msgs35
-rwxr-xr-xetc/periodic/daily/140.clean-rwho53
-rwxr-xr-xetc/periodic/daily/150.clean-hoststat29
-rwxr-xr-xetc/periodic/daily/200.backup-passwd77
-rwxr-xr-xetc/periodic/daily/210.backup-aliases47
-rwxr-xr-xetc/periodic/daily/220.backup-pkgdb51
-rwxr-xr-xetc/periodic/daily/300.calendar29
-rwxr-xr-xetc/periodic/daily/310.accounting65
-rwxr-xr-xetc/periodic/daily/330.news34
-rwxr-xr-xetc/periodic/daily/400.status-disks32
-rwxr-xr-xetc/periodic/daily/404.status-zfs36
-rwxr-xr-xetc/periodic/daily/405.status-ata-raid33
-rwxr-xr-xetc/periodic/daily/406.status-gmirror34
-rwxr-xr-xetc/periodic/daily/407.status-graid334
-rwxr-xr-xetc/periodic/daily/408.status-gstripe34
-rwxr-xr-xetc/periodic/daily/409.status-gconcat34
-rwxr-xr-xetc/periodic/daily/420.status-network29
-rwxr-xr-xetc/periodic/daily/430.status-rwho38
-rwxr-xr-xetc/periodic/daily/440.status-mailq66
-rwxr-xr-xetc/periodic/daily/450.status-security41
-rwxr-xr-xetc/periodic/daily/460.status-mail-rejects73
-rwxr-xr-xetc/periodic/daily/470.status-named62
-rwxr-xr-xetc/periodic/daily/480.status-ntpd28
-rwxr-xr-xetc/periodic/daily/490.status-pkg-changes43
-rwxr-xr-xetc/periodic/daily/500.queuerun36
-rwxr-xr-xetc/periodic/daily/800.scrub-zfs98
-rwxr-xr-xetc/periodic/daily/999.local38
-rw-r--r--etc/periodic/daily/Makefile65
-rwxr-xr-xetc/periodic/monthly/200.accounting51
-rwxr-xr-xetc/periodic/monthly/999.local35
-rw-r--r--etc/periodic/monthly/Makefile13
-rwxr-xr-xetc/periodic/security/100.chksetuid58
-rwxr-xr-xetc/periodic/security/110.neggrpperm54
-rwxr-xr-xetc/periodic/security/200.chkmounts62
-rwxr-xr-xetc/periodic/security/300.chkuid051
-rwxr-xr-xetc/periodic/security/400.passwdless48
-rwxr-xr-xetc/periodic/security/410.logincheck52
-rwxr-xr-xetc/periodic/security/460.chkportsum68
-rwxr-xr-xetc/periodic/security/500.ipfwdenied53
-rwxr-xr-xetc/periodic/security/510.ipfdenied53
-rwxr-xr-xetc/periodic/security/520.pfdenied53
-rwxr-xr-xetc/periodic/security/550.ipfwlimit68
-rwxr-xr-xetc/periodic/security/610.ipf6denied53
-rwxr-xr-xetc/periodic/security/700.kernelmsg53
-rwxr-xr-xetc/periodic/security/800.loginfail68
-rwxr-xr-xetc/periodic/security/900.tcpwrap68
-rw-r--r--etc/periodic/security/Makefile36
-rw-r--r--etc/periodic/security/security.functions78
-rwxr-xr-xetc/periodic/weekly/310.locate32
-rwxr-xr-xetc/periodic/weekly/320.whatis51
-rwxr-xr-xetc/periodic/weekly/330.catman58
-rwxr-xr-xetc/periodic/weekly/340.noid29
-rwxr-xr-xetc/periodic/weekly/400.status-pkg33
-rwxr-xr-xetc/periodic/weekly/999.local35
-rw-r--r--etc/periodic/weekly/Makefile22
-rw-r--r--etc/pf.os690
-rw-r--r--etc/phones8
-rw-r--r--etc/portsnap.conf35
-rw-r--r--etc/ppp/ppp.conf37
-rw-r--r--etc/printcap54
-rw-r--r--etc/profile18
-rw-r--r--etc/protocols151
-rw-r--r--etc/rc118
-rw-r--r--etc/rc.bsdextended138
-rwxr-xr-xetc/rc.d/DAEMON10
-rwxr-xr-xetc/rc.d/FILESYSTEMS12
-rwxr-xr-xetc/rc.d/LOGIN13
-rw-r--r--etc/rc.d/Makefile68
-rwxr-xr-xetc/rc.d/NETWORKING12
-rwxr-xr-xetc/rc.d/SERVERS10
-rwxr-xr-xetc/rc.d/abi64
-rwxr-xr-xetc/rc.d/accounting75
-rwxr-xr-xetc/rc.d/addswap33
-rwxr-xr-xetc/rc.d/adjkerntz18
-rwxr-xr-xetc/rc.d/amd56
-rwxr-xr-xetc/rc.d/apm46
-rwxr-xr-xetc/rc.d/apmd43
-rwxr-xr-xetc/rc.d/archdep45
-rwxr-xr-xetc/rc.d/atm1176
-rwxr-xr-xetc/rc.d/atm297
-rwxr-xr-xetc/rc.d/atm393
-rwxr-xr-xetc/rc.d/auditd32
-rwxr-xr-xetc/rc.d/bgfsck42
-rwxr-xr-xetc/rc.d/bluetooth365
-rwxr-xr-xetc/rc.d/bootparams19
-rwxr-xr-xetc/rc.d/bridge93
-rwxr-xr-xetc/rc.d/bsnmpd18
-rwxr-xr-xetc/rc.d/bthidd33
-rwxr-xr-xetc/rc.d/ccd24
-rwxr-xr-xetc/rc.d/cleanvar73
-rwxr-xr-xetc/rc.d/cleartmp60
-rwxr-xr-xetc/rc.d/cron23
-rwxr-xr-xetc/rc.d/ddb32
-rwxr-xr-xetc/rc.d/defaultroute73
-rwxr-xr-xetc/rc.d/devd40
-rwxr-xr-xetc/rc.d/devfs70
-rwxr-xr-xetc/rc.d/dhclient57
-rwxr-xr-xetc/rc.d/dmesg26
-rwxr-xr-xetc/rc.d/dumpon69
-rwxr-xr-xetc/rc.d/encswap57
-rwxr-xr-xetc/rc.d/faith75
-rwxr-xr-xetc/rc.d/fsck78
-rwxr-xr-xetc/rc.d/ftp-proxy17
-rwxr-xr-xetc/rc.d/ftpd25
-rwxr-xr-xetc/rc.d/gbde119
-rwxr-xr-xetc/rc.d/geli90
-rwxr-xr-xetc/rc.d/geli258
-rwxr-xr-xetc/rc.d/gptboot77
-rwxr-xr-xetc/rc.d/gssd18
-rwxr-xr-xetc/rc.d/hastd29
-rwxr-xr-xetc/rc.d/hcsecd24
-rwxr-xr-xetc/rc.d/hostapd25
-rwxr-xr-xetc/rc.d/hostid103
-rwxr-xr-xetc/rc.d/hostid_save28
-rwxr-xr-xetc/rc.d/hostname81
-rwxr-xr-xetc/rc.d/inetd20
-rwxr-xr-xetc/rc.d/initrandom82
-rwxr-xr-xetc/rc.d/ip6addrctl102
-rwxr-xr-xetc/rc.d/ipfilter92
-rwxr-xr-xetc/rc.d/ipfs51
-rwxr-xr-xetc/rc.d/ipfw110
-rwxr-xr-xetc/rc.d/ipmon33
-rwxr-xr-xetc/rc.d/ipnat28
-rwxr-xr-xetc/rc.d/ipsec59
-rwxr-xr-xetc/rc.d/ipxrouted19
-rwxr-xr-xetc/rc.d/jail742
-rwxr-xr-xetc/rc.d/kadmind20
-rwxr-xr-xetc/rc.d/kerberos17
-rwxr-xr-xetc/rc.d/keyserv32
-rwxr-xr-xetc/rc.d/kld53
-rwxr-xr-xetc/rc.d/kldxref35
-rwxr-xr-xetc/rc.d/kpasswdd20
-rwxr-xr-xetc/rc.d/ldconfig83
-rwxr-xr-xetc/rc.d/local36
-rwxr-xr-xetc/rc.d/localpkg77
-rwxr-xr-xetc/rc.d/lockd43
-rwxr-xr-xetc/rc.d/lpd27
-rwxr-xr-xetc/rc.d/mdconfig197
-rwxr-xr-xetc/rc.d/mdconfig2227
-rwxr-xr-xetc/rc.d/mixer103
-rwxr-xr-xetc/rc.d/motd49
-rwxr-xr-xetc/rc.d/mountcritlocal54
-rwxr-xr-xetc/rc.d/mountcritremote79
-rwxr-xr-xetc/rc.d/mountd56
-rwxr-xr-xetc/rc.d/mountlate56
-rwxr-xr-xetc/rc.d/moused72
-rwxr-xr-xetc/rc.d/mroute6d18
-rwxr-xr-xetc/rc.d/mrouted20
-rwxr-xr-xetc/rc.d/msgs13
-rwxr-xr-xetc/rc.d/named301
-rwxr-xr-xetc/rc.d/natd43
-rwxr-xr-xetc/rc.d/netif158
-rwxr-xr-xetc/rc.d/netoptions125
-rwxr-xr-xetc/rc.d/netwait98
-rwxr-xr-xetc/rc.d/newsyslog26
-rwxr-xr-xetc/rc.d/nfscbd19
-rwxr-xr-xetc/rc.d/nfsclient50
-rwxr-xr-xetc/rc.d/nfsd78
-rwxr-xr-xetc/rc.d/nfsuserd19
-rwxr-xr-xetc/rc.d/nisdomain54
-rwxr-xr-xetc/rc.d/nscd53
-rwxr-xr-xetc/rc.d/nsswitch103
-rwxr-xr-xetc/rc.d/ntpd53
-rwxr-xr-xetc/rc.d/ntpdate34
-rwxr-xr-xetc/rc.d/opensm28
-rwxr-xr-xetc/rc.d/othermta18
-rwxr-xr-xetc/rc.d/pf72
-rwxr-xr-xetc/rc.d/pflog56
-rwxr-xr-xetc/rc.d/pfsync55
-rwxr-xr-xetc/rc.d/power_profile97
-rwxr-xr-xetc/rc.d/powerd25
-rwxr-xr-xetc/rc.d/ppp134
-rwxr-xr-xetc/rc.d/pppoed33
-rwxr-xr-xetc/rc.d/pwcheck27
-rwxr-xr-xetc/rc.d/quota34
-rwxr-xr-xetc/rc.d/random93
-rwxr-xr-xetc/rc.d/rarpd20
-rwxr-xr-xetc/rc.d/rctl39
-rwxr-xr-xetc/rc.d/resolv57
-rwxr-xr-xetc/rc.d/rfcomm_pppd_server122
-rwxr-xr-xetc/rc.d/root42
-rwxr-xr-xetc/rc.d/route6d20
-rwxr-xr-xetc/rc.d/routed21
-rwxr-xr-xetc/rc.d/routing361
-rwxr-xr-xetc/rc.d/rpcbind19
-rwxr-xr-xetc/rc.d/rtadvd61
-rwxr-xr-xetc/rc.d/rtsold26
-rwxr-xr-xetc/rc.d/rwho18
-rwxr-xr-xetc/rc.d/savecore76
-rwxr-xr-xetc/rc.d/sdpd24
-rwxr-xr-xetc/rc.d/securelevel28
-rwxr-xr-xetc/rc.d/sendmail99
-rwxr-xr-xetc/rc.d/serial168
-rwxr-xr-xetc/rc.d/sppp36
-rwxr-xr-xetc/rc.d/sshd102
-rwxr-xr-xetc/rc.d/statd43
-rwxr-xr-xetc/rc.d/static_arp74
-rwxr-xr-xetc/rc.d/static_ndp74
-rwxr-xr-xetc/rc.d/stf78
-rwxr-xr-xetc/rc.d/swap117
-rwxr-xr-xetc/rc.d/syscons263
-rwxr-xr-xetc/rc.d/sysctl59
-rwxr-xr-xetc/rc.d/syslogd72
-rwxr-xr-xetc/rc.d/timed18
-rwxr-xr-xetc/rc.d/tmp71
-rwxr-xr-xetc/rc.d/ubthidhci40
-rwxr-xr-xetc/rc.d/ugidfw42
-rwxr-xr-xetc/rc.d/var109
-rwxr-xr-xetc/rc.d/virecover65
-rwxr-xr-xetc/rc.d/watchdogd42
-rwxr-xr-xetc/rc.d/wpa_supplicant46
-rwxr-xr-xetc/rc.d/ypbind38
-rwxr-xr-xetc/rc.d/yppasswdd42
-rwxr-xr-xetc/rc.d/ypserv40
-rwxr-xr-xetc/rc.d/ypset41
-rwxr-xr-xetc/rc.d/ypupdated40
-rwxr-xr-xetc/rc.d/ypxfrd41
-rwxr-xr-xetc/rc.d/zfs65
-rwxr-xr-xetc/rc.d/zvol45
-rw-r--r--etc/rc.firewall539
-rw-r--r--etc/rc.initdiskless381
-rwxr-xr-xetc/rc.resume72
-rw-r--r--etc/rc.sendmail277
-rw-r--r--etc/rc.shutdown108
-rw-r--r--etc/rc.subr1778
-rwxr-xr-xetc/rc.suspend79
-rw-r--r--etc/regdomain.xml1901
-rw-r--r--etc/remote76
-rw-r--r--etc/root/dot.cshrc35
-rw-r--r--etc/root/dot.k5login4
-rw-r--r--etc/root/dot.login9
-rw-r--r--etc/root/dot.profile10
-rw-r--r--etc/rpc68
-rw-r--r--etc/sendmail/Makefile94
-rw-r--r--etc/sendmail/freebsd.mc90
-rw-r--r--etc/sendmail/freebsd.submit.mc27
-rw-r--r--etc/sendmail/freefall.mc47
-rw-r--r--etc/services2483
-rw-r--r--etc/shells9
-rw-r--r--etc/snmpd.config302
-rw-r--r--etc/sysctl.conf9
-rw-r--r--etc/syslog.conf31
-rw-r--r--etc/termcap.small315
359 files changed, 36800 insertions, 0 deletions
diff --git a/etc/Makefile b/etc/Makefile
new file mode 100644
index 0000000..42d6959
--- /dev/null
+++ b/etc/Makefile
@@ -0,0 +1,320 @@
+# from: @(#)Makefile 5.11 (Berkeley) 5/21/91
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+.if ${MK_SENDMAIL} != "no"
+SUBDIR= sendmail
+.endif
+
+BIN1= auth.conf \
+ crontab devd.conf devfs.conf \
+ ddb.conf dhclient.conf disktab fbtab \
+ ftpusers gettytab group \
+ hosts hosts.allow hosts.equiv \
+ inetd.conf libalias.conf login.access login.conf mac.conf motd \
+ netconfig network.subr networks newsyslog.conf nsswitch.conf \
+ phones profile protocols \
+ rc rc.bsdextended rc.firewall rc.initdiskless \
+ rc.sendmail rc.shutdown \
+ rc.subr remote rpc services shells \
+ sysctl.conf syslog.conf termcap.small
+
+.if exists(${.CURDIR}/etc.${MACHINE}/ttys)
+BIN1+= etc.${MACHINE}/ttys
+.elif exists(${.CURDIR}/etc.${MACHINE_ARCH}/ttys)
+BIN1+= etc.${MACHINE_ARCH}/ttys
+.elif exists(${.CURDIR}/etc.${MACHINE_CPUARCH}/ttys)
+BIN1+= etc.${MACHINE_CPUARCH}/ttys
+.else
+.error etc.MACHINE/ttys missing
+.endif
+
+OPENBSMDIR= ${.CURDIR}/../contrib/openbsm
+BSM_ETC_OPEN_FILES= ${OPENBSMDIR}/etc/audit_class \
+ ${OPENBSMDIR}/etc/audit_event
+BSM_ETC_RESTRICTED_FILES= ${OPENBSMDIR}/etc/audit_control \
+ ${OPENBSMDIR}/etc/audit_user
+BSM_ETC_EXEC_FILES= ${OPENBSMDIR}/etc/audit_warn
+BSM_ETC_DIR= ${DESTDIR}/etc/security
+
+# NB: keep these sorted by MK_* knobs
+
+.if ${MK_AMD} != "no"
+BIN1+= amd.map
+.endif
+
+.if ${MK_APM} != "no"
+BIN1+= apmd.conf
+.endif
+
+.if ${MK_BSNMP} != "no"
+BIN1+= snmpd.config
+.endif
+
+.if ${MK_FREEBSD_UPDATE} != "no"
+BIN1+= freebsd-update.conf
+.endif
+
+.if ${MK_LOCATE} != "no"
+BIN1+= ${.CURDIR}/../usr.bin/locate/locate/locate.rc
+.endif
+
+.if ${MK_LPR} != "no"
+BIN1+= hosts.lpd printcap
+.endif
+
+.if ${MK_MAIL} != "no"
+BIN1+= ${.CURDIR}/../usr.bin/mail/misc/mail.rc
+.endif
+
+.if ${MK_NTP} != "no"
+BIN1+= ntp.conf
+.endif
+
+.if ${MK_OPENSSH} != "no"
+SSH= ${.CURDIR}/../crypto/openssh/ssh_config \
+ ${.CURDIR}/../crypto/openssh/sshd_config \
+ ${.CURDIR}/../crypto/openssh/moduli
+.endif
+.if ${MK_OPENSSL} != "no"
+SSL= ${.CURDIR}/../crypto/openssl/apps/openssl.cnf
+.endif
+
+.if ${MK_NS_CACHING} != "no"
+BIN1+= nscd.conf
+.endif
+
+.if ${MK_PORTSNAP} != "no"
+BIN1+= portsnap.conf
+.endif
+
+.if ${MK_PF} != "no"
+BIN1+= pf.os
+.endif
+
+.if ${MK_TCSH} != "no"
+BIN1+= csh.cshrc csh.login csh.logout
+.endif
+
+.if ${MK_WIRELESS} != "no"
+BIN1+= regdomain.xml
+.endif
+
+# -rwxr-xr-x root:wheel, for the new cron root:wheel
+BIN2= netstart pccard_ether rc.suspend rc.resume
+
+MTREE= BSD.include.dist BSD.root.dist BSD.usr.dist BSD.var.dist
+.if ${MK_SENDMAIL} != "no"
+MTREE+= BSD.sendmail.dist
+.endif
+.if ${MK_BIND} != "no"
+MTREE+= BIND.chroot.dist
+.if ${MK_BIND_LIBS} != "no"
+MTREE+= BIND.include.dist
+.endif
+.endif
+
+PPPCNF= ppp.conf
+
+.if ${MK_SENDMAIL} == "no"
+ETCMAIL=mailer.conf aliases
+.else
+ETCMAIL=Makefile README mailer.conf access.sample virtusertable.sample \
+ mailertable.sample aliases
+.endif
+
+# Special top level files for FreeBSD
+FREEBSD=COPYRIGHT
+
+afterinstall:
+.if ${MK_MAN} != "no"
+ ${_+_}cd ${.CURDIR}/../share/man; ${MAKE} makedb
+.endif
+
+distribute:
+ ${_+_}cd ${.CURDIR} ; ${MAKE} install DESTDIR=${DISTDIR}/${DISTRIBUTION}
+ ${_+_}cd ${.CURDIR} ; ${MAKE} distribution DESTDIR=${DISTDIR}/${DISTRIBUTION}
+
+.include <bsd.endian.mk>
+.if ${TARGET_ENDIANNESS} == "1234"
+CAP_MKDB_ENDIAN?= -l
+PWD_MKDB_ENDIAN?= -L
+.elif ${TARGET_ENDIANNESS} == "4321"
+CAP_MKDB_ENDIAN?= -b
+PWD_MKDB_ENDIAN?= -B
+.else
+CAP_MKDB_ENDIAN?=
+PWD_MKDB_ENDIAN?=
+.endif
+
+distribution:
+.if !defined(DESTDIR)
+ @echo "set DESTDIR before running \"make ${.TARGET}\""
+ @false
+.endif
+ cd ${.CURDIR}; \
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${BIN1} ${DESTDIR}/etc; \
+ cap_mkdb ${CAP_MKDB_ENDIAN} ${DESTDIR}/etc/login.conf; \
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 755 \
+ ${BIN2} ${DESTDIR}/etc; \
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
+ master.passwd nsmb.conf opieaccess ${DESTDIR}/etc;
+.if ${MK_AT} == "no"
+ sed -i "" -e 's;.*/usr/libexec/atrun;#&;' ${DESTDIR}/etc/crontab
+.endif
+.if ${MK_TCSH} == "no"
+ sed -i "" -e 's;/bin/csh;/bin/sh;' ${DESTDIR}/etc/master.passwd
+.endif
+ pwd_mkdb ${PWD_MKDB_ENDIAN} -i -p -d ${DESTDIR}/etc \
+ ${DESTDIR}/etc/master.passwd
+.if ${MK_BLUETOOTH} != "no"
+ ${_+_}cd ${.CURDIR}/bluetooth; ${MAKE} install
+.endif
+ ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install
+ ${_+_}cd ${.CURDIR}/devd; ${MAKE} install
+ ${_+_}cd ${.CURDIR}/gss; ${MAKE} install
+ ${_+_}cd ${.CURDIR}/periodic; ${MAKE} install
+ ${_+_}cd ${.CURDIR}/rc.d; ${MAKE} install
+ ${_+_}cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall
+ ${_+_}cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap
+ ${_+_}cd ${.CURDIR}/../usr.sbin/rmt; ${MAKE} etc-rmt
+ ${_+_}cd ${.CURDIR}/pam.d; ${MAKE} install
+ cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0444 \
+ ${BSM_ETC_OPEN_FILES} ${BSM_ETC_DIR}
+ cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0600 \
+ ${BSM_ETC_RESTRICTED_FILES} ${BSM_ETC_DIR}
+ cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 0500 \
+ ${BSM_ETC_EXEC_FILES} ${BSM_ETC_DIR}
+.if ${MK_BIND_MTREE} != "no"
+ @if [ ! -e ${DESTDIR}/etc/namedb ]; then \
+ set -x; \
+ ln -s ../var/named/etc/namedb ${DESTDIR}/etc/namedb; \
+ fi
+.endif
+.if ${MK_BIND_ETC} != "no"
+ ${_+_}cd ${.CURDIR}/namedb; ${MAKE} install
+.endif
+.if ${MK_SENDMAIL} != "no"
+ ${_+_}cd ${.CURDIR}/sendmail; ${MAKE} distribution
+.endif
+.if ${MK_OPENSSH} != "no"
+ cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${SSH} ${DESTDIR}/etc/ssh
+.endif
+.if ${MK_OPENSSL} != "no"
+ cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${SSL} ${DESTDIR}/etc/ssl
+.endif
+.if ${MK_KERBEROS} != "no"
+ cd ${.CURDIR}/root; \
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ dot.k5login ${DESTDIR}/root/.k5login;
+.endif
+ cd ${.CURDIR}/root; \
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ dot.profile ${DESTDIR}/root/.profile; \
+ rm -f ${DESTDIR}/.profile; \
+ ln ${DESTDIR}/root/.profile ${DESTDIR}/.profile
+.if ${MK_TCSH} != "no"
+ cd ${.CURDIR}/root; \
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ dot.cshrc ${DESTDIR}/root/.cshrc; \
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ dot.login ${DESTDIR}/root/.login; \
+ rm -f ${DESTDIR}/.cshrc; \
+ ln ${DESTDIR}/root/.cshrc ${DESTDIR}/.cshrc
+.endif
+ cd ${.CURDIR}/mtree; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
+ ${MTREE} ${DESTDIR}/etc/mtree
+.if ${MK_PPP} != "no"
+ cd ${.CURDIR}/ppp; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 600 \
+ ${PPPCNF} ${DESTDIR}/etc/ppp
+.endif
+.if ${MK_MAIL} != "no"
+ cd ${.CURDIR}/mail; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${ETCMAIL} ${DESTDIR}/etc/mail
+ @if [ -d ${DESTDIR}/etc/mail -a -f ${DESTDIR}/etc/mail/aliases -a \
+ ! -f ${DESTDIR}/etc/aliases ]; then \
+ set -x; \
+ ln -s mail/aliases ${DESTDIR}/etc/aliases; \
+ fi
+.endif
+ ${INSTALL} -o ${BINOWN} -g operator -m 664 /dev/null \
+ ${DESTDIR}/etc/dumpdates
+ ${INSTALL} -o nobody -g ${BINGRP} -m 644 /dev/null \
+ ${DESTDIR}/var/db/locate.database
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 ${.CURDIR}/minfree \
+ ${DESTDIR}/var/crash
+ cd ${.CURDIR}/..; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
+ ${FREEBSD} ${DESTDIR}/
+.if ${MK_BOOT} != "no"
+.if exists(${.CURDIR}/../sys/${MACHINE}/conf/GENERIC.hints)
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
+ ${.CURDIR}/../sys/${MACHINE}/conf/GENERIC.hints \
+ ${DESTDIR}/boot/device.hints
+.endif
+.endif
+.if ${MK_NIS} == "no"
+ sed -i "" -e 's/.*_compat:/# &/' -e 's/compat$$/files/' \
+ ${DESTDIR}/etc/nsswitch.conf
+.endif
+
+distrib-dirs:
+ mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.root.dist -p ${DESTDIR}/
+ mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.var.dist -p ${DESTDIR}/var
+ mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.usr.dist -p ${DESTDIR}/usr
+ mtree -eU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.include.dist \
+ -p ${DESTDIR}/usr/include
+.if ${MK_BIND_LIBS} != "no"
+ mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BIND.include.dist \
+ -p ${DESTDIR}/usr/include
+.endif
+.if ${MK_BIND_MTREE} != "no"
+ mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BIND.chroot.dist \
+ -p ${DESTDIR}/var/named
+.endif
+.if ${MK_GROFF} != "no"
+ mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.groff.dist -p ${DESTDIR}/usr
+.endif
+.if ${MK_SENDMAIL} != "no"
+ mtree -deU ${MTREE_FOLLOWS_SYMLINKS} -f ${.CURDIR}/mtree/BSD.sendmail.dist -p ${DESTDIR}/
+.endif
+ cd ${DESTDIR}/; rm -f ${DESTDIR}/sys; ln -s usr/src/sys sys
+ cd ${DESTDIR}/usr/share/man/en.ISO8859-1; ln -sf ../man* .
+ cd ${DESTDIR}/usr/share/man/en.UTF-8; ln -sf ../man* .
+ cd ${DESTDIR}/usr/share/man; \
+ set - `grep "^[a-zA-Z]" ${.CURDIR}/man.alias`; \
+ while [ $$# -gt 0 ] ; \
+ do \
+ rm -rf "$$1"; \
+ ln -s "$$2" "$$1"; \
+ shift; shift; \
+ done
+ cd ${DESTDIR}/usr/share/openssl/man; \
+ set - `grep "^[a-zA-Z]" ${.CURDIR}/man.alias`; \
+ while [ $$# -gt 0 ] ; \
+ do \
+ rm -rf "$$1"; \
+ ln -s "$$2" "$$1"; \
+ shift; shift; \
+ done
+ cd ${DESTDIR}/usr/share/openssl/man/en.ISO8859-1; ln -sf ../man* .
+ cd ${DESTDIR}/usr/share/nls; \
+ set - `grep "^[a-zA-Z]" ${.CURDIR}/nls.alias`; \
+ while [ $$# -gt 0 ] ; \
+ do \
+ rm -rf "$$1"; \
+ ln -s "$$2" "$$1"; \
+ shift; shift; \
+ done
+
+etc-examples:
+ cd ${.CURDIR}; ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
+ ${BIN1} ${BIN2} nsmb.conf opieaccess \
+ ${DESTDIR}/usr/share/examples/etc
+ ${_+_}cd ${.CURDIR}/defaults; ${MAKE} install \
+ DESTDIR=${DESTDIR}/usr/share/examples
+
+.include <bsd.prog.mk>
diff --git a/etc/amd.map b/etc/amd.map
new file mode 100644
index 0000000..375ef34
--- /dev/null
+++ b/etc/amd.map
@@ -0,0 +1,4 @@
+# $FreeBSD$
+#
+/defaults type:=host;fs:=${autodir}/${rhost}/host;rhost:=${key}
+* opts:=rw,grpid,resvport,vers=3,proto=tcp,nosuid,nodev
diff --git a/etc/apmd.conf b/etc/apmd.conf
new file mode 100644
index 0000000..be4a6c3
--- /dev/null
+++ b/etc/apmd.conf
@@ -0,0 +1,55 @@
+# apmd Configuration File
+#
+# $FreeBSD$
+#
+
+apm_event SUSPENDREQ {
+ exec "/etc/rc.suspend apm suspend";
+}
+
+apm_event USERSUSPENDREQ {
+ exec "sync && sync && sync";
+ exec "sleep 1";
+ exec "apm -z";
+}
+
+apm_event NORMRESUME {
+ exec "/etc/rc.resume apm suspend";
+}
+
+apm_event STANDBYRESUME {
+ exec "/etc/rc.resume apm standby";
+}
+
+# resume event configuration for serial mouse users by
+# reinitializing a moused(8) connected to a serial port.
+#
+#apm_event NORMRESUME {
+# exec "kill -HUP `cat /var/run/moused.pid`";
+#}
+
+# suspend request event configuration for ATA HDD users:
+# execute standby instead of suspend.
+#
+#apm_event SUSPENDREQ {
+# reject;
+# exec "sync && sync && sync";
+# exec "sleep 1";
+# exec "apm -Z";
+#}
+
+# Sample entries for battery state monitoring
+#apm_battery 5% discharging {
+# exec "logger -p user.emerg battery status critical!";
+# exec "echo T250L8CE-GE-C >/dev/speaker";
+#}
+#apm_battery 1% discharging {
+# exec "logger -p user.emerg battery low - emergency suspend";
+# exec "echo T250L16B+BA+AG+GF+FED+DC+CC >/dev/speaker";
+# exec "apm -z";
+#}
+#apm_battery 99% charging {
+# exec "logger -p user.notice battery fully charged";
+#}
+
+# apmd Configuration ends here
diff --git a/etc/auth.conf b/etc/auth.conf
new file mode 100644
index 0000000..08b6f7a
--- /dev/null
+++ b/etc/auth.conf
@@ -0,0 +1,8 @@
+#
+# $FreeBSD$
+#
+# Configure some authentication-related defaults. This file is being
+# gradually subsumed by user class and PAM configuration.
+#
+
+# crypt_default = md5 des
diff --git a/etc/bluetooth/Makefile b/etc/bluetooth/Makefile
new file mode 100644
index 0000000..e2e3622
--- /dev/null
+++ b/etc/bluetooth/Makefile
@@ -0,0 +1,9 @@
+# $Id: Makefile,v 1.2 2003/10/21 22:22:27 max Exp $
+# $FreeBSD$
+
+FILESDIR= /etc/bluetooth
+FILES= hcsecd.conf hosts protocols
+FILESMODE_hcsecd.conf= 600
+FILESMODE_hosts= 644
+
+.include <bsd.prog.mk>
diff --git a/etc/bluetooth/hcsecd.conf b/etc/bluetooth/hcsecd.conf
new file mode 100644
index 0000000..e6b9599
--- /dev/null
+++ b/etc/bluetooth/hcsecd.conf
@@ -0,0 +1,56 @@
+# $Id: hcsecd.conf,v 1.1 2003/05/26 22:50:47 max Exp $
+# $FreeBSD$
+#
+# HCI security daemon configuration file
+#
+# Format:
+#
+# device {
+# option value ;
+# }
+#
+# Possible options and values
+#
+# Options Values
+# ----------------------------------
+# bdaddr xx:xx:xx:xx:xx:xx ; - remote device BD_ADDR
+# name "any char" ; - to set user friendly device name
+# key 0x11223344 | nokey ; - to set link key for the device
+# pin "secret" | nopin ; - to PIN code for the device
+#
+# Notes:
+#
+# Currently there is no way to select keys/PIN code based on which
+# local device received the request. Everything is based on remote
+# device BD_ADDR.
+#
+# "nokey" means that no link key has been defined and we should
+# send Link_Key_Negative_Reply command to the device.
+#
+# "nopin" means that no PIN code has been defined and we should
+# send PIN_Code_Negative_Reply command to the device
+#
+
+# Default entry is applied if no better match found
+# It MUST have 00:00:00:00:00:00 as bdaddr
+device {
+ bdaddr 00:00:00:00:00:00;
+ name "Default entry";
+ key nokey;
+ pin nopin;
+}
+
+device {
+ bdaddr 00:01:02:03:04:05;
+ name "Dummy";
+ key nokey;
+ pin "0000";
+}
+
+device {
+ bdaddr 00:11:22:33:44:55;
+ name "Dummy";
+ key 0x00112233445566778899aabbccddeeff; # 16 bytes key (hex string)
+ pin nopin;
+}
+
diff --git a/etc/bluetooth/hosts b/etc/bluetooth/hosts
new file mode 100644
index 0000000..b704248
--- /dev/null
+++ b/etc/bluetooth/hosts
@@ -0,0 +1,10 @@
+# $Id: hosts,v 1.1 2003/05/21 17:48:40 max Exp $
+# $FreeBSD$
+#
+# Bluetooth Host Database
+#
+# This file should contain the Bluetooth addresses and aliases for hosts.
+#
+# BD_ADDR Name [ alias0 alias1 ... ]
+
+# 00:11:22:33:44:55 phone
diff --git a/etc/bluetooth/protocols b/etc/bluetooth/protocols
new file mode 100644
index 0000000..6715094
--- /dev/null
+++ b/etc/bluetooth/protocols
@@ -0,0 +1,22 @@
+# $Id: protocols,v 1.2 2003/05/21 22:17:14 max Exp $
+# $FreeBSD$
+#
+# Bluetooth Protocol/Service Multiplexor (PSM) names and numbers
+#
+# See also
+# https://www.bluetooth.org/foundry/assignnumb/document/assigned_numbers
+#
+# Protocol PSM Alias Reference
+
+sdp 1 SDP # Service Discovery Protocol
+rfcomm 3 RFCOMM # RFCOMM with TS 07.10
+tcs-bin 5 TCS-BIN # Telephony Control Specification
+tcs-bin-cordless 7 TCS-BIN-CORDLESS # Telephony Control Specification
+bnep 15 BNEP # Bluetooth Network Encapsulation Protocol
+hid-control 17 HID-Control # Human Interface Device (control)
+hid-interrupt 19 HID-Interrupt # Human Interface Device (interrupt)
+upnp 21 UPnP # See ESDP, Bluetooth SIG
+avctp 23 AVCTP # Audio/Video Control Transport Protocol
+avdtp 25 AVDTP # Audio/Video Distribution Transport Protocol
+udi-c-plane 29 UDI-C-Plane # Unrestricted Digital Information Profile
+
diff --git a/etc/crontab b/etc/crontab
new file mode 100644
index 0000000..e1e6e88
--- /dev/null
+++ b/etc/crontab
@@ -0,0 +1,25 @@
+# /etc/crontab - root's crontab for FreeBSD
+#
+# $FreeBSD$
+#
+SHELL=/bin/sh
+PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
+#
+#minute hour mday month wday who command
+#
+*/5 * * * * root /usr/libexec/atrun
+#
+# Save some entropy so that /dev/random can re-seed on boot.
+*/11 * * * * operator /usr/libexec/save-entropy
+#
+# Rotate log files every hour, if necessary.
+0 * * * * root newsyslog
+#
+# Perform daily/weekly/monthly maintenance.
+1 3 * * * root periodic daily
+15 4 * * 6 root periodic weekly
+30 5 1 * * root periodic monthly
+#
+# Adjust the time zone if the CMOS clock keeps local time, as opposed to
+# UTC time. See adjkerntz(8) for details.
+1,31 0-5 * * * root adjkerntz -a
diff --git a/etc/csh.cshrc b/etc/csh.cshrc
new file mode 100644
index 0000000..f4f775a
--- /dev/null
+++ b/etc/csh.cshrc
@@ -0,0 +1,3 @@
+# $FreeBSD$
+#
+# System-wide .cshrc file for csh(1).
diff --git a/etc/csh.login b/etc/csh.login
new file mode 100644
index 0000000..283c6d4
--- /dev/null
+++ b/etc/csh.login
@@ -0,0 +1,15 @@
+# $FreeBSD$
+#
+# System-wide .login file for csh(1).
+# Uncomment this to give you the default 4.2 behavior, where disk
+# information is shown in K-Blocks
+# setenv BLOCKSIZE K
+#
+# For the setting of languages and character sets please see
+# login.conf(5) and in particular the charset and lang options.
+# For full locales list check /usr/share/locale/*
+#
+# Check system messages
+# msgs -q
+# Allow terminal messages
+# mesg y
diff --git a/etc/csh.logout b/etc/csh.logout
new file mode 100644
index 0000000..6b0584f
--- /dev/null
+++ b/etc/csh.logout
@@ -0,0 +1,3 @@
+# $FreeBSD$
+#
+# System-wide .logout file for csh(1).
diff --git a/etc/ddb.conf b/etc/ddb.conf
new file mode 100644
index 0000000..a793705
--- /dev/null
+++ b/etc/ddb.conf
@@ -0,0 +1,15 @@
+# $FreeBSD$
+#
+# This file is read when going to multi-user and its contents piped thru
+# ``ddb'' to define debugging scripts.
+#
+# see ``man 4 ddb'' and ``man 8 ddb'' for details.
+#
+
+script lockinfo=show locks; show alllocks; show lockedvnods
+
+# kdb.enter.panic panic(9) was called.
+script kdb.enter.panic=textdump set; capture on; run lockinfo; show pcpu; bt; ps; alltrace; capture off; call doadump; reset
+
+# kdb.enter.witness witness(4) detected a locking error.
+script kdb.enter.witness=run lockinfo
diff --git a/etc/defaults/Makefile b/etc/defaults/Makefile
new file mode 100644
index 0000000..c6555e6
--- /dev/null
+++ b/etc/defaults/Makefile
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+FILES= bluetooth.device.conf devfs.rules periodic.conf rc.conf
+NO_OBJ=
+FILESDIR= /etc/defaults
+
+.include <bsd.prog.mk>
diff --git a/etc/defaults/bluetooth.device.conf b/etc/defaults/bluetooth.device.conf
new file mode 100644
index 0000000..6e6a981
--- /dev/null
+++ b/etc/defaults/bluetooth.device.conf
@@ -0,0 +1,111 @@
+# Copyright (c) 2005 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+
+# The authentication_enable parameter controls if the device requires to
+# authenticate the remote device at connection setup. At connection setup,
+# only the devices with the authentication_enable parameter enabled will
+# try to authenticate the other device.
+#
+# Possible values:
+#
+# NO or 0 authentication disabled (default);
+# YES or 1 authentication enabled.
+
+# authentication_enable="NO"
+
+# The class parameter is used to indicate the capabilities of the device to
+# other devices.
+#
+# For more details see "Assigned Numbers - Bluetooth Baseband" document
+#
+# Possible value:
+#
+# xx:xx:xx where xx is a hex number
+
+# class="ff:01:0c"
+
+# The connectable parameter controls whether or not the device should
+# periodically scan for page attempts from other devices.
+#
+# Possible values:
+#
+# NO or 0 do not scan for page attempts;
+# YES or 1 scan for page attempts (default).
+
+# connectable="YES"
+
+# The discoverable parameter controls whether or not the device should
+# periodically scan for inquiry requests from other devices.
+#
+# Possible values:
+#
+# NO or 0 do not scan for inquiry requests;
+# YES or 1 scan for inquiry requests (default).
+
+# discoverable="YES"
+
+# The encryption_mode parameter controls if the device requires encryption
+# to the remote device at connection setup. At connection setup, only the
+# devices with the authentication_enable parameter enabled and encryption_mode
+# parameter enabled will try to encrypt the connection to the other device.
+#
+# Possible values:
+#
+# NONE or 0 encryption disabled (default);
+# P2P or 1 encryption only for point-to-point packets;
+# ALL or 2 encryption for both point-to-point and broadcast packets.
+
+# encryption_mode="NONE"
+
+# HCI node debug level. Higher values mean more verbose output.
+#
+# Possible values: 0 - 4
+
+# hci_debug_level="3"
+
+# L2CAP node debug level. Higher values mean more verbose output.
+#
+# Possible values: 0 - 4
+
+# l2cap_debug_level="3"
+
+# The local_name parameter provides the ability to modify the user friendly
+# name for the device.
+
+# local_name="My device"
+
+# The role_switch parameter controls whether the local device should perform
+# role switch. By default, if role switch is supported, the local device will
+# try to perform role switch and become Master on incoming connection. Some
+# devices do not support role switch and thus incoming connections from such
+# devices will fail. If role switch is disabled then accepting device will
+# remain Slave.
+#
+# NO or 0 do not perform role switch;
+# YES or 1 perform role switch (default).
+
+# role_switch="YES"
+
diff --git a/etc/defaults/devfs.rules b/etc/defaults/devfs.rules
new file mode 100644
index 0000000..8fa6496
--- /dev/null
+++ b/etc/defaults/devfs.rules
@@ -0,0 +1,86 @@
+#
+# The following are some default rules for devfs(5) mounts.
+# The format is very simple. Empty lines and lines beginning
+# with a hash '#' are ignored. If the hash mark occurs anywhere
+# other than the beginning of a line, it and any subsequent
+# characters will be ignored. A line in between brackets '[]'
+# denotes the beginning of a ruleset. In the brackets should
+# be a name for the rule and its ruleset number. Any other lines
+# will be considered to be the 'action' part of a rule
+# passed to the devfs(8) command. These will be passed
+# "as-is" to the devfs(8) command with the exception that
+# any references to other rulesets will be expanded first. These
+# references must include a dollar sign '$' in front of the
+# name to be expanded properly.
+#
+# $FreeBSD$
+#
+
+# Very basic and secure ruleset: Hide everything.
+# Used as a basis for other rules.
+#
+[devfsrules_hide_all=1]
+add hide
+
+# Basic devices typically necessary.
+# Requires: devfsrules_hide_all
+#
+[devfsrules_unhide_basic=2]
+add path log unhide
+add path null unhide
+add path zero unhide
+add path crypto unhide
+add path random unhide
+add path urandom unhide
+
+# Devices typically needed to support logged-in users.
+# Requires: devfsrules_hide_all
+#
+[devfsrules_unhide_login=3]
+add path 'ptyp*' unhide
+add path 'ptyq*' unhide
+add path 'ptyr*' unhide
+add path 'ptys*' unhide
+add path 'ptyP*' unhide
+add path 'ptyQ*' unhide
+add path 'ptyR*' unhide
+add path 'ptyS*' unhide
+add path 'ptyl*' unhide
+add path 'ptym*' unhide
+add path 'ptyn*' unhide
+add path 'ptyo*' unhide
+add path 'ptyL*' unhide
+add path 'ptyM*' unhide
+add path 'ptyN*' unhide
+add path 'ptyO*' unhide
+add path 'ttyp*' unhide
+add path 'ttyq*' unhide
+add path 'ttyr*' unhide
+add path 'ttys*' unhide
+add path 'ttyP*' unhide
+add path 'ttyQ*' unhide
+add path 'ttyR*' unhide
+add path 'ttyS*' unhide
+add path 'ttyl*' unhide
+add path 'ttym*' unhide
+add path 'ttyn*' unhide
+add path 'ttyo*' unhide
+add path 'ttyL*' unhide
+add path 'ttyM*' unhide
+add path 'ttyN*' unhide
+add path 'ttyO*' unhide
+add path ptmx unhide
+add path pts unhide
+add path 'pts/*' unhide
+add path fd unhide
+add path 'fd/*' unhide
+add path stdin unhide
+add path stdout unhide
+add path stderr unhide
+
+# Devices usually found in a jail.
+#
+[devfsrules_jail=4]
+add include $devfsrules_hide_all
+add include $devfsrules_unhide_basic
+add include $devfsrules_unhide_login
diff --git a/etc/defaults/periodic.conf b/etc/defaults/periodic.conf
new file mode 100644
index 0000000..27192bc
--- /dev/null
+++ b/etc/defaults/periodic.conf
@@ -0,0 +1,290 @@
+#!/bin/sh
+#
+# This is defaults/periodic.conf - a file full of useful variables that
+# you can set to change the default behaviour of periodic jobs on your
+# system. You should not edit this file! Put any overrides into one of the
+# $periodic_conf_files instead and you will be able to update these defaults
+# later without spamming your local configuration information.
+#
+# The $periodic_conf_files files should only contain values which override
+# values set in this file. This eases the upgrade path when defaults
+# are changed and new features are added.
+#
+# For a more detailed explanation of all the periodic.conf variables, please
+# refer to the periodic.conf(5) manual page.
+#
+# $FreeBSD$
+#
+
+# What files override these defaults ?
+periodic_conf_files="/etc/periodic.conf /etc/periodic.conf.local"
+
+# periodic script dirs
+local_periodic="/usr/local/etc/periodic"
+
+
+# Daily options
+
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $daily_output might be set to /var/log/daily.log if you
+# wish to log the daily output and have the files rotated by newsyslog(8)
+#
+daily_output="root" # user or /file
+daily_show_success="YES" # scripts returning 0
+daily_show_info="YES" # scripts returning 1
+daily_show_badconfig="NO" # scripts returning 2
+
+# 100.clean-disks
+daily_clean_disks_enable="NO" # Delete files daily
+daily_clean_disks_files="[#,]* .#* a.out *.core *.CKP .emacs_[0-9]*"
+daily_clean_disks_days=3 # If older than this
+daily_clean_disks_verbose="YES" # Mention files deleted
+
+# 110.clean-tmps
+daily_clean_tmps_enable="NO" # Delete stuff daily
+daily_clean_tmps_dirs="/tmp" # Delete under here
+daily_clean_tmps_days="3" # If not accessed for
+daily_clean_tmps_ignore=".X*-lock .X11-unix .ICE-unix .font-unix .XIM-unix"
+daily_clean_tmps_ignore="$daily_clean_tmps_ignore quota.user quota.group .snap"
+ # Don't delete these
+daily_clean_tmps_verbose="YES" # Mention files deleted
+
+# 120.clean-preserve
+daily_clean_preserve_enable="YES" # Delete files daily
+daily_clean_preserve_days=7 # If not modified for
+daily_clean_preserve_verbose="YES" # Mention files deleted
+
+# 130.clean-msgs
+daily_clean_msgs_enable="YES" # Delete msgs daily
+daily_clean_msgs_days= # If not modified for
+
+# 140.clean-rwho
+daily_clean_rwho_enable="YES" # Delete rwho daily
+daily_clean_rwho_days=7 # If not modified for
+daily_clean_rwho_verbose="YES" # Mention files deleted
+
+# 150.clean-hoststat
+daily_clean_hoststat_enable="YES" # Purge sendmail host
+ # status cache daily
+
+# 200.backup-passwd
+daily_backup_passwd_enable="YES" # Backup passwd & group
+
+# 210.backup-aliases
+daily_backup_aliases_enable="YES" # Backup mail aliases
+
+# 220.backup-pkgdb
+daily_backup_pkgdb_enable="YES" # Backup /var/db/pkg
+daily_backup_pkgdb_dir="/var/backups"
+
+# 300.calendar
+daily_calendar_enable="NO" # Run calendar -a
+
+# 310.accounting
+daily_accounting_enable="YES" # Rotate acct files
+daily_accounting_compress="NO" # Gzip rotated files
+daily_accounting_flags=-q # Flags to /usr/sbin/sa
+daily_accounting_save=3 # How many files to save
+
+# 330.news
+daily_news_expire_enable="YES" # Run news.expire
+
+# 400.status-disks
+daily_status_disks_enable="YES" # Check disk status
+daily_status_disks_df_flags="-l -h" # df(1) flags for check
+
+# 404.status-zfs
+daily_status_zfs_enable="NO" # Check ZFS
+
+# 405.status-ata_raid
+daily_status_ata_raid_enable="NO" # Check ATA raid status
+
+# 406.status-gmirror
+daily_status_gmirror_enable="NO" # Check gmirror(8)
+
+# 407.status-graid3
+daily_status_graid3_enable="NO" # Check graid3(8)
+
+# 408.status-gstripe
+daily_status_gstripe_enable="NO" # Check gstripe(8)
+
+# 409.status-gconcat
+daily_status_gconcat_enable="NO" # Check gconcat(8)
+
+# 420.status-network
+daily_status_network_enable="YES" # Check network status
+daily_status_network_usedns="YES" # DNS lookups are ok
+
+# 430.status-rwho
+daily_status_rwho_enable="YES" # Check system status
+
+# 440.status-mailq
+daily_status_mailq_enable="YES" # Check mail status
+daily_status_mailq_shorten="NO" # Shorten output
+daily_status_include_submit_mailq="YES" # Also submit queue
+
+# 450.status-security
+daily_status_security_enable="YES" # Security check
+# See "Security options" below for more options
+
+# 460.status-mail-rejects
+daily_status_mail_rejects_enable="YES" # Check mail rejects
+daily_status_mail_rejects_logs=3 # How many logs to check
+daily_status_mail_rejects_shorten="NO" # Shorten output
+
+# 470.status-named
+daily_status_named_enable="YES"
+daily_status_named_usedns="YES" # DNS lookups are ok
+
+# 480.status-ntpd
+daily_status_ntpd_enable="NO" # Check NTP status
+
+# 490.status-pkg-changes
+daily_status_pkg_changes_enable="NO" # Show package changes
+
+# 500.queuerun
+daily_queuerun_enable="YES" # Run mail queue
+daily_submit_queuerun="YES" # Also submit queue
+
+# 800.scrub-zfs
+daily_scrub_zfs_enable="NO"
+daily_scrub_zfs_pools="" # empty string selects all pools
+daily_scrub_zfs_default_threshold="35" # days between scrubs
+#daily_scrub_zfs_${poolname}_threshold="35" # pool specific threshold
+
+# 999.local
+daily_local="/etc/daily.local" # Local scripts
+
+
+# Security options
+
+# These options are used by the security periodic(8) scripts spawned in
+# 450.status-security above.
+daily_status_security_inline="NO" # Run inline ?
+daily_status_security_output="root" # user or /file
+daily_status_security_noamd="NO" # Don't check amd mounts
+daily_status_security_logdir="/var/log" # Directory for logs
+daily_status_security_diff_flags="-b -u" # flags for diff output
+
+# 100.chksetuid
+daily_status_security_chksetuid_enable="YES"
+
+# 110.neggrpperm
+daily_status_security_neggrpperm_enable="YES"
+
+# 200.chkmounts
+daily_status_security_chkmounts_enable="YES"
+#daily_status_security_chkmounts_ignore="^amd:" # Don't check matching
+ # FS types
+
+# 300.chkuid0
+daily_status_security_chkuid0_enable="YES"
+
+# 400.passwdless
+daily_status_security_passwdless_enable="YES"
+
+# 410.logincheck
+daily_status_security_logincheck_enable="YES"
+
+# 460.chkportsum
+daily_status_security_chkportsum_enable="NO" # Check ports w/ wrong checksum
+
+# 500.ipfwdenied
+daily_status_security_ipfwdenied_enable="YES"
+
+# 510.ipfdenied
+daily_status_security_ipfdenied_enable="YES"
+
+# 520.pfdenied
+daily_status_security_pfdenied_enable="YES"
+
+# 550.ipfwlimit
+daily_status_security_ipfwlimit_enable="YES"
+
+# 610.ipf6denied
+daily_status_security_ipf6denied_enable="YES"
+
+# 700.kernelmsg
+daily_status_security_kernelmsg_enable="YES"
+
+# 800.loginfail
+daily_status_security_loginfail_enable="YES"
+
+# 900.tcpwrap
+daily_status_security_tcpwrap_enable="YES"
+
+
+# Weekly options
+
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $weekly_output might be set to /var/log/weekly.log if you
+# wish to log the weekly output and have the files rotated by newsyslog(8)
+#
+weekly_output="root" # user or /file
+weekly_show_success="YES" # scripts returning 0
+weekly_show_info="YES" # scripts returning 1
+weekly_show_badconfig="NO" # scripts returning 2
+
+# 310.locate
+weekly_locate_enable="YES" # Update locate weekly
+
+# 320.whatis
+weekly_whatis_enable="YES" # Update whatis weekly
+
+# 330.catman
+weekly_catman_enable="NO" # Preformat man pages
+
+# 340.noid
+weekly_noid_enable="NO" # Find unowned files
+weekly_noid_dirs="/" # Look here
+
+# 400.status-pkg
+weekly_status_pkg_enable="NO" # Find out-of-date pkgs
+pkg_version=pkg_version # Use this program
+pkg_version_index=/usr/ports/INDEX-9 # Use this index file
+
+# 999.local
+weekly_local="/etc/weekly.local" # Local scripts
+
+
+# Monthly options
+
+# These options are used by periodic(8) itself to determine what to do
+# with the output of the sub-programs that are run, and where to send
+# that output. $monthly_output might be set to /var/log/monthly.log if you
+# wish to log the monthly output and have the files rotated by newsyslog(8)
+#
+monthly_output="root" # user or /file
+monthly_show_success="YES" # scripts returning 0
+monthly_show_info="YES" # scripts returning 1
+monthly_show_badconfig="NO" # scripts returning 2
+
+# 200.accounting
+monthly_accounting_enable="YES" # Login accounting
+
+# 999.local
+monthly_local="/etc/monthly.local" # Local scripts
+
+
+# Define source_periodic_confs, the mechanism used by /etc/periodic/*/*
+# scripts to source defaults/periodic.conf overrides safely.
+
+if [ -z "${source_periodic_confs_defined}" ]; then
+ source_periodic_confs_defined=yes
+ source_periodic_confs () {
+ local i sourced_files
+
+ for i in ${periodic_conf_files}; do
+ case ${sourced_files} in
+ *:$i:*)
+ ;;
+ *)
+ sourced_files="${sourced_files}:$i:"
+ [ -r $i ] && . $i
+ ;;
+ esac
+ done
+ }
+fi
diff --git a/etc/defaults/rc.conf b/etc/defaults/rc.conf
new file mode 100644
index 0000000..b9e78ce
--- /dev/null
+++ b/etc/defaults/rc.conf
@@ -0,0 +1,725 @@
+#!/bin/sh
+
+# This is rc.conf - a file full of useful variables that you can set
+# to change the default startup behavior of your system. You should
+# not edit this file! Put any overrides into one of the ${rc_conf_files}
+# instead and you will be able to update these defaults later without
+# spamming your local configuration information.
+#
+# The ${rc_conf_files} files should only contain values which override
+# values set in this file. This eases the upgrade path when defaults
+# are changed and new features are added.
+#
+# All arguments must be in double or single quotes.
+#
+# For a more detailed explanation of all the rc.conf variables, please
+# refer to the rc.conf(5) manual page.
+#
+# $FreeBSD$
+
+##############################################################
+### Important initial Boot-time options ####################
+##############################################################
+
+rc_debug="NO" # Set to YES to enable debugging output from rc.d
+rc_info="NO" # Enables display of informational messages at boot.
+rc_startmsgs="YES" # Show "Starting foo:" messages at boot
+rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown
+early_late_divider="FILESYSTEMS" # Script that separates early/late
+ # stages of the boot process. Make sure you know
+ # the ramifications if you change this.
+ # See rc.conf(5) for more details.
+
+swapfile="NO" # Set to name of swapfile if aux swapfile desired.
+apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO).
+apmd_enable="NO" # Run apmd to handle APM event from userland.
+apmd_flags="" # Flags to apmd (if enabled).
+ddb_enable="NO" # Set to YES to load ddb scripts at boot.
+ddb_config="/etc/ddb.conf" # ddb(8) config file.
+devd_enable="YES" # Run devd, to trigger programs on device tree changes.
+devd_flags="" # Additional flags for devd(8).
+#kld_list="" # Kernel modules to load after local disks are mounted
+kldxref_enable="NO" # Build linker.hints files with kldxref(8).
+kldxref_clobber="NO" # Overwrite old linker.hints at boot.
+kldxref_module_path="" # Override kern.module_path. A ';'-delimited list.
+powerd_enable="NO" # Run powerd to lower our power usage.
+powerd_flags="" # Flags to powerd (if enabled).
+tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never
+tmpsize="20m" # Size of mfs /tmp if created
+tmpmfs_flags="-S" # Extra mdmfs options for the mfs /tmp
+varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never
+varsize="32m" # Size of mfs /var if created
+varmfs_flags="-S" # Extra mount options for the mfs /var
+populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never
+cleanvar_enable="YES" # Clean the /var directory
+local_startup="/usr/local/etc/rc.d" # startup script dirs.
+script_name_sep=" " # Change if your startup scripts' names contain spaces
+rc_conf_files="/etc/rc.conf /etc/rc.conf.local"
+
+# ZFS support
+zfs_enable="NO" # Set to YES to automatically mount ZFS file systems
+
+gptboot_enable="YES" # GPT boot success/failure reporting.
+
+# Experimental - test before enabling
+gbde_autoattach_all="NO" # YES automatically mounts gbde devices from fstab
+gbde_devices="NO" # Devices to automatically attach (list, or AUTO)
+gbde_attach_attempts="3" # Number of times to attempt attaching gbde devices
+gbde_lockdir="/etc" # Where to look for gbde lockfiles
+
+# GELI disk encryption configuration.
+geli_devices="" # List of devices to automatically attach in addition to
+ # GELI devices listed in /etc/fstab.
+geli_tries="" # Number of times to attempt attaching geli device.
+ # If empty, kern.geom.eli.tries will be used.
+geli_default_flags="" # Default flags for geli(8).
+geli_autodetach="YES" # Automatically detach on last close.
+ # Providers are marked as such when all file systems are
+ # mounted.
+# Example use.
+#geli_devices="da1 mirror/home"
+#geli_da1_flags="-p -k /etc/geli/da1.keys"
+#geli_da1_autodetach="NO"
+#geli_mirror_home_flags="-k /etc/geli/home.keys"
+
+geli_swap_flags="-e aes -l 256 -s 4096 -d" # Options for GELI-encrypted
+ # swap partitions.
+
+root_rw_mount="YES" # Set to NO to inhibit remounting root read-write.
+fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen fails.
+fsck_y_flags="" # Additional flags for fsck -y
+background_fsck="YES" # Attempt to run fsck in the background where possible.
+background_fsck_delay="60" # Time to wait (seconds) before starting the fsck.
+netfs_types="nfs:NFS oldnfs:OLDNFS smbfs:SMB portalfs:PORTAL nwfs:NWFS" # Net filesystems.
+extra_netfs_types="NO" # List of network extra filesystem types for delayed
+ # mount at startup (or NO).
+
+##############################################################
+### Network configuration sub-section ######################
+##############################################################
+
+### Basic network and firewall/security options: ###
+hostname="" # Set this!
+hostid_enable="YES" # Set host UUID.
+hostid_file="/etc/hostid" # File with hostuuid.
+nisdomainname="NO" # Set to NIS domain if using NIS (or NO).
+dhclient_program="/sbin/dhclient" # Path to dhcp client program.
+dhclient_flags="" # Extra flags to pass to dhcp client.
+#dhclient_flags_fxp0="" # Extra dhclient flags for fxp0 only
+background_dhclient="NO" # Start dhcp client in the background.
+#background_dhclient_fxp0="YES" # Start dhcp client on fxp0 in the background.
+synchronous_dhclient="NO" # Start dhclient directly on configured
+ # interfaces during startup.
+defaultroute_delay="30" # Time to wait for a default route on a DHCP interface.
+defaultroute_carrier_delay="5" # Time to wait for carrier while waiting for a default route.
+wpa_supplicant_program="/usr/sbin/wpa_supplicant"
+wpa_supplicant_flags="-s" # Extra flags to pass to wpa_supplicant
+wpa_supplicant_conf_file="/etc/wpa_supplicant.conf"
+#
+firewall_enable="NO" # Set to YES to enable firewall functionality
+firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
+firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall)
+firewall_quiet="NO" # Set to YES to suppress rule display
+firewall_logging="NO" # Set to YES to enable events logging
+firewall_flags="" # Flags passed to ipfw when type is a file
+firewall_coscripts="" # List of executables/scripts to run after
+ # firewall starts/stops
+firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client"
+ # firewall.
+#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for
+ # "client" firewall.
+firewall_simple_iif="ed1" # Inside network interface for "simple"
+ # firewall.
+firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
+ # firewall.
+firewall_simple_oif="ed0" # Outside network interface for "simple"
+ # firewall.
+firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
+ # firewall.
+#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple"
+ # firewall.
+#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix
+ # for "simple" firewall.
+#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple"
+ # firewall.
+#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix
+ # for "simple" firewall.
+firewall_myservices="" # List of TCP ports on which this host
+ # offers services for "workstation" firewall.
+firewall_allowservices="" # List of IPs which have access to
+ # $firewall_myservices for "workstation"
+ # firewall.
+firewall_trusted="" # List of IPs which have full access to this
+ # host for "workstation" firewall.
+firewall_logdeny="NO" # Set to YES to log default denied incoming
+ # packets for "workstation" firewall.
+firewall_nologports="135-139,445 1026,1027 1433,1434" # List of TCP/UDP ports
+ # for which denied incoming packets are not
+ # logged for "workstation" firewall.
+firewall_nat_enable="NO" # Enable kernel NAT (if firewall_enable == YES)
+firewall_nat_interface="" # Public interface or IPaddress to use
+firewall_nat_flags="" # Additional configuration parameters
+dummynet_enable="NO" # Load the dummynet(4) module
+ip_portrange_first="NO" # Set first dynamically allocated port
+ip_portrange_last="NO" # Set last dynamically allocated port
+ike_enable="NO" # Enable IKE daemon (usually racoon or isakmpd)
+ike_program="/usr/local/sbin/isakmpd" # Path to IKE daemon
+ike_flags="" # Additional flags for IKE daemon
+ipsec_enable="NO" # Set to YES to run setkey on ipsec_file
+ipsec_file="/etc/ipsec.conf" # Name of config file for setkey
+natd_program="/sbin/natd" # path to natd, if you want a different one.
+natd_enable="NO" # Enable natd (if firewall_enable == YES).
+natd_interface="" # Public interface or IPaddress to use.
+natd_flags="" # Additional flags for natd.
+ipfilter_enable="NO" # Set to YES to enable ipfilter functionality
+ipfilter_program="/sbin/ipf" # where the ipfilter program lives
+ipfilter_rules="/etc/ipf.rules" # rules definition file for ipfilter, see
+ # /usr/src/contrib/ipfilter/rules for examples
+ipfilter_flags="" # additional flags for ipfilter
+ipnat_enable="NO" # Set to YES to enable ipnat functionality
+ipnat_program="/sbin/ipnat" # where the ipnat program lives
+ipnat_rules="/etc/ipnat.rules" # rules definition file for ipnat
+ipnat_flags="" # additional flags for ipnat
+ipmon_enable="NO" # Set to YES for ipmon; needs ipfilter or ipnat
+ipmon_program="/sbin/ipmon" # where the ipfilter monitor program lives
+ipmon_flags="-Ds" # typically "-Ds" or "-D /var/log/ipflog"
+ipfs_enable="NO" # Set to YES to enable saving and restoring
+ # of state tables at shutdown and boot
+ipfs_program="/sbin/ipfs" # where the ipfs program lives
+ipfs_flags="" # additional flags for ipfs
+pf_enable="NO" # Set to YES to enable packet filter (pf)
+pf_rules="/etc/pf.conf" # rules definition file for pf
+pf_program="/sbin/pfctl" # where the pfctl program lives
+pf_flags="" # additional flags for pfctl
+pflog_enable="NO" # Set to YES to enable packet filter logging
+pflog_logfile="/var/log/pflog" # where pflogd should store the logfile
+pflog_program="/sbin/pflogd" # where the pflogd program lives
+pflog_flags="" # additional flags for pflogd
+ftpproxy_enable="NO" # Set to YES to enable ftp-proxy(8) for pf
+ftpproxy_flags="" # additional flags for ftp-proxy(8)
+pfsync_enable="NO" # Expose pf state to other hosts for syncing
+pfsync_syncdev="" # Interface for pfsync to work through
+pfsync_syncpeer="" # IP address of pfsync peer host
+pfsync_ifconfig="" # Additional options to ifconfig(8) for pfsync
+tcp_extensions="YES" # Set to NO to turn off RFC1323 extensions.
+log_in_vain="0" # >=1 to log connects to ports w/o listeners.
+tcp_keepalive="YES" # Enable stale TCP connection timeout (or NO).
+tcp_drop_synfin="NO" # Set to YES to drop TCP packets with SYN+FIN
+ # NOTE: this violates the TCP specification
+icmp_drop_redirect="NO" # Set to YES to ignore ICMP REDIRECT packets
+icmp_log_redirect="NO" # Set to YES to log ICMP REDIRECT packets
+network_interfaces="auto" # List of network interfaces (or "auto").
+cloned_interfaces="" # List of cloned network interfaces to create.
+#cloned_interfaces="gif0 gif1 gif2 gif3" # Pre-cloning GENERIC config.
+#ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration.
+#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
+#ifconfig_ed0_ipx="ipx 0x00010010" # Sample IPX address family entry.
+#ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64" # Sample IPv6 addr entry
+#ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64" # Sample IPv6 alias
+#ifconfig_fxp0_name="net0" # Change interface name from fxp0 to net0.
+#vlans_fxp0="101 vlan0" # vlan(4) interfaces for fxp0 device
+#create_args_vlan0="vlan 102" # vlan tag for vlan0 device
+#wlans_ath0="wlan0" # wlan(4) interfaces for ath0 device
+#wlandebug_wlan0="scan+auth+assoc" # Set debug flags with wlanddebug(8)
+#ipv4_addrs_fxp0="192.168.0.1/24 192.168.1.1-5/28" # example IPv4 address entry.
+#
+#autobridge_interfaces="bridge0" # List of bridges to check
+#autobridge_bridge0="tap* vlan0" # Interface glob to automatically add to the bridge
+#
+# If you have any sppp(4) interfaces above, you might also want to set
+# the following parameters. Refer to spppcontrol(8) for their meaning.
+sppp_interfaces="" # List of sppp interfaces.
+#sppp_interfaces="...0" # example: sppp over ...
+#spppconfig_...0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'"
+gif_interfaces="" # List of GIF tunnels.
+#gif_interfaces="gif0 gif1" # Examples typically for a router.
+ # Choose correct tunnel addrs.
+#gifconfig_gif0="10.1.1.1 10.1.2.1" # Examples typically for a router.
+#gifconfig_gif1="10.1.1.2 10.1.2.2" # Examples typically for a router.
+fec_interfaces="" # List of Fast EtherChannels.
+#fec_interfaces="fec0 fec1"
+#fecconfig_fec0="fxp0 dc0" # Examples typically for two NICs
+#fecconfig_fec1="em0 em1 bge0 bge1" # Examples typically for four NICs
+
+# User ppp configuration.
+ppp_enable="NO" # Start user-ppp (or NO).
+ppp_program="/usr/sbin/ppp" # Path to user-ppp program.
+ppp_mode="auto" # Choice of "auto", "ddial", "direct" or "dedicated".
+ # For details see man page for ppp(8). Default is auto.
+ppp_nat="YES" # Use PPP's internal network address translation or NO.
+ppp_profile="papchap" # Which profile to use from /etc/ppp/ppp.conf.
+ppp_user="root" # Which user to run ppp as
+
+# Start multiple instances of ppp at boot time
+#ppp_profile="profile1 profile2 profile3" # Which profiles to use
+#ppp_profile1_mode="ddial" # Override ppp mode for profile1
+#ppp_profile2_nat="NO" # Override nat mode for profile2
+# profile3 uses default ppp_mode and ppp_nat
+
+### Network daemon (miscellaneous) ###
+hostapd_enable="NO" # Run hostap daemon.
+syslogd_enable="YES" # Run syslog daemon (or NO).
+syslogd_program="/usr/sbin/syslogd" # path to syslogd, if you want a different one.
+syslogd_flags="-s" # Flags to syslogd (if enabled).
+inetd_enable="NO" # Run the network daemon dispatcher (YES/NO).
+inetd_program="/usr/sbin/inetd" # path to inetd, if you want a different one.
+inetd_flags="-wW -C 60" # Optional flags to inetd
+hastd_enable="NO" # Run the HAST daemon (YES/NO).
+hastd_program="/sbin/hastd" # path to hastd, if you want a different one.
+hastd_flags="" # Optional flags to hastd.
+#
+# named. It may be possible to run named in a sandbox, man security for
+# details.
+#
+named_enable="NO" # Run named, the DNS server (or NO).
+named_program="/usr/sbin/named" # Path to named, if you want a different one.
+named_conf="/etc/namedb/named.conf" # Path to the configuration file
+#named_flags="" # Use this for flags OTHER than -u and -c
+named_uid="bind" # User to run named as
+named_chrootdir="/var/named" # Chroot directory (or "" not to auto-chroot it)
+named_chroot_autoupdate="YES" # Automatically install/update chrooted
+ # components of named. See /etc/rc.d/named.
+named_symlink_enable="YES" # Symlink the chrooted pid file
+named_wait="NO" # Wait for working name service before exiting
+named_wait_host="localhost" # Hostname to check if named_wait is enabled
+named_auto_forward="NO" # Set up forwarders from /etc/resolv.conf
+named_auto_forward_only="NO" # Do "forward only" instead of "forward first"
+
+#
+# kerberos. Do not run the admin daemons on slave servers
+#
+kerberos5_server_enable="NO" # Run a kerberos 5 master server (or NO).
+kerberos5_server="/usr/libexec/kdc" # path to kerberos 5 KDC
+kerberos5_server_flags="--detach" # Additional flags to the kerberos 5 server
+kadmind5_server_enable="NO" # Run kadmind (or NO)
+kadmind5_server="/usr/libexec/kadmind" # path to kerberos 5 admin daemon
+kpasswdd_server_enable="NO" # Run kpasswdd (or NO)
+kpasswdd_server="/usr/libexec/kpasswdd" # path to kerberos 5 passwd daemon
+
+gssd_enable="NO" # Run the gssd daemon (or NO).
+gssd_flags="" # Flags for gssd.
+
+rwhod_enable="NO" # Run the rwho daemon (or NO).
+rwhod_flags="" # Flags for rwhod
+rarpd_enable="NO" # Run rarpd (or NO).
+rarpd_flags="-a" # Flags to rarpd.
+bootparamd_enable="NO" # Run bootparamd (or NO).
+bootparamd_flags="" # Flags to bootparamd
+pppoed_enable="NO" # Run the PPP over Ethernet daemon.
+pppoed_provider="*" # Provider and ppp(8) config file entry.
+pppoed_flags="-P /var/run/pppoed.pid" # Flags to pppoed (if enabled).
+pppoed_interface="fxp0" # The interface that pppoed runs on.
+sshd_enable="NO" # Enable sshd
+sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
+sshd_flags="" # Additional flags for sshd.
+ftpd_enable="NO" # Enable stand-alone ftpd.
+ftpd_program="/usr/libexec/ftpd" # Path to ftpd, if you want a different one.
+ftpd_flags="" # Additional flags to stand-alone ftpd.
+
+### Network daemon (NFS): All need rpcbind_enable="YES" ###
+amd_enable="NO" # Run amd service with $amd_flags (or NO).
+amd_program="/usr/sbin/amd" # path to amd, if you want a different one.
+amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"
+amd_map_program="NO" # Can be set to "ypcat -k amd.master"
+nfs_client_enable="NO" # This host is an NFS client (or NO).
+nfs_access_cache="60" # Client cache timeout in seconds
+nfs_server_enable="NO" # This host is an NFS server (or NO).
+oldnfs_server_enable="NO" # Run the old NFS server (YES/NO).
+nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled).
+mountd_enable="NO" # Run mountd (or NO).
+mountd_flags="-r" # Flags to mountd (if NFS server enabled).
+weak_mountd_authentication="NO" # Allow non-root mount requests to be served.
+nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO).
+nfs_bufpackets="" # bufspace (in packets) for client
+rpc_lockd_enable="NO" # Run NFS rpc.lockd needed for client/server.
+rpc_lockd_flags="" # Flags to rpc.lockd (if enabled).
+rpc_statd_enable="NO" # Run NFS rpc.statd needed for client/server.
+rpc_statd_flags="" # Flags to rpc.statd (if enabled).
+rpcbind_enable="NO" # Run the portmapper service (YES/NO).
+rpcbind_program="/usr/sbin/rpcbind" # path to rpcbind, if you want a different one.
+rpcbind_flags="" # Flags to rpcbind (if enabled).
+rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO).
+keyserv_enable="NO" # Run the SecureRPC keyserver (or NO).
+keyserv_flags="" # Flags to keyserv (if enabled).
+nfsv4_server_enable="NO" # Enable support for NFSv4
+nfscbd_enable="NO" # NFSv4 client side callback daemon
+nfscbd_flags="" # Flags for nfscbd
+nfsuserd_enable="NO" # NFSv4 user/group name mapping daemon
+nfsuserd_flags="" # Flags for nfsuserd
+
+### Network Time Services options: ###
+timed_enable="NO" # Run the time daemon (or NO).
+timed_flags="" # Flags to timed (if enabled).
+ntpdate_enable="NO" # Run ntpdate to sync time on boot (or NO).
+ntpdate_program="/usr/sbin/ntpdate" # path to ntpdate, if you want a different one.
+ntpdate_flags="-b" # Flags to ntpdate (if enabled).
+ntpdate_config="/etc/ntp.conf" # ntpdate(8) configuration file
+ntpdate_hosts="" # Whitespace-separated list of ntpdate(8) servers.
+ntpd_enable="NO" # Run ntpd Network Time Protocol (or NO).
+ntpd_program="/usr/sbin/ntpd" # path to ntpd, if you want a different one.
+ntpd_config="/etc/ntp.conf" # ntpd(8) configuration file
+ntpd_sync_on_start="NO" # Sync time on ntpd startup, even if offset is high
+ntpd_flags="-p /var/run/ntpd.pid -f /var/db/ntpd.drift"
+ # Flags to ntpd (if enabled).
+
+# Network Information Services (NIS) options: All need rpcbind_enable="YES" ###
+nis_client_enable="NO" # We're an NIS client (or NO).
+nis_client_flags="" # Flags to ypbind (if enabled).
+nis_ypset_enable="NO" # Run ypset at boot time (or NO).
+nis_ypset_flags="" # Flags to ypset (if enabled).
+nis_server_enable="NO" # We're an NIS server (or NO).
+nis_server_flags="" # Flags to ypserv (if enabled).
+nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO).
+nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled).
+nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO).
+nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled).
+
+### SNMP daemon ###
+# Be sure to understand the security implications of running SNMP v1/v2
+# in your network.
+bsnmpd_enable="NO" # Run the SNMP daemon (or NO).
+bsnmpd_flags="" # Flags for bsnmpd.
+
+### Network routing options: ###
+defaultrouter="NO" # Set to default gateway (or NO).
+static_arp_pairs="" # Set to static ARP list (or leave empty).
+static_ndp_pairs="" # Set to static NDP list (or leave empty).
+static_routes="" # Set to static route list (or leave empty).
+natm_static_routes="" # Set to static route list for NATM (or leave empty).
+gateway_enable="NO" # Set to YES if this host will be a gateway.
+routed_enable="NO" # Set to YES to enable a routing daemon.
+routed_program="/sbin/routed" # Name of routing daemon to use if enabled.
+routed_flags="-q" # Flags for routing daemon.
+mrouted_enable="NO" # Do IPv4 multicast routing.
+mrouted_program="/usr/local/sbin/mrouted" # Name of IPv4 multicast
+ # routing daemon. You need to
+ # install it from package or
+ # port.
+mrouted_flags="" # Flags for multicast routing daemon.
+ipxgateway_enable="NO" # Set to YES to enable IPX routing.
+ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon.
+ipxrouted_flags="" # Flags for IPX routing daemon.
+arpproxy_all="NO" # replaces obsolete kernel option ARP_PROXYALL.
+forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES")
+accept_sourceroute="NO" # accept source routed packets to us
+
+### ATM interface options: ###
+atm_enable="NO" # Configure ATM interfaces (or NO).
+#atm_netif_hea0="atm 1" # Network interfaces for physical interface.
+#atm_sigmgr_hea0="uni31" # Signalling manager for physical interface.
+#atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI).
+#atm_macaddr_hea0="NO" # Override physical MAC address (or NO).
+#atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local).
+#atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO).
+atm_pvcs="" # Set to PVC list (or leave empty).
+atm_arps="" # Set to permanent ARP list (or leave empty).
+
+### Bluetooth ###
+hcsecd_enable="NO" # Enable hcsecd(8) (or NO)
+hcsecd_config="/etc/bluetooth/hcsecd.conf" # hcsecd(8) configuration file
+
+sdpd_enable="NO" # Enable sdpd(8) (or NO)
+sdpd_control="/var/run/sdp" # sdpd(8) control socket
+sdpd_groupname="nobody" # set spdp(8) user/group to run as after
+sdpd_username="nobody" # it initializes
+
+bthidd_enable="NO" # Enable bthidd(8) (or NO)
+bthidd_config="/etc/bluetooth/bthidd.conf" # bthidd(8) configuration file
+bthidd_hids="/var/db/bthidd.hids" # bthidd(8) known HID devices file
+
+rfcomm_pppd_server_enable="NO" # Enable rfcomm_pppd(8) in server mode (or NO)
+rfcomm_pppd_server_profile="one two" # Profile to use from /etc/ppp/ppp.conf
+#
+#rfcomm_pppd_server_one_bdaddr="" # Override local bdaddr for 'one'
+rfcomm_pppd_server_one_channel="1" # Override local channel for 'one'
+#rfcomm_pppd_server_one_register_sp="NO" # Override SP and DUN register
+#rfcomm_pppd_server_one_register_dun="NO" # for 'one'
+#
+#rfcomm_pppd_server_two_bdaddr="" # Override local bdaddr for 'two'
+rfcomm_pppd_server_two_channel="3" # Override local channel for 'two'
+#rfcomm_pppd_server_two_register_sp="NO" # Override SP and DUN register
+#rfcomm_pppd_server_two_register_dun="NO" # for 'two'
+
+ubthidhci_enable="NO" # Switch an USB BT controller present on
+#ubthidhci_busnum="3" # bus 3 and addr 2 from HID mode to HCI mode.
+#ubthidhci_addr="2" # Check usbconfig list to find the correct
+ # numbers for your system.
+
+### Network link/usability verification options
+netwait_enable="NO" # Enable rc.d/netwait (or NO)
+#netwait_ip="" # IP addresses to be pinged by netwait.
+netwait_timeout="60" # Total number of seconds to perform pings.
+#netwait_if="" # Interface name to watch link state on.
+netwait_if_timeout="30" # Total number of seconds to monitor link state.
+
+### Miscellaneous network options: ###
+icmp_bmcastecho="NO" # respond to broadcast ping packets
+
+### IPv6 options: ###
+ipv6_network_interfaces="auto" # List of IPv6 network interfaces
+ # (or "auto" or "none").
+ipv6_activate_all_interfaces="NO" # If NO, interfaces which have no
+ # corresponding $ifconfig_IF_ipv6 is
+ # marked as IFDISABLED for security
+ # reason.
+ipv6_defaultrouter="NO" # Set to IPv6 default gateway (or NO).
+#ipv6_defaultrouter="2002:c058:6301::" # Use this for 6to4 (RFC 3068)
+ipv6_static_routes="" # Set to static route list (or leave empty).
+#ipv6_static_routes="xxx" # An example to set fec0:0000:0000:0006::/64
+ # route toward loopback interface.
+#ipv6_route_xxx="fec0:0000:0000:0006:: -prefixlen 64 ::1"
+ipv6_gateway_enable="NO" # Set to YES if this host will be a gateway.
+ipv6_cpe_wanif="NO" # Set to the upstram interface name if this
+ # node will work as a router to forward IPv6
+ # packets not explicitly addressed to itself.
+ipv6_privacy="NO" # Use privacy address on RA-receiving IFs
+ # (RFC 4941)
+
+route6d_enable="NO" # Set to YES to enable an IPv6 routing daemon.
+route6d_program="/usr/sbin/route6d" # Name of IPv6 routing daemon.
+route6d_flags="" # Flags to IPv6 routing daemon.
+#route6d_flags="-l" # Example for route6d with only IPv6 site local
+ # addrs.
+#route6d_flags="-q" # If you want to run a routing daemon on an end
+ # node, you should stop advertisement.
+#ipv6_network_interfaces="ed0 ep0" # Examples for router
+ # or static configuration for end node.
+ # Choose correct prefix value.
+#ipv6_prefix_ed0="fec0:0000:0000:0001 fec0:0000:0000:0002" # Examples for rtr.
+#ipv6_prefix_ep0="fec0:0000:0000:0003 fec0:0000:0000:0004" # Examples for rtr.
+ipv6_default_interface="NO" # Default output interface for scoped addrs.
+ # This works only with
+ # ipv6_gateway_enable="NO".
+rtsol_flags="" # Flags to IPv6 router solicitation.
+rtsold_enable="NO" # Set to YES to enable an IPv6 router
+ # solicitation daemon.
+rtsold_flags="-a" # Flags to an IPv6 router solicitation
+ # daemon.
+rtadvd_enable="NO" # Set to YES to enable an IPv6 router
+ # advertisement daemon. If set to YES,
+ # this router becomes a possible candidate
+ # IPv6 default router for local subnets.
+rtadvd_interfaces="" # Interfaces rtadvd sends RA packets.
+mroute6d_enable="NO" # Do IPv6 multicast routing.
+mroute6d_program="/usr/local/sbin/pim6dd" # Name of IPv6 multicast
+ # routing daemon. You need to
+ # install it from package or
+ # port.
+mroute6d_flags="" # Flags to IPv6 multicast routing daemon.
+stf_interface_ipv4addr="" # Local IPv4 addr for 6to4 IPv6 over IPv4
+ # tunneling interface. Specify this entry
+ # to enable 6to4 interface.
+stf_interface_ipv4plen="0" # Prefix length for 6to4 IPv4 addr,
+ # to limit peer addr range. Effective value
+ # is 0-31.
+stf_interface_ipv6_ifid="0:0:0:1" # IPv6 interface id for stf0.
+ # If you like, you can set "AUTO" for this.
+stf_interface_ipv6_slaid="0000" # IPv6 Site Level Aggregator for stf0
+ipv6_faith_prefix="NO" # Set faith prefix to enable a FAITH
+ # IPv6-to-IPv4 TCP translator. You also need
+ # faithd(8) setup.
+ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
+ # communication. (like ::ffff:a.b.c.d)
+ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
+ # see /usr/src/contrib/ipfilter/rules
+ # for examples
+ip6addrctl_enable="YES" # Set to YES to enable default address selection
+ip6addrctl_verbose="NO" # Set to YES to enable verbose configuration messages
+ip6addrctl_policy="AUTO" # A pre-defined address selection policy
+ # (ipv4_prefer, ipv6_prefer, or AUTO)
+
+##############################################################
+### System console options #################################
+##############################################################
+
+keyboard="" # keyboard device to use (default /dev/kbd0).
+keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO).
+keyrate="NO" # keyboard rate to: slow, normal, fast (or NO).
+keybell="NO" # See kbdcontrol(1) for options. Use "off" to disable.
+keychange="NO" # function keys default values (or NO).
+cursor="NO" # cursor type {normal|blink|destructive} (or NO).
+scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO).
+font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO).
+font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO).
+font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO).
+blanktime="300" # blank time (in seconds) or "NO" to turn it off.
+saver="NO" # screen saver: Uses /boot/kernel/${saver}_saver.ko
+moused_nondefault_enable="YES" # Treat non-default mice as enabled unless
+ # specifically overriden in rc.conf(5).
+moused_enable="NO" # Run the mouse daemon.
+moused_type="auto" # See man page for rc.conf(5) for available settings.
+moused_port="/dev/psm0" # Set to your mouse port.
+moused_flags="" # Any additional flags to moused.
+mousechar_start="NO" # if 0xd0-0xd3 default range is occupied in your
+ # language code table, specify alternative range
+ # start like mousechar_start=3, see vidcontrol(1)
+allscreens_flags="" # Set this vidcontrol mode for all virtual screens
+allscreens_kbdflags="" # Set this kbdcontrol mode for all virtual screens
+
+##############################################################
+### Mail Transfer Agent (MTA) options ######################
+##############################################################
+
+mta_start_script="/etc/rc.sendmail"
+ # Script to start your chosen MTA, called by /etc/rc.
+# Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
+sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO).
+sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file
+sendmail_procname="/usr/sbin/sendmail" # sendmail process name
+sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
+sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission
+sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
+ # Flags for localhost-only MTA
+sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO).
+sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only)
+sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
+sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
+ # Flags for sendmail_msp_queue daemon.
+sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO).
+
+
+##############################################################
+### Miscellaneous administrative options ###################
+##############################################################
+
+auditd_enable="NO" # Run the audit daemon.
+auditd_program="/usr/sbin/auditd" # Path to the audit daemon.
+auditd_flags="" # Which options to pass to the audit daemon.
+cron_enable="YES" # Run the periodic job daemon.
+cron_program="/usr/sbin/cron" # Which cron executable to run (if enabled).
+cron_dst="YES" # Handle DST transitions intelligently (YES/NO)
+cron_flags="" # Which options to pass to the cron daemon.
+lpd_enable="NO" # Run the line printer daemon.
+lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one.
+lpd_flags="" # Flags to lpd (if enabled).
+nscd_enable="NO" # Run the nsswitch caching daemon.
+chkprintcap_enable="NO" # Run chkprintcap(8) before running lpd.
+chkprintcap_flags="-d" # Create missing directories by default.
+dumpdev="AUTO" # Device to crashdump to (device name, AUTO, or NO).
+dumpdir="/var/crash" # Directory where crash dumps are to be stored
+savecore_flags="" # Used if dumpdev is enabled above, and present.
+crashinfo_enable="YES" # Automatically generate crash dump summary.
+crashinfo_program="/usr/sbin/crashinfo" # Script to generate crash dump summary.
+quota_enable="NO" # turn on quotas on startup (or NO).
+check_quotas="YES" # Check quotas on startup (or NO).
+quotaon_flags="-a" # Turn quotas on for all file systems (if enabled)
+quotaoff_flags="-a" # Turn quotas off for all file systems at shutdown
+quotacheck_flags="-a" # Check all file system quotas (if enabled)
+accounting_enable="NO" # Turn on process accounting (or NO).
+ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO).
+ibcs2_loaders="coff" # List of additional Ibcs2 loaders (or NO).
+
+# Emulation/compatibility services provided by /etc/rc.d/abi
+sysvipc_enable="NO" # Load System V IPC primitives at startup (or NO).
+linux_enable="NO" # Linux binary compatibility loaded at startup (or NO).
+svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO).
+clear_tmp_enable="NO" # Clear /tmp at startup.
+clear_tmp_X="YES" # Clear and recreate X11-related directories in /tmp
+ldconfig_insecure="NO" # Set to YES to disable ldconfig security checks
+ldconfig_paths="/usr/lib/compat /usr/local/lib /usr/local/lib/compat/pkg"
+ # shared library search paths
+ldconfig32_paths="/usr/lib32" # 32-bit compatibility shared library search paths
+ldconfig_paths_aout="/usr/lib/compat/aout /usr/local/lib/aout"
+ # a.out shared library search paths
+ldconfig_local_dirs="/usr/local/libdata/ldconfig"
+ # Local directories with ldconfig configuration files.
+ldconfig_local32_dirs="/usr/local/libdata/ldconfig32"
+ # Local directories with 32-bit compatibility ldconfig
+ # configuration files.
+kern_securelevel_enable="NO" # kernel security level (see security(7))
+kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure
+ # Note that setting securelevel to 0 will result
+ # in the system booting with securelevel set to 1, as
+ # init(8) will raise the level when rc(8) completes.
+update_motd="YES" # update version info in /etc/motd (or NO)
+entropy_file="/entropy" # Set to NO to disable caching entropy through reboots.
+ # /var/db/entropy-file is preferred if / is not avail.
+entropy_dir="/var/db/entropy" # Set to NO to disable caching entropy via cron.
+entropy_save_sz="2048" # Size of the entropy cache files.
+entropy_save_num="8" # Number of entropy cache files to save.
+harvest_interrupt="YES" # Entropy device harvests interrupt randomness
+harvest_ethernet="YES" # Entropy device harvests ethernet randomness
+harvest_p_to_p="YES" # Entropy device harvests point-to-point randomness
+dmesg_enable="YES" # Save dmesg(8) to /var/run/dmesg.boot
+watchdogd_enable="NO" # Start the software watchdog daemon
+watchdogd_flags="" # Flags to watchdogd (if enabled)
+devfs_rulesets="/etc/defaults/devfs.rules /etc/devfs.rules" # Files containing
+ # devfs(8) rules.
+devfs_system_ruleset="" # The name (NOT number) of a ruleset to apply to /dev
+devfs_set_rulesets="" # A list of /mount/dev=ruleset_name settings to
+ # apply (must be mounted already, i.e. fstab(5))
+performance_cx_lowest="HIGH" # Online CPU idle state
+performance_cpu_freq="NONE" # Online CPU frequency
+economy_cx_lowest="HIGH" # Offline CPU idle state
+economy_cpu_freq="NONE" # Offline CPU frequency
+virecover_enable="YES" # Perform housekeeping for the vi(1) editor
+ugidfw_enable="NO" # Load mac_bsdextended(4) rules on boot
+bsdextended_script="/etc/rc.bsdextended" # Default mac_bsdextended(4)
+ # ruleset file.
+newsyslog_enable="YES" # Run newsyslog at startup.
+newsyslog_flags="-CN" # Newsyslog flags to create marked files
+mixer_enable="YES" # Run the sound mixer.
+opensm_enable="NO" # Opensm(8) for infiniband devices defaults to off
+
+##############################################################
+### Jail Configuration #######################################
+##############################################################
+jail_enable="NO" # Set to NO to disable starting of any jails
+jail_parallel_start="NO" # Start jails in the background
+jail_list="" # Space separated list of names of jails
+jail_set_hostname_allow="YES" # Allow root user in a jail to change its hostname
+jail_socket_unixiproute_only="YES" # Route only TCP/IP within a jail
+jail_sysvipc_allow="NO" # Allow SystemV IPC use from within a jail
+
+#
+# To use rc's built-in jail infrastructure create entries for
+# each jail, specified in jail_list, with the following variables.
+# NOTES:
+# - replace 'example' with the jail's name.
+# - except rootdir, hostname, ip and the _multi<n> addresses,
+# all of the following variables may be made global jail variables
+# if you don't specify a jail name (ie. jail_interface, jail_devfs_ruleset).
+#
+#jail_example_rootdir="/usr/jail/default" # Jail's root directory
+#jail_example_hostname="default.domain.com" # Jail's hostname
+#jail_example_interface="" # Jail's interface variable to create IP aliases on
+#jail_example_fib="0" # Routing table for setfib(1)
+#jail_example_ip="192.0.2.10,2001:db8::17" # Jail's primary IPv4 and IPv6 address
+#jail_example_ip_multi0="2001:db8::10" # and another IPv6 address
+#jail_example_exec_start="/bin/sh /etc/rc" # command to execute in jail for starting
+#jail_example_exec_afterstart0="/bin/sh command" # command to execute after the one for
+ # starting the jail. More than one can be
+ # specified using a trailing number
+#jail_example_exec_stop="/bin/sh /etc/rc.shutdown" # command to execute in jail for stopping
+#jail_example_devfs_enable="NO" # mount devfs in the jail
+#jail_example_devfs_ruleset="ruleset_name" # devfs ruleset to apply to jail -
+ # usually you want "devfsrules_jail".
+#jail_example_fdescfs_enable="NO" # mount fdescfs in the jail
+#jail_example_procfs_enable="NO" # mount procfs in jail
+#jail_example_mount_enable="NO" # mount/umount jail's fs
+#jail_example_fstab="" # fstab(5) for mount/umount
+#jail_example_flags="-l -U root" # flags for jail(8)
+
+##############################################################
+### Define source_rc_confs, the mechanism used by /etc/rc.* ##
+### scripts to source rc_conf_files overrides safely. ##
+##############################################################
+
+if [ -z "${source_rc_confs_defined}" ]; then
+ source_rc_confs_defined=yes
+ source_rc_confs () {
+ local i sourced_files
+ for i in ${rc_conf_files}; do
+ case ${sourced_files} in
+ *:$i:*)
+ ;;
+ *)
+ sourced_files="${sourced_files}:$i:"
+ if [ -r $i ]; then
+ . $i
+ fi
+ ;;
+ esac
+ done
+ }
+fi
diff --git a/etc/devd.conf b/etc/devd.conf
new file mode 100644
index 0000000..27abc1f
--- /dev/null
+++ b/etc/devd.conf
@@ -0,0 +1,326 @@
+# $FreeBSD$
+#
+# Refer to devd.conf(5) and devd(8) man pages for the details on how to
+# run and configure devd.
+#
+
+# NB: All regular expressions have an implicit ^$ around them.
+# NB: device-name is shorthand for 'match device-name'
+
+options {
+ # Each "directory" directive adds a directory to the list of
+ # directories that we scan for files. Files are loaded in the order
+ # that they are returned from readdir(3). The rule-sets are combined
+ # to create a DFA that's used to match events to actions.
+ directory "/etc/devd";
+ directory "/usr/local/etc/devd";
+ pid-file "/var/run/devd.pid";
+
+ # Setup some shorthand for regex that we use later in the file.
+ #XXX Yes, these are gross -- imp
+ set scsi-controller-regex
+ "(aac|adv|adw|aha|ahb|ahc|ahd|aic|amd|amr|asr|bt|ciss|ct|dpt|\
+ esp|ida|iir|ips|isp|mlx|mly|mpt|ncr|ncv|nsp|stg|sym|trm|wds)\
+ [0-9]+";
+};
+
+# Note that the attach/detach with the highest value wins, so that one can
+# override these general rules.
+
+#
+# Configure the interface on attach. Due to a historical accident, this
+# script is called pccard_ether.
+#
+# NB: DETACH events are ignored; the kernel should handle all cleanup
+# (routes, arp cache). Beware of races against immediate create
+# of a device with the same name; e.g.
+# ifconfig bridge0 destroy; ifconfig bridge0 create
+#
+notify 0 {
+ match "system" "IFNET";
+ match "subsystem" "!usbus[0-9]+";
+ match "type" "ATTACH";
+ action "/etc/pccard_ether $subsystem start";
+};
+
+#
+# Try to start dhclient on Ethernet-like interfaces when the link comes
+# up. Only devices that are configured to support DHCP will actually
+# run it. No link down rule exists because dhclient automatically exits
+# when the link goes down.
+#
+notify 0 {
+ match "system" "IFNET";
+ match "type" "LINK_UP";
+ media-type "ethernet";
+ action "/etc/rc.d/dhclient quietstart $subsystem";
+};
+
+#
+# Like Ethernet devices, but separate because
+# they have a different media type. We may want
+# to exploit this later.
+#
+detach 0 {
+ media-type "802.11";
+ action "/etc/pccard_ether $device-name stop";
+};
+attach 0 {
+ media-type "802.11";
+ action "/etc/pccard_ether $device-name start";
+};
+notify 0 {
+ match "system" "IFNET";
+ match "type" "LINK_UP";
+ media-type "802.11";
+ action "/etc/rc.d/dhclient quietstart $subsystem";
+};
+
+# An entry like this might be in a different file, but is included here
+# as an example of how to override things. Normally 'ed50' would match
+# the above attach/detach stuff, but the value of 100 makes it
+# hard wired to 1.2.3.4.
+attach 100 {
+ device-name "ed50";
+ action "ifconfig $device-name inet 1.2.3.4 netmask 0xffff0000";
+};
+detach 100 {
+ device-name "ed50";
+};
+
+# When a USB Bluetooth dongle appears, activate it
+attach 100 {
+ device-name "ubt[0-9]+";
+ action "/etc/rc.d/bluetooth quietstart $device-name";
+};
+detach 100 {
+ device-name "ubt[0-9]+";
+ action "/etc/rc.d/bluetooth quietstop $device-name";
+};
+
+# Firmware downloader for Atheros AR3011 based USB Bluetooth devices
+#attach 100 {
+# match "vendor" "0x0cf3";
+# match "product" "0x3000";
+# action "sleep 2 && /usr/sbin/ath3kfw -d $device-name -f /usr/local/etc/ath3k-1.fw";
+#};
+
+# When a USB keyboard arrives, attach it as the console keyboard.
+attach 100 {
+ device-name "ukbd0";
+ action "/etc/rc.d/syscons setkeyboard /dev/ukbd0";
+};
+detach 100 {
+ device-name "ukbd0";
+ action "/etc/rc.d/syscons setkeyboard /dev/kbd0";
+};
+
+attach 100 {
+ device-name "ums[0-9]+";
+ action "/etc/rc.d/moused quietstart $device-name";
+};
+
+detach 100 {
+ device-name "ums[0-9]+";
+ action "/etc/rc.d/moused stop $device-name";
+};
+
+# Firmware download into the ActiveWire board. After the firmware download is
+# done, the device detaches and reappears as something new and shiny
+# automatically.
+attach 100 {
+ match "vendor" "0x0854";
+ match "product" "0x0100";
+ match "release" "0x0000";
+ action "/usr/local/bin/ezdownload -f /usr/local/share/usb/firmware/0854.0100.0_01.hex $device-name";
+};
+
+# Firmware download for Entrega Serial DB25 adapter.
+attach 100 {
+ match "vendor" "0x1645";
+ match "product" "0x8001";
+ match "release" "0x0101";
+ action "if ! kldstat -n usio > /dev/null 2>&1 ; then kldload usio; fi; /usr/sbin/ezdownload -v -f /usr/share/usb/firmware/1645.8001.0101 /dev/$device-name";
+};
+
+# This entry starts the ColdSync tool in daemon mode. Make sure you have an up
+# to date /usr/local/etc/palms. We override the 'listen' settings for port and
+# type in /usr/local/etc/coldsync.conf.
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x082d";
+ match "product" "0x0100";
+ match "release" "0x0100";
+ action "/usr/local/bin/coldsync -md -p /dev/$cdev -t usb";
+};
+
+#
+# Rescan scsi device-names on attach, but not detach. However, it is
+# disabled by default due to reports of problems.
+#
+attach 0 {
+ device-name "$scsi-controller-regex";
+// action "camcontrol rescan all";
+};
+
+# Don't even try to second guess what to do about drivers that don't
+# match here. Instead, pass it off to syslog. Commented out for the
+# moment, as the pnpinfo variable isn't set in devd yet. Individual
+# variables within the bus supplied pnpinfo are set.
+nomatch 0 {
+# action "logger Unknown device: $pnpinfo $location $bus";
+};
+
+# Various logging of unknown devices.
+nomatch 10 {
+ match "bus" "uhub[0-9]+";
+ action "logger Unknown USB device: vendor $vendor product $product \
+ bus $bus";
+};
+
+# Some PC-CARDs don't offer numerical manufacturer/product IDs, just
+# show the CIS info there.
+nomatch 20 {
+ match "bus" "pccard[0-9]+";
+ match "manufacturer" "0xffffffff";
+ match "product" "0xffffffff";
+ action "logger Unknown PCCARD device: CISproduct $cisproduct \
+ CIS-vendor $cisvendor bus $bus";
+};
+
+nomatch 10 {
+ match "bus" "pccard[0-9]+";
+ action "logger Unknown PCCARD device: manufacturer $manufacturer \
+ product $product CISproduct $cisproduct CIS-vendor \
+ $cisvendor bus $bus";
+};
+
+nomatch 10 {
+ match "bus" "cardbus[0-9]+";
+ action "logger Unknown Cardbus device: device $device class $class \
+ vendor $vendor bus $bus";
+};
+
+# Switch power profiles when the AC line state changes.
+notify 10 {
+ match "system" "ACPI";
+ match "subsystem" "ACAD";
+ action "/etc/rc.d/power_profile $notify";
+};
+
+# Notify all users before beginning emergency shutdown when we get
+# a _CRT or _HOT thermal event and we're going to power down the system
+# very soon.
+notify 10 {
+ match "system" "ACPI";
+ match "subsystem" "Thermal";
+ match "notify" "0xcc";
+ action "logger -p kern.emerg 'WARNING: system temperature too high, shutting down soon!'";
+};
+
+# Sample ZFS problem reports handling.
+notify 10 {
+ match "system" "ZFS";
+ match "type" "zpool";
+ action "logger -p kern.err 'ZFS: failed to load zpool $pool'";
+};
+
+notify 10 {
+ match "system" "ZFS";
+ match "type" "vdev";
+ action "logger -p kern.err 'ZFS: vdev failure, zpool=$pool type=$type'";
+};
+
+notify 10 {
+ match "system" "ZFS";
+ match "type" "data";
+ action "logger -p kern.warn 'ZFS: zpool I/O failure, zpool=$pool error=$zio_err'";
+};
+
+notify 10 {
+ match "system" "ZFS";
+ match "type" "io";
+ action "logger -p kern.warn 'ZFS: vdev I/O failure, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size error=$zio_err'";
+};
+
+notify 10 {
+ match "system" "ZFS";
+ match "type" "checksum";
+ action "logger -p kern.warn 'ZFS: checksum mismatch, zpool=$pool path=$vdev_path offset=$zio_offset size=$zio_size'";
+};
+
+# User requested suspend, so perform preparation steps and then execute
+# the actual suspend process.
+notify 10 {
+ match "system" "ACPI";
+ match "subsystem" "Suspend";
+ action "/etc/rc.suspend acpi $notify";
+};
+notify 10 {
+ match "system" "ACPI";
+ match "subsystem" "Resume";
+ action "/etc/rc.resume acpi $notify";
+};
+
+/* EXAMPLES TO END OF FILE
+
+# An example of something that a vendor might install if you were to
+# add their device. This might reside in /usr/local/etc/devd/deqna.conf.
+# A deqna is, in this hypothetical example, a pccard ethernet-like device.
+# Students of history may know other devices by this name, and will get
+# the in-jokes in this entry.
+nomatch 10 {
+ match "bus" "pccard[0-9]+";
+ match "manufacturer" "0x1234";
+ match "product" "0x2323";
+ action "kldload if_deqna";
+};
+attach 10 {
+ device-name "deqna[0-9]+";
+ action "/etc/pccard_ether $device-name start";
+};
+detach 10 {
+ device-name "deqna[0-9]+";
+ action "/etc/pccard_ether $device-name stop";
+};
+
+# Examples of notify hooks. A notify is a generic way for a kernel
+# subsystem to send event notification to userland.
+
+# Here are some examples of ACPI notify handlers. ACPI subsystems that
+# generate notifies include the AC adapter, power/sleep buttons,
+# control method batteries, lid switch, and thermal zones.
+#
+# Information returned is not always the same as the ACPI notify
+# events. See the ACPI specification for more information about
+# notifies. Here is the information returned for each subsystem:
+#
+# ACAD: AC line state (0 is offline, 1 is online)
+# Button: Button pressed (0 for power, 1 for sleep)
+# CMBAT: ACPI battery events
+# Lid: Lid state (0 is closed, 1 is open)
+# RCTL: Resource limits
+# Suspend, Resume: Suspend and resume notification
+# Thermal: ACPI thermal zone events
+#
+# This example calls a script when the AC state changes, passing the
+# notify value as the first argument. If the state is 0x00, it might
+# call some sysctls to implement economy mode. If 0x01, it might set
+# the mode to performance.
+notify 10 {
+ match "system" "ACPI";
+ match "subsystem" "ACAD";
+ action "/etc/acpi_ac $notify";
+};
+
+# This example works around a memory leak in PostgreSQL, restarting
+# it when the "user:pgsql:swap:devctl=1G" rctl(8) rule gets triggered.
+notify 0 {
+ match "system" "RCTL";
+ match "rule" "user:70:swap:.*";
+ action "/usr/local/etc/rc.d/postgresql restart"
+};
+
+*/
diff --git a/etc/devd/Makefile b/etc/devd/Makefile
new file mode 100644
index 0000000..433436b
--- /dev/null
+++ b/etc/devd/Makefile
@@ -0,0 +1,17 @@
+# $FreeBSD$
+
+FILES= uath.conf usb.conf
+
+.if ${MACHINE} == "powerpc"
+FILES+= apple.conf
+.endif
+
+.if ${MACHINE} == "amd64" || ${MACHINE} == "i386"
+FILES+= asus.conf
+.endif
+
+NO_OBJ=
+FILESDIR= /etc/devd
+FILESMODE= 644
+
+.include <bsd.prog.mk>
diff --git a/etc/devd/apple.conf b/etc/devd/apple.conf
new file mode 100644
index 0000000..a57a8e0
--- /dev/null
+++ b/etc/devd/apple.conf
@@ -0,0 +1,46 @@
+# $FreeBSD$
+#
+# PowerPC Apple specific devd events
+
+# Keyboard power key
+notify 0 {
+ match "system" "PMU";
+ match "subsystem" "Button";
+ match "notify" "0x0";
+ action "shutdown -p now";
+};
+
+
+# The next blocks enable volume hotkeys that can be found on Apple laptops
+notify 0 {
+ match "system" "PMU";
+ match "subsystem" "keys";
+ match "type" "mute";
+ action "mixer 0";
+};
+
+notify 0 {
+ match "system" "PMU";
+ match "subsystem" "keys";
+ match "type" "volume";
+ match "notify" "down";
+ action "mixer vol -10";
+};
+
+notify 0 {
+ match "system" "PMU";
+ match "subsystem" "keys";
+ match "type" "volume";
+ match "notify" "up";
+ action "mixer vol +10";
+};
+
+# Eject key
+notify 0 {
+ match "system" "PMU";
+ match "subsystem" "keys";
+ match "type" "eject";
+ action "camcontrol eject cd0";
+};
+
+
diff --git a/etc/devd/asus.conf b/etc/devd/asus.conf
new file mode 100644
index 0000000..a195a58
--- /dev/null
+++ b/etc/devd/asus.conf
@@ -0,0 +1,74 @@
+# $FreeBSD$
+#
+# ASUS specific devd events
+
+# The next blocks enable volume hotkeys that can be found on the Asus laptops
+notify 0 {
+ match "system" "ACPI";
+ match "subsystem" "ASUS";
+ match "notify" "0x32";
+ action "mixer 0";
+};
+
+notify 0 {
+ match "system" "ACPI";
+ match "subsystem" "ASUS";
+ match "notify" "0x31";
+ action "mixer vol -10";
+};
+
+notify 0 {
+ match "system" "ACPI";
+ match "subsystem" "ASUS";
+ match "notify" "0x30";
+ action "mixer vol +10";
+};
+
+# The next blocks enable volume hotkeys that can be found on the Asus EeePC
+notify 0 {
+ match "system" "ACPI";
+ match "subsystem" "ASUS-Eee";
+ match "notify" "0x13";
+ action "mixer 0";
+};
+
+notify 0 {
+ match "system" "ACPI";
+ match "subsystem" "ASUS-Eee";
+ match "notify" "0x14";
+ action "mixer vol -10";
+};
+
+notify 0 {
+ match "system" "ACPI";
+ match "subsystem" "ASUS-Eee";
+ match "notify" "0x15";
+ action "mixer vol +10";
+};
+
+# Enable user hotkeys that can be found on the Asus EeePC
+# The four keys above the keyboard notify 0x1a through to 0x1d respectively
+#notify 0 {
+# match "system" "ACPI";
+# match "subsystem" "ASUS-Eee";
+# match "notify" "0x1a";
+# action "";
+#};
+#notify 0 {
+# match "system" "ACPI";
+# match "subsystem" "ASUS-Eee";
+# match "notify" "0x1b";
+# action "";
+#};
+#notify 0 {
+# match "system" "ACPI";
+# match "subsystem" "ASUS-Eee";
+# match "notify" "0x1c";
+# action "";
+#};
+#notify 0 {
+# match "system" "ACPI";
+# match "subsystem" "ASUS-Eee";
+# match "notify" "0x1d";
+# action "";
+#};
diff --git a/etc/devd/uath.conf b/etc/devd/uath.conf
new file mode 100644
index 0000000..9f0cb93
--- /dev/null
+++ b/etc/devd/uath.conf
@@ -0,0 +1,146 @@
+# $FreeBSD$
+#
+# Atheros USB wireless network device specific devd events
+
+# Accton
+# SMCWUSBT-G2
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x083a";
+ match "product" "0x4507";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Atheros Communications
+# AR5523
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x168c";
+ match "product" "0x0002";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Atheros Communications
+# AR5523
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x0cf3";
+ match "product" "(0x0002|0x0004|0x0006)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Conceptronic
+# AR5523
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x0d8e";
+ match "product" "(0x7802|0x7812)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# D-Link
+# DWL-AG132, DWL-G132 and DWL-AG122
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x2001";
+ match "product" "(0x3a01|0x3a03|0x3a05)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# D-Link
+# DWA-120
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x07d1";
+ match "product" "0x3a0c";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Gigaset
+# SMCWUSBT-G
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1690";
+ match "product" "(0x0711|0x0713)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Global Sun Technology
+# AR5523
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x16ab";
+ match "product" "(0x7802|0x7812)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# BayNETGEAR
+# WG111U
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x0846";
+ match "product" "0x4301";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Netgear
+# WG111T and WPN111
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1385";
+ match "product" "(0x4251|0x5f01)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# U-MEDIA Communications
+# TEW-444UB and AR5523
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x157e";
+ match "product" "(0x3007|0x3206)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Wistron NeWeb
+# AR5523
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x1435";
+ match "product" "(0x0827|0x0829)";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
+
+# Z-Com
+# AR5523
+notify 100 {
+ match "system" "USB";
+ match "subsystem" "DEVICE";
+ match "type" "ATTACH";
+ match "vendor" "0x0cde";
+ match "product" "0x0013";
+ action "/usr/sbin/uathload -d /dev/$cdev";
+};
diff --git a/etc/devd/usb.conf b/etc/devd/usb.conf
new file mode 100644
index 0000000..22cb7ad
--- /dev/null
+++ b/etc/devd/usb.conf
@@ -0,0 +1,4331 @@
+#
+# $FreeBSD$
+#
+# This file was automatically generated by "tools/bus_autoconf.sh".
+# Please do not edit!
+#
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05ac";
+ match "product" "0x1290";
+ match "intclass" "0xff";
+ match "intsubclass" "0xfd";
+ match "intprotocol" "0x01";
+ action "kldload if_ipheth";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05ac";
+ match "product" "0x1292";
+ match "intclass" "0xff";
+ match "intsubclass" "0xfd";
+ match "intprotocol" "0x01";
+ action "kldload if_ipheth";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05ac";
+ match "product" "0x1294";
+ match "intclass" "0xff";
+ match "intsubclass" "0xfd";
+ match "intprotocol" "0x01";
+ action "kldload if_ipheth";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05ac";
+ match "product" "0x1297";
+ match "intclass" "0xff";
+ match "intsubclass" "0xfd";
+ match "intprotocol" "0x01";
+ action "kldload if_ipheth";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0104";
+ match "product" "0x00be";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0123";
+ match "product" "0x0001";
+ action "kldload uep";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03e8";
+ match "product" "0x0008";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03eb";
+ match "product" "0x2109";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "0x0121";
+ action "kldload ugensa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "(0x1016|0x1116|0x1216)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "(0x1b1d|0x1e1d)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "(0x2016|0x2116|0x2216|0x3016|0x3116|0x3216)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "0x3524";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "(0x4016|0x4116|0x4216|0x5016|0x5116|0x5216)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "0x811c";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x03f0";
+ match "product" "0xca02";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0402";
+ match "product" "0x5632";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0403";
+ match "product" "(0x6001|0x6004|0x6010|0x6011|0x8372|0x9e90|0xcc48|0xcc49|0xcc4a|0xd678|0xe6c8|0xe888|0xe889|0xe88a|0xe88b|0xe88c|0xee18|0xf608|0xf60b|0xf850|0xfa00|0xfa01|0xfa02|0xfa03|0xfa04|0xfc08|0xfc09|0xfc0b|0xfc0c|0xfc0d|0xfc82)";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0408";
+ match "product" "0x0304";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0408";
+ match "product" "(0x1000|0xea02|0xea03|0xea04|0xea05|0xea06)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0409";
+ match "product" "(0x00d5|0x00d6|0x00d7|0x8024|0x8025)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "(0x0001|0x0005|0x0009)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x0012";
+ action "kldload if_rue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x003d";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "(0x005e|0x0066|0x0067)";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x006e";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x008b";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x00b3";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "(0x00d8|0x00d9)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x00da";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x00e8";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "(0x0116|0x0119)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x012e";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "0x0137";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0411";
+ match "product" "(0x0148|0x0150|0x015d|0x016f)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0413";
+ match "product" "0x2101";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0423";
+ match "product" "(0x000a|0x000c)";
+ action "kldload if_cue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x043e";
+ match "product" "0x9c01";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x045a";
+ match "product" "(0x5001|0x5002)";
+ action "kldload urio";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x045b";
+ match "product" "0x0053";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x045e";
+ match "product" "0x0079";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x045e";
+ match "product" "0x007a";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x045e";
+ match "product" "(0x00ce|0x0400|0x0401|0x0402|0x0403|0x0404|0x0405|0x0406|0x0407|0x0408|0x0409|0x040a|0x040b|0x040c|0x040d|0x040e|0x040f|0x0410|0x0411|0x0412|0x0413|0x0414|0x0415|0x0416|0x0417|0x0432|0x0433|0x0434|0x0435|0x0436|0x0437|0x0438|0x0439|0x043a|0x043b|0x043c|0x043d|0x043e|0x043f|0x0440|0x0441|0x0442|0x0443|0x0444|0x0445|0x0446|0x0447|0x0448|0x0449|0x044a|0x044b|0x044c|0x044d|0x044e|0x044f|0x0450|0x0451|0x0452|0x0453|0x0454|0x0455|0x0456|0x0457|0x0458|0x0459|0x045a|0x045b|0x045c|0x045d|0x045e|0x045f|0x0460|0x0461|0x0462|0x0463|0x0464|0x0465|0x0466|0x0467|0x0468|0x0469|0x046a|0x046b|0x046c|0x046d|0x046e|0x046f|0x0470|0x0471|0x0472|0x0473|0x0474|0x0475|0x0476|0x0477|0x0478|0x0479|0x047a|0x047b|0x04c8|0x04c9|0x04ca|0x04cb|0x04cc|0x04cd|0x04ce|0x04d7|0x04d8|0x04d9|0x04da|0x04db|0x04dc|0x04dd|0x04de|0x04df|0x04e0|0x04e1|0x04e2|0x04e3|0x04e4|0x04e5|0x04e6|0x04e7|0x04e8|0x04e9|0x04ea)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0471";
+ match "product" "0x066a";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0471";
+ match "product" "0x1236";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0471";
+ match "product" "0x200f";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0482";
+ match "product" "0x0203";
+ action "kldload umodem";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0489";
+ match "product" "(0xe000|0xe003)";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x049f";
+ match "product" "(0x0003|0x0032)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x049f";
+ match "product" "0x505a";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04a4";
+ match "product" "0x0014";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04a5";
+ match "product" "0x4027";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04a5";
+ match "product" "0x4068";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04ad";
+ match "product" "(0x0301|0x0302|0x0303|0x0306)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04b4";
+ match "product" "0x1002";
+ action "kldload ufm";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04b7";
+ match "product" "0x0531";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04b8";
+ match "product" "(0x0521|0x0522)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04bb";
+ match "product" "0x0901";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04bb";
+ match "product" "(0x0904|0x0913)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04bb";
+ match "product" "0x0930";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04bb";
+ match "product" "(0x0944|0x0945|0x0947|0x0948)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04bb";
+ match "product" "(0x0a03|0x0a0e)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04bf";
+ match "product" "(0x0115|0x0117)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04c5";
+ match "product" "(0x1058|0x1079)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04da";
+ match "product" "0x2500";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04da";
+ match "product" "0x3900";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04dd";
+ match "product" "(0x8004|0x8005|0x8006|0x8007|0x9031)";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04dd";
+ match "product" "(0x9102|0x9121|0x9123|0x9151|0x91ac|0x9242)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04e8";
+ match "product" "0x2018";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04e8";
+ match "product" "(0x5f00|0x5f01|0x5f02|0x5f03|0x5f04)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04e8";
+ match "product" "0x6601";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04e8";
+ match "product" "(0x6611|0x6613|0x6615|0x6617|0x6619|0x661b|0x662e|0x6630|0x6632)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04e8";
+ match "product" "0x8001";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04f1";
+ match "product" "0x3008";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x04f1";
+ match "product" "(0x3011|0x3012)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0502";
+ match "product" "(0x1631|0x1632|0x16e1|0x16e2|0x16e3)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0506";
+ match "product" "(0x03e8|0x11f8)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0506";
+ match "product" "0x4601";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x0103";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x0109";
+ action "kldload umct";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x0121";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x0257";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x0409";
+ action "kldload umct";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x1203";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x4050";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x5055";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x7050";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "(0x7050|0x7051)";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x705a";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x705c";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x705e";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "(0x8053|0x805c|0x815c|0x825a|0x825b)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x905b";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x050d";
+ match "product" "0x935a";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0525";
+ match "product" "0x1080";
+ action "kldload udbp";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0525";
+ match "product" "0xa4a2";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0536";
+ match "product" "0x01a0";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0543";
+ match "product" "(0x0ed9|0x1527|0x1529|0x152b|0x152e|0x1921|0x1922|0x1923)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0547";
+ match "product" "0x2008";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0547";
+ match "product" "0x2720";
+ action "kldload udbp";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x054c";
+ match "product" "(0x0038|0x0066|0x0095|0x009a|0x00da|0x0169)";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x054c";
+ match "product" "0x0437";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0557";
+ match "product" "0x2002";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0557";
+ match "product" "0x2007";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0557";
+ match "product" "0x2008";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0557";
+ match "product" "0x2009";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0557";
+ match "product" "0x4000";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x055d";
+ match "product" "0x2018";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0565";
+ match "product" "0x0001";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0565";
+ match "product" "(0x0002|0x0003|0x0005)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0567";
+ match "product" "(0x2000|0x2002)";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x056c";
+ match "product" "0x8007";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x056e";
+ match "product" "(0x200c|0x4002|0x4005|0x400b|0x4010)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x056e";
+ match "product" "(0x5003|0x5004)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x056e";
+ match "product" "0xabc1";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x057c";
+ match "product" "(0x2200|0x3800)";
+ action "kldload ng_ubt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0584";
+ match "product" "0xb000";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0584";
+ match "product" "0xb020";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0586";
+ match "product" "(0x3401|0x3407|0x3409|0x340a|0x340f|0x3410)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0586";
+ match "product" "(0x3416|0x341a)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x058f";
+ match "product" "0x9720";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05a6";
+ match "product" "0x0101";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05ac";
+ match "product" "(0x020d|0x020e|0x020f|0x0215|0x0217|0x0218|0x0219|0x021a|0x021b|0x021c|0x0229|0x022a|0x022b|0x030a|0x030b)";
+ action "kldload atp";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05ac";
+ match "product" "0x1402";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05ad";
+ match "product" "0x0fba";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05c6";
+ match "product" "(0x6000|0x6613)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05cc";
+ match "product" "0x3000";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05db";
+ match "product" "(0x0003|0x0005|0x0009|0x000a|0x0011)";
+ action "kldload uvscom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05e0";
+ match "product" "(0x2000|0x2001|0x2002|0x2003|0x2004|0x2005|0x2006|0x2007|0x2008|0x2009|0x200a)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05e3";
+ match "product" "0x0501";
+ action "kldload udbp";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x05e9";
+ match "product" "(0x0008|0x0009)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x066b";
+ match "product" "(0x200c|0x2202)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x066b";
+ match "product" "0x2202";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x066b";
+ match "product" "(0x2203|0x2204|0x2206|0x400b)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0675";
+ match "product" "0x0550";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x067b";
+ match "product" "(0x0000|0x0001)";
+ action "kldload udbp";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x067b";
+ match "product" "(0x04bb|0x0609|0x0611|0x0612|0x1234|0x206a|0x2303)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x067b";
+ match "product" "0x2501";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x067b";
+ match "product" "(0x331a|0xaaa0|0xaaa2)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x067c";
+ match "product" "0x1001";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x067e";
+ match "product" "0x1001";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0681";
+ match "product" "0x3c06";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x06e1";
+ match "product" "(0x0008|0x0009)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x06f8";
+ match "product" "0xe000";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x06f8";
+ match "product" "(0xe010|0xe020)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x06f8";
+ match "product" "0xe030";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0707";
+ match "product" "0x0100";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0707";
+ match "product" "(0x0200|0x0201)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0707";
+ match "product" "0xee13";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0707";
+ match "product" "0xee13";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0711";
+ match "product" "(0x0200|0x0210|0x0230)";
+ action "kldload umct";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0731";
+ match "product" "(0x0528|0x2003)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0745";
+ match "product" "0x0001";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0745";
+ match "product" "0x1000";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0769";
+ match "product" "0x11f2";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0769";
+ match "product" "0x11f3";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0769";
+ match "product" "0x31f3";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x077b";
+ match "product" "0x2226";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0789";
+ match "product" "0x010c";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0789";
+ match "product" "0x0160";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0789";
+ match "product" "(0x0162|0x0163|0x0164)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x078b";
+ match "product" "0x1234";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x079b";
+ match "product" "0x0027";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x079b";
+ match "product" "(0x004a|0x0062)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07a6";
+ match "product" "(0x07c2|0x0986|0x8511|0x8513|0x8515)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07aa";
+ match "product" "0x0001";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07aa";
+ match "product" "(0x0004|0x000d)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07aa";
+ match "product" "0x0017";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07aa";
+ match "product" "0x002a";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07aa";
+ match "product" "(0x002d|0x002e)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07aa";
+ match "product" "(0x002f|0x003c|0x003f|0x0041|0x0042)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07aa";
+ match "product" "0x9601";
+ action "kldload if_udav";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "(0x110c|0x200c)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "(0x2770|0x2870|0x3070|0x3071|0x3072)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "0x4000";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "(0x4002|0x4003|0x4004|0x4007|0x400b|0x400c|0x4102|0x4104)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "0x420a";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "0x6001";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "0xabc1";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07b8";
+ match "product" "(0xb21b|0xb21c|0xb21d|0xb21e|0xb21f)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07c9";
+ match "product" "0xb100";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07cf";
+ match "product" "(0x2001|0x2002|0x2003)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07d1";
+ match "product" "0x3a0c";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07d1";
+ match "product" "(0x3c03|0x3c04|0x3c06|0x3c07)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x07d1";
+ match "product" "(0x3c09|0x3c0a|0x3c0b|0x3c0d|0x3c0e|0x3c0f|0x3c11|0x3c13|0x3c15|0x3c16)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x081e";
+ match "product" "0xdf00";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x082d";
+ match "product" "(0x0100|0x0200|0x0300)";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0830";
+ match "product" "(0x0001|0x0002|0x0003|0x0020|0x0031|0x0040|0x0050|0x0060|0x0061|0x0070)";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0833";
+ match "product" "(0x012e|0x039f)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x083a";
+ match "product" "0x1046";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x083a";
+ match "product" "(0x4505|0x4506)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x083a";
+ match "product" "0x4508";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x083a";
+ match "product" "0x4521";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x083a";
+ match "product" "0x5046";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x083a";
+ match "product" "(0x6618|0x7511|0x7512|0x7522|0x8522|0xa512|0xa618|0xa701|0xa702|0xb522|0xc522|0xd522)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x083a";
+ match "product" "0xe501";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0841";
+ match "product" "0x0001";
+ action "kldload urio";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0846";
+ match "product" "(0x1001|0x1002)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0846";
+ match "product" "0x1020";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0846";
+ match "product" "0x1040";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0846";
+ match "product" "0x4240";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0846";
+ match "product" "0x4260";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0846";
+ match "product" "0x4300";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0846";
+ match "product" "(0x6100|0x6a00)";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0856";
+ match "product" "0xac01";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x085a";
+ match "product" "(0x0008|0x0009)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x086e";
+ match "product" "0x1920";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x087d";
+ match "product" "0x5704";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x08d1";
+ match "product" "0x0001";
+ action "kldload if_cue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x08d1";
+ match "product" "0x0003";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x08dd";
+ match "product" "(0x0986|0x0987|0x0988|0x8511)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x08dd";
+ match "product" "0x90ff";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x08e6";
+ match "product" "0x5501";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x08fd";
+ match "product" "0x000a";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0915";
+ match "product" "(0x2000|0x2002)";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x091e";
+ match "product" "0x0004";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0921";
+ match "product" "0x1001";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0930";
+ match "product" "(0x0700|0x0705|0x0706|0x0707|0x0708|0x0709|0x070a|0x070b)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0930";
+ match "product" "0x0a07";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0930";
+ match "product" "(0x0d45|0x1302)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x093c";
+ match "product" "(0x0601|0x0701)";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x094b";
+ match "product" "0x0001";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0951";
+ match "product" "0x0008";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0951";
+ match "product" "0x000a";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x095a";
+ match "product" "0x3003";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0960";
+ match "product" "(0x0065|0x0066|0x0067)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0961";
+ match "product" "0x0010";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x099e";
+ match "product" "(0x0052|0x4000)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x09aa";
+ match "product" "0x1000";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x09d7";
+ match "product" "0x0100";
+ action "kldload ugensa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0a46";
+ match "product" "(0x0268|0x8515|0x9601)";
+ action "kldload if_udav";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0a5c";
+ match "product" "0x2033";
+ action "kldload ubtbcmfw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0ace";
+ match "product" "(0x1211|0x1215)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "(0x5000|0x6000|0x6050|0x6100|0x6150|0x6200|0x6250|0x6300|0x6350|0x6500|0x6501|0x6600|0x6601|0x6701)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0x6711";
+ action "kldload uhso";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "(0x6721|0x6741|0x6761|0x6800|0x6901)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0x6911";
+ action "kldload uhso";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0x6971";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0x6971";
+ action "kldload uhso";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0x7001";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0x7011";
+ action "kldload uhso";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "(0x7021|0x7041|0x7061|0x7100|0x7201|0x7211)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "(0x7251|0x7301|0x7361|0x7381|0x7401|0x7501)";
+ action "kldload uhso";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0x7601";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "(0x7601|0xc031|0xd013|0xd031)";
+ action "kldload uhso";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "0xd033";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0af0";
+ match "product" "(0xd033|0xd055|0xd055)";
+ action "kldload uhso";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b05";
+ match "product" "(0x1706|0x1707)";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b05";
+ match "product" "(0x170c|0x171b)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b05";
+ match "product" "0x171d";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b05";
+ match "product" "(0x1723|0x1724)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b05";
+ match "product" "(0x1731|0x1732|0x1742|0x1760|0x1761|0x1784|0x1790)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b05";
+ match "product" "(0x4200|0x4201|0x4202|0x420f|0x9200|0x9202)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b39";
+ match "product" "0x0109";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b39";
+ match "product" "0x0421";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b3b";
+ match "product" "(0x1630|0x5630|0x6630)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b41";
+ match "product" "0x0011";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b63";
+ match "product" "0x6530";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b8c";
+ match "product" "0x2303";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0b95";
+ match "product" "(0x1720|0x1780|0x7720|0x772a|0x772b)";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0baf";
+ match "product" "0x0118";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0baf";
+ match "product" "0x0121";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0bb2";
+ match "product" "0x6098";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0bb4";
+ match "product" "(0x00ce|0x00cf|0x00cf|0x0a01|0x0a02|0x0a03|0x0a04|0x0a05|0x0a06|0x0a07|0x0a08|0x0a09|0x0a0a|0x0a0b|0x0a0c|0x0a0d|0x0a0e|0x0a0f|0x0a10|0x0a11|0x0a12|0x0a13|0x0a14|0x0a15|0x0a16|0x0a17|0x0a18|0x0a19|0x0a1a|0x0a1b|0x0a1c|0x0a1d|0x0a1e|0x0a1f|0x0a20|0x0a21|0x0a22|0x0a23|0x0a24|0x0a25|0x0a26|0x0a27|0x0a28|0x0a29|0x0a2a|0x0a2b|0x0a2c|0x0a2d|0x0a2e|0x0a2f|0x0a30|0x0a31|0x0a32|0x0a33|0x0a34|0x0a35|0x0a36|0x0a37|0x0a38|0x0a39|0x0a3a|0x0a3b|0x0a3c|0x0a3d|0x0a3e|0x0a3f|0x0a40|0x0a41|0x0a42|0x0a43|0x0a44|0x0a45|0x0a46|0x0a47|0x0a48|0x0a49|0x0a4a|0x0a4b|0x0a4c|0x0a4d|0x0a4e|0x0a4f|0x0a50|0x0a51|0x0a52|0x0a53|0x0a54|0x0a55|0x0a56|0x0a57|0x0a58|0x0a59|0x0a5a|0x0a5b|0x0a5c|0x0a5d|0x0a5e|0x0a5f|0x0a60|0x0a61|0x0a62|0x0a63|0x0a64|0x0a65|0x0a66|0x0a67|0x0a68|0x0a69|0x0a6a|0x0a6b|0x0a6c|0x0a6d|0x0a6e|0x0a6f|0x0a70|0x0a71|0x0a72|0x0a73|0x0a74|0x0a75|0x0a76|0x0a77|0x0a78|0x0a79|0x0a7a|0x0a7b|0x0a7c|0x0a7d|0x0a7e|0x0a7f|0x0a80|0x0a81|0x0a82|0x0a83|0x0a84|0x0a85|0x0a86|0x0a87|0x0a88|0x0a89|0x0a8a|0x0a8b|0x0a8c|0x0a8d|0x0a8e|0x0a8f|0x0a90|0x0a91|0x0a92|0x0a93|0x0a94|0x0a95|0x0a96|0x0a97|0x0a98|0x0a99|0x0a9a|0x0a9b|0x0a9c|0x0a9d|0x0a9e|0x0a9f|0x0bce)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0bda";
+ match "product" "0x8150";
+ action "kldload if_rue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0bda";
+ match "product" "(0x8187|0x8189|0x8197|0x8198)";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0bed";
+ match "product" "(0x1100|0x1101)";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0bf8";
+ match "product" "0x1001";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0bf8";
+ match "product" "0x1009";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0c44";
+ match "product" "0x03a2";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0c88";
+ match "product" "0x17da";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0c88";
+ match "product" "0x17da";
+ action "kldload ugensa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0c88";
+ match "product" "0x180a";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0c8e";
+ match "product" "0x6000";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cad";
+ match "product" "0x9001";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cde";
+ match "product" "0x0008";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cde";
+ match "product" "0x0011";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cde";
+ match "product" "0x0012";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cde";
+ match "product" "0x0015";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cde";
+ match "product" "0x001a";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cde";
+ match "product" "(0x0022|0x0025)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0cf3";
+ match "product" "(0x0001|0x0003|0x0005)";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0d8e";
+ match "product" "0x3762";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0d8e";
+ match "product" "(0x7801|0x7811)";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0db0";
+ match "product" "(0x3820|0x3821|0x3822|0x3870|0x3871)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0db0";
+ match "product" "(0x6861|0x6865|0x6869)";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0db0";
+ match "product" "(0x6874|0x6877)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0db0";
+ match "product" "(0x6899|0x821a|0x822a|0x870a|0x871a|0x899a)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0db0";
+ match "product" "(0xa861|0xa874)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0db7";
+ match "product" "0x0002";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "0x000d";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "0x0017";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "0x0021";
+ action "kldload if_mos";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "0x0028";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "(0x002b|0x002c|0x002d|0x0039|0x003b|0x003c|0x003d|0x003e|0x003f|0x0040|0x0041|0x0042|0x0047|0x0048|0x004a|0x004d)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "0x061c";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "(0x9071|0x9075)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df6";
+ match "product" "(0x90ac|0x9712)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0df7";
+ match "product" "0x0620";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0e0b";
+ match "product" "(0x9031|0x9041)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0e55";
+ match "product" "0x110b";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0e66";
+ match "product" "(0x0001|0x0003|0x0009|0x000b)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0e66";
+ match "product" "0x400c";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0e67";
+ match "product" "0x0002";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0e7e";
+ match "product" "0x1001";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0ea0";
+ match "product" "0x6858";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0eab";
+ match "product" "0xc893";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0eb0";
+ match "product" "0x9020";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0eb0";
+ match "product" "0x9021";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0eba";
+ match "product" "(0x1080|0x2080)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0eef";
+ match "product" "(0x0001|0x0002)";
+ action "kldload uep";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f3d";
+ match "product" "0x0112";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f3d";
+ match "product" "0x0112";
+ action "kldload ugensa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f3d";
+ match "product" "0x68a3";
+ action "kldload usie";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f4e";
+ match "product" "0x0200";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f88";
+ match "product" "0x3012";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f88";
+ match "product" "0x3014";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f94";
+ match "product" "0x0001";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0f98";
+ match "product" "0x0201";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0fb8";
+ match "product" "(0x3001|0x3002|0x3003|0x4001)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0fcf";
+ match "product" "(0x1003|0x1004|0x1006)";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x0fe6";
+ match "product" "(0x8101|0x9700)";
+ action "kldload if_udav";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x100d";
+ match "product" "(0x9031|0x9032)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1011";
+ match "product" "0x3198";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1044";
+ match "product" "0x8001";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1044";
+ match "product" "0x8002";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1044";
+ match "product" "0x8007";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1044";
+ match "product" "(0x8008|0x800a)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1044";
+ match "product" "(0x800b|0x800c|0x800d)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1066";
+ match "product" "(0x00ce|0x0300|0x0500|0x0600|0x0700)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x106c";
+ match "product" "0x3701";
+ action "kldload umodem";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10a6";
+ match "product" "0xaa26";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10ab";
+ match "product" "0x10c5";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10b5";
+ match "product" "0xac70";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10b5";
+ match "product" "0xac70";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10bd";
+ match "product" "0x1427";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10c4";
+ match "product" "(0x0f91|0x1101|0x1601|0x800a|0x803b|0x8043|0x8044)";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10c4";
+ match "product" "0x8053";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10c4";
+ match "product" "(0x8066|0x806f|0x807a|0x80ca|0x80dd|0x80ed|0x80f6|0x8115|0x813d|0x813f|0x814a|0x814a|0x814b|0x8156|0x815e|0x818b|0x819f|0x81a6|0x81ac|0x81ad|0x81c8|0x81e2|0x81e7|0x81e8|0x81f2|0x8218|0x822b|0x826b|0x8293|0x82f9|0x8341|0x8382|0x83a8|0x8411|0x846e|0x8477|0xea60|0xea61|0xea71|0xf001|0xf002|0xf003|0xf004)";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10c5";
+ match "product" "0xea61";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x10ce";
+ match "product" "0xea61";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1114";
+ match "product" "(0x0001|0x0004|0x0006)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x114b";
+ match "product" "0x0110";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x114b";
+ match "product" "0x0150";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1163";
+ match "product" "0x0100";
+ action "kldload ucycom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1182";
+ match "product" "0x1388";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1186";
+ match "product" "0x3e04";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1189";
+ match "product" "0x0893";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1199";
+ match "product" "(0x0017|0x0018|0x0019|0x0020|0x0021|0x0022|0x0023|0x0024|0x0025|0x0026|0x0027|0x0028|0x0029|0x0112|0x0120|0x0218)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1199";
+ match "product" "0x0218";
+ action "kldload umodem";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1199";
+ match "product" "(0x0220|0x0224|0x0fff)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1199";
+ match "product" "0x0fff";
+ action "kldload usie";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1199";
+ match "product" "(0x6802|0x6803|0x6804|0x6805|0x6808|0x6809|0x6812|0x6813|0x6815|0x6816|0x6820|0x6821|0x6822|0x6832|0x6833|0x6834|0x6835|0x6838|0x6839|0x683a|0x683b|0x683c|0x683d|0x683e|0x6850|0x6851|0x6852|0x6853|0x6855|0x6856|0x6859|0x685a|0x6880|0x6890|0x6891|0x6892|0x6893|0x68a3)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1199";
+ match "product" "0x68a3";
+ action "kldload usie";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x11ad";
+ match "product" "0x0701";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x11d9";
+ match "product" "(0x1002|0x1003)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x11f5";
+ match "product" "(0x0001|0x0003|0x0004|0x0005)";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x11f6";
+ match "product" "0x2001";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x11f7";
+ match "product" "0x02df";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1231";
+ match "product" "(0xce01|0xce02)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x126f";
+ match "product" "0xa006";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x129b";
+ match "product" "0x1666";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x129b";
+ match "product" "0x1828";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x12d1";
+ match "product" "(0x1001|0x1003|0x1004|0x1401|0x1402|0x1403|0x1404|0x1405|0x1406|0x1407|0x1408|0x1409|0x140a|0x140b|0x140c|0x140d|0x140e|0x140f|0x1410|0x1411|0x1412|0x1413|0x1414|0x1415|0x1416|0x1417|0x1418|0x1419|0x141a|0x141b|0x141c|0x141d|0x141e|0x141f|0x1420|0x1421|0x1422|0x1423|0x1424|0x1425|0x1426|0x1427|0x1428|0x1429|0x142a|0x142b|0x142c|0x142d|0x142e|0x142f|0x1430|0x1431|0x1432|0x1433|0x1434|0x1435|0x1436|0x1437|0x1438|0x1439|0x143a|0x143b|0x143c|0x143d|0x143e|0x143f|0x1446|0x1465|0x14ac|0x1520|0x1c05|0x1c0b)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x12ef";
+ match "product" "0x0100";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1342";
+ match "product" "0x0204";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1371";
+ match "product" "(0x9022|0x9032)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1371";
+ match "product" "0x9401";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1385";
+ match "product" "(0x4250|0x5f00|0x5f02)";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13ad";
+ match "product" "0x9999";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13b1";
+ match "product" "0x000c";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13b1";
+ match "product" "(0x000d|0x0011)";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13b1";
+ match "product" "0x0018";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13b1";
+ match "product" "0x001a";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13b1";
+ match "product" "(0x0020|0x0023)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13b1";
+ match "product" "0x0024";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13b1";
+ match "product" "0x002f";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13d2";
+ match "product" "0x0400";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x13d3";
+ match "product" "(0x3247|0x3262|0x3273|0x3284|0x3305)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1410";
+ match "product" "(0x1100|0x1110|0x1120|0x1130|0x1400|0x1410|0x1420|0x1430|0x1450|0x2100|0x2110|0x2120|0x2130|0x2400|0x2410|0x2420|0x4100|0x4400|0x5010|0x5100|0x6000|0x6002|0x7042)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1416";
+ match "product" "0x1110";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1435";
+ match "product" "0x0427";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1435";
+ match "product" "0x0711";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1435";
+ match "product" "(0x0826|0x082a)";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1453";
+ match "product" "0x4026";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1472";
+ match "product" "0x0009";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1482";
+ match "product" "0x3c09";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1485";
+ match "product" "(0x0001|0x0002)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x148f";
+ match "product" "0x1706";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x148f";
+ match "product" "0x2070";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x148f";
+ match "product" "0x2570";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x148f";
+ match "product" "(0x2573|0x2671)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x148f";
+ match "product" "(0x2770|0x2870|0x3070|0x3071|0x3072|0x3370|0x3572|0x8070)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x148f";
+ match "product" "0x9020";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x148f";
+ match "product" "0x9021";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x14b2";
+ match "product" "0x3c02";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x14b2";
+ match "product" "(0x3c06|0x3c07|0x3c08|0x3c09|0x3c11|0x3c12)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x14b2";
+ match "product" "0x3c22";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x14b2";
+ match "product" "(0x3c23|0x3c25|0x3c25|0x3c27|0x3c28)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x14ea";
+ match "product" "0xab10";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x14ea";
+ match "product" "0xab11";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x14ea";
+ match "product" "0xab13";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1555";
+ match "product" "0x0004";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1557";
+ match "product" "0x7720";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1557";
+ match "product" "0x8150";
+ action "kldload if_rue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x157e";
+ match "product" "0x3006";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x157e";
+ match "product" "(0x300a|0x300b|0x300d)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x157e";
+ match "product" "0x300e";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x157e";
+ match "product" "0x3204";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x157e";
+ match "product" "0x3205";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1582";
+ match "product" "0x6003";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x15a9";
+ match "product" "0x0004";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x15a9";
+ match "product" "(0x0006|0x0010)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x15c5";
+ match "product" "0x0008";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x15e8";
+ match "product" "(0x9100|0x9110)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1614";
+ match "product" "(0x0800|0x0802|0x7002)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1631";
+ match "product" "0x6200";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1631";
+ match "product" "0xc019";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1645";
+ match "product" "(0x0005|0x0008|0x8005)";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x166a";
+ match "product" "0x0303";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x167b";
+ match "product" "0x4001";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x168c";
+ match "product" "0x0001";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1690";
+ match "product" "0x0601";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1690";
+ match "product" "(0x0710|0x0712)";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1690";
+ match "product" "0x0722";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1690";
+ match "product" "(0x0740|0x0744)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16ab";
+ match "product" "(0x7801|0x7811)";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16d5";
+ match "product" "(0x6202|0x6501)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16d5";
+ match "product" "0x6501";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16d5";
+ match "product" "0x6502";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16d5";
+ match "product" "0x6502";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16d6";
+ match "product" "(0x0001|0x0001)";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16d8";
+ match "product" "(0x6006|0x6280)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16d8";
+ match "product" "0x6280";
+ action "kldload ugensa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x16dc";
+ match "product" "(0x0010|0x0011|0x0012|0x0015)";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1726";
+ match "product" "0x1000";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1726";
+ match "product" "0x1000";
+ action "kldload ubsa";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1737";
+ match "product" "0x0039";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1737";
+ match "product" "(0x0070|0x0071)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1737";
+ match "product" "0x0073";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1737";
+ match "product" "(0x0077|0x0078|0x0079)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1740";
+ match "product" "(0x0605|0x0615)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1740";
+ match "product" "0x2000";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1740";
+ match "product" "(0x9701|0x9702|0x9703|0x9705|0x9706|0x9707|0x9708|0x9709|0x9801)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1761";
+ match "product" "0x0b05";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x177f";
+ match "product" "(0x0153|0x0302|0x0313)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x17f4";
+ match "product" "0xaaaa";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1843";
+ match "product" "0x0200";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x18c5";
+ match "product" "0x0002";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x18c5";
+ match "product" "(0x0008|0x0012)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x18e8";
+ match "product" "(0x6196|0x6229)";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x18e8";
+ match "product" "0x6232";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x18e8";
+ match "product" "0x6238";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x18e8";
+ match "product" "0x6259";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x18ef";
+ match "product" "0xe00f";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x19d2";
+ match "product" "(0x0001|0x0002|0x0003|0x0004|0x0005|0x0006|0x0007|0x0008|0x0009|0x000a|0x000b|0x000c|0x000d|0x000e|0x000f|0x0010|0x0011|0x0012|0x0013|0x0014|0x0015|0x0016|0x0017|0x0018|0x0019|0x0020|0x0021|0x0022|0x0023|0x0024|0x0025|0x0026|0x0027|0x0028|0x0029|0x0030|0x0031|0x0032|0x0033|0x0037|0x0039|0x0042|0x0043|0x0048|0x0049|0x0051|0x0052|0x0053|0x0054|0x0055|0x0057|0x0058|0x0059|0x0060|0x0061|0x0062|0x0063|0x0064|0x0066|0x0069|0x0070|0x0073|0x0076|0x0078|0x0082|0x0086|0x0117|0x2000|0x2002|0x2003|0xfff1|0xfff5|0xfffe)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1a86";
+ match "product" "0x7523";
+ action "kldload uchcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1a8d";
+ match "product" "(0x1002|0x1003|0x1004|0x1005|0x1006|0x1007|0x1008|0x1009|0x100a|0x100b|0x100c|0x100d|0x100e|0x100f|0x1010|0x1011|0x1012)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1b3d";
+ match "product" "0x0153";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1b75";
+ match "product" "0x3072";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1b75";
+ match "product" "0x8187";
+ action "kldload if_urtw";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1bbb";
+ match "product" "(0x0000|0xf000)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1bc7";
+ match "product" "(0x1003|0x1004)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1be3";
+ match "product" "0x07a6";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1c9e";
+ match "product" "(0x6061|0x9603|0x9605|0xf000)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1cf1";
+ match "product" "(0x0001|0x0004)";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1d09";
+ match "product" "0x4000";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1d4d";
+ match "product" "(0x0002|0x000c|0x000e|0x0010)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1da5";
+ match "product" "(0x4512|0x4515|0x4519|0x4523)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1e0e";
+ match "product" "(0x9000|0x9200|0xce16)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x1eda";
+ match "product" "0x2310";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "0x1a00";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "0x200c";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "(0x3a00|0x3a02|0x3a04)";
+ action "kldload if_uath";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "0x3c00";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "0x3c05";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "(0x3c09|0x3c0a)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "0x4000";
+ action "kldload if_kue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2001";
+ match "product" "(0x4001|0x4002|0x4003|0x400b|0x4102|0xabc1)";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2019";
+ match "product" "0x5303";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2019";
+ match "product" "0xab01";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2019";
+ match "product" "(0xab24|0xab25)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2019";
+ match "product" "0xab50";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2019";
+ match "product" "(0xc007|0xed01)";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2019";
+ match "product" "0xed02";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2019";
+ match "product" "(0xed06|0xed14)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x203d";
+ match "product" "(0x1480|0x14a1|0x14a9)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x20b8";
+ match "product" "0x8888";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x20b9";
+ match "product" "0x1682";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x22b8";
+ match "product" "(0x4204|0x4214|0x4224|0x4234|0x4244)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x22b8";
+ match "product" "(0x600c|0x6027)";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x2478";
+ match "product" "0x2008";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x3334";
+ match "product" "0x1701";
+ action "kldload if_aue";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x3340";
+ match "product" "(0x011c|0x0326|0x0426|0x043a|0x051c|0x053a|0x071c|0x0b1c|0x0e3a|0x0f1c|0x0f3a|0x1326|0x191c|0x2326|0x3326)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x3708";
+ match "product" "(0x20ce|0x21ce)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x4113";
+ match "product" "(0x0210|0x0211|0x0400|0x0410)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x413c";
+ match "product" "(0x4001|0x4002|0x4003|0x4004|0x4005|0x4006|0x4007|0x4008|0x4009)";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x413c";
+ match "product" "(0x8102|0x8104)";
+ action "kldload if_upgt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x413c";
+ match "product" "(0x8114|0x8115|0x8116|0x8117|0x8118|0x8128|0x8129|0x8133|0x8134|0x8135|0x8136|0x8137|0x8138|0x8180|0x8181|0x8182)";
+ action "kldload u3g";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x413c";
+ match "product" "0x9500";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x4348";
+ match "product" "0x5523";
+ action "kldload uchcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x4505";
+ match "product" "0x0010";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x4766";
+ match "product" "0x0001";
+ action "kldload uvisor";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x5173";
+ match "product" "0x1809";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x5372";
+ match "product" "0x2303";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x5a57";
+ match "product" "0x0260";
+ action "kldload if_ural";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x5a57";
+ match "product" "(0x0280|0x0282|0x0283|0x0284|0x5257)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x5e04";
+ match "product" "0xce00";
+ action "kldload uipaq";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x6189";
+ match "product" "0x182d";
+ action "kldload if_axe";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x6189";
+ match "product" "0x2068";
+ action "kldload uplcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x6547";
+ match "product" "0x0232";
+ action "kldload uark";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x6891";
+ match "product" "0xa727";
+ action "kldload if_zyd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x7392";
+ match "product" "0x7318";
+ action "kldload if_rum";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x7392";
+ match "product" "(0x7711|0x7717|0x7718)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x8516";
+ match "product" "(0x2070|0x2770|0x2870|0x3070|0x3071|0x3072|0x3572)";
+ action "kldload if_run";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x9710";
+ match "product" "0x7703";
+ action "kldload umoscom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x9710";
+ match "product" "0x7730";
+ action "kldload if_mos";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x9710";
+ match "product" "0x7820";
+ action "kldload umcs";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x9710";
+ match "product" "0x7830";
+ action "kldload if_mos";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x9710";
+ match "product" "0x7840";
+ action "kldload umcs";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0x9e88";
+ match "product" "0x9e8f";
+ action "kldload uftdi";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "vendor" "0xdaae";
+ match "product" "0xead6";
+ action "kldload uslcom";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x02";
+ match "intsubclass" "0x02";
+ match "intprotocol" "0x01";
+ action "kldload umodem";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x03";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x01";
+ action "kldload ukbd";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x03";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x02";
+ action "kldload ums";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x07";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x01";
+ action "kldload ulpt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x07";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x02";
+ action "kldload ulpt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x07";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x03";
+ action "kldload ulpt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0xe0";
+ match "intsubclass" "0x01";
+ match "intprotocol" "0x01";
+ action "kldload ng_ubt";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0xff";
+ match "intsubclass" "0x5d";
+ match "intprotocol" "0x01";
+ action "kldload uhid";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x01";
+ match "intsubclass" "0x01";
+ action "kldload snd_uaudio";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x01";
+ match "intsubclass" "0x03";
+ action "kldload snd_uaudio";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "(host|device)";
+ match "intclass" "0x02";
+ match "intsubclass" "0x06";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "(host|device)";
+ match "intclass" "0x02";
+ match "intsubclass" "0x0a";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "(host|device)";
+ match "intclass" "0x02";
+ match "intsubclass" "0x0d";
+ action "kldload if_cdce";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x02";
+ match "intsubclass" "0x88";
+ action "kldload ufoma";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x03";
+ action "kldload uhid";
+};
+
+nomatch 32 {
+ match "bus" "uhub[0-9]+";
+ match "mode" "host";
+ match "intclass" "0x08";
+ action "kldload umass";
+};
+
+# 1645 USB entries processed
+
diff --git a/etc/devfs.conf b/etc/devfs.conf
new file mode 100644
index 0000000..d3d6075
--- /dev/null
+++ b/etc/devfs.conf
@@ -0,0 +1,43 @@
+# Copyright (c) 2003 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+
+# These are examples of how to configure devices using /etc/rc.d/devfs.
+# The first parameter is always the action to take, the second is always the
+# existing device created by devfs, and the last is what you want to change.
+# The name of the action is only significant to the first unique character.
+#
+# Examples:
+
+# Commonly used by many ports
+#link cd0 cdrom
+#link cd0 dvd
+
+# Allow a user in the wheel group to query the smb0 device
+#perm smb0 0660
+
+# Allow members of group operator to cat things to the speaker
+#own speaker root:operator
+#perm speaker 0660
diff --git a/etc/dhclient.conf b/etc/dhclient.conf
new file mode 100644
index 0000000..a7639d9
--- /dev/null
+++ b/etc/dhclient.conf
@@ -0,0 +1,8 @@
+# $FreeBSD$
+#
+# This file is required by the ISC DHCP client.
+# See ``man 5 dhclient.conf'' for details.
+#
+# In most cases an empty file is sufficient for most people as the
+# defaults are usually fine.
+#
diff --git a/etc/disktab b/etc/disktab
new file mode 100644
index 0000000..136a816
--- /dev/null
+++ b/etc/disktab
@@ -0,0 +1,198 @@
+# $FreeBSD$
+#
+# Disk geometry and partition layout tables.
+# See disktab(5) for format of this file.
+#
+
+#
+# Floppy formats:
+#
+# To make a filesystem on a floppy:
+# fdformat [-f <size>] fd<drive>[.<size>]
+# disklabel -B -r -w fd<drive>[.<size>] fd<size>
+# newfs <opts> fd<drive>[.<size>]
+#
+# with <opts>:
+# -t 2 - two heads
+# -u 9|15|18 - sectors per track
+# (using the default value of 1/4096 is not much useful for floppies)
+# -l 1 - interleave 1 (for most floppies)
+# -i 65536 - bytes of data per i-node
+# (the default -i value will render you with a floppy wasting way
+# too much space in i-node areas)
+#
+
+fd360:\
+ :ty=floppy:se#512:nt#2:rm#300:ns#9:nc#40:\
+ :pa#720:oa#0:ba#4096:fa#512:\
+ :pc#720:oc#0:bc#4096:fc#512:
+
+fd720:\
+ :ty=floppy:se#512:nt#2:rm#300:ns#9:nc#80:\
+ :pa#1440:oa#0:ba#4096:fa#512:\
+ :pc#1440:oc#0:bc#4096:fc#512:
+
+fd1200|floppy5|5in|5.25in High Density Floppy:\
+ :ty=floppy:se#512:nt#2:rm#360:ns#15:nc#80:\
+ :pa#2400:oa#0:ba#4096:fa#512:\
+ :pc#2400:oc#0:bc#4096:fc#512:
+
+fd1440|floppy|floppy3|3in|3.5in High Density Floppy:\
+ :ty=floppy:se#512:nt#2:rm#300:ns#18:nc#80:\
+ :pa#2880:oa#0:ba#4096:fa#512:\
+ :pc#2880:oc#0:bc#4096:fc#512:
+
+#
+# Stressed floppy-formats. No guarantees given.
+#
+
+fd800:\
+ :ty=floppy:se#512:nt#2:rm#300:ns#10:nc#80:\
+ :pa#1600:oa#0:ba#4096:fa#512:\
+ :pc#1600:oc#0:bc#4096:fc#512:
+
+fd820:\
+ :ty=floppy:se#512:nt#2:rm#300:ns#10:nc#82:\
+ :pa#1640:oa#0:ba#4096:fa#512:\
+ :pc#1640:oc#0:bc#4096:fc#512:
+
+fd1480:\
+ :ty=floppy:se#512:nt#2:rm#300:ns#18:nc#82:\
+ :pa#2952:oa#0:ba#4096:fa#512:\
+ :pc#2952:oc#0:bc#4096:fc#512:
+
+fd1720:\
+ :ty=floppy:se#512:nt#2:rm#300:ns#21:nc#82:\
+ :pa#3444:oa#0:ba#4096:fa#512:\
+ :pc#3444:oc#0:bc#4096:fc#512:
+
+#
+# LS-120 floppy-format.
+#
+fd120m|floppy120|floppy120m|3.5in LS-120 Floppy:\
+ :ty=floppy:se#512:nt#8:rm#300:ns#32:nc#963:\
+ :pa#246528:oa#0:ba#4096:fa#512:\
+ :pc#246528:oc#0:bc#4096:fc#512:
+
+#
+# Harddisk formats
+#
+qp120at|Quantum Peripherals 120MB IDE:\
+ :dt=ESDI:ty=winchester:se#512:nt#9:ns#32:nc#813:sf: \
+ :pa#13824:oa#0:ta=4.2BSD:ba#4096:fa#512: \
+ :pb#13824:ob#13824:tb=swap: \
+ :pc#234144:oc#0: \
+ :ph#206496:oh#27648:th=4.2BSD:bh#4096:fh#512:
+
+pan60|Panasonic Laptop's 60MB IDE:\
+ :dt=ST506:ty=winchester:se#512:nt#13:ns#17:nc#565:\
+ :pa#13260:oa#0:ta=4.2BSD:ba#4096:fa#512:\
+ :pb#13260:ob#13260:tb=swap: \
+ :pc#124865:oc#0: \
+ :ph#97682:oh#26520:th=4.2BSD:bh#4096:fh#512:
+
+mk156|toshiba156|Toshiba MK156 156Mb:\
+ :dt=SCSI:ty=winchester:se#512:nt#10:ns#35:nc#825:\
+ :pa#15748:oa#0:ba#4096:fa#512:ta=4.2BSD:\
+ :pb#15748:ob#15748:tb=swap:\
+ :pc#288750:oc#0:\
+ :ph#257250:oh#31500:bh#4096:fh#512:th=4.2BSD:
+
+cp3100|Connor Peripherals 100MB IDE:\
+ :dt=ST506:ty=winchester:se#512:nt#8:ns#33:nc#766: \
+ :pa#12144:oa#0:ta=4.2BSD:ba#4096:fa#512: \
+ :pb#12144:ob#12144:tb=swap: \
+ :pc#202224:oc#0: \
+ :ph#177936:oh#24288:th=4.2BSD:bh#4096:fh#512:
+
+# a == root
+# b == swap
+# c == d == whole disk
+# e == /var
+# f == scratch
+# h == /usr
+
+cp3100new|Connor Peripherals 100MB IDE, with a different configuration:\
+ :dt=ST506:ty=winchester:se#512:nt#8:ns#33:nc#766: \
+ :pa#15840:oa#0:ta=4.2BSD:ba#4096:fa#512: \
+ :pb#24288:ob#15840:tb=swap: \
+ :pc#202224:oc#0: \
+ :pd#202224:od#0: \
+ :pe#15840:oe#40128:te=4.2BSD:be#4096:fe#512: \
+ :pg#15840:og#55968:tg=4.2BSD:bg#4096:fg#512: \
+ :ph#130416:oh#71808:th=4.2BSD:bh#4096:fh#512:
+
+maxtor4380|Maxtor XT4380E ESDI :\
+ :dt=ESDI:ty=winchester:se#512:nt#15:ns#36:nc#1222:sf: \
+ :pa#21600:oa#0:ta=4.2BSD:ba#4096:fa#512:\
+ :pb#21600:ob#21600:tb=swap: \
+ :pc#659880:oc#0: \
+ :pd#216000:od#53200:td=4.2BSD:bd#4096:fd#512: \
+ :ph#398520:oh#269200:th=4.2BSD:bh#4096:fh#512:
+
+miniscribe9380|compaq38|Miniscribe 9380 ESDI :\
+ :ty=winchester:dt=ESDI:se#512:nt#15:ns#35:nc#1223:rm#3600:sf: \
+ :pa#21000:oa#0:ba#8192:fa#1024:ta=4.2BSD: \
+ :pb#42000:ob#21000:tb=swap: \
+ :pc#642075:oc#0: \
+ :pd#21000:od#63000:bd#8192:fd#1024:td=4.2BSD: \
+ :ph#556500:oh#84000:bh#8192:fh#1024:th=4.2BSD:
+
+ida4|compaq88|Compaq IDA (4 drives) :\
+ :ty=winchester:dt=IDA:se#512:nt#16:ns#63:nc#1644:rm#3600:\
+ :pa#20160:oa#0:ba#8192:fa#1024:ta=4.2BSD: \
+ :pb#80640:ob#20160:tb=swap: \
+ :pc#1659168:oc#0: \
+ :pd#201600:od#100800:bd#8192:fd#1024:td=4.2BSD: \
+ :pe#20160:oe#1310400:be#8192:fe#1024:te=4.2BSD: \
+ :ph#1008000:oh#302400:bh#8192:fh#1024:th=4.2BSD: \
+ :pg#302400:og#1330560:bg#4096:fg#512:tg=4.2BSD:
+
+fuji513|Fujitsu M22XXXX: \
+ :ty=winchester:dt=ESDI:se#512:nt#16:ns#63:nc#954:rm#3600:\
+ :pa#20160:oa#82656:ba#4096:fa#512:ta=4.2BSD: \
+ :pb#40320:ob#102816:tb=swap: \
+ :pc#961632:oc#0: \
+ :ph#656208:oh#143136:bh#4096:fh#512:th=4.2BSD:
+
+sony650|Sony 650 MB MOD|\
+ :ty=removable:dt=SCSI:se#512:nt#1:ns#31:nc#18600:ts#1:rm#4800:\
+ :pc#576600:oc#0:\
+ :pa#576600:oa#0:ta=4.2BSD:ba#8192:fa#1024:
+
+mta3230|mo230|IBM MTA-3230 230 Meg 3.5inch Magneto-Optical:\
+ :ty=removeable:dt=SCSI:rm#3600:\
+ :se#512:nt#64:ns#32:nc#216:sc#2048:su#444384:\
+ :pa#444384:oa#0:ba#4096:fa#0:ta=4.2BSD:\
+ :pc#444384:oc#0:
+
+minimum:ty=mfs:se#512:nt#1:rm#300:\
+ :ns#2880:nc#1:\
+ :pa#2880:oa#0:ba#4096:fa#512:\
+ :pc#2880:oc#0:bc#4096:fc#512:
+
+minimum2:ty=mfs:se#512:nt#1:rm#300:\
+ :ns#5760:nc#1:\
+ :pa#5760:oa#0:ba#4096:fa#512:\
+ :pc#5760:oc#0:bc#4096:fc#512:
+
+minimum3:ty=mfs:se#512:nt#1:rm#300:\
+ :ns#8640:nc#1:\
+ :pa#8640:oa#0:ba#4096:fa#512:\
+ :pc#8640:oc#0:bc#4096:fc#512:
+
+zip100|zip 100:\
+ :ty=removable:se#512:nc#96:nt#64:ns#32:\
+ :pa#196608:oa#0:ba#4096:fa#512:\
+ :pc#196608:oc#0:bc#4096:fc#512:
+
+zip250|zip 250:\
+ :ty=removable:se#512:nc#239:nt#64:ns#32:\
+ :pa#489472:oa#0:ba#4096:fa#512:\
+ :pc#489472:oc#0:bc#4096:fc#512:
+
+orb2200|orb22|orb:\
+ :ty=removable:ns#63:nt#128:nc#4273:sc#1008:su#4307184:se#512:\
+ :pa#4307184:oa#0:ba#8192:fa#1024:\
+ :pc#4307184:oc#0:bc#8192:fc#1024:
+
diff --git a/etc/etc.amd64/ttys b/etc/etc.amd64/ttys
new file mode 100644
index 0000000..42fa7c0
--- /dev/null
+++ b/etc/etc.amd64/ttys
@@ -0,0 +1,49 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically xterm.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+#
+ttyv0 "/usr/libexec/getty Pc" xterm on secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" xterm on secure
+ttyv2 "/usr/libexec/getty Pc" xterm on secure
+ttyv3 "/usr/libexec/getty Pc" xterm on secure
+ttyv4 "/usr/libexec/getty Pc" xterm on secure
+ttyv5 "/usr/libexec/getty Pc" xterm on secure
+ttyv6 "/usr/libexec/getty Pc" xterm on secure
+ttyv7 "/usr/libexec/getty Pc" xterm on secure
+ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
+# Serial terminals
+# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
+ttyu0 "/usr/libexec/getty std.9600" dialup off secure
+ttyu1 "/usr/libexec/getty std.9600" dialup off secure
+ttyu2 "/usr/libexec/getty std.9600" dialup off secure
+ttyu3 "/usr/libexec/getty std.9600" dialup off secure
+# Dumb console
+dcons "/usr/libexec/getty std.9600" vt100 off secure
diff --git a/etc/etc.arm/ttys b/etc/etc.arm/ttys
new file mode 100644
index 0000000..b6fd9ed
--- /dev/null
+++ b/etc/etc.arm/ttys
@@ -0,0 +1,49 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically xterm.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+#
+ttyv0 "/usr/libexec/getty Pc" xterm off secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" xterm off secure
+ttyv2 "/usr/libexec/getty Pc" xterm off secure
+ttyv3 "/usr/libexec/getty Pc" xterm off secure
+ttyv4 "/usr/libexec/getty Pc" xterm off secure
+ttyv5 "/usr/libexec/getty Pc" xterm off secure
+ttyv6 "/usr/libexec/getty Pc" xterm off secure
+ttyv7 "/usr/libexec/getty Pc" xterm off secure
+#ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
+# Serial terminals
+# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
+ttyu0 "/usr/libexec/getty std.9600" vt100 on secure
+ttyu1 "/usr/libexec/getty std.9600" dialup off secure
+ttyu2 "/usr/libexec/getty std.9600" dialup off secure
+ttyu3 "/usr/libexec/getty std.9600" dialup off secure
+# Dumb console
+dcons "/usr/libexec/getty std.9600" vt100 off secure
diff --git a/etc/etc.i386/ttys b/etc/etc.i386/ttys
new file mode 100644
index 0000000..42fa7c0
--- /dev/null
+++ b/etc/etc.i386/ttys
@@ -0,0 +1,49 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically xterm.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+#
+ttyv0 "/usr/libexec/getty Pc" xterm on secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" xterm on secure
+ttyv2 "/usr/libexec/getty Pc" xterm on secure
+ttyv3 "/usr/libexec/getty Pc" xterm on secure
+ttyv4 "/usr/libexec/getty Pc" xterm on secure
+ttyv5 "/usr/libexec/getty Pc" xterm on secure
+ttyv6 "/usr/libexec/getty Pc" xterm on secure
+ttyv7 "/usr/libexec/getty Pc" xterm on secure
+ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
+# Serial terminals
+# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
+ttyu0 "/usr/libexec/getty std.9600" dialup off secure
+ttyu1 "/usr/libexec/getty std.9600" dialup off secure
+ttyu2 "/usr/libexec/getty std.9600" dialup off secure
+ttyu3 "/usr/libexec/getty std.9600" dialup off secure
+# Dumb console
+dcons "/usr/libexec/getty std.9600" vt100 off secure
diff --git a/etc/etc.ia64/ttys b/etc/etc.ia64/ttys
new file mode 100644
index 0000000..2da3461
--- /dev/null
+++ b/etc/etc.ia64/ttys
@@ -0,0 +1,49 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically xterm.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+#
+ttyv0 "/usr/libexec/getty Pc" xterm off secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" xterm off secure
+ttyv2 "/usr/libexec/getty Pc" xterm off secure
+ttyv3 "/usr/libexec/getty Pc" xterm off secure
+ttyv4 "/usr/libexec/getty Pc" xterm off secure
+ttyv5 "/usr/libexec/getty Pc" xterm off secure
+ttyv6 "/usr/libexec/getty Pc" xterm off secure
+ttyv7 "/usr/libexec/getty Pc" xterm off secure
+ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
+# Serial terminals. The 'dialup' keyword identifies dialin lines to login,
+# fingerd etc.
+ttyu0 "/usr/libexec/getty std.9600" vt100 on secure
+ttyu1 "/usr/libexec/getty std.9600" dialup off secure
+ttyu2 "/usr/libexec/getty std.9600" dialup off secure
+ttyu3 "/usr/libexec/getty std.9600" dialup off secure
+# Dumb console
+dcons "/usr/libexec/getty std.9600" vt100 off secure
diff --git a/etc/etc.mips/ttys b/etc/etc.mips/ttys
new file mode 100644
index 0000000..2fbeae5
--- /dev/null
+++ b/etc/etc.mips/ttys
@@ -0,0 +1,36 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically xterm.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+# Serial terminals
+# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
+ttyu0 "/usr/libexec/getty std.115200" dialup on secure
+ttyu1 "/usr/libexec/getty std.115200" dialup off secure
+ttyu2 "/usr/libexec/getty std.115200" dialup off secure
+ttyu3 "/usr/libexec/getty std.115200" dialup off secure
diff --git a/etc/etc.pc98/ttys b/etc/etc.pc98/ttys
new file mode 100644
index 0000000..ad20aca
--- /dev/null
+++ b/etc/etc.pc98/ttys
@@ -0,0 +1,49 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically cons25w.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+#
+ttyv0 "/usr/libexec/getty Pc" cons25w on secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" cons25w on secure
+ttyv2 "/usr/libexec/getty Pc" cons25w on secure
+ttyv3 "/usr/libexec/getty Pc" cons25w on secure
+ttyv4 "/usr/libexec/getty Pc" cons25w on secure
+ttyv5 "/usr/libexec/getty Pc" cons25w on secure
+ttyv6 "/usr/libexec/getty Pc" cons25w on secure
+ttyv7 "/usr/libexec/getty Pc" cons25w on secure
+ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
+# Serial terminals
+# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
+ttyu0 "/usr/libexec/getty std.9600" dialup off secure
+ttyu1 "/usr/libexec/getty std.9600" dialup off secure
+ttyu2 "/usr/libexec/getty std.9600" dialup off secure
+ttyu3 "/usr/libexec/getty std.9600" dialup off secure
+# Dumb console
+dcons "/usr/libexec/getty std.9600" vt100 off secure
diff --git a/etc/etc.powerpc/ttys b/etc/etc.powerpc/ttys
new file mode 100644
index 0000000..51a802c
--- /dev/null
+++ b/etc/etc.powerpc/ttys
@@ -0,0 +1,49 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically xterm.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+#
+ttyv0 "/usr/libexec/getty Pc" xterm on secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" xterm on secure
+ttyv2 "/usr/libexec/getty Pc" xterm on secure
+ttyv3 "/usr/libexec/getty Pc" xterm on secure
+ttyv4 "/usr/libexec/getty Pc" xterm on secure
+ttyv5 "/usr/libexec/getty Pc" xterm on secure
+ttyv6 "/usr/libexec/getty Pc" xterm on secure
+ttyv7 "/usr/libexec/getty Pc" xterm on secure
+#ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
+# Serial terminals
+# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
+ttyu0 "/usr/libexec/getty std.9600" vt100 on secure
+ttyu1 "/usr/libexec/getty std.9600" dialup off secure
+ttyu2 "/usr/libexec/getty std.9600" dialup off secure
+ttyu3 "/usr/libexec/getty std.9600" dialup off secure
+# Dumb console
+dcons "/usr/libexec/getty std.9600" vt100 off secure
diff --git a/etc/etc.sparc64/ttys b/etc/etc.sparc64/ttys
new file mode 100644
index 0000000..fccc6bd
--- /dev/null
+++ b/etc/etc.sparc64/ttys
@@ -0,0 +1,54 @@
+#
+# $FreeBSD$
+# @(#)ttys 5.1 (Berkeley) 4/17/89
+#
+# This file specifies various information about terminals on the system.
+# It is used by several different programs. Common entries for the
+# various columns include:
+#
+# name The name of the terminal device.
+#
+# getty The program to start running on the terminal. Typically a
+# getty program, as the name implies. Other common entries
+# include none, when no getty is needed, and xdm, to start the
+# X Window System.
+#
+# type The initial terminal type for this port. For hardwired
+# terminal lines, this will contain the type of terminal used.
+# For virtual consoles, the correct type is typically xterm.
+# Other common values include dialup for incoming modem ports, and
+# unknown when the terminal type cannot be predetermined.
+#
+# status Must be on or off. If on, init will run the getty program on
+# the specified port. If the word "secure" appears, this tty
+# allows root login.
+#
+# name getty type status comments
+#
+# If console is marked "insecure", then init will ask for the root password
+# when going to single-user mode.
+console none unknown off secure
+# ofw_console(4)
+screen "/usr/libexec/getty Pc" vt100 off secure
+ttya "/usr/libexec/getty 3wire.9600" vt100 off secure
+ttyb "/usr/libexec/getty 3wire.9600" vt100 off secure
+# syscons(4)
+ttyv0 "/usr/libexec/getty Pc" xterm on secure
+# Virtual terminals
+ttyv1 "/usr/libexec/getty Pc" xterm on secure
+ttyv2 "/usr/libexec/getty Pc" xterm on secure
+ttyv3 "/usr/libexec/getty Pc" xterm on secure
+ttyv4 "/usr/libexec/getty Pc" xterm on secure
+ttyv5 "/usr/libexec/getty Pc" xterm on secure
+ttyv6 "/usr/libexec/getty Pc" xterm on secure
+ttyv7 "/usr/libexec/getty Pc" xterm on secure
+ttyv8 "/usr/local/bin/xdm -nodaemon" xterm off secure
+# Serial terminals
+# The 'dialup' keyword identifies dialin lines to login, fingerd etc.
+# uart(4)
+ttyu0 "/usr/libexec/getty std.9600" vt100 on secure
+ttyu1 "/usr/libexec/getty std.9600" vt100 on secure
+ttyu2 "/usr/libexec/getty std.9600" vt100 on secure
+ttyu3 "/usr/libexec/getty std.9600" vt100 off secure
+# Dumb console
+dcons "/usr/libexec/getty std.9600" vt100 off secure
diff --git a/etc/fbtab b/etc/fbtab
new file mode 100644
index 0000000..83ac65d
--- /dev/null
+++ b/etc/fbtab
@@ -0,0 +1,4 @@
+# $FreeBSD$
+#
+#/dev/ttyv0 0600 /dev/console
+#/dev/ttyv0 0600 /dev/pcaudio:/dev/pcaudioctl
diff --git a/etc/freebsd-update.conf b/etc/freebsd-update.conf
new file mode 100644
index 0000000..4410903
--- /dev/null
+++ b/etc/freebsd-update.conf
@@ -0,0 +1,76 @@
+# $FreeBSD$
+
+# Trusted keyprint. Changing this is a Bad Idea unless you've received
+# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
+# change it and explaining why.
+KeyPrint 800651ef4b4c71c27e60786d7b487188970f4b4169cc055784e21eb71d410cc5
+
+# Server or server pool from which to fetch updates. You can change
+# this to point at a specific server if you want, but in most cases
+# using a "nearby" server won't provide a measurable improvement in
+# performance.
+ServerName update.FreeBSD.org
+
+# Components of the base system which should be kept updated.
+Components src world kernel
+
+# Example for updating the userland and the kernel source code only:
+# Components src/base src/sys world
+
+# Paths which start with anything matching an entry in an IgnorePaths
+# statement will be ignored.
+IgnorePaths
+
+# Paths which start with anything matching an entry in an IDSIgnorePaths
+# statement will be ignored by "freebsd-update IDS".
+IDSIgnorePaths /usr/share/man/cat
+IDSIgnorePaths /usr/share/man/whatis
+IDSIgnorePaths /var/db/locate.database
+IDSIgnorePaths /var/log
+
+# Paths which start with anything matching an entry in an UpdateIfUnmodified
+# statement will only be updated if the contents of the file have not been
+# modified by the user (unless changes are merged; see below).
+UpdateIfUnmodified /etc/ /var/ /root/ /.cshrc /.profile
+
+# When upgrading to a new FreeBSD release, files which match MergeChanges
+# will have any local changes merged into the version from the new release.
+MergeChanges /etc/ /var/named/etc/ /boot/device.hints
+
+### Default configuration options:
+
+# Directory in which to store downloaded updates and temporary
+# files used by FreeBSD Update.
+# WorkDir /var/db/freebsd-update
+
+# Destination to send output of "freebsd-update cron" if an error
+# occurs or updates have been downloaded.
+# MailTo root
+
+# Is FreeBSD Update allowed to create new files?
+# AllowAdd yes
+
+# Is FreeBSD Update allowed to delete files?
+# AllowDelete yes
+
+# If the user has modified file ownership, permissions, or flags, should
+# FreeBSD Update retain this modified metadata when installing a new version
+# of that file?
+# KeepModifiedMetadata yes
+
+# When upgrading between releases, should the list of Components be
+# read strictly (StrictComponents yes) or merely as a list of components
+# which *might* be installed of which FreeBSD Update should figure out
+# which actually are installed and upgrade those (StrictComponents no)?
+# StrictComponents no
+
+# When installing a new kernel perform a backup of the old one first
+# so it is possible to boot the old kernel in case of problems.
+# BackupKernel yes
+
+# If BackupKernel is enabled, the backup kernel is saved to this
+# directory.
+# BackupKernelDir /boot/kernel.old
+
+# When backing up a kernel also back up debug symbol files?
+# BackupKernelSymbolFiles no
diff --git a/etc/ftpusers b/etc/ftpusers
new file mode 100644
index 0000000..06b3f49
--- /dev/null
+++ b/etc/ftpusers
@@ -0,0 +1,26 @@
+# $FreeBSD$
+#
+# list of users disallowed any ftp access.
+# read by ftpd(8).
+root
+toor
+daemon
+operator
+bin
+tty
+kmem
+games
+news
+man
+sshd
+bind
+proxy
+_pflogd
+_dhcp
+uucp
+pop
+www
+hast
+nobody
+mailnull
+smmsp
diff --git a/etc/gettytab b/etc/gettytab
new file mode 100644
index 0000000..f450105
--- /dev/null
+++ b/etc/gettytab
@@ -0,0 +1,233 @@
+# $FreeBSD$
+# from: @(#)gettytab 5.14 (Berkeley) 3/27/91
+#
+# Most of the table entries here are just copies of the old getty table,
+# it is by no means certain, or even likely, that any of them are optimal
+# for any purpose whatever. Nor is it likely that more than a couple are
+# even correct.
+#
+# The default gettytab entry, used to set defaults for all other
+# entries, and in cases where getty is called with no table name.
+#
+# cb, ce and ck are desirable on most crt's. The non-crt entries need to
+# be changed to turn them off (:cb@:ce@:ck@:).
+#
+# lc should always be on; it's a remainder of some stone age when there
+# have been terminals around not being able of handling lower-case
+# characters. Those terminals aren't supported any longer, but getty is
+# `smart' about them by default.
+#
+# Parity defaults to even, but the Pc entry and all the `std' entries
+# specify no parity. The different parities are:
+# (none): same as ep for getty. login will use terminal as is.
+# ep: getty will use raw mode (cs8 -parenb) (unless rw is set) and
+# fake parity. login will use even parity (cs7 parenb -parodd).
+# op: same as ep except odd parity (cs7 parenb parodd) for login.
+# getty will fake odd parity as well.
+# ap: same as ep except -inpck instead of inpck for login.
+# ap overrides op and ep.
+# np: 1. don't fake parity in getty. The fake parity garbles
+# characters on non-terminals (like pccons) that don't
+# support parity. It would probably better for getty not to
+# try to fake parity. It could just use cbreak mode so as
+# not to force cs8 and let the hardware handle the parity.
+# login has to be rely on the hardware anyway.
+# 2. set cs8 -parenb -istrip -inpck.
+# ep:op: same as ap.
+#
+default:\
+ :cb:ce:ck:lc:fd#1000:im=\r\n%s/%m (%h) (%t)\r\n\r\n:sp#1200:\
+ :if=/etc/issue:
+
+#
+# Fixed speed entries
+#
+# The "std.NNN" names are known to the special case
+# portselector code in getty, however they can
+# be assigned to any table desired.
+# The "NNN-baud" names are known to the special case
+# autobaud code in getty, and likewise can
+# be assigned to any table desired (hopefully the same speed).
+#
+a|std.110|110-baud:\
+ :np:nd#1:cd#1:uc:sp#110:
+b|std.134|134.5-baud:\
+ :np:nd#1:cd#2:ff#1:td#1:sp#134:ht:nl:
+1|std.150|150-baud:\
+ :np:nd#1:cd#2:td#1:fd#1:sp#150:ht:nl:lm=\E\72\6\6\17login\72 :
+c|std.300|300-baud:\
+ :np:nd#1:cd#1:sp#300:
+d|std.600|600-baud:\
+ :np:nd#1:cd#1:sp#600:
+f|std.1200|1200-baud:\
+ :np:fd#1:sp#1200:
+6|std.2400|2400-baud:\
+ :np:sp#2400:
+7|std.4800|4800-baud:\
+ :np:sp#4800:
+2|std.9600|9600-baud:\
+ :np:sp#9600:
+g|std.19200|19200-baud:\
+ :np:sp#19200:
+std.38400|38400-baud:\
+ :np:sp#38400:
+std.57600|57600-baud:\
+ :np:sp#57600:
+std.115200|115200-baud:\
+ :np:sp#115200:
+std.230400|230400-baud:\
+ :np:sp#230400:
+
+#
+# Entry specifying explicit device settings. See termios(4) and
+# /usr/include/termios.h, too. The entry forces the tty into
+# CLOCAL mode (so no DCD is required), and uses Xon/Xoff flow control.
+#
+# cflags: CLOCAL | HUPCL | CREAD | CS8
+# oflags: OPOST | ONLCR | OXTABS
+# iflags: IXOFF | IXON | ICRNL | IGNPAR
+# lflags: IEXTEN | ICANON | ISIG | ECHOCTL | ECHO | ECHOK | ECHOE | ECHOKE
+#
+# The `0' flags don't have input enabled. The `1' flags don't echo.
+# (Echoing is done inside getty itself.)
+#
+local.9600|CLOCAL tty @ 9600 Bd:\
+ :c0#0x0000c300:c1#0x0000cb00:c2#0x0000cb00:\
+ :o0#0x00000007:o1#0x00000002:o2#0x00000007:\
+ :i0#0x00000704:i1#0x00000000:i2#0x00000704:\
+ :l0#0x000005cf:l1#0x00000000:l2#0x000005cf:\
+ :sp#9600:
+
+#
+# Dial in rotary tables, speed selection via 'break'
+#
+0|d300|Dial-300:\
+ :nx=d1200:cd#2:sp#300:
+d1200|Dial-1200:\
+ :nx=d150:fd#1:sp#1200:
+d150|Dial-150:\
+ :nx=d110:lm@:tc=150-baud:
+d110|Dial-110:\
+ :nx=d300:tc=300-baud:
+
+#
+# Fast dialup terminals, 2400/1200/300 rotary (can start either way)
+#
+D2400|d2400|Fast-Dial-2400:\
+ :nx=D1200:tc=2400-baud:
+3|D1200|Fast-Dial-1200:\
+ :nx=D300:tc=1200-baud:
+5|D300|Fast-Dial-300:\
+ :nx=D2400:tc=300-baud:
+
+#
+#telebit (19200)
+#
+t19200:\
+ :nx=t2400:tc=19200-baud:
+t2400:\
+ :nx=t1200:tc=2400-baud:
+t1200:\
+ :nx=t19200:tc=1200-baud:
+
+#
+#telebit (9600)
+#
+t9600:\
+ :nx=t2400a:tc=9600-baud:
+t2400a:\
+ :nx=t1200a:tc=2400-baud:
+t1200a:\
+ :nx=t9600:tc=1200-baud:
+
+#
+# Odd special case terminals
+#
+-|tty33|asr33|Pity the poor user of this beast:\
+ :tc=110-baud:
+
+4|Console|Console Decwriter II:\
+ :nd@:cd@:rw:tc=300-baud:
+
+e|Console-1200|Console Decwriter III:\
+ :fd@:nd@:cd@:rw:tc=1200-baud:
+
+i|Interdata console:\
+ :uc:sp#0:
+
+l|lsi chess terminal:\
+ :sp#300:
+
+X|Xwindow|X window system:\
+ :fd@:nd@:cd@:rw:sp#9600:
+
+P|Pc|Pc console:\
+ :ht:np:sp#9600:
+
+#
+# Weirdo special case for fast crt's with hardcopy devices
+#
+8|T9600|CRT with hardcopy:\
+ :nx=T300:tc=9600-baud:
+9|T300|CRT with hardcopy (300):\
+ :nx=T9600:tc=300-baud:
+
+#
+# Plugboard, and misc other terminals
+#
+plug-9600|Plugboard-9600:\
+ :pf#1:tc=9600-baud:
+p|P9600|Plugboard-9600-rotary:\
+ :pf#1:nx=P300:tc=9600-baud:
+q|P300|Plugboard-300:\
+ :pf#1:nx=P1200:tc=300-baud:
+r|P1200|Plugboard-1200:\
+ :pf#1:nx=P9600:tc=1200-baud:
+
+#
+# XXXX Port selector
+#
+s|DSW|Port Selector:\
+ :ps:sp#2400:
+
+#
+# Auto-baud speed detect entry for Micom 600.
+# Special code in getty will switch this out
+# to one of the NNN-baud entries.
+#
+A|Auto-baud:\
+ :ab:sp#2400:f0#040:
+
+#
+# autologin - automatically log in as root
+#
+
+autologin|al.9600:\
+ :al=root:tc=std.9600:
+al.19200:\
+ :al=root:tc=std.19200:
+al.38400:\
+ :al=root:tc=std.38400:
+al.57600:\
+ :al=root:tc=std.57600:
+al.115200:\
+ :al=root:tc=std.115200:
+al.230400:\
+ :al=root:tc=std.230400:
+
+#
+# Entries for 3-wire serial terminals. These don't supply carrier, so
+# clocal needs to be set, and crtscts needs to be unset.
+#
+3wire.9600|9600-3wire:\
+ :np:nc:sp#9600:
+3wire.19200|19200-3wire:\
+ :np:nc:sp#19200:
+3wire.38400|38400-3wire:\
+ :np:nc:sp#38400:
+3wire.57600|57600-3wire:\
+ :np:nc:sp#57600:
+3wire.115200|115200-3wire:\
+ :np:nc:sp#115200:
+3wire.230400|230400-3wire:\
+ :np:nc:sp#230400:
diff --git a/etc/group b/etc/group
new file mode 100644
index 0000000..54d5c59
--- /dev/null
+++ b/etc/group
@@ -0,0 +1,32 @@
+# $FreeBSD$
+#
+wheel:*:0:root
+daemon:*:1:
+kmem:*:2:
+sys:*:3:
+tty:*:4:
+operator:*:5:root
+mail:*:6:
+bin:*:7:
+news:*:8:
+man:*:9:
+games:*:13:
+ftp:*:14:
+staff:*:20:
+sshd:*:22:
+smmsp:*:25:
+mailnull:*:26:
+guest:*:31:
+bind:*:53:
+proxy:*:62:
+authpf:*:63:
+_pflogd:*:64:
+_dhcp:*:65:
+uucp:*:66:
+dialer:*:68:
+network:*:69:
+audit:*:77:
+www:*:80:
+hast:*:845:
+nogroup:*:65533:
+nobody:*:65534:
diff --git a/etc/gss/Makefile b/etc/gss/Makefile
new file mode 100644
index 0000000..479fd2f
--- /dev/null
+++ b/etc/gss/Makefile
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+FILES= mech qop
+NO_OBJ=
+FILESDIR= /etc/gss
+
+.include <bsd.prog.mk>
diff --git a/etc/gss/mech b/etc/gss/mech
new file mode 100644
index 0000000..7cc82c7
--- /dev/null
+++ b/etc/gss/mech
@@ -0,0 +1,6 @@
+# $FreeBSD$
+#
+# Name OID Library name Kernel module
+kerberosv5 1.2.840.113554.1.2.2 /usr/lib/libgssapi_krb5.so.10 kgssapi_krb5
+spnego 1.3.6.1.5.5.2 /usr/lib/libgssapi_spnego.so.10 -
+#ntlm 1.3.6.1.4.1.311.2.2.10 /usr/lib/libgssapi_ntlm.so.10 -
diff --git a/etc/gss/qop b/etc/gss/qop
new file mode 100644
index 0000000..f975dbf
--- /dev/null
+++ b/etc/gss/qop
@@ -0,0 +1,3 @@
+# $FreeBSD$
+GSS_KRB5_CONF_C_QOP_DES 0x0100 kerberosv5
+GSS_KRB5_CONF_C_QOP_DES3_KD 0x0200 kerberosv5
diff --git a/etc/hosts b/etc/hosts
new file mode 100644
index 0000000..2690a9a
--- /dev/null
+++ b/etc/hosts
@@ -0,0 +1,31 @@
+# $FreeBSD$
+#
+# Host Database
+#
+# This file should contain the addresses and aliases for local hosts that
+# share this file. Replace 'my.domain' below with the domainname of your
+# machine.
+#
+# In the presence of the domain name service or NIS, this file may
+# not be consulted at all; see /etc/nsswitch.conf for the resolution order.
+#
+#
+::1 localhost localhost.my.domain
+127.0.0.1 localhost localhost.my.domain
+#
+# Imaginary network.
+#10.0.0.2 myname.my.domain myname
+#10.0.0.3 myfriend.my.domain myfriend
+#
+# According to RFC 1918, you can use the following IP networks for
+# private nets which will never be connected to the Internet:
+#
+# 10.0.0.0 - 10.255.255.255
+# 172.16.0.0 - 172.31.255.255
+# 192.168.0.0 - 192.168.255.255
+#
+# In case you want to be able to connect to the Internet, you need
+# real official assigned numbers. Do not try to invent your own network
+# numbers but instead get one from your network provider (if any) or
+# from your regional registry (ARIN, APNIC, LACNIC, RIPE NCC, or AfriNIC.)
+#
diff --git a/etc/hosts.allow b/etc/hosts.allow
new file mode 100644
index 0000000..96e0b67
--- /dev/null
+++ b/etc/hosts.allow
@@ -0,0 +1,91 @@
+#
+# hosts.allow access control file for "tcp wrapped" applications.
+# $FreeBSD$
+#
+# NOTE: The hosts.deny file is deprecated.
+# Place both 'allow' and 'deny' rules in the hosts.allow file.
+# See hosts_options(5) for the format of this file.
+# hosts_access(5) no longer fully applies.
+
+# _____ _ _
+# | ____| __ __ __ _ _ __ ___ _ __ | | ___ | |
+# | _| \ \/ / / _` | | '_ ` _ \ | '_ \ | | / _ \ | |
+# | |___ > < | (_| | | | | | | | | |_) | | | | __/ |_|
+# |_____| /_/\_\ \__,_| |_| |_| |_| | .__/ |_| \___| (_)
+# |_|
+# !!! This is an example! You will need to modify it for your specific
+# !!! requirements!
+
+
+# Start by allowing everything (this prevents the rest of the file
+# from working, so remove it when you need protection).
+# The rules here work on a "First match wins" basis.
+ALL : ALL : allow
+
+# Wrapping sshd(8) is not normally a good idea, but if you
+# need to do it, here's how
+#sshd : .evil.cracker.example.com : deny
+
+# Protect against simple DNS spoofing attacks by checking that the
+# forward and reverse records for the remote host match. If a mismatch
+# occurs, access is denied, and any positive ident response within
+# 20 seconds is logged. No protection is afforded against DNS poisoning,
+# IP spoofing or more complicated attacks. Hosts with no reverse DNS
+# pass this rule.
+ALL : PARANOID : RFC931 20 : deny
+
+# Allow anything from localhost. Note that an IP address (not a host
+# name) *MUST* be specified for rpcbind(8).
+ALL : localhost 127.0.0.1 : allow
+# Comment out next line if you build libwrap without IPv6 support.
+ALL : [::1] : allow
+#ALL : my.machine.example.com 192.0.2.35 : allow
+
+# To use IPv6 addresses you must enclose them in []'s
+#ALL : [fe80::%fxp0]/10 : allow
+#ALL : [fe80::]/10 : deny
+#ALL : [2001:db8:2:1:2:3:4:3fe1] : deny
+#ALL : [2001:db8:2:1::]/64 : allow
+
+# Sendmail can help protect you against spammers and relay-rapers
+sendmail : localhost : allow
+#sendmail : .nice.guy.example.com : allow
+#sendmail : .evil.cracker.example.com : deny
+sendmail : ALL : allow
+
+# Exim is an alternative to sendmail, available in the ports tree
+exim : localhost : allow
+#exim : .nice.guy.example.com : allow
+#exim : .evil.cracker.example.com : deny
+exim : ALL : allow
+
+# Rpcbind is used for all RPC services; protect your NFS!
+# (IP addresses rather than hostnames *MUST* be used here)
+#rpcbind : 192.0.2.32/255.255.255.224 : allow
+#rpcbind : 192.0.2.96/255.255.255.224 : allow
+rpcbind : ALL : deny
+
+# NIS master server. Only local nets should have access
+# (Since this is an RPC service, rpcbind needs to be considered)
+ypserv : localhost : allow
+#ypserv : .unsafe.my.net.example.com : deny
+#ypserv : .my.net.example.com : allow
+ypserv : ALL : deny
+
+# Provide a small amount of protection for ftpd
+ftpd : localhost : allow
+#ftpd : .nice.guy.example.com : allow
+#ftpd : .evil.cracker.example.com : deny
+ftpd : ALL : allow
+
+# You need to be clever with finger; do _not_ backfinger!! You can easily
+# start a "finger war".
+fingerd : ALL \
+ : spawn (echo Finger. | \
+ /usr/bin/mail -s "tcpd\: %u@%h[%a] fingered me!" root) & \
+ : deny
+
+# The rest of the daemons are protected.
+ALL : ALL \
+ : severity auth.info \
+ : twist /bin/echo "You are not welcome to use %d from %h."
diff --git a/etc/hosts.equiv b/etc/hosts.equiv
new file mode 100644
index 0000000..d8a71c1
--- /dev/null
+++ b/etc/hosts.equiv
@@ -0,0 +1,4 @@
+# $FreeBSD$
+#
+#localhost
+#my_very_good_friend.domain
diff --git a/etc/hosts.lpd b/etc/hosts.lpd
new file mode 100644
index 0000000..b53202a
--- /dev/null
+++ b/etc/hosts.lpd
@@ -0,0 +1,4 @@
+# $FreeBSD$
+#
+# See lpd(8)
+#machine.domain
diff --git a/etc/inetd.conf b/etc/inetd.conf
new file mode 100644
index 0000000..8b8e604
--- /dev/null
+++ b/etc/inetd.conf
@@ -0,0 +1,118 @@
+# $FreeBSD$
+#
+# Internet server configuration database
+#
+# Define *both* IPv4 and IPv6 entries for dual-stack support.
+# To disable a service, comment it out by prefixing the line with '#'.
+# To enable a service, remove the '#' at the beginning of the line.
+#
+#ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l
+#ftp stream tcp6 nowait root /usr/libexec/ftpd ftpd -l
+#ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
+#ssh stream tcp6 nowait root /usr/sbin/sshd sshd -i -6
+#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
+#telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd
+#shell stream tcp nowait root /usr/libexec/rshd rshd
+#shell stream tcp6 nowait root /usr/libexec/rshd rshd
+#login stream tcp nowait root /usr/libexec/rlogind rlogind
+#login stream tcp6 nowait root /usr/libexec/rlogind rlogind
+#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
+#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -k -s
+#
+# run comsat as root to be able to print partial mailbox contents w/ biff,
+# or use the safer tty:tty to just print that new mail has been received.
+#comsat dgram udp wait tty:tty /usr/libexec/comsat comsat
+#
+# ntalk is required for the 'talk' utility to work correctly
+#ntalk dgram udp wait tty:tty /usr/libexec/ntalkd ntalkd
+#tftp dgram udp wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
+#tftp dgram udp6 wait root /usr/libexec/tftpd tftpd -l -s /tftpboot
+#bootps dgram udp wait root /usr/libexec/bootpd bootpd
+#
+# "Small servers" -- used to be standard on, but we're more conservative
+# about things due to Internet security concerns. Only turn on what you
+# need.
+#
+#daytime stream tcp nowait root internal
+#daytime stream tcp6 nowait root internal
+#daytime dgram udp wait root internal
+#daytime dgram udp6 wait root internal
+#time stream tcp nowait root internal
+#time stream tcp6 nowait root internal
+#time dgram udp wait root internal
+#time dgram udp6 wait root internal
+#echo stream tcp nowait root internal
+#echo stream tcp6 nowait root internal
+#echo dgram udp wait root internal
+#echo dgram udp6 wait root internal
+#discard stream tcp nowait root internal
+#discard stream tcp6 nowait root internal
+#discard dgram udp wait root internal
+#discard dgram udp6 wait root internal
+#chargen stream tcp nowait root internal
+#chargen stream tcp6 nowait root internal
+#chargen dgram udp wait root internal
+#chargen dgram udp6 wait root internal
+#
+# CVS servers - for master CVS repositories only! You must set the
+# --allow-root path correctly or you open a trivial to exploit but
+# deadly security hole.
+#
+#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here pserver
+#cvspserver stream tcp nowait root /usr/bin/cvs cvs --allow-root=/your/cvsroot/here kserver
+#
+# RPC based services (you MUST have rpcbind running to use these)
+#
+#rstatd/1-3 dgram rpc/udp wait root /usr/libexec/rpc.rstatd rpc.rstatd
+#rusersd/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rusersd rpc.rusersd
+#walld/1 dgram rpc/udp wait root /usr/libexec/rpc.rwalld rpc.rwalld
+#pcnfsd/1-2 dgram rpc/udp wait root /usr/local/libexec/rpc.pcnfsd rpc.pcnfsd
+#rquotad/1 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
+#sprayd/1 dgram rpc/udp wait root /usr/libexec/rpc.sprayd rpc.sprayd
+#
+# example entry for the optional pop3 server
+#
+#pop3 stream tcp nowait root /usr/local/libexec/popper popper
+#
+# example entry for the optional imap4 server
+#
+#imap4 stream tcp nowait root /usr/local/libexec/imapd imapd
+#
+# example entry for the optional nntp server
+#
+#nntp stream tcp nowait news /usr/local/libexec/nntpd nntpd
+#
+# example entry for the optional uucpd server
+#
+#uucpd stream tcp nowait root /usr/local/libexec/uucpd uucpd
+#
+# Return error for all "ident" requests
+#
+#auth stream tcp nowait root internal
+#auth stream tcp6 nowait root internal
+#
+# Provide internally a real "ident" service which provides ~/.fakeid support,
+# provides ~/.noident support, reports UNKNOWN as the operating system type
+# and times out after 30 seconds.
+#
+#auth stream tcp nowait root internal auth -r -f -n -o UNKNOWN -t 30
+#auth stream tcp6 nowait root internal auth -r -f -n -o UNKNOWN -t 30
+#
+# Example entry for an external ident server
+#
+#auth stream tcp wait root /usr/local/sbin/identd identd -w -t120
+#
+# Example entry for the optional qmail MTA
+# NOTE: This is no longer the correct way to handle incoming SMTP
+# connections for qmail. Use tcpserver (http://cr.yp.to/ucspi-tcp.html)
+# instead.
+#
+#smtp stream tcp nowait qmaild /var/qmail/bin/tcp-env tcp-env /var/qmail/bin/qmail-smtpd
+#
+# Enable the following two entries to enable samba startup from inetd
+# (from the Samba documentation). Enable the third entry to enable the swat
+# samba configuration tool.
+#
+#netbios-ssn stream tcp nowait root /usr/local/sbin/smbd smbd
+#netbios-ns dgram udp wait root /usr/local/sbin/nmbd nmbd
+#swat stream tcp nowait/400 root /usr/local/sbin/swat swat
diff --git a/etc/libalias.conf b/etc/libalias.conf
new file mode 100644
index 0000000..a938e67
--- /dev/null
+++ b/etc/libalias.conf
@@ -0,0 +1,8 @@
+# $FreeBSD$
+/lib/libalias_cuseeme.so
+/lib/libalias_ftp.so
+/lib/libalias_irc.so
+/lib/libalias_nbt.so
+/lib/libalias_pptp.so
+/lib/libalias_skinny.so
+/lib/libalias_smedia.so
diff --git a/etc/login.access b/etc/login.access
new file mode 100644
index 0000000..ffe5fff
--- /dev/null
+++ b/etc/login.access
@@ -0,0 +1,46 @@
+# $FreeBSD$
+#
+# Login access control table.
+#
+# When someone logs in, the table is scanned for the first entry that
+# matches the (user, host) combination, or, in case of non-networked
+# logins, the first entry that matches the (user, tty) combination. The
+# permissions field of that table entry determines whether the login will
+# be accepted or refused.
+#
+# Format of the login access control table is three fields separated by a
+# ":" character:
+#
+# permission : users : origins
+#
+# The first field should be a "+" (access granted) or "-" (access denied)
+# character. The second field should be a list of one or more login names,
+# group names, or ALL (always matches). The third field should be a list
+# of one or more tty names (for non-networked logins), host names, domain
+# names (begin with "."), host addresses, internet network numbers (end
+# with "."), ALL (always matches) or LOCAL (matches any string that does
+# not contain a "." character). If you run NIS you can use @netgroupname
+# in host or user patterns.
+#
+# The EXCEPT operator makes it possible to write very compact rules.
+#
+# The group file is searched only when a name does not match that of the
+# logged-in user. Only groups are matched in which users are explicitly
+# listed: the program does not look at a user's primary group id value.
+#
+##############################################################################
+#
+# Disallow console logins to all but a few accounts.
+#
+#-:ALL EXCEPT wheel shutdown sync:console
+#
+# Disallow non-local logins to privileged accounts (group wheel).
+#
+#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
+#
+# Some accounts are not allowed to login from anywhere:
+#
+#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
+#
+# All other accounts are allowed to login from anywhere.
+#
diff --git a/etc/login.conf b/etc/login.conf
new file mode 100644
index 0000000..a454758
--- /dev/null
+++ b/etc/login.conf
@@ -0,0 +1,318 @@
+# login.conf - login class capabilities database.
+#
+# Remember to rebuild the database after each change to this file:
+#
+# cap_mkdb /etc/login.conf
+#
+# This file controls resource limits, accounting limits and
+# default user environment settings.
+#
+# $FreeBSD$
+#
+
+# Default settings effectively disable resource limits, see the
+# examples below for a starting point to enable them.
+
+# defaults
+# These settings are used by login(1) by default for classless users
+# Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
+#
+# Note that since a colon ':' is used to separate capability entries,
+# a \c escape sequence must be used to embed a literal colon in the
+# value or name of a capability (see the ``CGETNUM AND CGETSTR SYNTAX
+# AND SEMANTICS'' section of getcap(3) for more escape sequences).
+
+default:\
+ :passwd_format=md5:\
+ :copyright=/etc/COPYRIGHT:\
+ :welcome=/etc/motd:\
+ :setenv=MAIL=/var/mail/$,BLOCKSIZE=K,FTP_PASSIVE_MODE=YES:\
+ :path=/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin ~/bin:\
+ :nologin=/var/run/nologin:\
+ :cputime=unlimited:\
+ :datasize=unlimited:\
+ :stacksize=unlimited:\
+ :memorylocked=unlimited:\
+ :memoryuse=unlimited:\
+ :filesize=unlimited:\
+ :coredumpsize=unlimited:\
+ :openfiles=unlimited:\
+ :maxproc=unlimited:\
+ :sbsize=unlimited:\
+ :vmemoryuse=unlimited:\
+ :swapuse=unlimited:\
+ :pseudoterminals=unlimited:\
+ :priority=0:\
+ :ignoretime@:\
+ :umask=022:
+
+
+#
+# A collection of common class names - forward them all to 'default'
+# (login would normally do this anyway, but having a class name
+# here suppresses the diagnostic)
+#
+standard:\
+ :tc=default:
+xuser:\
+ :tc=default:
+staff:\
+ :tc=default:
+daemon:\
+ :tc=default:
+news:\
+ :tc=default:
+dialer:\
+ :tc=default:
+
+#
+# Root can always login
+#
+# N.B. login_getpwclass(3) will use this entry for the root account,
+# in preference to 'default'.
+root:\
+ :ignorenologin:\
+ :tc=default:
+
+#
+# Russian Users Accounts. Setup proper environment variables.
+#
+russian|Russian Users Accounts:\
+ :charset=KOI8-R:\
+ :lang=ru_RU.KOI8-R:\
+ :tc=default:
+
+
+######################################################################
+######################################################################
+##
+## Example entries
+##
+######################################################################
+######################################################################
+
+## Example defaults
+## These settings are used by login(1) by default for classless users
+## Note that entries like "cputime" set both "cputime-cur" and "cputime-max"
+#
+#default:\
+# :cputime=infinity:\
+# :datasize-cur=22M:\
+# :stacksize-cur=8M:\
+# :memorylocked-cur=10M:\
+# :memoryuse-cur=30M:\
+# :filesize=infinity:\
+# :coredumpsize=infinity:\
+# :maxproc-cur=64:\
+# :openfiles-cur=64:\
+# :priority=0:\
+# :requirehome@:\
+# :umask=022:\
+# :tc=auth-defaults:
+#
+#
+##
+## standard - standard user defaults
+##
+#standard:\
+# :copyright=/etc/COPYRIGHT:\
+# :welcome=/etc/motd:\
+# :setenv=MAIL=/var/mail/$,BLOCKSIZE=K:\
+# :path=~/bin /bin /usr/bin /usr/local/bin:\
+# :manpath=/usr/share/man /usr/local/man:\
+# :nologin=/var/run/nologin:\
+# :cputime=1h30m:\
+# :datasize=8M:\
+# :vmemoryuse=100M:\
+# :stacksize=2M:\
+# :memorylocked=4M:\
+# :memoryuse=8M:\
+# :filesize=8M:\
+# :coredumpsize=8M:\
+# :openfiles=24:\
+# :maxproc=32:\
+# :priority=0:\
+# :requirehome:\
+# :passwordtime=90d:\
+# :umask=002:\
+# :ignoretime@:\
+# :tc=default:
+#
+#
+##
+## users of X (needs more resources!)
+##
+#xuser:\
+# :manpath=/usr/share/man /usr/local/man:\
+# :cputime=4h:\
+# :datasize=12M:\
+# :vmemoryuse=infinity:\
+# :stacksize=4M:\
+# :filesize=8M:\
+# :memoryuse=16M:\
+# :openfiles=32:\
+# :maxproc=48:\
+# :tc=standard:
+#
+#
+##
+## Staff users - few restrictions and allow login anytime
+##
+#staff:\
+# :ignorenologin:\
+# :ignoretime:\
+# :requirehome@:\
+# :accounted@:\
+# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+# :umask=022:\
+# :tc=standard:
+#
+#
+##
+## root - fallback for root logins
+##
+#root:\
+# :path=~/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+# :cputime=infinity:\
+# :datasize=infinity:\
+# :stacksize=infinity:\
+# :memorylocked=infinity:\
+# :memoryuse=infinity:\
+# :filesize=infinity:\
+# :coredumpsize=infinity:\
+# :openfiles=infinity:\
+# :maxproc=infinity:\
+# :memoryuse-cur=32M:\
+# :maxproc-cur=64:\
+# :openfiles-cur=1024:\
+# :priority=0:\
+# :requirehome@:\
+# :umask=022:\
+# :tc=auth-root-defaults:
+#
+#
+##
+## Settings used by /etc/rc
+##
+#daemon:\
+# :coredumpsize@:\
+# :coredumpsize-cur=0:\
+# :datasize=infinity:\
+# :datasize-cur@:\
+# :maxproc=512:\
+# :maxproc-cur@:\
+# :memoryuse-cur=64M:\
+# :memorylocked-cur=64M:\
+# :openfiles=1024:\
+# :openfiles-cur@:\
+# :stacksize=16M:\
+# :stacksize-cur@:\
+# :tc=default:
+#
+#
+##
+## Settings used by news subsystem
+##
+#news:\
+# :path=/usr/local/news/bin /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin:\
+# :cputime=infinity:\
+# :filesize=128M:\
+# :datasize-cur=64M:\
+# :stacksize-cur=32M:\
+# :coredumpsize-cur=0:\
+# :maxmemorysize-cur=128M:\
+# :memorylocked=32M:\
+# :maxproc=128:\
+# :openfiles=256:\
+# :tc=default:
+#
+#
+##
+## The dialer class should be used for a dialup PPP account
+## Welcome messages/news suppressed
+##
+#dialer:\
+# :hushlogin:\
+# :requirehome@:\
+# :cputime=unlimited:\
+# :filesize=2M:\
+# :datasize=2M:\
+# :stacksize=4M:\
+# :coredumpsize=0:\
+# :memoryuse=4M:\
+# :memorylocked=1M:\
+# :maxproc=16:\
+# :openfiles=32:\
+# :tc=standard:
+#
+#
+##
+## Site full-time 24/7 PPP connection
+## - no time accounting, restricted to access via dialin lines
+##
+#site:\
+# :ignoretime:\
+# :passwordtime@:\
+# :refreshtime@:\
+# :refreshperiod@:\
+# :sessionlimit@:\
+# :autodelete@:\
+# :expireperiod@:\
+# :graceexpire@:\
+# :gracetime@:\
+# :warnexpire@:\
+# :warnpassword@:\
+# :idletime@:\
+# :sessiontime@:\
+# :daytime@:\
+# :weektime@:\
+# :monthtime@:\
+# :warntime@:\
+# :accounted@:\
+# :tc=dialer:\
+# :tc=staff:
+#
+#
+##
+## Example standard accounting entries for subscriber levels
+##
+#
+#subscriber|Subscribers:\
+# :accounted:\
+# :refreshtime=180d:\
+# :refreshperiod@:\
+# :sessionlimit@:\
+# :autodelete=30d:\
+# :expireperiod=180d:\
+# :graceexpire=7d:\
+# :gracetime=10m:\
+# :warnexpire=7d:\
+# :warnpassword=7d:\
+# :idletime=30m:\
+# :sessiontime=4h:\
+# :daytime=6h:\
+# :weektime=40h:\
+# :monthtime=120h:\
+# :warntime=4h:\
+# :tc=standard:
+#
+#
+##
+## Subscriber accounts. These accounts have their login times
+## accounted and have access limits applied.
+##
+#subppp|PPP Subscriber Accounts:\
+# :tc=dialer:\
+# :tc=subscriber:
+#
+#
+#subshell|Shell Subscriber Accounts:\
+# :tc=subscriber:
+#
+##
+## If you want some of the accounts to use traditional UNIX DES based
+## password hashes.
+##
+#des_users:\
+# :passwd_format=des:\
+# :tc=default:
diff --git a/etc/mac.conf b/etc/mac.conf
new file mode 100644
index 0000000..2e1b9a2
--- /dev/null
+++ b/etc/mac.conf
@@ -0,0 +1,18 @@
+#
+# $FreeBSD$
+#
+# TrustedBSD MAC userland policy configuration file. Kernel modules
+# export label information, and mac.conf indicates to userland
+# applications what defaults they should use in the absense of any
+# other user-provided information.
+#
+
+#
+# Default label set to be used by simple MAC applications
+#
+
+default_labels file ?biba,?lomac,?mls,?sebsd
+default_labels ifnet ?biba,?lomac,?mls,?sebsd
+default_labels process ?biba,?lomac,?mls,?partition,?sebsd
+default_labels socket ?biba,?lomac,?mls
+
diff --git a/etc/mail/Makefile b/etc/mail/Makefile
new file mode 100644
index 0000000..3f085cc
--- /dev/null
+++ b/etc/mail/Makefile
@@ -0,0 +1,248 @@
+#
+# $FreeBSD$
+#
+# This Makefile provides an easy way to generate the configuration
+# file and database maps for the sendmail(8) daemon.
+#
+# The user-driven targets are:
+#
+# all - Build cf, maps and aliases
+# cf - Build the .cf file from .mc file
+# maps - Build the feature maps
+# aliases - Build the sendmail aliases
+# install - Install the .cf file as /etc/mail/sendmail.cf
+#
+# For acting on both the MTA daemon and MSP queue running daemon:
+# start - Start both the sendmail MTA daemon and MSP queue running
+# daemon with the flags defined in /etc/defaults/rc.conf or
+# /etc/rc.conf
+# stop - Stop both the sendmail MTA daemon and MSP queue running
+# daemon
+# restart - Restart both the sendmail MTA daemon and MSP queue running
+# daemon
+#
+# For acting on just the MTA daemon:
+# start-mta - Start the sendmail MTA daemon with the flags defined in
+# /etc/defaults/rc.conf or /etc/rc.conf
+# stop-mta - Stop the sendmail MTA daemon
+# restart-mta - Restart the sendmail MTA daemon
+#
+# For acting on just the MSP queue running daemon:
+# start-mspq - Start the sendmail MSP queue running daemon with the
+# flags defined in /etc/defaults/rc.conf or /etc/rc.conf
+# stop-mspq - Stop the sendmail MSP queue running daemon
+# restart-mspq - Restart the sendmail MSP queue running daemon
+#
+# Calling `make' will generate the updated versions when either the
+# aliases or one of the map files were changed.
+#
+# A `make install` is only necessary after modifying the .mc file. In
+# this case one would normally also call `make restart' to allow the
+# running sendmail to pick up the changes as well.
+#
+# ------------------------------------------------------------------------
+# This Makefile uses `<HOSTNAME>.mc' as the default MTA .mc file. This
+# can be changed by defining SENDMAIL_MC in /etc/make.conf, e.g.:
+#
+# SENDMAIL_MC=/etc/mail/myconfig.mc
+#
+# If '<HOSTNAME>.mc' does not exist, it is created using 'freebsd.mc'
+# as a template.
+#
+# It also uses '<HOSTNAME>.submit.mc' as the default mail submission .mc
+# file. This can be changed by defining SENDMAIL_SUBMIT_MC in
+# /etc/make.conf, e.g.:
+#
+# SENDMAIL_SUBMIT_MC=/etc/mail/mysubmit.mc
+#
+# If '<HOSTNAME>.submit.mc' does not exist, it is created using
+# 'freebsd.submit.mc' as a template.
+# ------------------------------------------------------------------------
+#
+# The Makefile knows about the following maps:
+# access, bitdomain, domaintable, genericstable, mailertable, userdb,
+# uucpdomain, virtusertable
+#
+
+.ifndef SENDMAIL_MC
+SENDMAIL_MC!= hostname
+SENDMAIL_MC:= ${SENDMAIL_MC}.mc
+
+${SENDMAIL_MC}:
+ cp freebsd.mc ${SENDMAIL_MC}
+.endif
+
+.ifndef SENDMAIL_SUBMIT_MC
+SENDMAIL_SUBMIT_MC!= hostname
+SENDMAIL_SUBMIT_MC:= ${SENDMAIL_SUBMIT_MC}.submit.mc
+
+${SENDMAIL_SUBMIT_MC}:
+ cp freebsd.submit.mc ${SENDMAIL_SUBMIT_MC}
+.endif
+
+INSTALL_CF= ${SENDMAIL_MC:R}.cf
+
+.ifndef SENDMAIL_SET_USER_ID
+INSTALL_SUBMIT_CF= ${SENDMAIL_SUBMIT_MC:R}.cf
+.endif
+
+SENDMAIL_ALIASES?= /etc/mail/aliases
+
+#
+# This is the directory where the sendmail configuration files are
+# located.
+#
+.if exists(/usr/share/sendmail/cf)
+SENDMAIL_CF_DIR?= /usr/share/sendmail/cf
+.elif exists(/usr/src/contrib/sendmail/cf)
+SENDMAIL_CF_DIR?= /usr/src/contrib/sendmail/cf
+.endif
+
+#
+# The sendmail startup script
+#
+SENDMAIL_START_SCRIPT?= /etc/rc.sendmail
+
+#
+# Some useful programs we need.
+#
+SENDMAIL?= /usr/sbin/sendmail
+MAKEMAP?= /usr/sbin/makemap
+M4?= /usr/bin/m4
+
+# Permissions for generated maps
+SENDMAIL_MAP_PERMS?= 0640
+
+# Set a reasonable default
+.MAIN: all
+
+#
+# ------------------------------------------------------------------------
+#
+# The Makefile picks up the list of files from SENDMAIL_MAP_SRC and
+# stores the matching .db filenames in SENDMAIL_MAP_OBJ if the file
+# exists in the current directory. SENDMAIL_MAP_TYPE is the database
+# type to use when calling makemap.
+#
+SENDMAIL_MAP_SRC+= mailertable domaintable bitdomain uucpdomain \
+ genericstable virtusertable access
+SENDMAIL_MAP_OBJ=
+SENDMAIL_MAP_TYPE?= hash
+
+.for _f in ${SENDMAIL_MAP_SRC} userdb
+.if exists(${_f})
+SENDMAIL_MAP_OBJ+= ${_f}.db
+.endif
+.endfor
+
+#
+# The makemap command is used to generate a hashed map from the textfile.
+#
+.for _f in ${SENDMAIL_MAP_SRC}
+.if (exists(${_f}.sample) && !exists(${_f}))
+${_f}: ${_f}.sample
+ sed -e 's/^/#/' < ${.OODATE} > ${.TARGET}
+.endif
+
+${_f}.db: ${_f}
+ ${MAKEMAP} ${SENDMAIL_MAP_TYPE} ${.TARGET} < ${.OODATE}
+ chmod ${SENDMAIL_MAP_PERMS} ${.TARGET}
+.endfor
+
+userdb.db: userdb
+ ${MAKEMAP} btree ${.TARGET} < ${.OODATE}
+ chmod ${SENDMAIL_MAP_PERMS} ${.TARGET}
+
+
+#
+# The .cf file needs to be recreated if the templates were modified.
+#
+M4FILES!= find ${SENDMAIL_CF_DIR} -type f -name '*.m4' -print
+
+#
+# M4(1) is used to generate the .cf file from the .mc file.
+#
+.SUFFIXES: .cf .mc
+
+.mc.cf: ${M4FILES}
+ ${M4} -D_CF_DIR_=${SENDMAIL_CF_DIR}/ ${SENDMAIL_M4_FLAGS} \
+ ${SENDMAIL_CF_DIR}/m4/cf.m4 ${@:R}.mc > ${.TARGET}
+
+#
+# Aliases are handled separately since they normally reside in /etc
+# and can be rebuild without the help of makemap.
+#
+.for _f in ${SENDMAIL_ALIASES}
+${_f}.db: ${_f}
+ ${SENDMAIL} -bi -OAliasFile=${.ALLSRC}
+ chmod ${SENDMAIL_MAP_PERMS} ${.TARGET}
+.endfor
+
+#
+# ------------------------------------------------------------------------
+#
+
+all: cf maps aliases
+
+clean:
+
+depend:
+
+cf: ${INSTALL_CF} ${INSTALL_SUBMIT_CF}
+
+.ifdef SENDMAIL_SET_USER_ID
+install: install-cf
+.else
+install: install-cf install-submit-cf
+.endif
+
+install-cf: ${INSTALL_CF}
+.if ${INSTALL_CF} != /etc/mail/sendmail.cf
+ ${INSTALL} -m ${SHAREMODE} ${INSTALL_CF} /etc/mail/sendmail.cf
+.endif
+
+
+install-submit-cf: ${INSTALL_SUBMIT_CF}
+.ifdef SENDMAIL_SET_USER_ID
+ @echo ">>> ERROR: You should not create a submit.cf file if you are using a"
+ @echo " set-user-ID sendmail binary (SENDMAIL_SET_USER_ID is set"
+ @echo " in make.conf)."
+ @false
+.else
+.if ${INSTALL_SUBMIT_CF} != /etc/mail/submit.cf
+ ${INSTALL} -m ${SHAREMODE} ${INSTALL_SUBMIT_CF} /etc/mail/submit.cf
+.endif
+.endif
+
+aliases: ${SENDMAIL_ALIASES:%=%.db}
+
+maps: ${SENDMAIL_MAP_OBJ}
+
+start start-mta start-mspq:
+ @if [ -r ${SENDMAIL_START_SCRIPT} ]; then \
+ echo -n 'Starting:'; \
+ sh ${SENDMAIL_START_SCRIPT} $@; \
+ echo '.'; \
+ fi
+
+stop stop-mta stop-mspq:
+ @if [ -r ${SENDMAIL_START_SCRIPT} ]; then \
+ echo -n 'Stopping:'; \
+ sh ${SENDMAIL_START_SCRIPT} $@; \
+ echo '.'; \
+ fi
+
+restart restart-mta restart-mspq:
+ @if [ -r ${SENDMAIL_START_SCRIPT} ]; then \
+ echo -n 'Restarting:'; \
+ sh ${SENDMAIL_START_SCRIPT} $@; \
+ echo '.'; \
+ fi
+
+# User defined targets
+.if exists(Makefile.local)
+.include "Makefile.local"
+.endif
+
+# For the definition of $SHAREMODE
+.include <bsd.own.mk>
diff --git a/etc/mail/README b/etc/mail/README
new file mode 100644
index 0000000..fd7c8f6
--- /dev/null
+++ b/etc/mail/README
@@ -0,0 +1,58 @@
+# $FreeBSD$
+
+ Sendmail Processes
+
+As of sendmail 8.12, in order to improve security, the sendmail binary no
+longer needs to be set-user-ID root. Instead, a set-group-ID binary
+accepts command line mail and relays it to a full mail transfer agent via
+SMTP. A group writable client mail queue (/var/spool/clientmqueue/ by
+default) holds the mail if an MTA can not be contacted.
+
+To accomplish this, under the default setup, an MTA must be listening on
+localhost port 25. If the rc.conf sendmail_enable option is set to "NO",
+a sendmail daemon will still be started and bound only to the localhost
+interface in order to accept command line submitted mail (note that this
+does not work inside jail(2) systems as jails do not allow binding to
+just the localhost interface). If this is not a desirable solution, it
+can be disabled using the sendmail_submit_enable rc.conf option. However,
+if both sendmail_enable and sendmail_submit_enable are set to "NO", you
+must do one of two things for command line submitted mail:
+
+1. Designate an alternative host for the submission agent to contact
+ by altering /etc/mail/freebsd.submit.mc (or setting SENDMAIL_SUBMIT_MC
+ in /etc/make.conf to an alternate .mc file) and using
+ 'make install-submit-cf' in /etc/mail/. Change the FEATURE(msp) line
+ to FEATURE(msp, hostname) where hostname is the fully qualified hostname
+ of the alternative host.
+
+Or:
+
+2. Return to using a set-user-ID root sendmail binary by changing the
+ ownership and permissions on the sendmail binary and removing the
+ /etc/mail/submit.cf file:
+ chown root /usr/libexec/sendmail/sendmail
+ chmod 4755 /usr/libexec/sendmail/sendmail
+ rm /etc/mail/submit.cf
+ If you install from source, set the SENDMAIL_SET_USER_ID flag in
+ /etc/make.conf.
+
+Also, as of 8.12, a new queue-running daemon is started to make sure mail
+doesn't remain in the client mail queue. By default, it simply runs the
+client mail queue every 30 minutes. Its behavior can be adjusted by setting
+the sendmail_msp_queue_enable and sendmail_msp_queue_flags rc.conf options.
+
+
+ Filtering out SPAM from your site
+
+Sendmail now includes excellent tools to block spam. These tools are
+available as FEATUREs that you can add to your site's .mc file. Proper use
+of these FEATUREs will prevent spammer from using your site as a relay as
+well as significantly decrease the amount of spam that arrives at your
+site. No set of anti-spam tools will block all spam without blocking some
+portion of legitimate mail as well. Therefore, these FEATUREs are designed
+to prevent as much spam as possible without blocking legitimate mail.
+
+These tools are discussed in /usr/share/sendmail/cf/README. Read the
+section entitled "ANTI-SPAM CONFIGURATION CONTROL". Example usage and
+additional tools can be found in /usr/share/sendmail/cf/cf/knecht.mc.
+
diff --git a/etc/mail/access.sample b/etc/mail/access.sample
new file mode 100644
index 0000000..33cfe17
--- /dev/null
+++ b/etc/mail/access.sample
@@ -0,0 +1,17 @@
+# $FreeBSD$
+#
+# Mail relay access control list. Default is to reject mail unless the
+# destination is local, or listed in /etc/mail/local-host-names
+#
+
+## Examples (commented out for safety)
+#From:cyberspammer.com ERROR:"550 We don't accept mail from spammers"
+#From:okay.cyberspammer.com OK
+#Connect:sendmail.org RELAY
+#To:sendmail.org RELAY
+#Connect:128.32 RELAY
+#Connect:128.32.2 SKIP
+#Connect:IPv6:1:2:3:4:5:6:7 RELAY
+#Connect:suspicious.example.com QUARANTINE:Mail from suspicious host
+#Connect:[127.0.0.3] OK
+#Connect:[IPv6:1:2:3:4:5:6:7:8] OK
diff --git a/etc/mail/aliases b/etc/mail/aliases
new file mode 100644
index 0000000..5f5cd24
--- /dev/null
+++ b/etc/mail/aliases
@@ -0,0 +1,78 @@
+# $FreeBSD$
+# @(#)aliases 5.3 (Berkeley) 5/24/90
+#
+# Aliases in this file will NOT be expanded in the header from
+# Mail, but WILL be visible over networks.
+#
+# >>>>>>>>>> The program "newaliases" must be run after
+# >> NOTE >> this file is updated for any changes to
+# >>>>>>>>>> show through to sendmail.
+#
+#
+# See also RFC 2142, `MAILBOX NAMES FOR COMMON SERVICES, ROLES
+# AND FUNCTIONS', May 1997
+# http://tools.ietf.org/html/rfc2142
+
+# Pretty much everything else in this file points to "root", so
+# you would do well in either reading root's mailbox or forwarding
+# root's email from here.
+
+# root: me@my.domain
+
+# Basic system aliases -- these MUST be present
+MAILER-DAEMON: postmaster
+postmaster: root
+
+# General redirections for pseudo accounts
+_dhcp: root
+_pflogd: root
+bin: root
+bind: root
+daemon: root
+games: root
+hast: root
+kmem: root
+mailnull: postmaster
+man: root
+news: root
+nobody: root
+operator: root
+pop: root
+proxy: root
+smmsp: postmaster
+sshd: root
+system: root
+toor: root
+tty: root
+usenet: news
+uucp: root
+
+# Well-known aliases -- these should be filled in!
+# manager:
+# dumper:
+
+# BUSINESS-RELATED MAILBOX NAMES
+# info:
+# marketing:
+# sales:
+# support:
+
+# NETWORK OPERATIONS MAILBOX NAMES
+abuse: root
+# noc: root
+security: root
+
+# SUPPORT MAILBOX NAMES FOR SPECIFIC INTERNET SERVICES
+ftp: root
+ftp-bugs: ftp
+# hostmaster: root
+# webmaster: root
+# www: webmaster
+
+# NOTE: /var/msgs and /var/msgs/bounds must be owned by sendmail's
+# DefaultUser (defaults to mailnull) for the msgs alias to work.
+#
+# msgs: "| /usr/bin/msgs -s"
+
+# bit-bucket: /dev/null
+# dev-null: bit-bucket
diff --git a/etc/mail/mailer.conf b/etc/mail/mailer.conf
new file mode 100644
index 0000000..3fa6922
--- /dev/null
+++ b/etc/mail/mailer.conf
@@ -0,0 +1,10 @@
+# $FreeBSD$
+#
+# Execute the "real" sendmail program, named /usr/libexec/sendmail/sendmail
+#
+sendmail /usr/libexec/sendmail/sendmail
+send-mail /usr/libexec/sendmail/sendmail
+mailq /usr/libexec/sendmail/sendmail
+newaliases /usr/libexec/sendmail/sendmail
+hoststat /usr/libexec/sendmail/sendmail
+purgestat /usr/libexec/sendmail/sendmail
diff --git a/etc/mail/mailertable.sample b/etc/mail/mailertable.sample
new file mode 100644
index 0000000..d2c45e0
--- /dev/null
+++ b/etc/mail/mailertable.sample
@@ -0,0 +1,7 @@
+# $FreeBSD$
+#
+# List of domains (possibly wildcarded) and destination mailers
+#
+.my.domain xnet:%1.my.domain
+uuhost1.my.domain suucp:uuhost1
+.bitnet smtp:relay.bit.net
diff --git a/etc/mail/virtusertable.sample b/etc/mail/virtusertable.sample
new file mode 100644
index 0000000..43e2bbb
--- /dev/null
+++ b/etc/mail/virtusertable.sample
@@ -0,0 +1,11 @@
+# $FreeBSD$
+#
+# Map one or all usernames at a source hostname to a specific (or the same)
+# username at another target hostname. Remember to add the source hostname
+# to /etc/mail/local-host-names so that sendmail will accept mail for the
+# source hostname.
+#
+username@a.sample.hostname localuser
+username@a.sample.hostname specificuser@a.possibly.different.hostname
+@another.sample.hostname specificuser@a.possibly.different.hostname
+@yet.another.sample.hostname %1@a.possibly.different.hostname
diff --git a/etc/man.alias b/etc/man.alias
new file mode 100644
index 0000000..0268403
--- /dev/null
+++ b/etc/man.alias
@@ -0,0 +1,4 @@
+# $FreeBSD$
+
+en.ISO8859-15 en.ISO8859-1
+
diff --git a/etc/master.passwd b/etc/master.passwd
new file mode 100644
index 0000000..02163ef
--- /dev/null
+++ b/etc/master.passwd
@@ -0,0 +1,24 @@
+# $FreeBSD$
+#
+root::0:0::0:0:Charlie &:/root:/bin/csh
+toor:*:0:0::0:0:Bourne-again Superuser:/root:
+daemon:*:1:1::0:0:Owner of many system processes:/root:/usr/sbin/nologin
+operator:*:2:5::0:0:System &:/:/usr/sbin/nologin
+bin:*:3:7::0:0:Binaries Commands and Source:/:/usr/sbin/nologin
+tty:*:4:65533::0:0:Tty Sandbox:/:/usr/sbin/nologin
+kmem:*:5:65533::0:0:KMem Sandbox:/:/usr/sbin/nologin
+games:*:7:13::0:0:Games pseudo-user:/usr/games:/usr/sbin/nologin
+news:*:8:8::0:0:News Subsystem:/:/usr/sbin/nologin
+man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
+sshd:*:22:22::0:0:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
+smmsp:*:25:25::0:0:Sendmail Submission User:/var/spool/clientmqueue:/usr/sbin/nologin
+mailnull:*:26:26::0:0:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
+bind:*:53:53::0:0:Bind Sandbox:/:/usr/sbin/nologin
+proxy:*:62:62::0:0:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
+_pflogd:*:64:64::0:0:pflogd privsep user:/var/empty:/usr/sbin/nologin
+_dhcp:*:65:65::0:0:dhcp programs:/var/empty:/usr/sbin/nologin
+uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
+pop:*:68:6::0:0:Post Office Owner:/nonexistent:/usr/sbin/nologin
+www:*:80:80::0:0:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
+hast:*:845:845::0:0:HAST unprivileged user:/var/empty:/usr/sbin/nologin
+nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/usr/sbin/nologin
diff --git a/etc/minfree b/etc/minfree
new file mode 100644
index 0000000..c873496
--- /dev/null
+++ b/etc/minfree
@@ -0,0 +1 @@
+2048
diff --git a/etc/motd b/etc/motd
new file mode 100644
index 0000000..cbe55b8
--- /dev/null
+++ b/etc/motd
@@ -0,0 +1,25 @@
+FreeBSD ?.?.? (UNKNOWN)
+
+Welcome to FreeBSD!
+
+Before seeking technical support, please use the following resources:
+
+o Security advisories and updated errata information for all releases are
+ at http://www.FreeBSD.org/releases/ - always consult the ERRATA section
+ for your release first as it's updated frequently.
+
+o The Handbook and FAQ documents are at http://www.FreeBSD.org/ and,
+ along with the mailing lists, can be searched by going to
+ http://www.FreeBSD.org/search/. If the doc package has been installed
+ (or fetched via pkg_add -r lang-freebsd-doc, where lang is the
+ 2-letter language code, e.g. en), they are also available formatted
+ in /usr/local/share/doc/freebsd.
+
+If you still have a question or problem, please take the output of
+`uname -a', along with any relevant error messages, and email it
+as a question to the questions@FreeBSD.org mailing list. If you are
+unfamiliar with FreeBSD's directory layout, please refer to the hier(7)
+manual page. If you are not familiar with manual pages, type `man man'.
+
+Edit /etc/motd to change this login announcement.
+
diff --git a/etc/mtree/BIND.chroot.dist b/etc/mtree/BIND.chroot.dist
new file mode 100644
index 0000000..95423db
--- /dev/null
+++ b/etc/mtree/BIND.chroot.dist
@@ -0,0 +1,35 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ dev mode=0555
+ ..
+ etc
+ namedb
+ dynamic uname=bind
+ ..
+ master
+ ..
+ slave uname=bind
+ ..
+ working uname=bind
+ ..
+ ..
+ ..
+/set type=dir uname=bind gname=wheel mode=0755
+ var uname=root
+ dump
+ ..
+ log
+ ..
+ run
+ named
+ ..
+ ..
+ stats
+ ..
+ ..
+..
diff --git a/etc/mtree/BIND.include.dist b/etc/mtree/BIND.include.dist
new file mode 100644
index 0000000..534794a
--- /dev/null
+++ b/etc/mtree/BIND.include.dist
@@ -0,0 +1,22 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ bind
+ ..
+ bind9
+ ..
+ dns
+ ..
+ dst
+ ..
+ isc
+ ..
+ isccc
+ ..
+ isccfg
+ ..
+..
diff --git a/etc/mtree/BSD.groff.dist b/etc/mtree/BSD.groff.dist
new file mode 100644
index 0000000..3f21375
--- /dev/null
+++ b/etc/mtree/BSD.groff.dist
@@ -0,0 +1,48 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ share
+ groff_font
+ devX100
+ ..
+ devX100-12
+ ..
+ devX75
+ ..
+ devX75-12
+ ..
+ devascii
+ ..
+ devcp1047
+ ..
+ devdvi
+ ..
+ devhtml
+ ..
+ devkoi8-r
+ ..
+ devlatin1
+ ..
+ devlbp
+ ..
+ devlj4
+ ..
+ devps
+ ..
+ devutf8
+ ..
+ ..
+ me
+ ..
+ tmac
+ mdoc
+ ..
+ mm
+ ..
+ ..
+ ..
+..
diff --git a/etc/mtree/BSD.include.dist b/etc/mtree/BSD.include.dist
new file mode 100644
index 0000000..c841ca8
--- /dev/null
+++ b/etc/mtree/BSD.include.dist
@@ -0,0 +1,332 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ altq
+ ..
+ arpa
+ ..
+ bsm
+ ..
+ bsnmp
+ ..
+ c++
+ 4.2
+ backward
+ ..
+ bits
+ ..
+ debug
+ ..
+ ext
+ pb_ds
+ detail
+ basic_tree_policy
+ ..
+ bin_search_tree_
+ ..
+ binary_heap_
+ ..
+ binomial_heap_
+ ..
+ binomial_heap_base_
+ ..
+ cc_hash_table_map_
+ ..
+ eq_fn
+ ..
+ gp_hash_table_map_
+ ..
+ hash_fn
+ ..
+ left_child_next_sibling_heap_
+ ..
+ list_update_map_
+ ..
+ list_update_policy
+ ..
+ ov_tree_map_
+ ..
+ pairing_heap_
+ ..
+ pat_trie_
+ ..
+ rb_tree_map_
+ ..
+ rc_binomial_heap_
+ ..
+ resize_policy
+ ..
+ splay_tree_
+ ..
+ thin_heap_
+ ..
+ tree_policy
+ ..
+ trie_policy
+ ..
+ unordered_iterator
+ ..
+ ..
+ ..
+ ..
+ tr1
+ ..
+ ..
+ v1
+ ext
+ ..
+ ..
+ ..
+ cam
+ ata
+ ..
+ scsi
+ ..
+ ..
+ clang
+ 3.0
+ ..
+ ..
+ crypto
+ ..
+ dev
+ acpica
+ ..
+ an
+ ..
+ bktr
+ ..
+ ciss
+ ..
+ firewire
+ ..
+ hwpmc
+ ..
+ ic
+ ..
+ ieee488
+ ..
+ iicbus
+ ..
+ io
+ ..
+ lmc
+ ..
+ mfi
+ ..
+ mpt
+ mpilib
+ ..
+ ..
+ ofw
+ ..
+ pbio
+ ..
+ powermac_nvram
+ ..
+ ppbus
+ ..
+ smbus
+ ..
+ speaker
+ ..
+ usb
+ ..
+ utopia
+ ..
+ vkbd
+ ..
+ wi
+ ..
+ ..
+ edit
+ readline
+ ..
+ ..
+ fs
+ devfs
+ ..
+ fdescfs
+ ..
+ fifofs
+ ..
+ msdosfs
+ ..
+ nfs
+ ..
+ ntfs
+ ..
+ nullfs
+ ..
+ nwfs
+ ..
+ portalfs
+ ..
+ procfs
+ ..
+ smbfs
+ ..
+ udf
+ ..
+ unionfs
+ ..
+ ..
+ gcc
+ 4.2
+ ..
+ ..
+ geom
+ cache
+ ..
+ concat
+ ..
+ eli
+ ..
+ gate
+ ..
+ journal
+ ..
+ label
+ ..
+ mirror
+ ..
+ mountver
+ ..
+ multipath
+ ..
+ nop
+ ..
+ raid
+ ..
+ raid3
+ ..
+ shsec
+ ..
+ stripe
+ ..
+ virstor
+ ..
+ ..
+ gnu
+ posix
+ ..
+ ..
+ gpib
+ ..
+ gssapi
+ ..
+ infiniband
+ complib
+ ..
+ iba
+ ..
+ opensm
+ ..
+ vendor
+ ..
+ ..
+ isofs
+ cd9660
+ ..
+ ..
+ kadm5
+ ..
+ libmilter
+ ..
+ lwres
+ ..
+ lzma
+ ..
+ machine
+ pc
+ ..
+ ..
+ net
+ ..
+ net80211
+ ..
+ netatalk
+ ..
+ netgraph
+ atm
+ ..
+ bluetooth
+ include
+ ..
+ ..
+ netflow
+ ..
+ ..
+ netinet
+ ..
+ netinet6
+ ..
+ netipsec
+ ..
+ netipx
+ ..
+ netnatm
+ api
+ ..
+ msg
+ ..
+ saal
+ ..
+ sig
+ ..
+ ..
+ netncp
+ ..
+ netsmb
+ ..
+ nfs
+ ..
+ nfsclient
+ ..
+ nfsserver
+ ..
+ openssl
+ ..
+ pcap
+ ..
+ protocols
+ ..
+ rdma
+ ..
+ readline
+ ..
+ rpc
+ ..
+ rpcsvc
+ ..
+ security
+ audit
+ ..
+ mac_biba
+ ..
+ mac_bsdextended
+ ..
+ mac_lomac
+ ..
+ mac_mls
+ ..
+ mac_partition
+ ..
+ ..
+ ssp
+ ..
+ sys
+ ..
+ ufs
+ ffs
+ ..
+ ufs
+ ..
+ ..
+ vm
+ ..
+..
diff --git a/etc/mtree/BSD.release.dist b/etc/mtree/BSD.release.dist
new file mode 100644
index 0000000..952aace
--- /dev/null
+++ b/etc/mtree/BSD.release.dist
@@ -0,0 +1,22 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ filesys
+ ..
+ floppies
+ ..
+ tarballs
+ bindist
+ ..
+ objdist
+ ..
+ secrdist
+ ..
+ srcdist
+ ..
+ ..
+..
diff --git a/etc/mtree/BSD.root.dist b/etc/mtree/BSD.root.dist
new file mode 100644
index 0000000..a6cba24
--- /dev/null
+++ b/etc/mtree/BSD.root.dist
@@ -0,0 +1,96 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ bin
+ ..
+ boot
+ defaults
+ ..
+ firmware
+ ..
+ kernel
+ ..
+ modules
+ ..
+ zfs
+ ..
+ ..
+ dev mode=0555
+ ..
+ etc
+ X11
+ ..
+ bluetooth
+ ..
+ defaults
+ ..
+ devd
+ ..
+ gnats
+ ..
+ gss
+ ..
+ mail
+ ..
+ mtree
+ ..
+ ntp mode=0700
+ ..
+ pam.d
+ ..
+ periodic
+ daily
+ ..
+ monthly
+ ..
+ security
+ ..
+ weekly
+ ..
+ ..
+ ppp
+ ..
+ rc.d
+ ..
+ security
+ ..
+ skel
+ ..
+ ssh
+ ..
+ ssl
+ ..
+ zfs
+ ..
+ ..
+ lib
+ geom
+ ..
+ ..
+ libexec
+ resolvconf
+ ..
+ ..
+ media
+ ..
+ mnt
+ ..
+ proc mode=0555
+ ..
+ rescue
+ ..
+ root
+ ..
+ sbin
+ ..
+ tmp mode=01777
+ ..
+ usr
+ ..
+ var
+ ..
+..
diff --git a/etc/mtree/BSD.sendmail.dist b/etc/mtree/BSD.sendmail.dist
new file mode 100644
index 0000000..138606b
--- /dev/null
+++ b/etc/mtree/BSD.sendmail.dist
@@ -0,0 +1,14 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+. nochange
+ var nochange
+ spool nochange
+ clientmqueue uname=smmsp gname=smmsp mode=0770
+ ..
+ ..
+ ..
+..
diff --git a/etc/mtree/BSD.usr.dist b/etc/mtree/BSD.usr.dist
new file mode 100644
index 0000000..87497b1
--- /dev/null
+++ b/etc/mtree/BSD.usr.dist
@@ -0,0 +1,1362 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ bin
+ ..
+ games
+ ..
+ include
+ ..
+ lib
+ aout
+ ..
+ compat
+ aout
+ ..
+ ..
+ dtrace
+ ..
+ engines
+ ..
+ i18n
+ ..
+ ..
+ lib32
+ dtrace
+ ..
+ i18n
+ ..
+ ..
+ libdata
+ gcc
+ ..
+ ldscripts
+ ..
+ lint
+ ..
+ ..
+ libexec
+ bsdinstall
+ ..
+ lpr
+ ru
+ ..
+ ..
+ sendmail
+ ..
+ sm.bin
+ ..
+ ..
+ local
+ ..
+ obj nochange
+ ..
+ sbin
+ ..
+ share
+ calendar
+ de_DE.ISO8859-1
+ ..
+ fr_FR.ISO8859-1
+ ..
+ hr_HR.ISO8859-2
+ ..
+ hu_HU.ISO8859-2
+ ..
+ ru_RU.KOI8-R
+ ..
+ uk_UA.KOI8-U
+ ..
+ ..
+ dict
+ ..
+ doc
+ IPv6
+ ..
+ atm
+ ..
+ bind9
+ arm
+ ..
+ misc
+ ..
+ ..
+ legal
+ intel_ipw
+ ..
+ intel_iwi
+ ..
+ intel_wpi
+ ..
+ ..
+ llvm
+ clang
+ ..
+ ..
+ ncurses
+ ..
+ ntp
+ ..
+ papers
+ ..
+ psd
+ 01.cacm
+ ..
+ 02.implement
+ ..
+ 03.iosys
+ ..
+ 04.uprog
+ ..
+ 05.sysman
+ ..
+ 06.Clang
+ ..
+ 12.make
+ ..
+ 13.rcs
+ ..
+ 15.yacc
+ ..
+ 16.lex
+ ..
+ 17.m4
+ ..
+ 18.gprof
+ ..
+ 20.ipctut
+ ..
+ 21.ipc
+ ..
+ 22.rpcgen
+ ..
+ 23.rpc
+ ..
+ 24.xdr
+ ..
+ 25.xdrrfc
+ ..
+ 26.rpcrfc
+ ..
+ 27.nfsrfc
+ ..
+ 28.cvs
+ ..
+ ..
+ smm
+ 01.setup
+ ..
+ 02.config
+ ..
+ 03.fsck
+ ..
+ 04.quotas
+ ..
+ 05.fastfs
+ ..
+ 06.nfs
+ ..
+ 07.lpd
+ ..
+ 08.sendmailop
+ ..
+ 11.timedop
+ ..
+ 12.timed
+ ..
+ 18.net
+ ..
+ ..
+ usd
+ 04.csh
+ ..
+ 05.dc
+ ..
+ 06.bc
+ ..
+ 07.mail
+ ..
+ 10.exref
+ ..
+ 11.edit
+ ..
+ 12.vi
+ ..
+ 13.viref
+ ..
+ 18.msdiffs
+ ..
+ 19.memacros
+ ..
+ 20.meref
+ ..
+ 21.troff
+ ..
+ 22.trofftut
+ ..
+ ..
+ ..
+ examples
+ BSD_daemon
+ ..
+ FreeBSD_version
+ ..
+ IPv6
+ ..
+ bootforth
+ ..
+ cvs
+ contrib
+ ..
+ ..
+ cvsup
+ ..
+ diskless
+ ..
+ drivers
+ ..
+ etc
+ defaults
+ ..
+ ..
+ find_interface
+ ..
+ hast
+ ..
+ hostapd
+ ..
+ ibcs2
+ ..
+ indent
+ ..
+ ipfilter
+ ..
+ ipfw
+ ..
+ iscsi
+ ..
+ jails
+ ..
+ kld
+ cdev
+ module
+ ..
+ test
+ ..
+ ..
+ dyn_sysctl
+ ..
+ firmware
+ fwconsumer
+ ..
+ fwimage
+ ..
+ ..
+ khelp
+ ..
+ syscall
+ module
+ ..
+ test
+ ..
+ ..
+ ..
+ libvgl
+ ..
+ mdoc
+ ..
+ netgraph
+ bluetooth
+ ..
+ ..
+ nwclient
+ ..
+ pc-sysinstall
+ ..
+ perfmon
+ ..
+ pf
+ ..
+ portal
+ ..
+ ppi
+ ..
+ ppp
+ ..
+ printing
+ ..
+ scsi_target
+ ..
+ ses
+ getencstat
+ ..
+ sesd
+ ..
+ setencstat
+ ..
+ setobjstat
+ ..
+ srcs
+ ..
+ ..
+ smbfs
+ print
+ ..
+ ..
+ sunrpc
+ dir
+ ..
+ msg
+ ..
+ sort
+ ..
+ ..
+ tcsh
+ ..
+ ..
+ games
+ fortune
+ ..
+ ..
+ info
+ ..
+ i18n
+ csmapper
+ APPLE
+ ..
+ AST
+ ..
+ BIG5
+ ..
+ CNS
+ ..
+ CP
+ ..
+ EBCDIC
+ ..
+ GB
+ ..
+ GEORGIAN
+ ..
+ ISO-8859
+ ..
+ ISO646
+ ..
+ JIS
+ ..
+ KAZAKH
+ ..
+ KOI
+ ..
+ KS
+ ..
+ MISC
+ ..
+ TCVN
+ ..
+ ..
+ esdb
+ APPLE
+ ..
+ AST
+ ..
+ BIG5
+ ..
+ CP
+ ..
+ DEC
+ ..
+ EBCDIC
+ ..
+ EUC
+ ..
+ GB
+ ..
+ GEORGIAN
+ ..
+ ISO-2022
+ ..
+ ISO-8859
+ ..
+ ISO646
+ ..
+ KAZAKH
+ ..
+ KOI
+ ..
+ MISC
+ ..
+ TCVN
+ ..
+ UTF
+ ..
+ ..
+ ..
+ locale
+ UTF-8
+ ..
+ af_ZA.ISO8859-1
+ ..
+ af_ZA.ISO8859-15
+ ..
+ af_ZA.UTF-8
+ ..
+ am_ET.UTF-8
+ ..
+ be_BY.CP1131
+ ..
+ be_BY.CP1251
+ ..
+ be_BY.ISO8859-5
+ ..
+ be_BY.UTF-8
+ ..
+ bg_BG.CP1251
+ ..
+ bg_BG.UTF-8
+ ..
+ ca_AD.ISO8859-1
+ ..
+ ca_ES.ISO8859-1
+ ..
+ ca_FR.ISO8859-1
+ ..
+ ca_IT.ISO8859-1
+ ..
+ ca_AD.ISO8859-15
+ ..
+ ca_ES.ISO8859-15
+ ..
+ ca_FR.ISO8859-15
+ ..
+ ca_IT.ISO8859-15
+ ..
+ ca_AD.UTF-8
+ ..
+ ca_ES.UTF-8
+ ..
+ ca_FR.UTF-8
+ ..
+ ca_IT.UTF-8
+ ..
+ cs_CZ.ISO8859-2
+ ..
+ cs_CZ.UTF-8
+ ..
+ da_DK.ISO8859-1
+ ..
+ da_DK.ISO8859-15
+ ..
+ da_DK.UTF-8
+ ..
+ de_AT.ISO8859-1
+ ..
+ de_AT.ISO8859-15
+ ..
+ de_AT.UTF-8
+ ..
+ de_CH.ISO8859-1
+ ..
+ de_CH.ISO8859-15
+ ..
+ de_CH.UTF-8
+ ..
+ de_DE.ISO8859-1
+ ..
+ de_DE.ISO8859-15
+ ..
+ de_DE.UTF-8
+ ..
+ el_GR.ISO8859-7
+ ..
+ el_GR.UTF-8
+ ..
+ en_AU.ISO8859-1
+ ..
+ en_AU.ISO8859-15
+ ..
+ en_AU.US-ASCII
+ ..
+ en_AU.UTF-8
+ ..
+ en_CA.ISO8859-1
+ ..
+ en_CA.ISO8859-15
+ ..
+ en_CA.US-ASCII
+ ..
+ en_CA.UTF-8
+ ..
+ en_GB.ISO8859-1
+ ..
+ en_GB.ISO8859-15
+ ..
+ en_GB.US-ASCII
+ ..
+ en_GB.UTF-8
+ ..
+ en_IE.UTF-8
+ ..
+ en_NZ.ISO8859-1
+ ..
+ en_NZ.ISO8859-15
+ ..
+ en_NZ.US-ASCII
+ ..
+ en_NZ.UTF-8
+ ..
+ en_US.ISO8859-1
+ ..
+ en_US.ISO8859-15
+ ..
+ en_US.US-ASCII
+ ..
+ en_US.UTF-8
+ ..
+ es_ES.ISO8859-1
+ ..
+ es_ES.ISO8859-15
+ ..
+ es_ES.UTF-8
+ ..
+ et_EE.ISO8859-15
+ ..
+ et_EE.UTF-8
+ ..
+ eu_ES.ISO8859-1
+ ..
+ eu_ES.ISO8859-15
+ ..
+ eu_ES.UTF-8
+ ..
+ fi_FI.ISO8859-1
+ ..
+ fi_FI.ISO8859-15
+ ..
+ fi_FI.UTF-8
+ ..
+ fr_BE.ISO8859-1
+ ..
+ fr_BE.ISO8859-15
+ ..
+ fr_BE.UTF-8
+ ..
+ fr_CA.ISO8859-1
+ ..
+ fr_CA.ISO8859-15
+ ..
+ fr_CA.UTF-8
+ ..
+ fr_CH.ISO8859-1
+ ..
+ fr_CH.ISO8859-15
+ ..
+ fr_CH.UTF-8
+ ..
+ fr_FR.ISO8859-1
+ ..
+ fr_FR.ISO8859-15
+ ..
+ fr_FR.UTF-8
+ ..
+ he_IL.UTF-8
+ ..
+ hi_IN.ISCII-DEV
+ ..
+ hr_HR.ISO8859-2
+ ..
+ hr_HR.UTF-8
+ ..
+ hu_HU.ISO8859-2
+ ..
+ hu_HU.UTF-8
+ ..
+ hy_AM.ARMSCII-8
+ ..
+ hy_AM.UTF-8
+ ..
+ is_IS.ISO8859-1
+ ..
+ is_IS.ISO8859-15
+ ..
+ is_IS.UTF-8
+ ..
+ it_CH.ISO8859-1
+ ..
+ it_CH.ISO8859-15
+ ..
+ it_CH.UTF-8
+ ..
+ it_IT.ISO8859-1
+ ..
+ it_IT.ISO8859-15
+ ..
+ it_IT.UTF-8
+ ..
+ ja_JP.SJIS
+ ..
+ ja_JP.UTF-8
+ ..
+ ja_JP.eucJP
+ ..
+ kk_KZ.PT154
+ ..
+ kk_KZ.UTF-8
+ ..
+ ko_KR.CP949
+ ..
+ ko_KR.UTF-8
+ ..
+ ko_KR.eucKR
+ ..
+ la_LN.ISO8859-1
+ ..
+ la_LN.ISO8859-13
+ ..
+ la_LN.ISO8859-15
+ ..
+ la_LN.ISO8859-2
+ ..
+ la_LN.ISO8859-4
+ ..
+ la_LN.US-ASCII
+ ..
+ lt_LT.ISO8859-13
+ ..
+ lt_LT.ISO8859-4
+ ..
+ lt_LT.UTF-8
+ ..
+ lv_LV.ISO8859-13
+ ..
+ lv_LV.UTF-8
+ ..
+ mn_MN.UTF-8
+ ..
+ nb_NO.ISO8859-1
+ ..
+ nb_NO.ISO8859-15
+ ..
+ nb_NO.UTF-8
+ ..
+ nl_BE.ISO8859-1
+ ..
+ nl_BE.ISO8859-15
+ ..
+ nl_BE.UTF-8
+ ..
+ nl_NL.ISO8859-1
+ ..
+ nl_NL.ISO8859-15
+ ..
+ nl_NL.UTF-8
+ ..
+ nn_NO.ISO8859-1
+ ..
+ nn_NO.ISO8859-15
+ ..
+ nn_NO.UTF-8
+ ..
+ no_NO.ISO8859-1
+ ..
+ no_NO.ISO8859-15
+ ..
+ no_NO.UTF-8
+ ..
+ pl_PL.ISO8859-2
+ ..
+ pl_PL.UTF-8
+ ..
+ pt_BR.ISO8859-1
+ ..
+ pt_BR.UTF-8
+ ..
+ pt_PT.ISO8859-1
+ ..
+ pt_PT.ISO8859-15
+ ..
+ pt_PT.UTF-8
+ ..
+ ro_RO.ISO8859-2
+ ..
+ ro_RO.UTF-8
+ ..
+ ru_RU.CP1251
+ ..
+ ru_RU.CP866
+ ..
+ ru_RU.ISO8859-5
+ ..
+ ru_RU.KOI8-R
+ ..
+ ru_RU.UTF-8
+ ..
+ sk_SK.ISO8859-2
+ ..
+ sk_SK.UTF-8
+ ..
+ sl_SI.ISO8859-2
+ ..
+ sl_SI.UTF-8
+ ..
+ sr_YU.ISO8859-2
+ ..
+ sr_YU.ISO8859-5
+ ..
+ sr_YU.UTF-8
+ ..
+ sv_SE.ISO8859-1
+ ..
+ sv_SE.ISO8859-15
+ ..
+ sv_SE.UTF-8
+ ..
+ tr_TR.ISO8859-9
+ ..
+ tr_TR.UTF-8
+ ..
+ uk_UA.CP1251
+ ..
+ uk_UA.ISO8859-5
+ ..
+ uk_UA.KOI8-U
+ ..
+ uk_UA.UTF-8
+ ..
+ zh_CN.GB18030
+ ..
+ zh_CN.GB2312
+ ..
+ zh_CN.GBK
+ ..
+ zh_CN.UTF-8
+ ..
+ zh_CN.eucCN
+ ..
+ zh_HK.Big5HKSCS
+ ..
+ zh_HK.UTF-8
+ ..
+ zh_TW.Big5
+ ..
+ zh_TW.UTF-8
+ ..
+ ..
+ man
+/set uname=man
+ cat1
+ ..
+ cat1aout
+ ..
+ cat2
+ ..
+ cat3
+ ..
+ cat4
+ amd64
+ ..
+ arm
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ cat5
+ ..
+ cat6
+ ..
+ cat7
+ ..
+ cat8
+ amd64
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ cat9
+ ..
+ en.ISO8859-1 uname=root
+ cat1
+ ..
+ cat1aout
+ ..
+ cat2
+ ..
+ cat3
+ ..
+ cat4
+ amd64
+ ..
+ arm
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ cat5
+ ..
+ cat6
+ ..
+ cat7
+ ..
+ cat8
+ amd64
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ cat9
+ ..
+ ..
+ en.UTF-8 uname=root
+ cat1
+ ..
+ cat1aout
+ ..
+ cat2
+ ..
+ cat3
+ ..
+ cat4
+ amd64
+ ..
+ arm
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ cat5
+ ..
+ cat6
+ ..
+ cat7
+ ..
+ cat8
+ amd64
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ cat9
+ ..
+ ..
+ ja uname=root
+ cat1
+ ..
+ cat2
+ ..
+ cat3
+ ..
+ cat4
+ ..
+ cat5
+ ..
+ cat6
+ ..
+ cat7
+ ..
+ cat8
+ ..
+ cat9
+ ..
+/set uname=root
+ man1
+ ..
+ man2
+ ..
+ man3
+ ..
+ man4
+ ..
+ man5
+ ..
+ man6
+ ..
+ man7
+ ..
+ man8
+ ..
+ man9
+ ..
+ ..
+ man1
+ ..
+ man1aout
+ ..
+ man2
+ ..
+ man3
+ ..
+ man4
+ amd64
+ ..
+ arm
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ man5
+ ..
+ man6
+ ..
+ man7
+ ..
+ man8
+ amd64
+ ..
+ i386
+ ..
+ powerpc
+ ..
+ sparc64
+ ..
+ ..
+ man9
+ ..
+ ..
+ misc
+ fonts
+ ..
+ ..
+ mk
+ ..
+ nls
+ C
+ ..
+ af_ZA.ISO8859-1
+ ..
+ af_ZA.ISO8859-15
+ ..
+ af_ZA.UTF-8
+ ..
+ am_ET.UTF-8
+ ..
+ be_BY.CP1131
+ ..
+ be_BY.CP1251
+ ..
+ be_BY.ISO8859-5
+ ..
+ be_BY.UTF-8
+ ..
+ bg_BG.CP1251
+ ..
+ bg_BG.UTF-8
+ ..
+ ca_ES.ISO8859-1
+ ..
+ ca_ES.ISO8859-15
+ ..
+ ca_ES.UTF-8
+ ..
+ cs_CZ.ISO8859-2
+ ..
+ cs_CZ.UTF-8
+ ..
+ da_DK.ISO8859-1
+ ..
+ da_DK.ISO8859-15
+ ..
+ da_DK.UTF-8
+ ..
+ de_AT.ISO8859-1
+ ..
+ de_AT.ISO8859-15
+ ..
+ de_AT.UTF-8
+ ..
+ de_CH.ISO8859-1
+ ..
+ de_CH.ISO8859-15
+ ..
+ de_CH.UTF-8
+ ..
+ de_DE.ISO8859-1
+ ..
+ de_DE.ISO8859-15
+ ..
+ de_DE.UTF-8
+ ..
+ el_GR.ISO8859-7
+ ..
+ el_GR.UTF-8
+ ..
+ en_AU.ISO8859-1
+ ..
+ en_AU.ISO8859-15
+ ..
+ en_AU.US-ASCII
+ ..
+ en_AU.UTF-8
+ ..
+ en_CA.ISO8859-1
+ ..
+ en_CA.ISO8859-15
+ ..
+ en_CA.US-ASCII
+ ..
+ en_CA.UTF-8
+ ..
+ en_GB.ISO8859-1
+ ..
+ en_GB.ISO8859-15
+ ..
+ en_GB.US-ASCII
+ ..
+ en_GB.UTF-8
+ ..
+ en_IE.UTF-8
+ ..
+ en_NZ.ISO8859-1
+ ..
+ en_NZ.ISO8859-15
+ ..
+ en_NZ.US-ASCII
+ ..
+ en_NZ.UTF-8
+ ..
+ en_US.ISO8859-1
+ ..
+ en_US.ISO8859-15
+ ..
+ en_US.UTF-8
+ ..
+ es_ES.ISO8859-1
+ ..
+ es_ES.ISO8859-15
+ ..
+ es_ES.UTF-8
+ ..
+ et_EE.ISO8859-15
+ ..
+ et_EE.UTF-8
+ ..
+ fi_FI.ISO8859-1
+ ..
+ fi_FI.ISO8859-15
+ ..
+ fi_FI.UTF-8
+ ..
+ fr_BE.ISO8859-1
+ ..
+ fr_BE.ISO8859-15
+ ..
+ fr_BE.UTF-8
+ ..
+ fr_CA.ISO8859-1
+ ..
+ fr_CA.ISO8859-15
+ ..
+ fr_CA.UTF-8
+ ..
+ fr_CH.ISO8859-1
+ ..
+ fr_CH.ISO8859-15
+ ..
+ fr_CH.UTF-8
+ ..
+ fr_FR.ISO8859-1
+ ..
+ fr_FR.ISO8859-15
+ ..
+ fr_FR.UTF-8
+ ..
+ gl_ES.ISO8859-1
+ ..
+ he_IL.UTF-8
+ ..
+ hi_IN.ISCII-DEV
+ ..
+ hr_HR.ISO8859-2
+ ..
+ hr_HR.UTF-8
+ ..
+ hu_HU.ISO8859-2
+ ..
+ hu_HU.UTF-8
+ ..
+ hy_AM.ARMSCII-8
+ ..
+ hy_AM.UTF-8
+ ..
+ is_IS.ISO8859-1
+ ..
+ is_IS.ISO8859-15
+ ..
+ is_IS.UTF-8
+ ..
+ it_CH.ISO8859-1
+ ..
+ it_CH.ISO8859-15
+ ..
+ it_CH.UTF-8
+ ..
+ it_IT.ISO8859-1
+ ..
+ it_IT.ISO8859-15
+ ..
+ it_IT.UTF-8
+ ..
+ ja_JP.SJIS
+ ..
+ ja_JP.UTF-8
+ ..
+ ja_JP.eucJP
+ ..
+ kk_KZ.PT154
+ ..
+ kk_KZ.UTF-8
+ ..
+ ko_KR.CP949
+ ..
+ ko_KR.UTF-8
+ ..
+ ko_KR.eucKR
+ ..
+ la_LN.ISO8859-1
+ ..
+ la_LN.ISO8859-13
+ ..
+ la_LN.ISO8859-15
+ ..
+ la_LN.ISO8859-2
+ ..
+ la_LN.ISO8859-4
+ ..
+ la_LN.US-ASCII
+ ..
+ lt_LT.ISO8859-13
+ ..
+ lt_LT.ISO8859-4
+ ..
+ lt_LT.UTF-8
+ ..
+ lv_LV.ISO8859-13
+ ..
+ lv_LV.UTF-8
+ ..
+ mn_MN.UTF-8
+ ..
+ nl_BE.ISO8859-1
+ ..
+ nl_BE.ISO8859-15
+ ..
+ nl_BE.UTF-8
+ ..
+ nl_NL.ISO8859-1
+ ..
+ nl_NL.ISO8859-15
+ ..
+ nl_NL.UTF-8
+ ..
+ no_NO.ISO8859-1
+ ..
+ no_NO.ISO8859-15
+ ..
+ no_NO.UTF-8
+ ..
+ pl_PL.ISO8859-2
+ ..
+ pl_PL.UTF-8
+ ..
+ pt_BR.ISO8859-1
+ ..
+ pt_BR.UTF-8
+ ..
+ pt_PT.ISO8859-1
+ ..
+ pt_PT.ISO8859-15
+ ..
+ pt_PT.UTF-8
+ ..
+ ro_RO.ISO8859-2
+ ..
+ ro_RO.UTF-8
+ ..
+ ru_RU.CP1251
+ ..
+ ru_RU.CP866
+ ..
+ ru_RU.ISO8859-5
+ ..
+ ru_RU.KOI8-R
+ ..
+ ru_RU.UTF-8
+ ..
+ sk_SK.ISO8859-2
+ ..
+ sk_SK.UTF-8
+ ..
+ sl_SI.ISO8859-2
+ ..
+ sl_SI.UTF-8
+ ..
+ sr_YU.ISO8859-2
+ ..
+ sr_YU.ISO8859-5
+ ..
+ sr_YU.UTF-8
+ ..
+ sv_SE.ISO8859-1
+ ..
+ sv_SE.ISO8859-15
+ ..
+ sv_SE.UTF-8
+ ..
+ tr_TR.ISO8859-9
+ ..
+ tr_TR.UTF-8
+ ..
+ uk_UA.ISO8859-5
+ ..
+ uk_UA.KOI8-U
+ ..
+ uk_UA.UTF-8
+ ..
+ zh_CN.GB18030
+ ..
+ zh_CN.GB2312
+ ..
+ zh_CN.GBK
+ ..
+ zh_CN.UTF-8
+ ..
+ zh_CN.eucCN
+ ..
+ zh_HK.Big5HKSCS
+ ..
+ zh_HK.UTF-8
+ ..
+ zh_TW.Big5
+ ..
+ zh_TW.UTF-8
+ ..
+ ..
+ openssl
+ man
+/set uname=man
+ cat1
+ ..
+ cat3
+ ..
+ en.ISO8859-1 uname=root
+ cat1
+ ..
+ cat3
+ ..
+ ..
+/set uname=root
+ man1
+ ..
+ man3
+ ..
+ ..
+ ..
+ pc-sysinstall
+ backend
+ ..
+ backend-partmanager
+ ..
+ backend-query
+ ..
+ conf
+ license
+ ..
+ ..
+ doc
+ ..
+ ..
+ security
+ ..
+ sendmail
+ ..
+ skel
+ ..
+ snmp
+ defs
+ ..
+ mibs
+ ..
+ ..
+ syscons
+ fonts
+ ..
+ keymaps
+ ..
+ scrnmaps
+ ..
+ ..
+ tabset
+ ..
+ vi
+ catalog
+ ..
+ ..
+ zoneinfo
+ Africa
+ ..
+ America
+ Argentina
+ ..
+ Indiana
+ ..
+ Kentucky
+ ..
+ North_Dakota
+ ..
+ ..
+ Antarctica
+ ..
+ Arctic
+ ..
+ Asia
+ ..
+ Atlantic
+ ..
+ Australia
+ ..
+ Etc
+ ..
+ Europe
+ ..
+ Indian
+ ..
+ Pacific
+ ..
+ SystemV
+ ..
+ ..
+ ..
+ src nochange
+ ..
+..
diff --git a/etc/mtree/BSD.var.dist b/etc/mtree/BSD.var.dist
new file mode 100644
index 0000000..4481b10
--- /dev/null
+++ b/etc/mtree/BSD.var.dist
@@ -0,0 +1,96 @@
+# $FreeBSD$
+#
+# Please see the file src/etc/mtree/README before making changes to this file.
+#
+
+/set type=dir uname=root gname=wheel mode=0755
+.
+ account
+ ..
+ at
+/set uname=daemon
+ jobs
+ ..
+ spool
+ ..
+/set uname=root
+ ..
+/set mode=0750
+/set gname=audit
+ audit
+ ..
+/set gname=wheel
+ backups
+ ..
+ cache
+ ..
+ crash
+ ..
+ cron
+ tabs mode=0700
+ ..
+ ..
+/set mode=0755
+ db
+ entropy uname=operator gname=operator mode=0700
+ ..
+ freebsd-update mode=0700
+ ..
+ ipf mode=0700
+ ..
+ pkg
+ ..
+ ports
+ ..
+ portsnap
+ ..
+ ..
+ empty mode=0555 flags=schg
+ ..
+ games gname=games mode=0775
+ ..
+ heimdal mode=0700
+ ..
+ log
+ ..
+ mail gname=mail mode=0775
+ ..
+ msgs uname=daemon
+ ..
+ named
+ ..
+ preserve
+ ..
+ run
+ named uname=bind gname=bind
+ ..
+ ppp gname=network mode=0770
+ ..
+ wpa_supplicant
+ ..
+ ..
+ rwho gname=daemon mode=0775
+ ..
+ spool
+ lock uname=uucp gname=dialer mode=0775
+ ..
+/set gname=daemon
+ lpd
+ ..
+ mqueue
+ ..
+ opielocks mode=0700
+ ..
+ output
+ lpd
+ ..
+ ..
+/set gname=wheel
+ ..
+ tmp mode=01777
+ vi.recover mode=01777
+ ..
+ ..
+ yp
+ ..
+..
diff --git a/etc/mtree/Makefile b/etc/mtree/Makefile
new file mode 100644
index 0000000..15da1bf
--- /dev/null
+++ b/etc/mtree/Makefile
@@ -0,0 +1,29 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+FILES= ${_BIND.chroot.dist} \
+ ${_BIND.include.dist} \
+ BSD.include.dist \
+ BSD.root.dist \
+ ${_BSD.sendmail.dist} \
+ BSD.usr.dist \
+ BSD.var.dist
+
+.if ${MK_BIND} != "no"
+_BIND.chroot.dist= BIND.chroot.dist
+.if ${MK_BIND_LIBS} != "no"
+_BIND.include.dist= BIND.include.dist
+.endif
+.endif
+.if ${MK_GROFF} != "no"
+_BSD.groff.dist= BSD.groff.dist
+.endif
+.if ${MK_SENDMAIL} != "no"
+_BSD.sendmail.dist= BSD.sendmail.dist
+.endif
+
+NO_OBJ=
+FILESDIR= /etc/mtree
+
+.include <bsd.prog.mk>
diff --git a/etc/mtree/README b/etc/mtree/README
new file mode 100644
index 0000000..1b2b0d4
--- /dev/null
+++ b/etc/mtree/README
@@ -0,0 +1,50 @@
+$FreeBSD$
+
+Note: If you modify these files, please keep hier(7) updated!
+
+These files are used to create empty file hierarchies for building the
+system into. Some notes about working with them are placed here to try
+and keep them in good working order.
+
+ a) The files use 4 space indentation, and other than in the header
+ comments, should not contain any tabs. An indentation of 4 is
+ preferable to the standard indentation of 8 because the indentation
+ of levels in these files can become quite deep causing the line to
+ overflow 80 characters.
+
+ This also matches with the files generated when using the
+ mtree -c option, which was implemented that way for the same reason.
+
+ b) Only directories should be listed here.
+
+ c) The listing should be kept in filename sorted order.
+
+ d) Sanity checking changes to these files can be done by following
+ this procedure (the sed -e is ugly, but fixing mtree -c to
+ not emit the trailing white space would be even uglier):
+
+ mkdir /tmp/MTREE
+ mtree -deU -f BSD.X.dist -p /tmp/MTREE
+ mtree -cdin -k uname,gname,mode -p /tmp/MTREE | \
+ sed -e 's/ *$//' >BSD.X.new
+ diff -u BSD.X.dist BSD.X.new
+ rm -r /tmp/MTREE
+
+ Note that you will get some differences about /set lines,
+ and uname= gname= on certain directory areas, mainly man page
+ sections. This is caused by mtree not having a look ahead
+ mechanism for making better selections for these as it
+ traverses the hierarchy.
+
+ The BSD.X.new file should NOT be committed, as it will be missing
+ the correct header, and important keywords like ``nochange''.
+ Simply use the diff for a sanity check to make sure things are in
+ the correct order and correctly indented.
+
+ e) Further sanity checking of the system builds with DESTDIR=/someplace
+ are more complicated, but can often catch missing entries in these
+ files. I tend to run this more complete sanity check shortly after
+ the target date for a new release is announced.
+
+ If you want details on it bug me about it via email to
+ rgrimes@FreeBSD.org.
diff --git a/etc/namedb/Makefile b/etc/namedb/Makefile
new file mode 100644
index 0000000..3a5e1f6
--- /dev/null
+++ b/etc/namedb/Makefile
@@ -0,0 +1,11 @@
+# $FreeBSD$
+
+SUBDIR= master
+
+FILES= named.conf named.root
+
+NO_OBJ=
+FILESDIR= /etc/namedb
+FILESMODE= 644
+
+.include <bsd.prog.mk>
diff --git a/etc/namedb/master/Makefile b/etc/namedb/master/Makefile
new file mode 100644
index 0000000..7907bf3
--- /dev/null
+++ b/etc/namedb/master/Makefile
@@ -0,0 +1,9 @@
+# $FreeBSD$
+
+FILES= empty.db localhost-forward.db localhost-reverse.db
+
+NO_OBJ=
+FILESDIR= /etc/namedb/master
+FILESMODE= 644
+
+.include <bsd.prog.mk>
diff --git a/etc/namedb/master/empty.db b/etc/namedb/master/empty.db
new file mode 100644
index 0000000..070f663
--- /dev/null
+++ b/etc/namedb/master/empty.db
@@ -0,0 +1,11 @@
+
+; $FreeBSD$
+
+$TTL 3h
+@ SOA @ nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+@ NS @
+
+; Silence a BIND warning
+@ A 127.0.0.1
diff --git a/etc/namedb/master/localhost-forward.db b/etc/namedb/master/localhost-forward.db
new file mode 100644
index 0000000..9156d2f
--- /dev/null
+++ b/etc/namedb/master/localhost-forward.db
@@ -0,0 +1,11 @@
+
+; $FreeBSD$
+
+$TTL 3h
+localhost. SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+ NS localhost.
+
+ A 127.0.0.1
+ AAAA ::1
diff --git a/etc/namedb/master/localhost-reverse.db b/etc/namedb/master/localhost-reverse.db
new file mode 100644
index 0000000..ceabe05
--- /dev/null
+++ b/etc/namedb/master/localhost-reverse.db
@@ -0,0 +1,13 @@
+
+; $FreeBSD$
+
+$TTL 3h
+@ SOA localhost. nobody.localhost. 42 1d 12h 1w 3h
+ ; Serial, Refresh, Retry, Expire, Neg. cache TTL
+
+ NS localhost.
+
+1.0.0 PTR localhost.
+
+1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 PTR localhost.
+
diff --git a/etc/namedb/named.conf b/etc/namedb/named.conf
new file mode 100644
index 0000000..f1669ab
--- /dev/null
+++ b/etc/namedb/named.conf
@@ -0,0 +1,294 @@
+// $FreeBSD$
+//
+// Refer to the named.conf(5) and named(8) man pages, and the documentation
+// in /usr/share/doc/bind9 for more details.
+//
+// If you are going to set up an authoritative server, make sure you
+// understand the hairy details of how DNS works. Even with
+// simple mistakes, you can break connectivity for affected parties,
+// or cause huge amounts of useless Internet traffic.
+
+options {
+ // All file and path names are relative to the chroot directory,
+ // if any, and should be fully qualified.
+ directory "/etc/namedb/working";
+ pid-file "/var/run/named/pid";
+ dump-file "/var/dump/named_dump.db";
+ statistics-file "/var/stats/named.stats";
+
+// If named is being used only as a local resolver, this is a safe default.
+// For named to be accessible to the network, comment this option, specify
+// the proper IP address, or delete this option.
+ listen-on { 127.0.0.1; };
+
+// If you have IPv6 enabled on this system, uncomment this option for
+// use as a local resolver. To give access to the network, specify
+// an IPv6 address, or the keyword "any".
+// listen-on-v6 { ::1; };
+
+// These zones are already covered by the empty zones listed below.
+// If you remove the related empty zones below, comment these lines out.
+ disable-empty-zone "255.255.255.255.IN-ADDR.ARPA";
+ disable-empty-zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+ disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
+
+// If you've got a DNS server around at your upstream provider, enter
+// its IP address here, and enable the line below. This will make you
+// benefit from its cache, thus reduce overall DNS traffic in the Internet.
+/*
+ forwarders {
+ 127.0.0.1;
+ };
+*/
+
+// If the 'forwarders' clause is not empty the default is to 'forward first'
+// which will fall back to sending a query from your local server if the name
+// servers in 'forwarders' do not have the answer. Alternatively you can
+// force your name server to never initiate queries of its own by enabling the
+// following line:
+// forward only;
+
+// If you wish to have forwarding configured automatically based on
+// the entries in /etc/resolv.conf, uncomment the following line and
+// set named_auto_forward=yes in /etc/rc.conf. You can also enable
+// named_auto_forward_only (the effect of which is described above).
+// include "/etc/namedb/auto_forward.conf";
+
+ /*
+ Modern versions of BIND use a random UDP port for each outgoing
+ query by default in order to dramatically reduce the possibility
+ of cache poisoning. All users are strongly encouraged to utilize
+ this feature, and to configure their firewalls to accommodate it.
+
+ AS A LAST RESORT in order to get around a restrictive firewall
+ policy you can try enabling the option below. Use of this option
+ will significantly reduce your ability to withstand cache poisoning
+ attacks, and should be avoided if at all possible.
+
+ Replace NNNNN in the example with a number between 49160 and 65530.
+ */
+ // query-source address * port NNNNN;
+};
+
+// If you enable a local name server, don't forget to enter 127.0.0.1
+// first in your /etc/resolv.conf so this server will be queried.
+// Also, make sure to enable it in /etc/rc.conf.
+
+// The traditional root hints mechanism. Use this, OR the slave zones below.
+zone "." { type hint; file "/etc/namedb/named.root"; };
+
+/* Slaving the following zones from the root name servers has some
+ significant advantages:
+ 1. Faster local resolution for your users
+ 2. No spurious traffic will be sent from your network to the roots
+ 3. Greater resilience to any potential root server failure/DDoS
+
+ On the other hand, this method requires more monitoring than the
+ hints file to be sure that an unexpected failure mode has not
+ incapacitated your server. Name servers that are serving a lot
+ of clients will benefit more from this approach than individual
+ hosts. Use with caution.
+
+ To use this mechanism, uncomment the entries below, and comment
+ the hint zone above.
+
+ As documented at http://dns.icann.org/services/axfr/ these zones:
+ "." (the root), ARPA, IN-ADDR.ARPA, IP6.ARPA, and ROOT-SERVERS.NET
+ are availble for AXFR from these servers on IPv4 and IPv6:
+ xfr.lax.dns.icann.org, xfr.cjr.dns.icann.org
+*/
+/*
+zone "." {
+ type slave;
+ file "/etc/namedb/slave/root.slave";
+ masters {
+ 192.5.5.241; // F.ROOT-SERVERS.NET.
+ };
+ notify no;
+};
+zone "arpa" {
+ type slave;
+ file "/etc/namedb/slave/arpa.slave";
+ masters {
+ 192.5.5.241; // F.ROOT-SERVERS.NET.
+ };
+ notify no;
+};
+*/
+
+/* Serving the following zones locally will prevent any queries
+ for these zones leaving your network and going to the root
+ name servers. This has two significant advantages:
+ 1. Faster local resolution for your users
+ 2. No spurious traffic will be sent from your network to the roots
+*/
+// RFCs 1912, 5735 and 6303 (and BCP 32 for localhost)
+zone "localhost" { type master; file "/etc/namedb/master/localhost-forward.db"; };
+zone "127.in-addr.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
+zone "255.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// RFC 1912-style zone for IPv6 localhost address (RFC 6303)
+zone "0.ip6.arpa" { type master; file "/etc/namedb/master/localhost-reverse.db"; };
+
+// "This" Network (RFCs 1912, 5735 and 6303)
+zone "0.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// Private Use Networks (RFCs 1918, 5735 and 6303)
+zone "10.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "16.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "17.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "18.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "19.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "20.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "21.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "22.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "23.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "24.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "25.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "26.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "27.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "28.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "29.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "30.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "31.172.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "168.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// Link-local/APIPA (RFCs 3927, 5735 and 6303)
+zone "254.169.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IETF protocol assignments (RFCs 5735 and 5736)
+zone "0.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// TEST-NET-[1-3] for Documentation (RFCs 5735, 5737 and 6303)
+zone "2.0.192.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "100.51.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "113.0.203.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Example Range for Documentation (RFCs 3849 and 6303)
+zone "8.b.d.0.1.0.0.2.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// Domain Names for Documentation and Testing (BCP 32)
+zone "test" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example" { type master; file "/etc/namedb/master/empty.db"; };
+zone "invalid" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example.com" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example.net" { type master; file "/etc/namedb/master/empty.db"; };
+zone "example.org" { type master; file "/etc/namedb/master/empty.db"; };
+
+// Router Benchmark Testing (RFCs 2544 and 5735)
+zone "18.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "19.198.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IANA Reserved - Old Class E Space (RFC 5735)
+zone "240.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "241.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "242.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "243.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "244.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "245.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "246.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "247.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "248.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "249.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "250.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "251.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "252.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "253.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "254.in-addr.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Unassigned Addresses (RFC 4291)
+zone "1.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "3.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "4.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "5.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "6.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "7.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "8.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "9.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "a.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "b.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "c.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "d.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "e.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "0.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "1.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "2.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "3.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "4.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "5.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "6.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "7.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "8.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "9.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "a.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "b.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "0.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "1.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "2.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "3.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "4.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "5.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "6.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "7.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 ULA (RFCs 4193 and 6303)
+zone "c.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "d.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Link Local (RFCs 4291 and 6303)
+zone "8.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "9.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "a.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "b.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IPv6 Deprecated Site-Local Addresses (RFCs 3879 and 6303)
+zone "c.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "d.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "e.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+zone "f.e.f.ip6.arpa" { type master; file "/etc/namedb/master/empty.db"; };
+
+// IP6.INT is Deprecated (RFC 4159)
+zone "ip6.int" { type master; file "/etc/namedb/master/empty.db"; };
+
+// NB: Do not use the IP addresses below, they are faked, and only
+// serve demonstration/documentation purposes!
+//
+// Example slave zone config entries. It can be convenient to become
+// a slave at least for the zone your own domain is in. Ask
+// your network administrator for the IP address of the responsible
+// master name server.
+//
+// Do not forget to include the reverse lookup zone!
+// This is named after the first bytes of the IP address, in reverse
+// order, with ".IN-ADDR.ARPA" appended, or ".IP6.ARPA" for IPv6.
+//
+// Before starting to set up a master zone, make sure you fully
+// understand how DNS and BIND work. There are sometimes
+// non-obvious pitfalls. Setting up a slave zone is usually simpler.
+//
+// NB: Don't blindly enable the examples below. :-) Use actual names
+// and addresses instead.
+
+/* An example dynamic zone
+key "exampleorgkey" {
+ algorithm hmac-md5;
+ secret "sf87HJqjkqh8ac87a02lla==";
+};
+zone "example.org" {
+ type master;
+ allow-update {
+ key "exampleorgkey";
+ };
+ file "/etc/namedb/dynamic/example.org";
+};
+*/
+
+/* Example of a slave reverse zone
+zone "1.168.192.in-addr.arpa" {
+ type slave;
+ file "/etc/namedb/slave/1.168.192.in-addr.arpa";
+ masters {
+ 192.168.1.1;
+ };
+};
+*/
diff --git a/etc/namedb/named.root b/etc/namedb/named.root
new file mode 100644
index 0000000..1c8facf
--- /dev/null
+++ b/etc/namedb/named.root
@@ -0,0 +1,92 @@
+;
+; $FreeBSD$
+;
+
+; This file holds the information on root name servers needed to
+; initialize cache of Internet domain name servers
+; (e.g. reference this file in the "cache . <file>"
+; configuration file of BIND domain name servers).
+;
+; This file is made available by InterNIC
+; under anonymous FTP as
+; file /domain/named.root
+; on server FTP.INTERNIC.NET
+; -OR- RS.INTERNIC.NET
+;
+; last update: Jun 8, 2011
+; related version of root zone: 2011060800
+;
+; formerly NS.INTERNIC.NET
+;
+. 3600000 IN NS A.ROOT-SERVERS.NET.
+A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4
+A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30
+;
+; FORMERLY NS1.ISI.EDU
+;
+. 3600000 NS B.ROOT-SERVERS.NET.
+B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201
+;
+; FORMERLY C.PSI.NET
+;
+. 3600000 NS C.ROOT-SERVERS.NET.
+C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12
+;
+; FORMERLY TERP.UMD.EDU
+;
+. 3600000 NS D.ROOT-SERVERS.NET.
+D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90
+D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D
+;
+; FORMERLY NS.NASA.GOV
+;
+. 3600000 NS E.ROOT-SERVERS.NET.
+E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10
+;
+; FORMERLY NS.ISC.ORG
+;
+. 3600000 NS F.ROOT-SERVERS.NET.
+F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241
+F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F
+;
+; FORMERLY NS.NIC.DDN.MIL
+;
+. 3600000 NS G.ROOT-SERVERS.NET.
+G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4
+;
+; FORMERLY AOS.ARL.ARMY.MIL
+;
+. 3600000 NS H.ROOT-SERVERS.NET.
+H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53
+H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235
+;
+; FORMERLY NIC.NORDU.NET
+;
+. 3600000 NS I.ROOT-SERVERS.NET.
+I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17
+I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53
+;
+; OPERATED BY VERISIGN, INC.
+;
+. 3600000 NS J.ROOT-SERVERS.NET.
+J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30
+J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30
+;
+; OPERATED BY RIPE NCC
+;
+. 3600000 NS K.ROOT-SERVERS.NET.
+K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129
+K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1
+;
+; OPERATED BY ICANN
+;
+. 3600000 NS L.ROOT-SERVERS.NET.
+L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42
+L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42
+;
+; OPERATED BY WIDE
+;
+. 3600000 NS M.ROOT-SERVERS.NET.
+M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33
+M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35
+; End of File
diff --git a/etc/netconfig b/etc/netconfig
new file mode 100644
index 0000000..109f2e3
--- /dev/null
+++ b/etc/netconfig
@@ -0,0 +1,19 @@
+# $FreeBSD$
+#
+# The network configuration file. This file is currently only used in
+# conjunction with the (TI-) RPC code in the C library, unlike its
+# use in SVR4.
+#
+# Entries consist of:
+#
+# <network_id> <semantics> <flags> <protofamily> <protoname> \
+# <device> <nametoaddr_libs>
+#
+# The <device> and <nametoaddr_libs> fields are always empty in FreeBSD.
+#
+udp6 tpi_clts v inet6 udp - -
+tcp6 tpi_cots_ord v inet6 tcp - -
+udp tpi_clts v inet udp - -
+tcp tpi_cots_ord v inet tcp - -
+rawip tpi_raw - inet - - -
+local tpi_cots_ord - loopback - - -
diff --git a/etc/netstart b/etc/netstart
new file mode 100755
index 0000000..b66505a
--- /dev/null
+++ b/etc/netstart
@@ -0,0 +1,65 @@
+#!/bin/sh -
+#
+# Copyright (c) 1993 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+# From: @(#)netstart 5.9 (Berkeley) 3/30/91
+#
+
+# This file is NOT called by any of the other scripts - it has been
+# obsoleted by /etc/rc.d/* and is provided here only for user
+# convenience (if you're sitting in single user mode and wish to start
+# the network by hand, this script will do it for you).
+#
+
+. /etc/rc.subr
+
+load_rc_config 'XXX'
+_start=quietstart
+
+/etc/rc.d/devd ${_start}
+/etc/rc.d/hostid ${_start}
+/etc/rc.d/hostname ${_start}
+/etc/rc.d/ipmon ${_start}
+/etc/rc.d/ipfilter ${_start}
+/etc/rc.d/ipnat ${_start}
+/etc/rc.d/ipfs ${_start}
+/etc/rc.d/sppp ${_start}
+# /etc/rc.d/atm1 ${_start}
+# . /etc/rc.d/atm2.sh ${_start}
+# . /etc/rc.d/atm3.sh ${_start}
+/etc/rc.d/netif ${_start}
+/etc/rc.d/ipsec ${_start}
+/etc/rc.d/dhclient ${_start}
+/etc/rc.d/ppp ${_start}
+/etc/rc.d/ipfw ${_start}
+/etc/rc.d/routing ${_start}
+/etc/rc.d/mroute6d ${_start}
+/etc/rc.d/route6d ${_start}
+/etc/rc.d/mrouted ${_start}
+/etc/rc.d/routed ${_start}
+/etc/rc.d/nisdomain ${_start}
+
+exit 0
diff --git a/etc/network.subr b/etc/network.subr
new file mode 100644
index 0000000..c1faf59
--- /dev/null
+++ b/etc/network.subr
@@ -0,0 +1,1411 @@
+#
+# Copyright (c) 2003 The FreeBSD Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+#
+# Subroutines commonly used from network startup scripts.
+# Requires that rc.conf be loaded first.
+#
+
+# ifn_start ifn
+# Bring up and configure an interface. If some configuration is
+# applied, print the interface configuration.
+#
+ifn_start()
+{
+ local ifn cfg
+ ifn="$1"
+ cfg=1
+
+ [ -z "$ifn" ] && err 1 "ifn_start called without an interface"
+
+ ifscript_up ${ifn} && cfg=0
+ ifconfig_up ${ifn} && cfg=0
+ afexists inet && ipv4_up ${ifn} && cfg=0
+ afexists inet6 && ipv6_up ${ifn} && cfg=0
+ afexists ipx && ipx_up ${ifn} && cfg=0
+ childif_create ${ifn} && cfg=0
+
+ return $cfg
+}
+
+# ifn_stop ifn
+# Shutdown and de-configure an interface. If action is taken,
+# print the interface name.
+#
+ifn_stop()
+{
+ local ifn cfg
+ ifn="$1"
+ cfg=1
+
+ [ -z "$ifn" ] && err 1 "ifn_stop called without an interface"
+
+ afexists ipx && ipx_down ${ifn} && cfg=0
+ afexists inet6 && ipv6_down ${ifn} && cfg=0
+ afexists inet && ipv4_down ${ifn} && cfg=0
+ ifconfig_down ${ifn} && cfg=0
+ ifscript_down ${ifn} && cfg=0
+ childif_destroy ${ifn} && cfg=0
+
+ return $cfg
+}
+
+# ifconfig_up if
+# Evaluate ifconfig(8) arguments for interface $if and
+# run ifconfig(8) with those arguments. It returns 0 if
+# arguments were found and executed or 1 if the interface
+# had no arguments. Pseudo arguments DHCP and WPA are handled
+# here.
+#
+ifconfig_up()
+{
+ local _cfg _ipv6_opts ifconfig_args
+ _cfg=1
+
+ # Make sure lo0 always comes up.
+ if [ "$1" = "lo0" ]; then
+ _cfg=0
+ fi
+
+ # ifconfig_IF
+ ifconfig_args=`ifconfig_getargs $1`
+ if [ -n "${ifconfig_args}" ]; then
+ eval ifconfig $1 ${ifconfig_args}
+ _cfg=0
+ fi
+
+ # inet6 specific
+ if afexists inet6; then
+ if checkyesno ipv6_activate_all_interfaces; then
+ _ipv6_opts="-ifdisabled"
+ elif [ "$1" != "lo0" ]; then
+ _ipv6_opts="ifdisabled"
+ fi
+
+ # backward compatibility: $ipv6_enable
+ case $ipv6_enable in
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ _ipv6_opts="${_ipv6_opts} accept_rtadv"
+ ;;
+ esac
+
+ case $ipv6_cpe_wanif in
+ $1)
+ _ipv6_opts="${_ipv6_opts} -no_radr accept_rtadv"
+ ;;
+ esac
+
+ if [ -n "${_ipv6_opts}" ]; then
+ ifconfig $1 inet6 ${_ipv6_opts}
+ fi
+
+ # ifconfig_IF_ipv6
+ ifconfig_args=`ifconfig_getargs $1 ipv6`
+ if [ -n "${ifconfig_args}" ]; then
+ # backward compatibility: inet6 keyword
+ case "${ifconfig_args}" in
+ :*|[0-9a-fA-F]*:*)
+ warn "\$ifconfig_$1_ipv6 needs " \
+ "\"inet6\" keyword for an IPv6 address."
+ ifconfig_args="inet6 ${ifconfig_args}"
+ ;;
+ esac
+ ifconfig $1 inet6 -ifdisabled
+ eval ifconfig $1 ${ifconfig_args}
+ _cfg=0
+ fi
+
+ # backward compatiblity: $ipv6_ifconfig_IF
+ ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF`
+ if [ -n "${ifconfig_args}" ]; then
+ warn "\$ipv6_ifconfig_$1 is obsolete." \
+ " Use ifconfig_$1_ipv6 instead."
+ ifconfig $1 inet6 -ifdisabled
+ eval ifconfig $1 inet6 ${ifconfig_args}
+ _cfg=0
+ fi
+ fi
+
+ if [ ${_cfg} -eq 0 ]; then
+ ifconfig $1 up
+ fi
+
+ if wpaif $1; then
+ /etc/rc.d/wpa_supplicant start $1
+ _cfg=0 # XXX: not sure this should count
+ fi
+
+ if dhcpif $1; then
+ if [ $_cfg -ne 0 ] ; then
+ ifconfig $1 up
+ fi
+ if syncdhcpif $1; then
+ /etc/rc.d/dhclient start $1
+ fi
+ _cfg=0
+ fi
+
+ return $_cfg
+}
+
+# ifconfig_down if
+# returns 1 if wpa_supplicant or dhclient was stopped or
+# the interface exists.
+#
+ifconfig_down()
+{
+ local _cfg
+ _cfg=1
+
+ if wpaif $1; then
+ /etc/rc.d/wpa_supplicant stop $1
+ _cfg=0
+ fi
+
+ if dhcpif $1; then
+ /etc/rc.d/dhclient stop $1
+ _cfg=0
+ fi
+
+ if ifexists $1; then
+ ifconfig $1 down
+ _cfg=0
+ fi
+
+ return $_cfg
+}
+
+# get_if_var if var [default]
+# Return the value of the pseudo-hash corresponding to $if where
+# $var is a string containg the sub-string "IF" which will be
+# replaced with $if after the characters defined in _punct are
+# replaced with '_'. If the variable is unset, replace it with
+# $default if given.
+get_if_var()
+{
+ local _if _punct _punct_c _var _default prefix suffix
+
+ if [ $# -ne 2 -a $# -ne 3 ]; then
+ err 3 'USAGE: get_if_var name var [default]'
+ fi
+
+ _if=$1
+ _punct=". - / +"
+ for _punct_c in $_punct; do
+ _if=`ltr ${_if} ${_punct_c} '_'`
+ done
+ _var=$2
+ _default=$3
+
+ prefix=${_var%%IF*}
+ suffix=${_var##*IF}
+ eval echo \${${prefix}${_if}${suffix}-${_default}}
+}
+
+# _ifconfig_getargs if [af]
+# Prints the arguments for the supplied interface to stdout.
+# Returns 1 if empty. In general, ifconfig_getargs should be used
+# outside this file.
+_ifconfig_getargs()
+{
+ local _ifn _af
+ _ifn=$1
+ _af=${2+_$2}
+
+ if [ -z "$_ifn" ]; then
+ return 1
+ fi
+
+ get_if_var $_ifn ifconfig_IF$_af "$ifconfig_DEFAULT"
+}
+
+# ifconfig_getargs if [af]
+# Takes the result from _ifconfig_getargs and removes pseudo
+# args such as DHCP and WPA.
+ifconfig_getargs()
+{
+ local _tmpargs _arg _args
+ _tmpargs=`_ifconfig_getargs $1 $2`
+ if [ $? -eq 1 ]; then
+ return 1
+ fi
+ _args=
+
+ for _arg in $_tmpargs; do
+ case $_arg in
+ [Dd][Hh][Cc][Pp]) ;;
+ [Nn][Oo][Aa][Uu][Tt][Oo]) ;;
+ [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;;
+ [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp]) ;;
+ [Ww][Pp][Aa]) ;;
+ *)
+ _args="$_args $_arg"
+ ;;
+ esac
+ done
+
+ echo $_args
+}
+
+# autoif
+# Returns 0 if the interface should be automatically configured at
+# boot time and 1 otherwise.
+autoif()
+{
+ local _tmpargs _arg
+ _tmpargs=`_ifconfig_getargs $1`
+
+ for _arg in $_tmpargs; do
+ case $_arg in
+ [Nn][Oo][Aa][Uu][Tt][Oo])
+ return 1
+ ;;
+ esac
+ done
+
+ return 0
+}
+
+# dhcpif if
+# Returns 0 if the interface is a DHCP interface and 1 otherwise.
+dhcpif()
+{
+ local _tmpargs _arg
+ _tmpargs=`_ifconfig_getargs $1`
+
+ if noafif $1; then
+ return 1
+ fi
+
+ for _arg in $_tmpargs; do
+ case $_arg in
+ [Dd][Hh][Cc][Pp])
+ return 0
+ ;;
+ [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp])
+ return 0
+ ;;
+ [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp])
+ return 0
+ ;;
+ esac
+ done
+
+ return 1
+}
+
+# syncdhcpif
+# Returns 0 if the interface should be configured synchronously and
+# 1 otherwise.
+syncdhcpif()
+{
+ local _tmpargs _arg
+ _tmpargs=`_ifconfig_getargs $1`
+
+ if noafif $1; then
+ return 1
+ fi
+
+ for _arg in $_tmpargs; do
+ case $_arg in
+ [Nn][Oo][Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp])
+ return 1
+ ;;
+ [Ss][Yy][Nn][Cc][Dd][Hh][Cc][Pp])
+ return 0
+ ;;
+ esac
+ done
+
+ checkyesno synchronous_dhclient
+}
+
+# wpaif if
+# Returns 0 if the interface is a WPA interface and 1 otherwise.
+wpaif()
+{
+ local _tmpargs _arg
+ _tmpargs=`_ifconfig_getargs $1`
+
+ for _arg in $_tmpargs; do
+ case $_arg in
+ [Ww][Pp][Aa])
+ return 0
+ ;;
+ esac
+ done
+
+ return 1
+}
+
+# afexists af
+# Returns 0 if the address family is enabled in the kernel
+# 1 otherwise.
+afexists()
+{
+ local _af
+ _af=$1
+
+ case ${_af} in
+ inet|inet6)
+ check_kern_features ${_af}
+ ;;
+ ipx)
+ ${SYSCTL_N} net.ipx > /dev/null 2>&1
+ ;;
+ atm)
+ if [ -x /sbin/atmconfig ]; then
+ /sbin/atmconfig diag list > /dev/null 2>&1
+ else
+ return 1
+ fi
+ ;;
+ *)
+ err 1 "afexists(): Unsupported address family: $_af"
+ ;;
+ esac
+}
+
+# noafif if
+# Returns 0 if the interface has no af configuration and 1 otherwise.
+noafif()
+{
+ local _if
+ _if=$1
+
+ case $_if in
+ pflog[0-9]*|\
+ pfsync[0-9]*|\
+ an[0-9]*|\
+ ath[0-9]*|\
+ ipw[0-9]*|\
+ ipfw[0-9]*|\
+ iwi[0-9]*|\
+ iwn[0-9]*|\
+ ral[0-9]*|\
+ wi[0-9]*|\
+ wl[0-9]*|\
+ wpi[0-9]*)
+ return 0
+ ;;
+ esac
+
+ return 1
+}
+
+# ipv6if if
+# Returns 0 if the interface should be configured for IPv6 and
+# 1 otherwise.
+ipv6if()
+{
+ local _if _tmpargs i
+ _if=$1
+
+ if ! afexists inet6; then
+ return 1
+ fi
+
+ # lo0 is always IPv6-enabled
+ case $_if in
+ lo0)
+ return 0
+ ;;
+ esac
+
+ case "${ipv6_network_interfaces}" in
+ $_if|"$_if "*|*" $_if"|*" $_if "*|[Aa][Uu][Tt][Oo])
+ # True if $ifconfig_IF_ipv6 is defined.
+ _tmpargs=`_ifconfig_getargs $_if ipv6`
+ if [ -n "${_tmpargs}" ]; then
+ return 0
+ fi
+
+ # backward compatibility: True if $ipv6_ifconfig_IF is defined.
+ _tmpargs=`get_if_var $_if ipv6_ifconfig_IF`
+ if [ -n "${_tmpargs}" ]; then
+ return 0
+ fi
+ ;;
+ esac
+
+ return 1
+}
+
+# ipv6_autoconfif if
+# Returns 0 if the interface should be configured for IPv6 with
+# Stateless Address Configuration; 1 otherwise.
+ipv6_autoconfif()
+{
+ local _if _tmpargs _arg
+ _if=$1
+
+ case $_if in
+ lo0|\
+ stf[0-9]*|\
+ faith[0-9]*|\
+ lp[0-9]*|\
+ sl[0-9]*)
+ return 1
+ ;;
+ esac
+ if noafif $_if; then
+ return 1
+ fi
+ if ! ipv6if $_if; then
+ return 1
+ fi
+ if checkyesno ipv6_gateway_enable; then
+ return 1
+ fi
+ _tmpargs=`get_if_var $_if ipv6_prefix_IF`
+ if [ -n "${_tmpargs}" ]; then
+ return 1
+ fi
+ # backward compatibility: $ipv6_enable
+ case $ipv6_enable in
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ return 0
+ ;;
+ esac
+
+ _tmpargs=`_ifconfig_getargs $_if ipv6`
+ for _arg in $_tmpargs; do
+ case $_arg in
+ accept_rtadv)
+ return 0
+ ;;
+ esac
+ done
+
+ # backward compatibility: $ipv6_ifconfig_IF
+ _tmpargs=`get_if_var $_if ipv6_ifconfig_IF`
+ for _arg in $_tmpargs; do
+ case $_arg in
+ accept_rtadv)
+ return 0
+ ;;
+ esac
+ done
+
+ return 1
+}
+
+# ifexists if
+# Returns 0 if the interface exists and 1 otherwise.
+ifexists()
+{
+ [ -z "$1" ] && return 1
+ ifconfig -n $1 > /dev/null 2>&1
+}
+
+# ipv4_up if
+# add IPv4 addresses to the interface $if
+ipv4_up()
+{
+ local _if _ret
+ _if=$1
+ _ret=1
+
+ # Add 127.0.0.1/8 to lo0 unless otherwise specified.
+ if [ "${_if}" = "lo0" ]; then
+ ifconfig_args=`get_if_var ${_if} ifconfig_IF`
+ if [ -z "${ifconfig_args}" ]; then
+ ifconfig ${_if} inet 127.0.0.1/8 alias
+ fi
+ fi
+ ifalias_up ${_if} inet && _ret=0
+ ipv4_addrs_common ${_if} alias && _ret=0
+
+ return $_ret
+}
+
+# ipv6_up if
+# add IPv6 addresses to the interface $if
+ipv6_up()
+{
+ local _if _ret
+ _if=$1
+ _ret=1
+
+ if ! ipv6if $_if; then
+ return 0
+ fi
+
+ ifalias_up ${_if} inet6 && _ret=0
+ ipv6_prefix_hostid_addr_common ${_if} alias && _ret=0
+ ipv6_accept_rtadv_up ${_if} && _ret=0
+
+ # wait for DAD
+ sleep `${SYSCTL_N} net.inet6.ip6.dad_count`
+ sleep 1
+
+ return $_ret
+}
+
+# ipv4_down if
+# remove IPv4 addresses from the interface $if
+ipv4_down()
+{
+ local _if _ifs _ret inetList oldifs _inet
+ _if=$1
+ _ifs="^"
+ _ret=1
+
+ inetList="`ifconfig ${_if} | grep 'inet ' | tr "\n" "$_ifs"`"
+
+ oldifs="$IFS"
+ IFS="$_ifs"
+ for _inet in $inetList ; do
+ # get rid of extraneous line
+ [ -z "$_inet" ] && break
+
+ _inet=`expr "$_inet" : '.*\(inet \([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}\).*'`
+
+ IFS="$oldifs"
+ ifconfig ${_if} ${_inet} delete
+ IFS="$_ifs"
+ _ret=0
+ done
+ IFS="$oldifs"
+
+ ifalias_down ${_if} inet && _ret=0
+ ipv4_addrs_common ${_if} -alias && _ret=0
+
+ return $_ret
+}
+
+# ipv6_down if
+# remove IPv6 addresses from the interface $if
+ipv6_down()
+{
+ local _if _ifs _ret inetList oldifs _inet6
+ _if=$1
+ _ifs="^"
+ _ret=1
+
+ if ! ipv6if $_if; then
+ return 0
+ fi
+
+ ipv6_accept_rtadv_down ${_if} && _ret=0
+ ipv6_prefix_hostid_addr_common ${_if} -alias && _ret=0
+ ifalias_down ${_if} inet6 && _ret=0
+
+ inetList="`ifconfig ${_if} | grep 'inet6 ' | tr "\n" "$_ifs"`"
+
+ oldifs="$IFS"
+ IFS="$_ifs"
+ for _inet6 in $inetList ; do
+ # get rid of extraneous line
+ [ -z "$_inet6" ] && break
+
+ _inet6=`expr "$_inet6" : '.*\(inet6 \([0-9a-f:]*\)\).*'`
+
+ IFS="$oldifs"
+ ifconfig ${_if} ${_inet6} -alias
+ IFS="$_ifs"
+ _ret=0
+ done
+ IFS="$oldifs"
+
+ return $_ret
+}
+
+# ipv4_addrs_common if action
+# Evaluate the ifconfig_if_ipv4 arguments for interface $if and
+# use $action to add or remove IPv4 addresses from $if.
+ipv4_addrs_common()
+{
+ local _ret _if _action _cidr _cidr_addr
+ local _ipaddr _netmask _range _ipnet _iplow _iphigh _ipcount
+ _ret=1
+ _if=$1
+ _action=$2
+
+ # get ipv4-addresses
+ cidr_addr=`get_if_var $_if ipv4_addrs_IF`
+
+ for _cidr in ${cidr_addr}; do
+ _ipaddr=${_cidr%%/*}
+ _netmask="/"${_cidr##*/}
+ _range=${_ipaddr##*.}
+ _ipnet=${_ipaddr%.*}
+ _iplow=${_range%-*}
+ _iphigh=${_range#*-}
+
+ # clear netmask when removing aliases
+ if [ "${_action}" = "-alias" ]; then
+ _netmask=""
+ fi
+
+ _ipcount=${_iplow}
+ while [ "${_ipcount}" -le "${_iphigh}" ]; do
+ eval "ifconfig ${_if} ${_action} ${_ipnet}.${_ipcount}${_netmask}"
+ _ipcount=$((${_ipcount}+1))
+ _ret=0
+
+ # only the first ipaddr in a subnet need the real netmask
+ if [ "${_action}" != "-alias" ]; then
+ _netmask="/32"
+ fi
+ done
+ done
+
+ return $_ret
+}
+
+# ifalias_up if af
+# Configure aliases for network interface $if.
+# It returns 0 if at least one alias was configured or
+# 1 if there were none.
+#
+ifalias_up()
+{
+ local _ret
+ _ret=1
+
+ case "$2" in
+ inet)
+ _ret=`ifalias_ipv4_up "$1"`
+ ;;
+ inet6)
+ _ret=`ifalias_ipv6_up "$1"`
+ ;;
+ esac
+
+ return $_ret
+}
+
+# ifalias_ipv4_up if
+# Helper function for ifalias_up(). Handles IPv4.
+#
+ifalias_ipv4_up()
+{
+ local _ret alias ifconfig_args
+ _ret=1
+
+ # ifconfig_IF_aliasN which starts with "inet"
+ alias=0
+ while : ; do
+ ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}`
+ case "${ifconfig_args}" in
+ inet\ *)
+ ifconfig $1 ${ifconfig_args} alias && _ret=0
+ ;;
+ "")
+ break
+ ;;
+ esac
+ alias=$((${alias} + 1))
+ done
+
+ return $_ret
+}
+
+# ifalias_ipv6_up if
+# Helper function for ifalias_up(). Handles IPv6.
+#
+ifalias_ipv6_up()
+{
+ local _ret alias ifconfig_args
+ _ret=1
+
+ # ifconfig_IF_aliasN which starts with "inet6"
+ alias=0
+ while : ; do
+ ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}`
+ case "${ifconfig_args}" in
+ inet6\ *)
+ ifconfig $1 ${ifconfig_args} alias && _ret=0
+ ;;
+ "")
+ break
+ ;;
+ esac
+ alias=$((${alias} + 1))
+ done
+
+ # backward compatibility: ipv6_ifconfig_IF_aliasN.
+ alias=0
+ while : ; do
+ ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}`
+ case "${ifconfig_args}" in
+ "")
+ break
+ ;;
+ *)
+ ifconfig $1 inet6 ${ifconfig_args} alias && _ret=0
+ warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \
+ " Use ifconfig_$1_aliasN instead."
+ ;;
+ esac
+ alias=$((${alias} + 1))
+ done
+
+ return $_ret
+}
+
+# ifalias_down if af
+# Remove aliases for network interface $if.
+# It returns 0 if at least one alias was removed or
+# 1 if there were none.
+#
+ifalias_down()
+{
+ local _ret
+ _ret=1
+
+ case "$2" in
+ inet)
+ _ret=`ifalias_ipv4_down "$1"`
+ ;;
+ inet6)
+ _ret=`ifalias_ipv6_down "$1"`
+ ;;
+ esac
+
+ return $_ret
+}
+
+# ifalias_ipv4_down if
+# Helper function for ifalias_down(). Handles IPv4.
+#
+ifalias_ipv4_down()
+{
+ local _ret alias ifconfig_args
+ _ret=1
+
+ # ifconfig_IF_aliasN which starts with "inet"
+ alias=0
+ while : ; do
+ ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}`
+ case "${ifconfig_args}" in
+ inet\ *)
+ ifconfig $1 ${ifconfig_args} -alias && _ret=0
+ ;;
+ "")
+ break
+ ;;
+ esac
+ alias=$((${alias} + 1))
+ done
+
+ return $_ret
+}
+
+# ifalias_ipv6_down if
+# Helper function for ifalias_down(). Handles IPv6.
+#
+ifalias_ipv6_down()
+{
+ local _ret alias ifconfig_args
+ _ret=1
+
+ # ifconfig_IF_aliasN which starts with "inet6"
+ alias=0
+ while : ; do
+ ifconfig_args=`get_if_var $1 ifconfig_IF_alias${alias}`
+ case "${ifconfig_args}" in
+ inet6\ *)
+ ifconfig $1 ${ifconfig_args} -alias && _ret=0
+ ;;
+ "")
+ break
+ ;;
+ esac
+ alias=$((${alias} + 1))
+ done
+
+ # backward compatibility: ipv6_ifconfig_IF_aliasN.
+ alias=0
+ while : ; do
+ ifconfig_args=`get_if_var $1 ipv6_ifconfig_IF_alias${alias}`
+ case "${ifconfig_args}" in
+ "")
+ break
+ ;;
+ *)
+ ifconfig $1 inet6 ${ifconfig_args} -alias && _ret=0
+ warn "\$ipv6_ifconfig_$1_alias${alias} is obsolete." \
+ " Use ifconfig_$1_aliasN instead."
+ ;;
+ esac
+ alias=$((${alias} + 1))
+ done
+
+ return $_ret
+}
+
+# ipv6_prefix_hostid_addr_common if action
+# Add or remove IPv6 prefix + hostid addr on the interface $if
+#
+ipv6_prefix_hostid_addr_common()
+{
+ local _if _action prefix laddr hostid j address
+ _if=$1
+ _action=$2
+ prefix=`get_if_var ${_if} ipv6_prefix_IF`
+
+ if [ -n "${prefix}" ]; then
+ laddr=`network6_getladdr ${_if}`
+ hostid=${laddr#fe80::}
+ hostid=${hostid%\%*}
+
+ for j in ${prefix}; do
+ address=$j\:${hostid}
+ ifconfig ${_if} inet6 ${address} prefixlen 64 ${_action}
+
+ # if I am a router, add subnet router
+ # anycast address (RFC 2373).
+ if checkyesno ipv6_gateway_enable; then
+ ifconfig ${_if} inet6 $j:: prefixlen 64 \
+ ${_action} anycast
+ fi
+ done
+ fi
+}
+
+# ipv6_accept_rtadv_up if
+# Enable accepting Router Advertisement and send Router
+# Solicitation message
+ipv6_accept_rtadv_up()
+{
+ if ipv6_autoconfif $1; then
+ ifconfig $1 inet6 accept_rtadv up
+ if ! checkyesno rtsold_enable; then
+ rtsol ${rtsol_flags} $1
+ fi
+ fi
+}
+
+# ipv6_accept_rtadv_down if
+# Disable accepting Router Advertisement
+ipv6_accept_rtadv_down()
+{
+ if ipv6_autoconfif $1; then
+ ifconfig $1 inet6 -accept_rtadv
+ fi
+}
+
+# ifscript_up if
+# Evaluate a startup script for the $if interface.
+# It returns 0 if a script was found and processed or
+# 1 if no script was found.
+#
+ifscript_up()
+{
+ if [ -r /etc/start_if.$1 ]; then
+ . /etc/start_if.$1
+ return 0
+ else
+ return 1
+ fi
+}
+
+# ifscript_down if
+# Evaluate a shutdown script for the $if interface.
+# It returns 0 if a script was found and processed or
+# 1 if no script was found.
+#
+ifscript_down()
+{
+ if [ -r /etc/stop_if.$1 ]; then
+ . /etc/stop_if.$1
+ return 0
+ else
+ return 1
+ fi
+}
+
+# clone_up
+# Create cloneable interfaces.
+#
+clone_up()
+{
+ local _prefix _list ifn
+ _prefix=
+ _list=
+
+ # create_args_IF
+ for ifn in ${cloned_interfaces}; do
+ ifconfig ${ifn} create `get_if_var ${ifn} create_args_IF`
+ if [ $? -eq 0 ]; then
+ _list="${_list}${_prefix}${ifn}"
+ [ -z "$_prefix" ] && _prefix=' '
+ fi
+ done
+ debug "Cloned: ${_list}"
+}
+
+# clone_down
+# Destroy cloned interfaces. Destroyed interfaces are echoed to
+# standard output.
+#
+clone_down()
+{
+ local _prefix _list ifn
+ _prefix=
+ _list=
+
+ for ifn in ${cloned_interfaces}; do
+ ifconfig -n ${ifn} destroy
+ if [ $? -eq 0 ]; then
+ _list="${_list}${_prefix}${ifn}"
+ [ -z "$_prefix" ] && _prefix=' '
+ fi
+ done
+ debug "Destroyed clones: ${_list}"
+}
+
+# childif_create
+# Create and configure child interfaces. Return 0 if child
+# interfaces are created.
+#
+childif_create()
+{
+ local cfg child child_vlans child_wlans create_args debug_flags ifn i
+ cfg=1
+ ifn=$1
+
+ # Create wireless interfaces
+ child_wlans=`get_if_var $ifn wlans_IF`
+
+ for child in ${child_wlans}; do
+ create_args="wlandev $ifn `get_if_var $child create_args_IF`"
+ debug_flags="`get_if_var $child wlandebug_IF`"
+
+ if expr $child : 'wlan[0-9][0-9]*$' >/dev/null 2>&1; then
+ ifconfig $child create ${create_args} && cfg=0
+ if [ -n "${debug_flags}" ]; then
+ wlandebug -i $child ${debug_flags}
+ fi
+ else
+ i=`ifconfig wlan create ${create_args}`
+ if [ -n "${debug_flags}" ]; then
+ wlandebug -i $i ${debug_flags}
+ fi
+ ifconfig $i name $child && cfg=0
+ fi
+ if autoif $child; then
+ ifn_start $child
+ fi
+ done
+
+ # Create vlan interfaces
+ child_vlans=`get_if_var $ifn vlans_IF`
+
+ if [ -n "${child_vlans}" ]; then
+ load_kld if_vlan
+ fi
+
+ for child in ${child_vlans}; do
+ if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then
+ child="${ifn}.${child}"
+ create_args=`get_if_var $child create_args_IF`
+ ifconfig $child create ${create_args} && cfg=0
+ else
+ create_args="vlandev $ifn `get_if_var $child create_args_IF`"
+ if expr $child : 'vlan[0-9][0-9]*$' >/dev/null 2>&1; then
+ ifconfig $child create ${create_args} && cfg=0
+ else
+ i=`ifconfig vlan create ${create_args}`
+ ifconfig $i name $child && cfg=0
+ fi
+ fi
+ if autoif $child; then
+ ifn_start $child
+ fi
+ done
+
+ return ${cfg}
+}
+
+# childif_destroy
+# Destroy child interfaces.
+#
+childif_destroy()
+{
+ local cfg child child_vlans child_wlans ifn
+ cfg=1
+
+ child_wlans=`get_if_var $ifn wlans_IF`
+ for child in ${child_wlans}; do
+ if ! ifexists $child; then
+ continue
+ fi
+ ifconfig -n $child destroy && cfg=0
+ done
+
+ child_vlans=`get_if_var $ifn vlans_IF`
+ for child in ${child_vlans}; do
+ if expr $child : '[1-9][0-9]*$' >/dev/null 2>&1; then
+ child="${ifn}.${child}"
+ fi
+ if ! ifexists $child; then
+ continue
+ fi
+ ifconfig -n $child destroy && cfg=0
+ done
+
+ return ${cfg}
+}
+
+# ng_mkpeer
+# Create netgraph nodes.
+#
+ng_mkpeer()
+{
+ ngctl -f - 2> /dev/null <<EOF
+mkpeer $*
+msg dummy nodeinfo
+EOF
+}
+
+# ng_create_one
+# Create netgraph nodes.
+#
+ng_create_one()
+{
+ local t
+
+ ng_mkpeer $* | while read line; do
+ t=`expr "${line}" : '.* name="\([a-z]*[0-9]*\)" .*'`
+ if [ -n "${t}" ]; then
+ echo ${t}
+ return
+ fi
+ done
+}
+
+# gif_up
+# Create gif(4) tunnel interfaces.
+gif_up()
+{
+ local i peers
+
+ for i in ${gif_interfaces}; do
+ peers=`get_if_var $i gifconfig_IF`
+ case ${peers} in
+ '')
+ continue
+ ;;
+ *)
+ if expr $i : 'gif[0-9][0-9]*$' >/dev/null 2>&1; then
+ ifconfig $i create >/dev/null 2>&1
+ else
+ gif=`ifconfig gif create`
+ ifconfig $gif name $i
+ fi
+ ifconfig $i tunnel ${peers}
+ ifconfig $i up
+ ;;
+ esac
+ done
+}
+
+# ng_fec_create ifn
+# Configure Fast EtherChannel for interface $ifn. Returns 0 if
+# FEC arguments were found and configured; returns !0 otherwise.
+ng_fec_create()
+{
+ local req_iface iface bogus
+ req_iface="$1"
+
+ ngctl shutdown ${req_iface}: > /dev/null 2>&1
+
+ bogus=""
+ while true; do
+ iface=`ng_create_one fec dummy fec`
+ if [ -z "${iface}" ]; then
+ exit 2
+ fi
+ if [ "${iface}" = "${req_iface}" ]; then
+ break
+ fi
+ bogus="${bogus} ${iface}"
+ done
+
+ for iface in ${bogus}; do
+ ngctl shutdown ${iface}:
+ done
+}
+
+# fec_up
+# Create Fast EtherChannel interfaces.
+fec_up()
+{
+ local i j
+
+ for i in ${fec_interfaces}; do
+ ng_fec_create $i
+ for j in `get_if_var $i fecconfig_IF`; do
+ case ${j} in
+ '')
+ continue
+ ;;
+ *)
+ ngctl msg ${i}: add_iface "\"${j}\""
+ ;;
+ esac
+ done
+ done
+}
+
+# ipx_up ifn
+# Configure any IPX addresses for interface $ifn. Returns 0 if
+# IPX arguments were found and configured; returns 1 otherwise.
+#
+ipx_up()
+{
+ local ifn
+ ifn="$1"
+
+ # ifconfig_IF_ipx
+ ifconfig_args=`_ifconfig_getargs $ifn ipx`
+ if [ -n "${ifconfig_args}" ]; then
+ ifconfig ${ifn} ${ifconfig_args}
+ return 0
+ fi
+
+ return 1
+}
+
+# ipx_down ifn
+# Remove IPX addresses for interface $ifn. Returns 0 if IPX
+# addresses were found and unconfigured. It returns 1, otherwise.
+#
+ipx_down()
+{
+ local _if _ifs _ret ipxList oldifs _ipx
+ _if=$1
+ _ifs="^"
+ _ret=1
+ ipxList="`ifconfig ${_if} | grep 'ipx ' | tr "\n" "$_ifs"`"
+ oldifs="$IFS"
+
+ IFS="$_ifs"
+ for _ipx in $ipxList ; do
+ # get rid of extraneous line
+ [ -z "$_ipx" ] && break
+
+ _ipx=`expr "$_ipx" : '.*\(ipx [0-9a-h]\{1,8\}H*\.[0-9a-h]\{1,12\}\).*'`
+
+ IFS="$oldifs"
+ ifconfig ${_if} ${_ipx} delete
+ IFS="$_ifs"
+ _ret=0
+ done
+ IFS="$oldifs"
+
+ return $_ret
+}
+
+# ifnet_rename
+# Rename all requested interfaces.
+#
+ifnet_rename()
+{
+ local _if _ifname
+
+ # ifconfig_IF_name
+ for _if in `ifconfig -l`; do
+ _ifname=`get_if_var $_if ifconfig_IF_name`
+ if [ ! -z "$_ifname" ]; then
+ ifconfig $_if name $_ifname
+ fi
+ done
+
+ return 0
+}
+
+# list_net_interfaces type
+# List all network interfaces. The type of interface returned
+# can be controlled by the type argument. The type
+# argument can be any of the following:
+# nodhcp - all interfaces, excluding DHCP configured interfaces
+# dhcp - list only DHCP configured interfaces
+# noautoconf - all interfaces, excluding IPv6 Stateless
+# Address Autoconf configured interfaces
+# autoconf - list only IPv6 Stateless Address Autoconf
+# configured interfaces
+# If no argument is specified all network interfaces are output.
+# Note that the list will include cloned interfaces if applicable.
+# Cloned interfaces must already exist to have a chance to appear
+# in the list if ${network_interfaces} is set to `auto'.
+#
+list_net_interfaces()
+{
+ local type _tmplist _list _autolist _lo _if
+ type=$1
+
+ # Get a list of ALL the interfaces and make lo0 first if it's there.
+ #
+ _tmplist=
+ case ${network_interfaces} in
+ [Aa][Uu][Tt][Oo])
+ _autolist="`ifconfig -l`"
+ _lo=
+ for _if in ${_autolist} ; do
+ if autoif $_if; then
+ if [ "$_if" = "lo0" ]; then
+ _lo="lo0 "
+ else
+ _tmplist="${_tmplist} ${_if}"
+ fi
+ fi
+ done
+ _tmplist="${_lo}${_tmplist# }"
+ ;;
+ *)
+ _tmplist="${network_interfaces} ${cloned_interfaces}"
+
+ # lo0 is effectively mandatory, so help prevent foot-shooting
+ #
+ case "$_tmplist" in
+ lo0|'lo0 '*|*' lo0'|*' lo0 '*) ;; # This is fine, do nothing
+ *) _tmplist="lo0 ${_tmplist}" ;;
+ esac
+ ;;
+ esac
+
+ _list=
+ case "$type" in
+ nodhcp)
+ for _if in ${_tmplist} ; do
+ if ! dhcpif $_if && \
+ [ -n "`_ifconfig_getargs $_if`" ]; then
+ _list="${_list# } ${_if}"
+ fi
+ done
+ ;;
+ dhcp)
+ for _if in ${_tmplist} ; do
+ if dhcpif $_if; then
+ _list="${_list# } ${_if}"
+ fi
+ done
+ ;;
+ noautoconf)
+ for _if in ${_tmplist} ; do
+ if ! ipv6_autoconfif $_if && \
+ [ -n "`_ifconfig_getargs $_if ipv6`" ]; then
+ _list="${_list# } ${_if}"
+ fi
+ done
+ ;;
+ autoconf)
+ for _if in ${_tmplist} ; do
+ if ipv6_autoconfif $_if; then
+ _list="${_list# } ${_if}"
+ fi
+ done
+ ;;
+ *)
+ _list=${_tmplist}
+ ;;
+ esac
+
+ echo $_list
+
+ return 0
+}
+
+# get_default_if -address_family
+# Get the interface of the default route for the given address family.
+# The -address_family argument must be suitable passing to route(8).
+#
+get_default_if()
+{
+ local routeget oldifs defif line
+ defif=
+ oldifs="$IFS"
+ IFS="
+"
+ for line in `route -n get $1 default 2>/dev/null`; do
+ case $line in
+ *interface:*)
+ defif=${line##*: }
+ ;;
+ esac
+ done
+ IFS=${oldifs}
+
+ echo $defif
+}
+
+# hexdigit arg
+# Echo decimal number $arg (single digit) in hexadecimal format.
+hexdigit()
+{
+ printf '%x\n' "$1"
+}
+
+# hexprint arg
+# Echo decimal number $arg (multiple digits) in hexadecimal format.
+hexprint()
+{
+ printf '%x\n' "$1"
+}
+
+is_wired_interface()
+{
+ local media
+
+ case `ifconfig $1 2>/dev/null` in
+ *media:?Ethernet*) media=Ethernet ;;
+ esac
+
+ test "$media" = "Ethernet"
+}
+
+# network6_getladdr if [flag]
+# Echo link-local address from $if if any.
+# If flag is defined, tentative ones will be excluded.
+network6_getladdr()
+{
+ local proto addr rest
+ ifconfig $1 2>/dev/null | while read proto addr rest; do
+ case ${proto} in
+ inet6)
+ case ${addr} in
+ fe80::*)
+ if [ -z "$2" ]; then
+ echo ${addr}
+ return
+ fi
+ case ${rest} in
+ *tentative*)
+ continue
+ ;;
+ *)
+ echo ${addr}
+ return
+ esac
+ esac
+ esac
+ done
+}
diff --git a/etc/networks b/etc/networks
new file mode 100644
index 0000000..a6b15d4
--- /dev/null
+++ b/etc/networks
@@ -0,0 +1,17 @@
+# $FreeBSD$
+# @(#)networks 5.1 (Berkeley) 6/30/90
+#
+# Your Local Networks Database
+#
+your-net 127 # your comment
+your-netmask 255.255.255 # subnet mask for your-net
+
+#
+# Your subnets
+#
+subnet1 127.0.1 alias1 # comment 1
+subnet2 127.0.2 alias2 # comment 2
+
+#
+# Internet networks (from nic.ddn.mil)
+#
diff --git a/etc/newsyslog.conf b/etc/newsyslog.conf
new file mode 100644
index 0000000..67aa117
--- /dev/null
+++ b/etc/newsyslog.conf
@@ -0,0 +1,38 @@
+# configuration file for newsyslog
+# $FreeBSD$
+#
+# Entries which do not specify the '/pid_file' field will cause the
+# syslogd process to be signalled when that log file is rotated. This
+# action is only appropriate for log files which are written to by the
+# syslogd process (ie, files listed in /etc/syslog.conf). If there
+# is no process which needs to be signalled when a given log file is
+# rotated, then the entry for that file should include the 'N' flag.
+#
+# The 'flags' field is one or more of the letters: BCDGJNUXZ or a '-'.
+#
+# Note: some sites will want to select more restrictive protections than the
+# defaults. In particular, it may be desirable to switch many of the 644
+# entries to 640 or 600. For example, some sites will consider the
+# contents of maillog, messages, and lpd-errs to be confidential. In the
+# future, these defaults may change to more conservative ones.
+#
+# logfilename [owner:group] mode count size when flags [/pid_file] [sig_num]
+/var/log/all.log 600 7 * @T00 J
+/var/log/amd.log 644 7 100 * J
+/var/log/auth.log 600 7 100 * JC
+/var/log/console.log 600 5 100 * J
+/var/log/cron 600 3 100 * JC
+/var/log/daily.log 640 7 * @T00 JN
+/var/log/debug.log 600 7 100 * JC
+/var/log/kerberos.log 600 7 100 * J
+/var/log/lpd-errs 644 7 100 * JC
+/var/log/maillog 640 7 * @T00 JC
+/var/log/messages 644 5 100 * JC
+/var/log/monthly.log 640 12 * $M1D0 JN
+/var/log/pflog 600 3 100 * JB /var/run/pflogd.pid
+/var/log/ppp.log root:network 640 3 100 * JC
+/var/log/security 600 10 100 * JC
+/var/log/sendmail.st 640 10 * 168 B
+/var/log/utx.log 644 3 * @01T05 B
+/var/log/weekly.log 640 5 1 $W6D0 JN
+/var/log/xferlog 600 7 100 * JC
diff --git a/etc/nls.alias b/etc/nls.alias
new file mode 100644
index 0000000..805c34a
--- /dev/null
+++ b/etc/nls.alias
@@ -0,0 +1,4 @@
+# $FreeBSD$
+
+POSIX C
+en_US.US-ASCII C
diff --git a/etc/nscd.conf b/etc/nscd.conf
new file mode 100644
index 0000000..19a8b5b
--- /dev/null
+++ b/etc/nscd.conf
@@ -0,0 +1,12 @@
+#
+# Default caching daemon configuration file
+# $FreeBSD$
+#
+
+enable-cache passwd yes
+enable-cache group yes
+enable-cache hosts yes
+enable-cache services yes
+enable-cache protocols yes
+enable-cache rpc yes
+enable-cache networks yes
diff --git a/etc/nsmb.conf b/etc/nsmb.conf
new file mode 100644
index 0000000..e5f2258
--- /dev/null
+++ b/etc/nsmb.conf
@@ -0,0 +1,56 @@
+# $FreeBSD$
+#
+# smbfs lookups configuration files in next order:
+# 1. ~/.nsmbrc
+# 2. /etc/nsmb.conf - if this file found it will
+# override values with same keys from user files.
+#
+#
+# This file consist from a set of sections. Each section started by section name
+# surrounded with square brackets:
+# [section_name]
+#
+# End of the section marked either by new section or by the end of file.
+# Each section can contain zero or more parameters:
+# [section_name]
+# key=value
+#
+# where 'key' represents parameter name and 'value' a value assigned
+# to this parameter.
+#
+# SMB library uses next forms of section names (please note that the section
+# name should be in upper case when it refers to server, user or share):
+# A) [default]
+# B) [SERVER]
+# C) [SERVER:USER]
+# D) [SERVER:USER:SHARE]
+#
+# Here is the map of possible keywords:
+#
+# keyword/section A B C D Comment
+#
+# addr - + - - IP or IPX address of SMB server
+# charsets + + + + local:remote charset pair
+# nbns + + - - address of NetBIOS name server (WINS)
+# nbscope + + - - NetBIOS scope
+# nbtimeout + + - - timeout for NetBIOS name servers
+# password - - + + a plain text password used to access to the given share
+# retry_count + + - - number of retries before connection marked as broken
+# timeout + + - - SMB request timeout
+# workgroup + + + + name of workgroup
+#
+
+# A simple configuration example:
+
+# First, define a workgroup.
+#[default]
+#workgroup=SALES
+
+# The 'FSERVER' is an NT server.
+#[FSERVER]
+#charsets=koi8-r:cp866
+#addr=fserv.coolcorp.com
+
+#[FSERVER:JOE]
+# use persistent password cache for user 'joe'
+#password=$$1767877DF
diff --git a/etc/nsswitch.conf b/etc/nsswitch.conf
new file mode 100644
index 0000000..c95b9a4
--- /dev/null
+++ b/etc/nsswitch.conf
@@ -0,0 +1,15 @@
+#
+# nsswitch.conf(5) - name service switch configuration file
+# $FreeBSD$
+#
+group: compat
+group_compat: nis
+hosts: files dns
+networks: files
+passwd: compat
+passwd_compat: nis
+shells: files
+services: compat
+services_compat: nis
+protocols: files
+rpc: files
diff --git a/etc/ntp.conf b/etc/ntp.conf
new file mode 100644
index 0000000..9f99a8d
--- /dev/null
+++ b/etc/ntp.conf
@@ -0,0 +1,64 @@
+#
+# $FreeBSD$
+#
+# Default NTP servers for the FreeBSD operating system.
+#
+# Don't forget to enable ntpd in /etc/rc.conf with:
+# ntpd_enable="YES"
+#
+# The driftfile is by default /var/db/ntpd.drift, check
+# /etc/defaults/rc.conf on how to change the location.
+#
+
+#
+# The following three servers will give you a random set of three
+# NTP servers geographically close to you.
+# See http://www.pool.ntp.org/ for details. Note, the pool encourages
+# users with a static IP and good upstream NTP servers to add a server
+# to the pool. See http://www.pool.ntp.org/join.html if you are interested.
+#
+# The option `iburst' is used for faster initial synchronisation.
+# The option `maxpoll 9' is used to prevent PLL/FLL flipping on FreeBSD.
+#
+server 0.freebsd.pool.ntp.org iburst maxpoll 9
+server 1.freebsd.pool.ntp.org iburst maxpoll 9
+server 2.freebsd.pool.ntp.org iburst maxpoll 9
+#server 3.freebsd.pool.ntp.org iburst maxpoll 9
+
+#
+# If you want to pick yourself which country's public NTP server
+# you want sync against, comment out the above servers, uncomment
+# the next ones and replace CC with the country's abbreviation.
+# Make sure that the hostnames resolve to a proper IP address!
+#
+# server 0.CC.pool.ntp.org iburst maxpoll 9
+# server 1.CC.pool.ntp.org iburst maxpoll 9
+# server 2.CC.pool.ntp.org iburst maxpoll 9
+
+#
+# Security: Only accept NTP traffic from the following hosts.
+# The following configuration example only accepts traffic from the
+# above defined servers.
+#
+# Please note that this example doesn't work for the servers in
+# the pool.ntp.org domain since they return multiple A records.
+# (This is the reason that by default they are commented out)
+#
+#restrict default ignore
+#restrict 0.pool.ntp.org nomodify nopeer noquery notrap
+#restrict 1.pool.ntp.org nomodify nopeer noquery notrap
+#restrict 2.pool.ntp.org nomodify nopeer noquery notrap
+#restrict 127.0.0.1
+#restrict -6 ::1
+#restrict 127.127.1.0
+
+#
+# If a server loses sync with all upstream servers, NTP clients
+# no longer follow that server. The local clock can be configured
+# to provide a time source when this happens, but it should usually
+# be configured on just one server on a network. For more details see
+# http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock
+# The use of Orphan Mode may be preferable.
+#
+#server 127.127.1.0
+#fudge 127.127.1.0 stratum 10
diff --git a/etc/opieaccess b/etc/opieaccess
new file mode 100644
index 0000000..ed57ef1
--- /dev/null
+++ b/etc/opieaccess
@@ -0,0 +1,13 @@
+# $FreeBSD$
+#
+# This file controls whether UNIX passwords are to be permitted. Rules
+# are matched in order, and the search terminates when the first matching
+# rule has been found. Default action is "deny". See opieaccess(5) for
+# more information.
+#
+# Each rule has the form:
+#
+# permit address netmask
+# deny address netmask
+#
+#permit 127.0.0.1 255.255.255.255
diff --git a/etc/pam.d/Makefile b/etc/pam.d/Makefile
new file mode 100644
index 0000000..f3795b3
--- /dev/null
+++ b/etc/pam.d/Makefile
@@ -0,0 +1,24 @@
+# $FreeBSD$
+
+NO_OBJ=
+
+FILES= README \
+ atrun \
+ cron \
+ ftpd \
+ imap \
+ kde \
+ login \
+ other \
+ passwd pop3 \
+ rsh \
+ sshd su system \
+ telnetd \
+ xdm
+
+FILESDIR= /etc/pam.d
+FILESMODE= 644
+FILESMODE_README= 444
+LINKS= ${FILESDIR}/ftpd ${FILESDIR}/ftp
+
+.include <bsd.prog.mk>
diff --git a/etc/pam.d/README b/etc/pam.d/README
new file mode 100644
index 0000000..7b8f958
--- /dev/null
+++ b/etc/pam.d/README
@@ -0,0 +1,62 @@
+
+This directory contains configuration files for the Pluggable
+Authentication Modules (PAM) library.
+
+Each file details the module chain for a single service, and must be
+named after that service. If no configuration file is found for a
+particular service, the /etc/pam.d/other is used instead. If that
+file does not exist, /etc/pam.conf is searched for entries matching
+the specified service or, failing that, the "other" service.
+
+See the pam(8) manual page for an explanation of the workings of the
+PAM library and descriptions of the various files and modules. Below
+is a summary of the format for the pam.conf and /etc/pam.d/* files.
+
+Configuration lines take the following form:
+
+module-type control-flag module-path arguments
+
+Comments are introduced with a hash mark ('#'). Blank lines and lines
+consisting entirely of comments are ignored.
+
+The meanings of the different fields are as follows:
+
+ module-type:
+ auth: prompt for a password to authenticate that the user is
+ who they say they are, and set any credentials.
+ account: non-authentication based authorization, based on time,
+ resources, etc.
+ session: housekeeping before and/or after login.
+ password: update authentication tokens.
+
+ control-flag: How libpam handles success or failure of the module.
+ required: success is required; on failure all remaining
+ modules are run, but the request will be denied.
+ requisite: success is required, and on failure no remaining
+ modules are run.
+ sufficient: success is sufficient, and if no previous required
+ module failed, no remaining modules are run.
+ binding: success is sufficient; on failure all remaining
+ modules are run, but the request will be denied.
+ optional: ignored unless the other modules return PAM_IGNORE.
+
+ arguments: Module-specific options, plus some generic ones:
+ debug: syslog debug info.
+ no_warn: return no warning messages to the application.
+ Remove this to feed back to the user the
+ reason(s) they are being rejected.
+ use_first_pass: try authentication using password from the
+ preceding auth module.
+ try_first_pass: first try authentication using password from
+ the preceding auth module, and if that fails
+ prompt for a new password.
+ use_mapped_pass: convert cleartext password to a crypto key.
+ expose_account: allow printing more info about the user when
+ prompting.
+
+Note that having a "sufficient" module as the last entry for a
+particular service and module type may result in surprising behaviour.
+To get the intended semantics, add a "required" entry listing the
+pam_deny module at the end of the chain.
+
+$FreeBSD$
diff --git a/etc/pam.d/atrun b/etc/pam.d/atrun
new file mode 100644
index 0000000..6829469
--- /dev/null
+++ b/etc/pam.d/atrun
@@ -0,0 +1,10 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "atrun" service
+#
+
+# Note well: enabling pam_nologin for atrun will currently result
+# in jobs discarded, not just delayed, during a no-login period.
+#account required pam_nologin.so
+account required pam_unix.so
diff --git a/etc/pam.d/convert.pl b/etc/pam.d/convert.pl
new file mode 100644
index 0000000..f4c0676
--- /dev/null
+++ b/etc/pam.d/convert.pl
@@ -0,0 +1,87 @@
+#!/usr/bin/perl -w
+#-
+# Copyright (c) 2001,2002 Networks Associates Technologies, Inc.
+# All rights reserved.
+#
+# This software was developed for the FreeBSD Project by ThinkSec AS and
+# NAI Labs, the Security Research Division of Network Associates, Inc.
+# under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
+# DARPA CHATS research program.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. The name of the author may not be used to endorse or promote
+# products derived from this software without specific prior written
+# permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+use strict;
+use Fcntl;
+use vars qw(%SERVICES);
+
+MAIN:{
+ my $line;
+ my $service;
+ my $version;
+ my $type;
+ local *FILE;
+
+ while (<>) {
+ chomp();
+ s/\s*$//;
+ next unless m/^(\#*)(\w+)\s+(auth|account|session|password)\s+(\S.*)$/;
+ $line = $1.$3;
+ $line .= "\t" x ((16 - length($line) + 7) / 8);
+ $line .= $4;
+ push(@{$SERVICES{$2}->{$3}}, $line);
+ }
+
+ foreach $service (keys(%SERVICES)) {
+ $version = '$' . 'FreeBSD' . '$';
+ if (sysopen(FILE, $service, O_RDONLY)) {
+ while (<FILE>) {
+ next unless (m/(\$[F]reeBSD.*?\$)/);
+ $version = $1;
+ last;
+ }
+ close(FILE);
+ }
+ sysopen(FILE, $service, O_RDWR|O_CREAT|O_TRUNC)
+ or die("$service: $!\n");
+ print(FILE "#\n");
+ print(FILE "# $version\n");
+ print(FILE "#\n");
+ print(FILE "# PAM configuration for the \"$service\" service\n");
+ print(FILE "#\n");
+ foreach $type (qw(auth account session password)) {
+ next unless exists($SERVICES{$service}->{$type});
+ print(FILE "\n");
+ print(FILE "# $type\n");
+ print(FILE join("\n", @{$SERVICES{$service}->{$type}}, ""));
+ }
+ close(FILE);
+ warn("$service\n");
+ }
+
+ exit(0);
+}
diff --git a/etc/pam.d/cron b/etc/pam.d/cron
new file mode 100644
index 0000000..55a3d10
--- /dev/null
+++ b/etc/pam.d/cron
@@ -0,0 +1,9 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "cron" service
+#
+
+# account
+account required pam_nologin.so
+account required pam_unix.so
diff --git a/etc/pam.d/ftpd b/etc/pam.d/ftpd
new file mode 100644
index 0000000..0d0b076
--- /dev/null
+++ b/etc/pam.d/ftpd
@@ -0,0 +1,20 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "ftpd" service
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_unix.so
+
+# session
+session required pam_permit.so
diff --git a/etc/pam.d/imap b/etc/pam.d/imap
new file mode 100644
index 0000000..2d5efd0
--- /dev/null
+++ b/etc/pam.d/imap
@@ -0,0 +1,14 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "imap" service
+#
+
+# auth
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+#account required pam_nologin.so
+account required pam_unix.so
diff --git a/etc/pam.d/kde b/etc/pam.d/kde
new file mode 100644
index 0000000..f7d54f6
--- /dev/null
+++ b/etc/pam.d/kde
@@ -0,0 +1,19 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "kde" service
+#
+
+# auth
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session required pam_permit.so
diff --git a/etc/pam.d/login b/etc/pam.d/login
new file mode 100644
index 0000000..287036d
--- /dev/null
+++ b/etc/pam.d/login
@@ -0,0 +1,20 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "login" service
+#
+
+# auth
+auth sufficient pam_self.so no_warn
+auth include system
+
+# account
+account requisite pam_securetty.so
+account required pam_nologin.so
+account include system
+
+# session
+session include system
+
+# password
+password include system
diff --git a/etc/pam.d/other b/etc/pam.d/other
new file mode 100644
index 0000000..110aa00
--- /dev/null
+++ b/etc/pam.d/other
@@ -0,0 +1,25 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "other" service
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session required pam_permit.so
+
+# password
+password required pam_permit.so
diff --git a/etc/pam.d/passwd b/etc/pam.d/passwd
new file mode 100644
index 0000000..e655083
--- /dev/null
+++ b/etc/pam.d/passwd
@@ -0,0 +1,11 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "passwd" service
+#
+
+# passwd(1) does not use the auth, account or session services.
+
+# password
+#password requisite pam_passwdqc.so enforce=users
+password required pam_unix.so no_warn try_first_pass nullok
diff --git a/etc/pam.d/pop3 b/etc/pam.d/pop3
new file mode 100644
index 0000000..c59e39b
--- /dev/null
+++ b/etc/pam.d/pop3
@@ -0,0 +1,14 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "pop3" service
+#
+
+# auth
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+#account required pam_nologin.so
+account required pam_unix.so
diff --git a/etc/pam.d/rsh b/etc/pam.d/rsh
new file mode 100644
index 0000000..9e562e0
--- /dev/null
+++ b/etc/pam.d/rsh
@@ -0,0 +1,18 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "rsh" service
+#
+
+# auth
+auth required pam_rhosts.so no_warn
+
+# account
+account required pam_nologin.so
+account required pam_unix.so
+
+# session
+session required pam_permit.so
+
+# password
+password required pam_deny.so
diff --git a/etc/pam.d/sshd b/etc/pam.d/sshd
new file mode 100644
index 0000000..b4707c0
--- /dev/null
+++ b/etc/pam.d/sshd
@@ -0,0 +1,26 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "sshd" service
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session required pam_permit.so
+
+# password
+#password sufficient pam_krb5.so no_warn try_first_pass
+password required pam_unix.so no_warn try_first_pass
diff --git a/etc/pam.d/su b/etc/pam.d/su
new file mode 100644
index 0000000..88ce8b0
--- /dev/null
+++ b/etc/pam.d/su
@@ -0,0 +1,17 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "su" service
+#
+
+# auth
+auth sufficient pam_rootok.so no_warn
+auth sufficient pam_self.so no_warn
+auth requisite pam_group.so no_warn group=wheel root_only fail_safe ruser
+auth include system
+
+# account
+account include system
+
+# session
+session required pam_permit.so
diff --git a/etc/pam.d/system b/etc/pam.d/system
new file mode 100644
index 0000000..b8b7101
--- /dev/null
+++ b/etc/pam.d/system
@@ -0,0 +1,25 @@
+#
+# $FreeBSD$
+#
+# System-wide defaults
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass nullok
+
+# account
+#account required pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session required pam_lastlog.so no_fail
+
+# password
+#password sufficient pam_krb5.so no_warn try_first_pass
+password required pam_unix.so no_warn try_first_pass
diff --git a/etc/pam.d/telnetd b/etc/pam.d/telnetd
new file mode 100644
index 0000000..fb2f523
--- /dev/null
+++ b/etc/pam.d/telnetd
@@ -0,0 +1,26 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "telnetd" service
+#
+
+# auth
+auth sufficient pam_opie.so no_warn no_fake_prompts
+auth requisite pam_opieaccess.so no_warn allow_local
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_login_access.so
+account required pam_unix.so
+
+# session
+#session optional pam_ssh.so want_agent
+session required pam_lastlog.so no_fail
+
+# password
+#password sufficient pam_krb5.so no_warn try_first_pass
+password required pam_unix.so no_warn try_first_pass
diff --git a/etc/pam.d/xdm b/etc/pam.d/xdm
new file mode 100644
index 0000000..2a7db08
--- /dev/null
+++ b/etc/pam.d/xdm
@@ -0,0 +1,22 @@
+#
+# $FreeBSD$
+#
+# PAM configuration for the "xdm" service
+#
+
+# auth
+#auth sufficient pam_krb5.so no_warn try_first_pass
+#auth sufficient pam_ssh.so no_warn try_first_pass
+auth required pam_unix.so no_warn try_first_pass
+
+# account
+account required pam_nologin.so
+#account required pam_krb5.so
+account required pam_unix.so
+
+# session
+#session required pam_ssh.so want_agent
+session required pam_lastlog.so no_fail
+
+# password
+password required pam_deny.so
diff --git a/etc/pccard_ether b/etc/pccard_ether
new file mode 100755
index 0000000..841c1a0
--- /dev/null
+++ b/etc/pccard_ether
@@ -0,0 +1,126 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+# pccard_ether interfacename [start|stop|restart]
+#
+# example: pccard_ether fxp0 start
+#
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="pccard_ether"
+start_precmd="checkauto"
+start_cmd="pccard_ether_start"
+stop_precmd="checkauto"
+stop_cmd="pccard_ether_stop"
+restart_precmd="checkauto"
+restart_cmd="pccard_ether_restart"
+
+setup_routes()
+{
+ # Add default route into $static_routes
+ case ${defaultrouter} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ static_routes="default ${static_routes}"
+ route_default="default ${defaultrouter}"
+ ;;
+ esac
+
+ # Add private route for this interface into $static_routes
+ eval ifx_routes=\$static_routes_${ifn}
+ if [ -n "${ifx_routes}" ]; then
+ static_routes="${ifx_routes} ${static_routes}"
+ fi
+
+ # Set up any static routes if specified
+ if [ -n "${static_routes}" ]; then
+ for i in ${static_routes}; do
+ eval route_args=\$route_${i}
+ route add ${route_args}
+ done
+ fi
+}
+
+remove_routes()
+{
+ # Delete static route if specified
+ eval ifx_routes=\$static_routes_${ifn}
+ if [ -n "${ifx_routes}" ]; then
+ for i in ${ifx_routes}; do
+ eval route_args=\$route_${i}
+ route delete ${route_args}
+ done
+ fi
+}
+
+checkauto()
+{
+ if [ -z "$rc_force" ]; then
+ # Ignore interfaces with the NOAUTO keyword
+ autoif $ifn || exit 0
+ fi
+}
+
+pccard_ether_start()
+{
+ ifexists $ifn || exit 1
+
+ if [ -z "$rc_force" ]; then
+ for uif in `ifconfig -ul`; do
+ if [ "${uif}" = "${ifn}" ]; then
+ # Interface is already up, so ignore it.
+ exit 0
+ fi
+ done
+ fi
+
+ /etc/rc.d/netif quietstart $ifn
+
+ # Do route configuration if needed.
+ # XXX: should probably do this by calling rc.d/routing.
+ if [ -n "`ifconfig_getargs $ifn`" ]; then
+ if ! dhcpif $ifn; then
+ setup_routes
+ fi
+ fi
+
+ # XXX: IPv6 setup should be done in some way.
+}
+
+pccard_ether_stop()
+{
+ if [ -n "`ifconfig_getargs $ifn`" ]; then
+ if ! dhcpif $ifn; then
+ remove_routes
+ fi
+ fi
+
+ /etc/rc.d/netif quietstop $ifn
+
+ # clean ARP table
+ ifexists $ifn && arp -d -i $ifn -a
+}
+
+pccard_ether_restart()
+{
+ # Hand implemented because the default implementation runs
+ # the equivalent of "$0 start; $0 stop" and this script
+ # doesn't support that syntax
+ pccard_ether_stop
+ pccard_ether_start
+}
+
+ifn=$1
+shift
+if [ -z "$*" ]; then
+ args="start"
+else
+ args=$*
+fi
+
+load_rc_config pccard_ether
+run_rc_command $args
diff --git a/etc/periodic/Makefile b/etc/periodic/Makefile
new file mode 100644
index 0000000..8fb56df
--- /dev/null
+++ b/etc/periodic/Makefile
@@ -0,0 +1,5 @@
+# $FreeBSD$
+
+SUBDIR= daily security weekly monthly
+
+.include <bsd.subdir.mk>
diff --git a/etc/periodic/Makefile.inc b/etc/periodic/Makefile.inc
new file mode 100644
index 0000000..a05341c
--- /dev/null
+++ b/etc/periodic/Makefile.inc
@@ -0,0 +1,5 @@
+# $FreeBSD$
+
+BINDIR= /etc/periodic/${.CURDIR:T}
+NO_OBJ=
+FILESMODE= 755
diff --git a/etc/periodic/daily/100.clean-disks b/etc/periodic/daily/100.clean-disks
new file mode 100755
index 0000000..b4ebf30
--- /dev/null
+++ b/etc/periodic/daily/100.clean-disks
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Remove garbage files more than $daily_clean_disks_days days old
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_clean_disks_enable" in
+ [Yy][Ee][Ss])
+ if [ -z "$daily_clean_disks_days" ]
+ then
+ echo '$daily_clean_disks_enable is set but' \
+ '$daily_clean_disks_days is not'
+ rc=2
+ elif [ -z "$daily_clean_disks_files" ]
+ then
+ echo '$daily_clean_disks_enable is set but' \
+ '$daily_clean_disks_files is not'
+ rc=2
+ else
+ echo ""
+ echo "Cleaning disks:"
+ set -f noglob
+ args="-name "`echo "$daily_clean_disks_files" |
+ sed -e 's/^[ ]*//' \
+ -e 's/[ ]*$//' \
+ -e 's/[ ][ ]*/ -o -name /g'`
+
+ case "$daily_clean_disks_verbose" in
+ [Yy][Ee][Ss])
+ print=-print;;
+ *)
+ print=;;
+ esac
+
+ rc=$(find / \( ! -fstype local -o -fstype rdonly \) -prune -o \
+ \( $args \) -atime +$daily_clean_disks_days \
+ -execdir rm -df {} \; $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ set -f glob
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/110.clean-tmps b/etc/periodic/daily/110.clean-tmps
new file mode 100755
index 0000000..eef3bc6
--- /dev/null
+++ b/etc/periodic/daily/110.clean-tmps
@@ -0,0 +1,60 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Perform temporary directory cleaning so that long-lived systems
+# don't end up with excessively old files there.
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_clean_tmps_enable" in
+ [Yy][Ee][Ss])
+ if [ -z "$daily_clean_tmps_days" ]
+ then
+ echo '$daily_clean_tmps_enable is set but' \
+ '$daily_clean_tmps_days is not'
+ rc=2
+ else
+ echo ""
+ echo "Removing old temporary files:"
+
+ set -f noglob
+ args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
+ args="${args} -ctime +$daily_clean_tmps_days"
+ dargs="-empty -mtime +$daily_clean_tmps_days"
+ [ -n "$daily_clean_tmps_ignore" ] && {
+ args="$args "`echo " ${daily_clean_tmps_ignore% }" |
+ sed 's/[ ][ ]*/ ! -name /g'`
+ dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
+ sed 's/[ ][ ]*/ ! -name /g'`
+ }
+ case "$daily_clean_tmps_verbose" in
+ [Yy][Ee][Ss])
+ print=-print;;
+ *)
+ print=;;
+ esac
+
+ rc=$(for dir in $daily_clean_tmps_dirs
+ do
+ [ ."${dir#/}" != ."$dir" -a -d $dir ] && cd $dir && {
+ find -d . -type f $args -delete $print
+ find -d . ! -name . -type d $dargs -delete $print
+ } | sed "s,^\\., $dir,"
+ done | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ set -f glob
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/120.clean-preserve b/etc/periodic/daily/120.clean-preserve
new file mode 100755
index 0000000..d5b34a1
--- /dev/null
+++ b/etc/periodic/daily/120.clean-preserve
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Remove stale files in /var/preserve
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_clean_preserve_enable" in
+ [Yy][Ee][Ss])
+ if [ -z "$daily_clean_preserve_days" ]
+ then
+ echo '$daily_clean_preserve_enable is set but' \
+ '$daily_clean_preserve_days is not'
+ rc=2
+ elif [ ! -d /var/preserve ]
+ then
+ echo '$daily_clean_preserve_enable is set but /var/preserve' \
+ "doesn't exist"
+ rc=2
+ else
+ echo ""
+ echo "Removing stale files from /var/preserve:"
+
+ if cd /var/preserve
+ then
+ case "$daily_clean_preserve_verbose" in
+ [Yy][Ee][Ss])
+ print=-print;;
+ *)
+ print=;;
+ esac
+
+ rc=$(find . ! -name . -mtime +$daily_clean_preserve_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/130.clean-msgs b/etc/periodic/daily/130.clean-msgs
new file mode 100755
index 0000000..b7890db
--- /dev/null
+++ b/etc/periodic/daily/130.clean-msgs
@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Remove system messages
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_clean_msgs_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -d /var/msgs ]
+ then
+ echo '$daily_clean_msgs_enable is set but /var/msgs' \
+ "doesn't exist"
+ rc=2
+ else
+ echo ""
+ echo "Cleaning out old system announcements:"
+
+ [ -n "$daily_clean_msgs_days" ] &&
+ arg=-${daily_clean_msgs_days#-} || arg=
+ msgs -c $arg && rc=0 || rc=3
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/140.clean-rwho b/etc/periodic/daily/140.clean-rwho
new file mode 100755
index 0000000..9645d7e
--- /dev/null
+++ b/etc/periodic/daily/140.clean-rwho
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Remove stale files in /var/rwho
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_clean_rwho_enable" in
+ [Yy][Ee][Ss])
+ if [ -z "$daily_clean_rwho_days" ]
+ then
+ echo '$daily_clean_rwho_enable is enabled but' \
+ '$daily_clean_rwho_days is not set'
+ rc=2
+ elif [ ! -d /var/rwho ]
+ then
+ echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
+ "doesn't exist"
+ rc=2
+ else
+ echo ""
+ echo "Removing stale files from /var/rwho:"
+
+ case "$daily_clean_rwho_verbose" in
+ [Yy][Ee][Ss])
+ print=-print;;
+ *)
+ print=;;
+ esac
+
+ if cd /var/rwho
+ then
+ rc=$(find . ! -name . -mtime +$daily_clean_rwho_days \
+ -delete $print | tee /dev/stderr | wc -l)
+ [ -z "$print" ] && rc=0
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/150.clean-hoststat b/etc/periodic/daily/150.clean-hoststat
new file mode 100755
index 0000000..460d1a2
--- /dev/null
+++ b/etc/periodic/daily/150.clean-hoststat
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Remove stale persistent host status files
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]; then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_clean_hoststat_enable" in
+ [Yy][Ee][Ss])
+ if [ -z "$(hoststat 2>&1)" ]; then
+ rc=2
+ else
+ echo ""
+ echo "Removing stale entries from sendmail host status cache:"
+ rc=0
+ purgestat || rc=1
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/200.backup-passwd b/etc/periodic/daily/200.backup-passwd
new file mode 100755
index 0000000..5c585af
--- /dev/null
+++ b/etc/periodic/daily/200.backup-passwd
@@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_backup_passwd_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -f /etc/master.passwd ]
+ then
+ echo '$daily_backup_passwd_enable" is set but /etc/master.passwd' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /etc/group ]
+ then
+ echo '$daily_backup_passwd_enable" is set but /etc/group' \
+ "doesn't exist"
+ rc=2
+ else
+ bak=/var/backups
+ rc=0
+
+ echo ""
+ echo "Backup passwd and group files:"
+
+ if [ ! -f $bak/master.passwd.bak ]
+ then
+ rc=1
+ echo "no $bak/master.passwd.bak"
+ cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
+ fi
+
+ if ! cmp -s $bak/master.passwd.bak /etc/master.passwd
+ then
+ [ $rc -lt 1 ] && rc=1
+ echo "$host passwd diffs:"
+ diff -I '^#' $bak/master.passwd.bak /etc/master.passwd |\
+ sed 's/^\([<>] [^:]*\):[^:]*:/\1:(password):/'
+ mv $bak/master.passwd.bak $bak/master.passwd.bak2
+ cp -p /etc/master.passwd $bak/master.passwd.bak || rc=3
+ fi
+
+ if [ ! -f $bak/group.bak ]
+ then
+ [ $rc -lt 1 ] && rc=1
+ echo "no $bak/group.bak"
+ cp -p /etc/group $bak/group.bak || rc=3
+ fi
+
+ if ! cmp -s $bak/group.bak /etc/group
+ then
+ [ $rc -lt 1 ] && rc=1
+ echo "$host group diffs:"
+ diff $bak/group.bak /etc/group
+ mv $bak/group.bak $bak/group.bak2
+ cp -p /etc/group $bak/group.bak || rc=3
+ fi
+
+ if [ -f /etc/group ]
+ then
+ echo ""
+ echo "Verifying group file syntax:"
+ chkgrp /etc/group || rc=3
+ fi
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/210.backup-aliases b/etc/periodic/daily/210.backup-aliases
new file mode 100755
index 0000000..fe17038
--- /dev/null
+++ b/etc/periodic/daily/210.backup-aliases
@@ -0,0 +1,47 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_backup_aliases_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -f /etc/mail/aliases ]
+ then
+ echo '$daily_backup_aliases_enable is enabled but' \
+ "/etc/mail/aliases doesn't exist"
+ rc=2
+ else
+ bak=/var/backups
+ rc=0
+
+ echo ""
+ echo "Backing up mail aliases:"
+
+ if [ ! -f $bak/aliases.bak ]
+ then
+ echo "no $bak/aliases.bak"
+ cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
+ fi
+
+ if ! cmp -s $bak/aliases.bak /etc/mail/aliases
+ then
+ [ $rc -lt 1 ] && rc=1
+ echo "$host aliases diffs:"
+ diff -u $bak/aliases.bak /etc/mail/aliases
+ mv $bak/aliases.bak $bak/aliases.bak2
+ cp -p /etc/mail/aliases $bak/aliases.bak || rc=3
+ fi
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/220.backup-pkgdb b/etc/periodic/daily/220.backup-pkgdb
new file mode 100755
index 0000000..82bf0b3
--- /dev/null
+++ b/etc/periodic/daily/220.backup-pkgdb
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+rc=0
+
+case "$daily_backup_pkgdb_enable" in
+ [Yy][Ee][Ss])
+ bak="${daily_backup_pkgdb_dir:-/var/backups}"
+ bak_file="${bak}/pkgdb.bak.tbz"
+
+ pkg_dbdir=`make -f/usr/share/mk/bsd.port.mk -V PKG_DBDIR 2>/dev/null` ||
+ pkg_dbdir=/var/db/pkg
+
+ if [ ! -d "$bak" ]
+ then
+ install -d -o root -g wheel -m 750 $bak || {
+ echo '$daily_backup_pkgdb_enable is enabled but' \
+ "$daily_backup_pkgdb_dir doesn't exist" ;
+ exit 2 ; }
+ fi
+
+ echo ''
+ echo 'Backing up package db directory:'
+
+ new_bak_file=`mktemp ${bak_file}-XXXXX`
+
+ if tar -cjHf "${new_bak_file}" "$pkg_dbdir" 2>/dev/null; then
+ chmod 644 "${new_bak_file}"
+
+ if [ -e "${bak_file}.2" -a -e "${bak_file}" ]; then
+ unlink "${bak_file}.2"
+ mv "${bak_file}" "${bak_file}.2"
+ fi
+ [ -e "${bak_file}" ] && mv "${bak_file}" "${bak_file}.2"
+ mv "${new_bak_file}" "${bak_file}"
+ else
+ rc=3
+ fi ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/300.calendar b/etc/periodic/daily/300.calendar
new file mode 100755
index 0000000..cc12097
--- /dev/null
+++ b/etc/periodic/daily/300.calendar
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# `calendar -a' needs to die. Why? Because it's a bad idea, particular
+# with networked home directories, but also in general. If you want the
+# output of `calendar' mailed to you, set up a cron job to do it,
+# or run it from your ~/.profile or ~/.login.
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_calendar_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Running calendar:"
+
+ calendar -a && rc=0 || rc=3;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/310.accounting b/etc/periodic/daily/310.accounting
new file mode 100755
index 0000000..d11745d
--- /dev/null
+++ b/etc/periodic/daily/310.accounting
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_accounting_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -f /var/account/acct ]
+ then
+ echo '$daily_accounting_enable is set but /var/account/acct' \
+ "doesn't exist"
+ rc=2
+ elif [ -z "$daily_accounting_save" ]
+ then
+ echo '$daily_accounting_enable is set but ' \
+ '$daily_accounting_save is not'
+ rc=2
+ else
+ echo ""
+ echo "Rotating accounting logs and gathering statistics:"
+
+ cd /var/account
+ rc=0
+
+ n=$(( $daily_accounting_save - 1 ))
+ for f in acct.*; do
+ case "$f" in acct.\*) continue ;; esac # No files match
+ m=${f%.gz} ; m=${m#acct.}
+ [ $m -ge $n ] && { rm $f || rc=3; }
+ done
+
+ m=$n
+ n=$(($n - 1))
+ while [ $n -ge 0 ]
+ do
+ [ -f acct.$n.gz ] && { mv -f acct.$n.gz acct.$m.gz || rc=3; }
+ [ -f acct.$n ] && { mv -f acct.$n acct.$m || rc=3; }
+ m=$n
+ n=$(($n - 1))
+ done
+
+ /etc/rc.d/accounting rotate_log || rc=3
+
+ rm -f acct.merge && cp acct.0 acct.merge || rc=3
+ sa -s $daily_accounting_flags /var/account/acct.merge || rc=3
+ rm acct.merge
+
+ case "$daily_accounting_compress" in
+ [Yy][Ee][Ss])
+ gzip -f acct.0 || rc=3;;
+ esac
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/330.news b/etc/periodic/daily/330.news
new file mode 100755
index 0000000..ec06437
--- /dev/null
+++ b/etc/periodic/daily/330.news
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Expire news articles
+# (This is present only for backwards compatibility, usually the news
+# system handles this on its own).
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_news_expire_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -f /etc/news.expire ]
+ then
+ echo '$daily_news_expire_enable is set but /etc/news.expire' \
+ "doesn't exist"
+ rc=2
+ else
+ echo ""
+ echo "Running news.expire:"
+
+ /etc/news.expire && rc=0 || rc=3
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/400.status-disks b/etc/periodic/daily/400.status-disks
new file mode 100755
index 0000000..dc525a5
--- /dev/null
+++ b/etc/periodic/daily/400.status-disks
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_disks_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Disk status:"
+
+ df $daily_status_disks_df_flags && rc=1 || rc=3
+
+ # display which filesystems need backing up
+ if ! [ -f /etc/fstab ]; then
+ export PATH_FSTAB=/dev/null
+ fi
+
+ echo ""
+ dump W || rc=3;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/404.status-zfs b/etc/periodic/daily/404.status-zfs
new file mode 100755
index 0000000..81cc3e4
--- /dev/null
+++ b/etc/periodic/daily/404.status-zfs
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_zfs_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Checking status of zfs pools:'
+
+ out=`zpool status -x`
+ echo "$out"
+ # zpool status -x always exits with 0, so we have to interpret its
+ # output to see what's going on.
+ if [ "$out" = "all pools are healthy" \
+ -o "$out" = "no pools available" ]; then
+ rc=0
+ else
+ rc=1
+ fi
+ ;;
+
+ *)
+ rc=0
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/405.status-ata-raid b/etc/periodic/daily/405.status-ata-raid
new file mode 100755
index 0000000..f217839
--- /dev/null
+++ b/etc/periodic/daily/405.status-ata-raid
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_ata_raid_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Checking status of ATA raid partitions:'
+
+ rc=0
+ for raid in `find /dev/ -name 'ar[0-9]*' -type c | egrep '[0-9]$' \
+ | egrep -v 's[0-9]' | cut -d / -f 3`
+ do
+ status=`/sbin/atacontrol status $raid`
+ echo $status
+ raid_rc=`echo $status | grep -v READY | wc -l`
+ [ $rc -eq 0 ] && [ $raid_rc -gt 0 ] && rc=3
+ done
+ ;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/406.status-gmirror b/etc/periodic/daily/406.status-gmirror
new file mode 100755
index 0000000..8fc698c
--- /dev/null
+++ b/etc/periodic/daily/406.status-gmirror
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_gmirror_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Checking status of gmirror(8) devices:'
+
+ if gmirror status; then
+ components="$(gmirror status -s | fgrep -v COMPLETE)"
+ if [ "${components}" ]; then
+ rc=3
+ else
+ rc=0
+ fi
+ else
+ rc=2
+ fi
+ ;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/407.status-graid3 b/etc/periodic/daily/407.status-graid3
new file mode 100755
index 0000000..52750f7
--- /dev/null
+++ b/etc/periodic/daily/407.status-graid3
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_graid3_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Checking status of graid3(8) devices:'
+
+ if graid3 status; then
+ components="$(graid3 status -s | fgrep -v COMPLETE)"
+ if [ "${components}" ]; then
+ rc=3
+ else
+ rc=0
+ fi
+ else
+ rc=2
+ fi
+ ;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/408.status-gstripe b/etc/periodic/daily/408.status-gstripe
new file mode 100755
index 0000000..ff74f76
--- /dev/null
+++ b/etc/periodic/daily/408.status-gstripe
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_gstripe_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Checking status of gstripe(8) devices:'
+
+ if gstripe status; then
+ components="$(gstripe status -s | fgrep -v UP)"
+ if [ "${components}" ]; then
+ rc=3
+ else
+ rc=0
+ fi
+ else
+ rc=2
+ fi
+ ;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/409.status-gconcat b/etc/periodic/daily/409.status-gconcat
new file mode 100755
index 0000000..7dfa918
--- /dev/null
+++ b/etc/periodic/daily/409.status-gconcat
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_gconcat_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Checking status of gconcat(8) devices:'
+
+ if gconcat status; then
+ components="$(gconcat status -s | fgrep -v UP)"
+ if [ "${components}" ]; then
+ rc=3
+ else
+ rc=0
+ fi
+ else
+ rc=2
+ fi
+ ;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/420.status-network b/etc/periodic/daily/420.status-network
new file mode 100755
index 0000000..8399cf7
--- /dev/null
+++ b/etc/periodic/daily/420.status-network
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_network_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Network interface status:"
+
+ case "$daily_status_network_usedns" in
+ [Yy][Ee][Ss])
+ netstat -i && rc=0 || rc=3;;
+ *)
+ netstat -in && rc=0 || rc=3;;
+ esac;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/430.status-rwho b/etc/periodic/daily/430.status-rwho
new file mode 100755
index 0000000..4476136
--- /dev/null
+++ b/etc/periodic/daily/430.status-rwho
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_rwho_enable" in
+ [Yy][Ee][Ss])
+ rwho=$(echo /var/rwho/*)
+ if [ -f "${rwho%% *}" ]
+ then
+ echo ""
+ echo "Local network system status:"
+ prog=ruptime
+ else
+ echo ""
+ echo "Local system status:"
+ prog=uptime
+ fi
+ rc=$($prog | tee /dev/stderr | wc -l)
+ if [ $? -eq 0 ]
+ then
+ [ $rc -gt 1 ] && rc=1
+ else
+ rc=3
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/440.status-mailq b/etc/periodic/daily/440.status-mailq
new file mode 100755
index 0000000..d17fe4e
--- /dev/null
+++ b/etc/periodic/daily/440.status-mailq
@@ -0,0 +1,66 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_mailq_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -x /usr/bin/mailq ]
+ then
+ echo '$daily_status_mailq_enable is set but /usr/bin/mailq' \
+ "isn't executable"
+ rc=2
+ else
+ echo ""
+ echo "Mail in local queue:"
+
+ rc=$(case "$daily_status_mailq_shorten" in
+ [Yy][Ee][Ss])
+ mailq |
+ egrep -e '^[[:space:]]+[^[:space:]]+@' |
+ sort |
+ uniq -c |
+ sort -nr |
+ awk '$1 >= 1 {print $1, $2}';;
+ *)
+ mailq;;
+ esac | tee /dev/stderr |
+ egrep -v '(mqueue is empty|Total requests)' | wc -l)
+ [ $rc -gt 0 ] && rc=1 || rc=0
+
+ case "$daily_status_include_submit_mailq" in
+ [Yy][Ee][Ss])
+ if [ -f /etc/mail/submit.cf ]
+ then
+ echo ""
+ echo "Mail in submit queue:"
+
+ rc_submit=$(case "$daily_status_mailq_shorten" in
+ [Yy][Ee][Ss])
+ mailq -Ac |
+ egrep -e '^[[:space:]]+[^[:space:]]+@' |
+ sort |
+ uniq -c |
+ sort -nr |
+ awk '$1 >= 1 {print $1, $2}';;
+ *)
+ mailq -Ac;;
+ esac | tee /dev/stderr |
+ egrep -v '(mqueue is empty|Total requests)' | wc -l)
+ [ $rc_submit -gt 0 ] && rc=1
+ fi;;
+ esac
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/450.status-security b/etc/periodic/daily/450.status-security
new file mode 100755
index 0000000..362bf3d
--- /dev/null
+++ b/etc/periodic/daily/450.status-security
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_security_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Security check:"
+
+ case "$daily_status_security_inline" in
+ [Yy][Ee][Ss])
+ export security_output="";;
+ *)
+ export security_output="${daily_status_security_output}"
+ case "${daily_status_security_output}" in
+ "")
+ rc=3;;
+ /*)
+ echo " (output logged separately)"
+ rc=0;;
+ *)
+ echo " (output mailed separately)"
+ rc=0;;
+ esac;;
+ esac
+
+ periodic security || rc=3;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/460.status-mail-rejects b/etc/periodic/daily/460.status-mail-rejects
new file mode 100755
index 0000000..ce63364
--- /dev/null
+++ b/etc/periodic/daily/460.status-mail-rejects
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_mail_rejects_shorten" in
+[Yy][Ee][Ss]) shorten='cut -d" " -f2,3';;
+*) shorten=cat;;
+esac
+
+case "$daily_status_mail_rejects_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -d /etc/mail ]
+ then
+ echo '$daily_status_mail_rejects_enable is set but /etc/mail' \
+ "doesn't exist"
+ rc=2
+ elif [ ! -f /var/log/maillog ]
+ then
+ echo '$daily_status_mail_rejects_enable is set but ' \
+ "/var/log/maillog doesn't exist"
+ rc=2
+ elif [ "$daily_status_mail_rejects_logs" -le 0 ]
+ then
+ echo '$daily_status_mail_rejects_enable is set but ' \
+ '$daily_status_mail_rejects_logs is not greater than zero'
+ rc=2
+ else
+ echo
+ echo Checking for rejected mail hosts:
+
+ yesterday=$(date -v-1d '+%b %e')
+ today=$(date '+%b %e')
+ n=$(($daily_status_mail_rejects_logs - 2))
+ rc=$({
+ while [ $n -ge 0 ]
+ do
+ if [ -f /var/log/maillog.$n ]
+ then
+ cat /var/log/maillog.$n
+ elif [ -f /var/log/maillog.$n.gz ]
+ then
+ zcat -fc /var/log/maillog.$n.gz
+ elif [ -f /var/log/maillog.$n.bz2 ]
+ then
+ bzcat -fc /var/log/maillog.$n.bz2
+ fi
+ n=$(($n - 1))
+ done
+ cat /var/log/maillog
+ } | sed -Ene "/^$today/q" -e "/^$yesterday/{"'
+ s/.*ruleset=check_relay,.* relay=([^,]+), reject=([^ ]*).*/\2 check_relay \1/p
+ t end
+ s/.*ruleset=check_rcpt,.* arg1=<?([^>,]+).* reject=([^ ]+) .* ([^ ]+)/\2 check_rcpt \1 \3/p
+ t end
+ s/.*ruleset=check_([^,]+),.* arg1=<?([^@]+@)?([^>,]+).* reject=([^ ]+) .* ([^ ]+)/\4 check_\1 \3 \5/p
+ :end
+ }' | eval $shorten | sort -f | uniq -ic | sort -fnr | tee /dev/stderr | wc -l)
+ [ $rc -gt 0 ] && rc=1
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/470.status-named b/etc/periodic/daily/470.status-named
new file mode 100755
index 0000000..987029e
--- /dev/null
+++ b/etc/periodic/daily/470.status-named
@@ -0,0 +1,62 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+catmsgs() {
+ find /var/log -name 'messages.*' -mtime -2 |
+ sort -t. -r -n -k 2,2 |
+ while read f
+ do
+ case $f in
+ *.gz) zcat -f $f;;
+ *.bz2) bzcat -f $f;;
+ esac
+ done
+ [ -f /var/log/messages ] && cat /var/log/messages
+}
+
+case "$daily_status_named_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Checking for denied zone transfers (AXFR and IXFR):'
+
+ start=`date -v-1d '+%b %e'`
+ rc=$(catmsgs |
+ fgrep -E "^$start.*named\[[[:digit:]]+\]: transfer of .*failed .*: REFUSED" |
+ sed -e "s/.*transfer of \'\(.*\)\/IN\' from \(.*\)#[0-9]*: .*/\1 from \2/" |
+ sort -f | uniq -ic | (
+ usedns=0
+ case "$daily_status_named_usedns" in
+ '') ;;
+ [yY][eE][sS]) usedns=1 ;;
+ esac
+
+ while read line ;do
+ ipaddr=`echo "$line" | sed -e 's/^.*from //'`
+ if [ $usedns -eq 1 ]; then
+ name=`host "${ipaddr}" 2>/dev/null | \
+ sed 's/.*domain name pointer \(.*\)\./\1/'`
+ fi
+ if [ -n "${name}" ]; then
+ echo "${line} (${name})"
+ else
+ echo "${line}"
+ fi
+ done ) | \
+ tee /dev/stderr | wc -l)
+ [ $rc -gt 0 ] && rc=1
+ ;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/480.status-ntpd b/etc/periodic/daily/480.status-ntpd
new file mode 100755
index 0000000..1eb8011
--- /dev/null
+++ b/etc/periodic/daily/480.status-ntpd
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+rc=0
+
+case "$daily_status_ntpd_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "NTP status:"
+
+ synchronized=$(ntpq -p | tee /dev/stderr | grep '^\*')
+ if [ -z "$synchronized" ]; then
+ rc=1
+ fi
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/490.status-pkg-changes b/etc/periodic/daily/490.status-pkg-changes
new file mode 100755
index 0000000..60e3e8c
--- /dev/null
+++ b/etc/periodic/daily/490.status-pkg-changes
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]; then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_pkg_changes_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -f /usr/sbin/pkg_info ]; then
+ echo '$daily_status_pkg_changes_enable is enabled but' \
+ "/usr/sbin/pkg_info doesn't exist"
+ rc=2
+ else
+ bak=/var/backups
+ rc=0
+
+ if [ -f $bak/pkg_info.bak ]; then
+ mv -f $bak/pkg_info.bak $bak/pkg_info.bak2
+ fi
+ /usr/sbin/pkg_info > $bak/pkg_info.bak
+
+ cmp -sz $bak/pkg_info.bak $bak/pkg_info.bak2
+ if [ $? -eq 1 ]; then
+ echo ""
+ echo "Changes in installed packages:"
+ diff -U 0 $bak/pkg_info.bak2 $bak/pkg_info.bak \
+ | grep '^[-+][^-+]' | sort -k 1.2
+ fi
+ fi
+ ;;
+
+ *)
+ rc=0
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/500.queuerun b/etc/periodic/daily/500.queuerun
new file mode 100755
index 0000000..f46c246
--- /dev/null
+++ b/etc/periodic/daily/500.queuerun
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_queuerun_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -x /usr/sbin/sendmail ]
+ then
+ echo '$daily_queuerun_enable is set but /usr/sbin/sendmail' \
+ "isn't executable"
+ rc=2
+ else
+ /usr/sbin/sendmail -q >/dev/null 2>&1 &
+ case "$daily_submit_queuerun" in
+ [Yy][Ee][Ss])
+ if [ -f /etc/mail/submit.cf ]
+ then
+ /usr/sbin/sendmail -q -Ac >/dev/null 2>&1 &
+ fi;;
+ esac
+ rc=0
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/800.scrub-zfs b/etc/periodic/daily/800.scrub-zfs
new file mode 100755
index 0000000..ee0e52a
--- /dev/null
+++ b/etc/periodic/daily/800.scrub-zfs
@@ -0,0 +1,98 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+
+newline="
+" # A single newline
+
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+: ${daily_scrub_zfs_default_threshold=35}
+
+case "$daily_scrub_zfs_enable" in
+ [Yy][Ee][Ss])
+ echo
+ echo 'Scrubbing of zfs pools:'
+
+ if [ -z "${daily_scrub_zfs_pools}" ]; then
+ daily_scrub_zfs_pools="$(zpool list -H -o name)"
+ fi
+
+ rc=0
+ for pool in ${daily_scrub_zfs_pools}; do
+ # sanity check
+ _status=$(zpool list "${pool}" 2> /dev/null)
+ if [ $? -ne 0 ]; then
+ rc=2
+ echo " WARNING: pool '${pool}' specified in"
+ echo " '/etc/periodic.conf:daily_scrub_zfs_pools'"
+ echo " does not exist"
+ continue
+ fi
+ _status=${_status##*$newline}
+ case ${_status} in
+ *FAULTED*)
+ rc=3
+ echo "Skipping faulted pool: ${pool}"
+ continue ;;
+ esac
+
+ # determine how many days shall be between scrubs
+ eval _pool_threshold=\${daily_scrub_zfs_$(echo "${pool}"|tr ".:-" "_")_threshold}
+ if [ -z "${_pool_threshold}" ];then
+ _pool_threshold=${daily_scrub_zfs_default_threshold}
+ fi
+
+ _last_scrub=$(zpool history ${pool} | \
+ egrep "^[0-9\.\:\-]{19} zpool scrub ${pool}\$" | tail -1 |\
+ cut -d ' ' -f 1)
+ if [ -z "${_last_scrub}" ]; then
+ # creation time of the pool if no scrub was done
+ _last_scrub=$(zpool history ${pool} | \
+ sed -ne '2s/ .*$//p')
+ fi
+
+ # Now minus last scrub (both in seconds) converted to days.
+ _scrub_diff=$(expr -e \( $(date +%s) - \
+ $(date -j -f %F.%T ${_last_scrub} +%s) \) / 60 / 60 / 24)
+ if [ ${_scrub_diff} -lt ${_pool_threshold} ]; then
+ echo " skipping scrubbing of pool '${pool}':"
+ echo " last scrubbing is ${_scrub_diff} days ago, threshold is set to ${_pool_threshold} days"
+ continue
+ fi
+
+ _status="$(zpool status ${pool} | grep scrub:)"
+ case "${_status}" in
+ *"scrub in progress"*)
+ echo " scrubbing of pool '${pool}' already in progress, skipping:"
+ ;;
+ *"none requested"*)
+ echo " starting first scrub (since reboot) of pool '${pool}':"
+ zpool scrub ${pool}
+ [ $rc -eq 0 ] && rc=1
+ ;;
+ *)
+ echo " starting scrub of pool '${pool}':"
+ zpool scrub ${pool}
+ [ $rc -eq 0 ] && rc=1
+ ;;
+ esac
+
+ echo " consult 'zpool status ${pool}' for the result"
+ done
+ ;;
+
+ *)
+ rc=0
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/daily/999.local b/etc/periodic/daily/999.local
new file mode 100755
index 0000000..3173475
--- /dev/null
+++ b/etc/periodic/daily/999.local
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Run the old /etc/daily.local script. This is really for backwards
+# compatibility more than anything else.
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+rc=0
+for script in $daily_local
+do
+ echo ''
+ case "$script" in
+ /*)
+ if [ -f "$script" ]
+ then
+ echo "Running $script:"
+
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
+ fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
+ esac
+done
+
+exit $rc
diff --git a/etc/periodic/daily/Makefile b/etc/periodic/daily/Makefile
new file mode 100644
index 0000000..b324f70
--- /dev/null
+++ b/etc/periodic/daily/Makefile
@@ -0,0 +1,65 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+FILES= 100.clean-disks \
+ 110.clean-tmps \
+ 120.clean-preserve \
+ 200.backup-passwd \
+ 220.backup-pkgdb \
+ 330.news \
+ 400.status-disks \
+ 405.status-ata-raid \
+ 406.status-gmirror \
+ 407.status-graid3 \
+ 408.status-gstripe \
+ 409.status-gconcat \
+ 420.status-network \
+ 450.status-security \
+ 999.local
+
+# NB: keep these sorted by MK_* knobs
+
+.if ${MK_ACCT} != "no"
+FILES+= 310.accounting
+.endif
+
+.if ${MK_BIND_NAMED} != "no"
+FILES+= 470.status-named
+.endif
+
+.if ${MK_CALENDAR} != "no"
+FILES+= 300.calendar
+.endif
+
+.if ${MK_MAIL} != "no"
+FILES+= 130.clean-msgs
+.endif
+
+.if ${MK_NTP} != "no"
+FILES+= 480.status-ntpd
+.endif
+
+.if ${MK_PKGTOOLS} != "no"
+FILES+= 490.status-pkg-changes
+.endif
+
+.if ${MK_RCMDS} != "no"
+FILES+= 140.clean-rwho \
+ 430.status-rwho
+.endif
+
+.if ${MK_SENDMAIL} != "no"
+FILES+= 150.clean-hoststat \
+ 210.backup-aliases \
+ 440.status-mailq \
+ 460.status-mail-rejects \
+ 500.queuerun
+.endif
+
+.if ${MK_ZFS} != "no"
+FILES+= 404.status-zfs \
+ 800.scrub-zfs
+.endif
+
+.include <bsd.prog.mk>
diff --git a/etc/periodic/monthly/200.accounting b/etc/periodic/monthly/200.accounting
new file mode 100755
index 0000000..46f153d
--- /dev/null
+++ b/etc/periodic/monthly/200.accounting
@@ -0,0 +1,51 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+oldmask=$(umask)
+umask 066
+case "$monthly_accounting_enable" in
+ [Yy][Ee][Ss])
+ W=/var/log/utx.log
+ rc=0
+ remove=NO
+ if [ ! -f $W.0 ]
+ then
+ if [ -f $W.0.gz ]
+ then
+ remove=YES
+ zcat $W.0.gz > $W.0 || rc=1
+ elif [ -f $W.0.bz2 ]
+ then
+ remove=YES
+ bzcat $W.0.bz2 > $W.0 || rc=1
+ else
+ echo '$monthly_accounting_enable is set but' \
+ "$W.0 doesn't exist"
+ rc=2
+ fi
+ fi
+ if [ $rc -eq 0 ]
+ then
+ echo ""
+ echo "Doing login accounting:"
+
+ rc=$(ac -p -w $W.0 | sort -nr -k 2 | tee /dev/stderr | wc -l)
+ [ $rc -gt 0 ] && rc=1
+ fi
+ [ $remove = YES ] && rm -f $W.0;;
+
+ *) rc=0;;
+esac
+
+umask $oldmask
+exit $rc
diff --git a/etc/periodic/monthly/999.local b/etc/periodic/monthly/999.local
new file mode 100755
index 0000000..4e7c2b9
--- /dev/null
+++ b/etc/periodic/monthly/999.local
@@ -0,0 +1,35 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+rc=0
+for script in $monthly_local
+do
+ echo ''
+ case "$script" in
+ /*)
+ if [ -f "$script" ]
+ then
+ echo "Running $script:"
+
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
+ fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
+ esac
+done
+
+exit $rc
diff --git a/etc/periodic/monthly/Makefile b/etc/periodic/monthly/Makefile
new file mode 100644
index 0000000..77c1d66
--- /dev/null
+++ b/etc/periodic/monthly/Makefile
@@ -0,0 +1,13 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+FILES= 999.local
+
+# NB: keep these sorted by MK_* knobs
+
+.if ${MK_UTMPX} != "no"
+FILES+= 200.accounting
+.endif
+
+.include <bsd.prog.mk>
diff --git a/etc/periodic/security/100.chksetuid b/etc/periodic/security/100.chksetuid
new file mode 100755
index 0000000..5b93b20
--- /dev/null
+++ b/etc/periodic/security/100.chksetuid
@@ -0,0 +1,58 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+rc=0
+
+case "$daily_status_security_chksetuid_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo 'Checking setuid files and devices:'
+ MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+ find -sx $MP /dev/null -type f \
+ \( -perm -u+x -or -perm -g+x -or -perm -o+x \) \
+ \( -perm -u+s -or -perm -g+s \) -exec ls -liTd \{\} \+ |
+ check_diff setuid - "${host} setuid diffs:"
+ rc=$?
+ ;;
+ *)
+ rc=0
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/110.neggrpperm b/etc/periodic/security/110.neggrpperm
new file mode 100755
index 0000000..68d1e7b
--- /dev/null
+++ b/etc/periodic/security/110.neggrpperm
@@ -0,0 +1,54 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+rc=0
+
+case "$daily_status_security_neggrpperm_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo 'Checking negative group permissions:'
+ MP=`mount -t ufs,zfs | awk '$0 !~ /no(suid|exec)/ { print $3 }'`
+ n=$(find -sx $MP /dev/null -type f \
+ \( \( ! -perm +010 -and -perm +001 \) -or \
+ \( ! -perm +020 -and -perm +002 \) -or \
+ \( ! -perm +040 -and -perm +004 \) \) \
+ -exec ls -liTd \{\} \+ | tee /dev/stderr | wc -l)
+ [ $n -gt 0 ] && rc=1 || rc=0
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/200.chkmounts b/etc/periodic/security/200.chkmounts
new file mode 100755
index 0000000..17b114e
--- /dev/null
+++ b/etc/periodic/security/200.chkmounts
@@ -0,0 +1,62 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# Show changes in the way filesystems are mounted
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+ignore="${daily_status_security_chkmounts_ignore}"
+rc=0
+
+case "$daily_status_security_chkmounts_enable" in
+ [Yy][Ee][Ss])
+ case "$daily_status_security_noamd" in
+ [Yy][Ee][Ss])
+ ignore="${ignore}|^amd:"
+ esac
+ [ -n "$ignore" ] && cmd="egrep -v ${ignore#|}" || cmd=cat
+ if ! [ -f /etc/fstab ]; then
+ export PATH_FSTAB=/dev/null
+ fi
+ mount -p | sort | ${cmd} |
+ check_diff mount - "${host} changes in mounted filesystems:"
+ rc=$?;;
+ *) rc=0;;
+esac
+
+exit "$rc"
diff --git a/etc/periodic/security/300.chkuid0 b/etc/periodic/security/300.chkuid0
new file mode 100755
index 0000000..32cc16c
--- /dev/null
+++ b/etc/periodic/security/300.chkuid0
@@ -0,0 +1,51 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_security_chkuid0_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo 'Checking for uids of 0:'
+ n=$(awk -F: '/^#/ {next} $3==0 {print $1,$3}' /etc/master.passwd |
+ tee /dev/stderr |
+ sed -e '/^root 0$/d' -e '/^toor 0$/d' |
+ wc -l)
+ [ $n -gt 0 ] && rc=1 || rc=0;;
+ *) rc=0;;
+esac
+
+exit "$rc"
diff --git a/etc/periodic/security/400.passwdless b/etc/periodic/security/400.passwdless
new file mode 100755
index 0000000..42ece04
--- /dev/null
+++ b/etc/periodic/security/400.passwdless
@@ -0,0 +1,48 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_security_passwdless_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo 'Checking for passwordless accounts:'
+ n=$(awk -F: 'NF > 1 && $1 !~ /^[#+-]/ && $2=="" {print $0}' /etc/master.passwd |
+ tee /dev/stderr | wc -l)
+ [ $n -gt 0 ] && rc=1 || rc=0;;
+ *) rc=0;;
+esac
+
+exit "$rc"
diff --git a/etc/periodic/security/410.logincheck b/etc/periodic/security/410.logincheck
new file mode 100755
index 0000000..f6cf405
--- /dev/null
+++ b/etc/periodic/security/410.logincheck
@@ -0,0 +1,52 @@
+#!/bin/sh -
+#
+# Copyright (c) 2006 Tom Rhodes
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$daily_status_security_logincheck_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo 'Checking login.conf permissions:'
+ if [ -G /etc/login.conf -a -O /etc/login.conf ]; then
+ n=0
+ else
+ echo "Bad ownership of /etc/login.conf"
+ n=1
+ fi
+ [ $n -gt 0 ] && rc=1 || rc=0;;
+ *) rc=0;;
+esac
+
+exit "$rc"
diff --git a/etc/periodic/security/460.chkportsum b/etc/periodic/security/460.chkportsum
new file mode 100755
index 0000000..3a39c84
--- /dev/null
+++ b/etc/periodic/security/460.chkportsum
@@ -0,0 +1,68 @@
+#!/bin/sh -
+#
+# Copyright (c) 2010 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+rc=0
+
+echo ""
+echo 'Checking for ports with mismatched checksums:'
+
+case "${daily_status_security_chkportsum_enable}" in
+ [Yy][Ee][Ss])
+ set -f
+ pkg_info -ga 2>/dev/null | \
+ while IFS= read -r line; do
+ set -- $line
+ case $1 in
+ Information)
+ case $2 in
+ for) name="${3%%:}" ;;
+ *) name='??' ;;
+ esac
+ ;;
+ Mismatched|'') ;;
+ *) [ -n "${name}" ] &&
+ echo "${name}: ${line%% fails the original MD5 checksum}"
+ ;;
+ esac
+ done
+ ;;
+ *)
+ rc=0
+ ;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/500.ipfwdenied b/etc/periodic/security/500.ipfwdenied
new file mode 100755
index 0000000..6a6fb8b4
--- /dev/null
+++ b/etc/periodic/security/500.ipfwdenied
@@ -0,0 +1,53 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+rc=0
+
+case "$daily_status_security_ipfwdenied_enable" in
+ [Yy][Ee][Ss])
+ TMP=`mktemp -t security`
+ if ipfw -a list 2>/dev/null | egrep "deny|reset|unreach" > ${TMP}; then
+ check_diff new_only ipfw ${TMP} "${host} ipfw denied packets:"
+ fi
+ rc=$?
+ rm -f ${TMP};;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/510.ipfdenied b/etc/periodic/security/510.ipfdenied
new file mode 100755
index 0000000..2058d2b
--- /dev/null
+++ b/etc/periodic/security/510.ipfdenied
@@ -0,0 +1,53 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+rc=0
+
+case "$daily_status_security_ipfdenied_enable" in
+ [Yy][Ee][Ss])
+ TMP=`mktemp -t security`
+ if ipfstat -nhio 2>/dev/null | grep block > ${TMP}; then
+ check_diff new_only ipf ${TMP} "${host} ipf denied packets:"
+ fi
+ rc=$?
+ rm -f ${TMP};;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/520.pfdenied b/etc/periodic/security/520.pfdenied
new file mode 100755
index 0000000..5e51393
--- /dev/null
+++ b/etc/periodic/security/520.pfdenied
@@ -0,0 +1,53 @@
+#!/bin/sh -
+#
+# Copyright (c) 2004 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+rc=0
+
+case "$daily_status_security_pfdenied_enable" in
+ [Yy][Ee][Ss])
+ TMP=`mktemp -t security`
+ if pfctl -sr -v 2>/dev/null | nawk '{if (/^block/) {buf=$0; getline; gsub(" +"," ",$0); print buf$0;} }' > ${TMP}; then
+ check_diff new_only pf ${TMP} "${host} pf denied packets:"
+ fi
+ rc=$?
+ rm -f ${TMP};;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/550.ipfwlimit b/etc/periodic/security/550.ipfwlimit
new file mode 100755
index 0000000..daa0f86
--- /dev/null
+++ b/etc/periodic/security/550.ipfwlimit
@@ -0,0 +1,68 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# Show ipfw rules which have reached the log limit
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+rc=0
+
+case "$daily_status_security_ipfwlimit_enable" in
+ [Yy][Ee][Ss])
+ IPFW_VERBOSE=`sysctl -n net.inet.ip.fw.verbose 2> /dev/null`
+ if [ $? -ne 0 ] || [ "$IPFW_VERBOSE" -eq 0 ]; then
+ exit 0
+ fi
+ TMP=`mktemp -t security`
+ ipfw -a list | grep " log " | \
+ grep '^[[:digit:]]\+[[:space:]]\+[[:digit:]]\+' | \
+ awk \
+ '{if ($6 == "logamount") {
+ if ($2 > $7)
+ {print $0}}
+ }' > ${TMP}
+
+ if [ -s "${TMP}" ]; then
+ rc=1
+ echo ""
+ echo 'ipfw log limit reached:'
+ cat ${TMP}
+ fi
+ rm -f ${TMP};;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/610.ipf6denied b/etc/periodic/security/610.ipf6denied
new file mode 100755
index 0000000..6c64d92
--- /dev/null
+++ b/etc/periodic/security/610.ipf6denied
@@ -0,0 +1,53 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+rc=0
+
+case "$daily_status_security_ipf6denied_enable" in
+ [Yy][Ee][Ss])
+ TMP=`mktemp ${TMPDIR:-/tmp}/security.XXXXXXXXXX`
+ if ipfstat -nhio6 2>/dev/null | grep block > ${TMP}; then
+ check_diff new_only ipf6 ${TMP} "${host} ipf6 denied packets:"
+ fi
+ rc=$?
+ rm -f ${TMP};;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/700.kernelmsg b/etc/periodic/security/700.kernelmsg
new file mode 100755
index 0000000..fb5ed63
--- /dev/null
+++ b/etc/periodic/security/700.kernelmsg
@@ -0,0 +1,53 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# Show kernel log messages
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+. /etc/periodic/security/security.functions
+
+rc=0
+
+case "$daily_status_security_kernelmsg_enable" in
+ [Yy][Ee][Ss])
+ dmesg 2>/dev/null |
+ check_diff new_only dmesg - "${host} kernel log messages:"
+ rc=$?;;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/800.loginfail b/etc/periodic/security/800.loginfail
new file mode 100755
index 0000000..767b959
--- /dev/null
+++ b/etc/periodic/security/800.loginfail
@@ -0,0 +1,68 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# Show login failures
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+LOG="${daily_status_security_logdir}"
+
+yesterday=`date -v-1d "+%b %e "`
+
+catmsgs() {
+ find ${LOG} -name 'auth.log.*' -mtime -2 |
+ sort -t. -r -n -k 2,2 |
+ while read f
+ do
+ case $f in
+ *.gz) zcat -f $f;;
+ *.bz2) bzcat -f $f;;
+ esac
+ done
+ [ -f ${LOG}/auth.log ] && cat $LOG/auth.log
+}
+
+case "$daily_status_security_loginfail_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "${host} login failures:"
+ n=$(catmsgs | egrep -ia "^$yesterday.*: .*(fail|invalid|bad|illegal)" |
+ tee /dev/stderr | wc -l)
+ [ $n -gt 0 ] && rc=1 || rc=0;;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/900.tcpwrap b/etc/periodic/security/900.tcpwrap
new file mode 100755
index 0000000..55f7709
--- /dev/null
+++ b/etc/periodic/security/900.tcpwrap
@@ -0,0 +1,68 @@
+#!/bin/sh -
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# Show tcp_wrapper warning messages
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+LOG="${daily_status_security_logdir}"
+
+yesterday=`date -v-1d "+%b %e "`
+
+catmsgs() {
+ find ${LOG} -name 'messages.*' -mtime -2 |
+ sort -t. -r -n -k 2,2 |
+ while read f
+ do
+ case $f in
+ *.gz) zcat -f $f;;
+ *.bz2) bzcat -f $f;;
+ esac
+ done
+ [ -f ${LOG}/messages ] && cat $LOG/messages
+}
+
+case "$daily_status_security_tcpwrap_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "${host} refused connections:"
+ n=$(catmsgs | grep -i "^$yesterday.*refused connect" |
+ tee /dev/stderr | wc -l)
+ [ $n -gt 0 ] && rc=1 || rc=0;;
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/security/Makefile b/etc/periodic/security/Makefile
new file mode 100644
index 0000000..fbcd454
--- /dev/null
+++ b/etc/periodic/security/Makefile
@@ -0,0 +1,36 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+FILES= 100.chksetuid \
+ 110.neggrpperm \
+ 200.chkmounts \
+ 300.chkuid0 \
+ 400.passwdless \
+ 410.logincheck \
+ 700.kernelmsg \
+ 800.loginfail \
+ 900.tcpwrap \
+ security.functions
+
+# NB: keep these sorted by MK_* knobs
+
+.if ${MK_IPFILTER} != "no"
+FILES+= 510.ipfdenied
+FILES+= 610.ipf6denied
+.endif
+
+.if ${MK_IPFW} != "no"
+FILES+= 500.ipfwdenied \
+ 550.ipfwlimit
+.endif
+
+.if ${MK_PF} != "no"
+FILES+= 520.pfdenied
+.endif
+
+.if ${MK_PKGTOOLS} != "no"
+FILES+= 460.chkportsum
+.endif
+
+.include <bsd.prog.mk>
diff --git a/etc/periodic/security/security.functions b/etc/periodic/security/security.functions
new file mode 100644
index 0000000..f5b8dcd
--- /dev/null
+++ b/etc/periodic/security/security.functions
@@ -0,0 +1,78 @@
+#!/bin/sh
+#
+# Copyright (c) 2001 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+#
+# Show differences in the output of an audit command
+#
+
+LOG="${daily_status_security_logdir}"
+rc=0
+
+# Usage: COMMAND | check_diff [new_only] LABEL - MSG
+# COMMAND > TMPFILE; check_diff [new_only] LABEL TMPFILE MSG
+# if $1 is new_only, show only the 'new' part of the diff.
+# LABEL is the base name of the ${LOG}/${label}.{today,yesterday} files.
+
+check_diff() {
+ rc=0
+ if [ "$1" = "new_only" ]; then
+ shift
+ filter="grep '^[>+]'"
+ else
+ filter="cat"
+ fi
+ label="$1"; shift
+ tmpf="$1"; shift
+ msg="$1"; shift
+
+ if [ "${tmpf}" = "-" ]; then
+ tmpf=`mktemp -t security`
+ cat > ${tmpf}
+ fi
+
+ if [ ! -f ${LOG}/${label}.today ]; then
+ rc=1
+ echo ""
+ echo "No ${LOG}/${label}.today"
+ cp ${tmpf} ${LOG}/${label}.today || rc=3
+ fi
+
+ if ! cmp -s ${LOG}/${label}.today ${tmpf} >/dev/null; then
+ [ $rc -lt 1 ] && rc=1
+ echo ""
+ echo "${msg}"
+ diff ${daily_status_security_diff_flags} ${LOG}/${label}.today \
+ ${tmpf} | eval "${filter}"
+ mv ${LOG}/${label}.today ${LOG}/${label}.yesterday || rc=3
+ mv ${tmpf} ${LOG}/${label}.today || rc=3
+ fi
+
+ rm -f ${tmpf}
+ exit ${rc}
+}
diff --git a/etc/periodic/weekly/310.locate b/etc/periodic/weekly/310.locate
new file mode 100755
index 0000000..4079f5e
--- /dev/null
+++ b/etc/periodic/weekly/310.locate
@@ -0,0 +1,32 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$weekly_locate_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Rebuilding locate database:"
+
+ locdb=/var/db/locate.database
+
+ touch $locdb && rc=0 || rc=3
+ chown nobody $locdb || rc=3
+ chmod 644 $locdb || rc=3
+
+ cd /
+ echo /usr/libexec/locate.updatedb | nice -n 5 su -fm nobody || rc=3
+ chmod 444 $locdb || rc=3;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/weekly/320.whatis b/etc/periodic/weekly/320.whatis
new file mode 100755
index 0000000..dfc218a
--- /dev/null
+++ b/etc/periodic/weekly/320.whatis
@@ -0,0 +1,51 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$weekly_whatis_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Rebuilding whatis database:"
+
+ MANPATH=`/usr/bin/manpath -q`
+ if [ $? = 0 ]
+ then
+ if [ -z "${MANPATH}" ]
+ then
+ echo "manpath failed to find any manpage directories"
+ rc=3
+ else
+ man_locales=`/usr/bin/manpath -qL`
+ rc=0
+
+ # Build whatis(1) database(s) for original, non-localized
+ # manpages.
+ /usr/libexec/makewhatis.local "${MANPATH}" || rc=3
+
+ # Build whatis(1) database(s) for localized manpages.
+ if [ X"${man_locales}" != X ]
+ then
+ for i in ${man_locales}
+ do
+ LC_ALL=$i /usr/libexec/makewhatis.local -a \
+ -L "${MANPATH}" || rc=3
+ done
+ fi
+ fi
+ else
+ rc=3
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/weekly/330.catman b/etc/periodic/weekly/330.catman
new file mode 100755
index 0000000..1ba2f7e
--- /dev/null
+++ b/etc/periodic/weekly/330.catman
@@ -0,0 +1,58 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$weekly_catman_enable" in
+ [Yy][Ee][Ss])
+ if [ ! -d /usr/share/man/cat1 ]
+ then
+ echo '$weekly_catman_enable is set but /usr/share/man/cat1' \
+ "doesn't exist"
+ rc=2
+ else
+ echo ""
+ echo "Reformatting manual pages:"
+
+ MANPATH=`/usr/bin/manpath -q`
+ if [ $? = 0 ]
+ then
+ if [ -z "${MANPATH}" ]
+ then
+ echo "manpath failed to find any manpath directories"
+ rc=3
+ else
+ man_locales=`/usr/bin/manpath -qL`
+ rc=0
+
+ # Preformat original, non-localized manpages
+ echo /usr/libexec/catman.local -r "$MANPATH" |
+ su -fm man || rc=3
+
+ # Preformat localized manpages.
+ if [ -n "$man_locales" ]
+ then
+ for i in $man_locales
+ do
+ echo /usr/libexec/catman.local -Lr \
+ "$MANPATH" | LC_ALL=$i su -fm man || rc=3
+ done
+ fi
+ fi
+ else
+ rc=3
+ fi
+ fi;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/weekly/340.noid b/etc/periodic/weekly/340.noid
new file mode 100755
index 0000000..11a5f53
--- /dev/null
+++ b/etc/periodic/weekly/340.noid
@@ -0,0 +1,29 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$weekly_noid_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Check for files with an unknown user or group:"
+
+ rc=$(find -H ${weekly_noid_dirs:-/} \
+ \( ! -fstype local -prune -or -name \* \) -and \
+ \( -nogroup -o -nouser \) -print | sed 's/^/ /' |
+ tee /dev/stderr | wc -l)
+ [ $rc -gt 1 ] && rc=1
+ ;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/weekly/400.status-pkg b/etc/periodic/weekly/400.status-pkg
new file mode 100755
index 0000000..785c2ff
--- /dev/null
+++ b/etc/periodic/weekly/400.status-pkg
@@ -0,0 +1,33 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+case "$weekly_status_pkg_enable" in
+ [Yy][Ee][Ss])
+ echo ""
+ echo "Check for out of date packages:"
+
+ rc=$(${pkg_version:-pkg_version} -v ${pkg_version_index} |
+ sed -n -e 's/^\([^ ]*\) *< */ \1 /p' \
+ -e '/^[^ ]*-\([^ ]*\) *\* *multiple versions.*[ ,]\1[,)].*/d' \
+ -e 's/^\([^ ]*\) *\* *multiple versions.*\((.*\)/ \1 needs updating \2/p' \
+ -e 's/^\(bsdpan-[^ ]*\) *? *unknown in index/ \1 may be outdated - check CPAN version manually/p' \
+ -e 's/^\([^ ]*-[^ ]*\) *? *unknown in index/ \1 is obsolete/p' \
+ -e 's/^\([^ ]*-[^ ]*\) *? *\(orphaned:.*\)$/ \1 was \2/p' |
+ tee /dev/stderr |
+ wc -l)
+ [ $rc -gt 1 ] && rc=1;;
+
+ *) rc=0;;
+esac
+
+exit $rc
diff --git a/etc/periodic/weekly/999.local b/etc/periodic/weekly/999.local
new file mode 100755
index 0000000..3951bb5
--- /dev/null
+++ b/etc/periodic/weekly/999.local
@@ -0,0 +1,35 @@
+#!/bin/sh -
+#
+# $FreeBSD$
+#
+
+# If there is a global system configuration file, suck it in.
+#
+if [ -r /etc/defaults/periodic.conf ]
+then
+ . /etc/defaults/periodic.conf
+ source_periodic_confs
+fi
+
+rc=0
+for script in $weekly_local
+do
+ echo ''
+ case "$script" in
+ /*)
+ if [ -f "$script" ]
+ then
+ echo "Running $script:"
+
+ sh $script || rc=3
+ else
+ echo "$script: No such file"
+ [ $rc -lt 2 ] && rc=2
+ fi;;
+ *)
+ echo "$script: Not an absolute path"
+ [ $rc -lt 2 ] && rc=2;;
+ esac
+done
+
+exit $rc
diff --git a/etc/periodic/weekly/Makefile b/etc/periodic/weekly/Makefile
new file mode 100644
index 0000000..7f2eae2
--- /dev/null
+++ b/etc/periodic/weekly/Makefile
@@ -0,0 +1,22 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+FILES= 340.noid \
+ 999.local
+
+# NB: keep these sorted by MK_* knobs
+
+.if ${MK_LOCATE} != "no"
+FILES+= 310.locate
+.endif
+
+.if ${MK_MAN_UTILS} != "no"
+FILES+= 320.whatis 330.catman
+.endif
+
+.if ${MK_PKGTOOLS} != "no"
+FILES+= 400.status-pkg
+.endif
+
+.include <bsd.prog.mk>
diff --git a/etc/pf.os b/etc/pf.os
new file mode 100644
index 0000000..00873a7
--- /dev/null
+++ b/etc/pf.os
@@ -0,0 +1,690 @@
+# $FreeBSD$
+# $OpenBSD: pf.os,v 1.25 2010/10/18 15:55:27 deraadt Exp $
+# passive OS fingerprinting
+# -------------------------
+#
+# SYN signatures. Those signatures work for SYN packets only (duh!).
+#
+# (C) Copyright 2000-2003 by Michal Zalewski <lcamtuf@coredump.cx>
+# (C) Copyright 2003 by Mike Frantzen <frantzen@w4g.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+#
+# This fingerprint database is adapted from Michal Zalewski's p0f passive
+# operating system package. The last database sync was from a Nov 3 2003
+# p0f.fp.
+#
+#
+# Each line in this file specifies a single fingerprint. Please read the
+# information below carefully before attempting to append any signatures
+# reported as UNKNOWN to this file to avoid mistakes.
+#
+# We use the following set metrics for fingerprinting:
+#
+# - Window size (WSS) - a highly OS dependent setting used for TCP/IP
+# performance control (max. amount of data to be sent without ACK).
+# Some systems use a fixed value for initial packets. On other
+# systems, it is a multiple of MSS or MTU (MSS+40). In some rare
+# cases, the value is just arbitrary.
+#
+# NEW SIGNATURE: if p0f reported a special value of 'Snn', the number
+# appears to be a multiple of MSS (MSS*nn); a special value of 'Tnn'
+# means it is a multiple of MTU ((MSS+40)*nn). Unless you notice the
+# value of nn is not fixed (unlikely), just copy the Snn or Tnn token
+# literally. If you know this device has a simple stack and a fixed
+# MTU, you can however multiply S value by MSS, or T value by MSS+40,
+# and put it instead of Snn or Tnn.
+#
+# If WSS otherwise looks like a fixed value (for example a multiple
+# of two), or if you can confirm the value is fixed, please quote
+# it literally. If there's no apparent pattern in WSS chosen, you
+# should consider wildcarding this value.
+#
+# - Overall packet size - a function of all IP and TCP options and bugs.
+#
+# NEW SIGNATURE: Copy this value literally.
+#
+# - Initial TTL - We check the actual TTL of a received packet. It can't
+# be higher than the initial TTL, and also shouldn't be dramatically
+# lower (maximum distance is defined as 40 hops).
+#
+# NEW SIGNATURE: *Never* copy TTL from a p0f-reported signature literally.
+# You need to determine the initial TTL. The best way to do it is to
+# check the documentation for a remote system, or check its settings.
+# A fairly good method is to simply round the observed TTL up to
+# 32, 64, 128, or 255, but it should be noted that some obscure devices
+# might not use round TTLs (in particular, some shoddy appliances use
+# "original" initial TTL settings). If not sure, you can see how many
+# hops you're away from the remote party with traceroute or mtr.
+#
+# - Don't fragment flag (DF) - some modern OSes set this to implement PMTU
+# discovery. Others do not bother.
+#
+# NEW SIGNATURE: Copy this value literally.
+#
+# - Maximum segment size (MSS) - this setting is usually link-dependent. P0f
+# uses it to determine link type of the remote host.
+#
+# NEW SIGNATURE: Always wildcard this value, except for rare cases when
+# you have an appliance with a fixed value, know the system supports only
+# a very limited number of network interface types, or know the system
+# is using a value it pulled out of nowhere. Specific unique MSS
+# can be used to tell Google crawlbots from the rest of the population.
+#
+# - Window scaling (WSCALE) - this feature is used to scale WSS.
+# It extends the size of a TCP/IP window to 32 bits. Some modern
+# systems implement this feature.
+#
+# NEW SIGNATURE: Observe several signatures. Initial WSCALE is often set
+# to zero or other low value. There's usually no need to wildcard this
+# parameter.
+#
+# - Timestamp - some systems that implement timestamps set them to
+# zero in the initial SYN. This case is detected and handled appropriately.
+#
+# - Selective ACK permitted - a flag set by systems that implement
+# selective ACK functionality.
+#
+# - The sequence of TCP all options (MSS, window scaling, selective ACK
+# permitted, timestamp, NOP). Other than the options previously
+# discussed, p0f also checks for timestamp option (a silly
+# extension to broadcast your uptime ;-), NOP options (used for
+# header padding) and sackOK option (selective ACK feature).
+#
+# NEW SIGNATURE: Copy the sequence literally.
+#
+# To wildcard any value (except for initial TTL or TCP options), replace
+# it with '*'. You can also use a modulo operator to match any values
+# that divide by nnn - '%nnn'.
+#
+# Fingerprint entry format:
+#
+# wwww:ttt:D:ss:OOO...:OS:Version:Subtype:Details
+#
+# wwww - window size (can be *, %nnn, Snn or Tnn). The special values
+# "S" and "T" which are a multiple of MSS or a multiple of MTU
+# respectively.
+# ttt - initial TTL
+# D - don't fragment bit (0 - not set, 1 - set)
+# ss - overall SYN packet size
+# OOO - option value and order specification (see below)
+# OS - OS genre (Linux, Solaris, Windows)
+# Version - OS Version (2.0.27 on x86, etc)
+# Subtype - OS subtype or patchlevel (SP3, lo0)
+# details - Generic OS details
+#
+# If OS genre starts with '*', p0f will not show distance, link type
+# and timestamp data. It is useful for userland TCP/IP stacks of
+# network scanners and so on, where many settings are randomized or
+# bogus.
+#
+# If OS genre starts with @, it denotes an approximate hit for a group
+# of operating systems (signature reporting still enabled in this case).
+# Use this feature at the end of this file to catch cases for which
+# you don't have a precise match, but can tell it's Windows or FreeBSD
+# or whatnot by looking at, say, flag layout alone.
+#
+# Option block description is a list of comma or space separated
+# options in the order they appear in the packet:
+#
+# N - NOP option
+# Wnnn - window scaling option, value nnn (or * or %nnn)
+# Mnnn - maximum segment size option, value nnn (or * or %nnn)
+# S - selective ACK OK
+# T - timestamp
+# T0 - timestamp with a zero value
+#
+# To denote no TCP options, use a single '.'.
+#
+# Please report any additions to this file, or any inaccuracies or
+# problems spotted, to the maintainers: lcamtuf@coredump.cx,
+# frantzen@openbsd.org and bugs@openbsd.org with a tcpdump packet
+# capture of the relevant SYN packet(s)
+#
+# A test and submission page is available at
+# http://lcamtuf.coredump.cx/p0f-help/
+#
+#
+# WARNING WARNING WARNING
+# -----------------------
+#
+# Do not add a system X as OS Y just because NMAP says so. It is often
+# the case that X is a NAT firewall. While nmap is talking to the
+# device itself, p0f is fingerprinting the guy behind the firewall
+# instead.
+#
+# When in doubt, use common sense, don't add something that looks like
+# a completely different system as Linux or FreeBSD or LinkSys router.
+# Check DNS name, establish a connection to the remote host and look
+# at SYN+ACK - does it look similar?
+#
+# Some users tweak their TCP/IP settings - enable or disable RFC1323
+# functionality, enable or disable timestamps or selective ACK,
+# disable PMTU discovery, change MTU and so on. Always compare a new rule
+# to other fingerprints for this system, and verify the system isn't
+# "customized" before adding it. It is OK to add signature variants
+# caused by a commonly used software (personal firewalls, security
+# packages, etc), but it makes no sense to try to add every single
+# possible /proc/sys/net/ipv4 tweak on Linux or so.
+#
+# KEEP IN MIND: Some packet firewalls configured to normalize outgoing
+# traffic (OpenBSD pf with "scrub" enabled, for example) will, well,
+# normalize packets. Signatures will not correspond to the originating
+# system (and probably not quite to the firewall either).
+#
+# NOTE: Try to keep this file in some reasonable order, from most to
+# least likely systems. This will speed up operation. Also keep most
+# generic and broad rules near the end.
+#
+
+##########################
+# Standard OS signatures #
+##########################
+
+# ----------------- AIX ---------------------
+
+# AIX is first because its signatures are close to NetBSD, MacOS X and
+# Linux 2.0, but it uses a fairly rare MSSes, at least sometimes...
+# This is a shoddy hack, though.
+
+45046:64:0:44:M*: AIX:4.3::AIX 4.3
+16384:64:0:44:M512: AIX:4.3:2-3:AIX 4.3.2 and earlier
+
+16384:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
+16384:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
+32768:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
+32768:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
+65535:64:0:60:M512,N,W%2,N,N,T: AIX:4.3:3:AIX 4.3.3-5.2
+65535:64:0:60:M512,N,W%2,N,N,T: AIX:5.1-5.2::AIX 4.3.3-5.2
+65535:64:0:64:M*,N,W1,N,N,T,N,N,S: AIX:5.3:ML1:AIX 5.3 ML1
+
+# ----------------- Linux -------------------
+
+# S1:64:0:44:M*:A: Linux:1.2::Linux 1.2.x (XXX quirks support)
+512:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
+16384:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x
+
+# Endian snafu! Nelson says "ha-ha":
+2:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
+64:64:0:44:M*: Linux:2.0:3x:Linux 2.0.3x (MkLinux) on Mac
+
+
+S4:64:1:60:M1360,S,T,N,W0: Linux:google::Linux (Google crawlbot)
+
+S2:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4 (big boy)
+S3:64:1:60:M*,S,T,N,W0: Linux:2.4:.18-21:Linux 2.4.18 and newer
+S4:64:1:60:M*,S,T,N,W0: Linux:2.4::Linux 2.4/2.6 <= 2.6.7
+S4:64:1:60:M*,S,T,N,W0: Linux:2.6:.1-7:Linux 2.4/2.6 <= 2.6.7
+S4:64:1:60:M*,S,T,N,W7: Linux:2.6:8:Linux 2.6.8 and newer (?)
+
+S3:64:1:60:M*,S,T,N,W1: Linux:2.5::Linux 2.5 (sometimes 2.4)
+S4:64:1:60:M*,S,T,N,W1: Linux:2.5-2.6::Linux 2.5/2.6
+S3:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4)
+S4:64:1:60:M*,S,T,N,W2: Linux:2.5::Linux 2.5 (sometimes 2.4)
+
+S20:64:1:60:M*,S,T,N,W0: Linux:2.2:20-25:Linux 2.2.20 and newer
+S22:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
+S11:64:1:60:M*,S,T,N,W0: Linux:2.2::Linux 2.2
+
+# Popular cluster config scripts disable timestamps and
+# selective ACK:
+S4:64:1:48:M1460,N,W0: Linux:2.4:cluster:Linux 2.4 in cluster
+
+# This needs to be investigated. On some systems, WSS
+# is selected as a multiple of MTU instead of MSS. I got
+# many submissions for this for many late versions of 2.4:
+T4:64:1:60:M1412,S,T,N,W0: Linux:2.4::Linux 2.4 (late, uncommon)
+
+# This happens only over loopback, but let's make folks happy:
+32767:64:1:60:M16396,S,T,N,W0: Linux:2.4:lo0:Linux 2.4 (local)
+S8:64:1:60:M3884,S,T,N,W0: Linux:2.2:lo0:Linux 2.2 (local)
+
+# Opera visitors:
+16384:64:1:60:M*,S,T,N,W0: Linux:2.2:Opera:Linux 2.2 (Opera?)
+32767:64:1:60:M*,S,T,N,W0: Linux:2.4:Opera:Linux 2.4 (Opera?)
+
+# Some fairly common mods:
+S4:64:1:52:M*,N,N,S,N,W0: Linux:2.4:ts:Linux 2.4 w/o timestamps
+S22:64:1:52:M*,N,N,S,N,W0: Linux:2.2:ts:Linux 2.2 w/o timestamps
+
+
+# ----------------- FreeBSD -----------------
+
+16384:64:1:44:M*: FreeBSD:2.0-2.2::FreeBSD 2.0-4.2
+16384:64:1:44:M*: FreeBSD:3.0-3.5::FreeBSD 2.0-4.2
+16384:64:1:44:M*: FreeBSD:4.0-4.2::FreeBSD 2.0-4.2
+16384:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
+
+1024:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.4::FreeBSD 4.4
+
+57344:64:1:44:M*: FreeBSD:4.6-4.8:noRFC1323:FreeBSD 4.6-4.8 (no RFC1323)
+57344:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.6-4.9::FreeBSD 4.6-4.9
+
+32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.1 (or MacOS X)
+32768:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.1::FreeBSD 4.8-5.1 (or MacOS X)
+65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:4.8-4.11::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W0,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.8-5.2 (or MacOS X)
+65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:4.7-4.11::FreeBSD 4.7-5.2
+65535:64:1:60:M*,N,W1,N,N,T: FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
+
+# XXX need quirks support
+# 65535:64:1:60:M*,N,W0,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (1)
+# 65535:64:1:60:M*,N,W1,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (2)
+# 65535:64:1:60:M*,N,W2,N,N,T:Z:FreeBSD:5.1-5.4::5.1-current (3)
+# 65535:64:1:44:M*:Z:FreeBSD:5.2::FreeBSD 5.2 (no RFC1323)
+
+# 16384:64:1:60:M*,N,N,N,N,N,N,T:FreeBSD:4.4:noTS:FreeBSD 4.4 (w/o timestamps)
+
+# ----------------- NetBSD ------------------
+
+16384:64:0:60:M*,N,W0,N,N,T: NetBSD:1.3::NetBSD 1.3
+65535:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6:opera:NetBSD 1.6 (Opera)
+16384:64:0:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6
+16384:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:df:NetBSD 1.6 (DF)
+65535:64:1:60:M*,N,W1,N,N,T0: NetBSD:1.6::NetBSD 1.6W-current (DF)
+65535:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6::NetBSD 1.6X (DF)
+32768:64:1:60:M*,N,W0,N,N,T0: NetBSD:1.6:randomization:NetBSD 1.6ZH-current (w/ ip_id randomization)
+
+# ----------------- OpenBSD -----------------
+
+16384:64:0:60:M*,N,W0,N,N,T: OpenBSD:2.6::NetBSD 1.3 (or OpenBSD 2.6)
+16384:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8::OpenBSD 3.0-4.8
+16384:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.8:no-df:OpenBSD 3.0-4.8 (scrub no-df)
+57344:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0::OpenBSD 3.3-4.0
+57344:64:0:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.3-4.0:no-df:OpenBSD 3.3-4.0 (scrub no-df)
+
+65535:64:1:64:M*,N,N,S,N,W0,N,N,T: OpenBSD:3.0-4.0:opera:OpenBSD 3.0-4.0 (Opera)
+
+16384:64:1:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9::OpenBSD 4.9
+16384:64:0:64:M*,N,N,S,N,W3,N,N,T: OpenBSD:4.9:no-df:OpenBSD 4.9 (scrub no-df)
+
+# ----------------- Solaris -----------------
+
+S17:64:1:64:N,W3,N,N,T0,N,N,S,M*: Solaris:8:RFC1323:Solaris 8 RFC1323
+S17:64:1:48:N,N,S,M*: Solaris:8::Solaris 8
+S17:255:1:44:M*: Solaris:2.5-2.7::Solaris 2.5 to 7
+
+S6:255:1:44:M*: Solaris:2.6-2.7::Solaris 2.6 to 7
+S23:255:1:44:M*: Solaris:2.5:1:Solaris 2.5.1
+S34:64:1:48:M*,N,N,S: Solaris:2.9::Solaris 9
+S44:255:1:44:M*: Solaris:2.7::Solaris 7
+
+4096:64:0:44:M1460: SunOS:4.1::SunOS 4.1.x
+
+S34:64:1:52:M*,N,W0,N,N,S: Solaris:10:beta:Solaris 10 (beta)
+32850:64:1:64:M*,N,N,T,N,W1,N,N,S: Solaris:10::Solaris 10 1203
+
+# ----------------- IRIX --------------------
+
+49152:64:0:44:M*: IRIX:6.4::IRIX 6.4
+61440:64:0:44:M*: IRIX:6.2-6.5::IRIX 6.2-6.5
+49152:64:0:52:M*,N,W2,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
+49152:64:0:52:M*,N,W3,N,N,S: IRIX:6.5:RFC1323:IRIX 6.5 (RFC1323)
+
+61440:64:0:48:M*,N,N,S: IRIX:6.5:12-21:IRIX 6.5.12 - 6.5.21
+49152:64:0:48:M*,N,N,S: IRIX:6.5:15-21:IRIX 6.5.15 - 6.5.21
+
+49152:60:0:64:M*,N,W2,N,N,T,N,N,S: IRIX:6.5:IP27:IRIX 6.5 IP27
+
+
+# ----------------- Tru64 -------------------
+
+32768:64:1:48:M*,N,W0: Tru64:4.0::Tru64 4.0 (or OS/2 Warp 4)
+32768:64:0:48:M*,N,W0: Tru64:5.0::Tru64 5.0
+8192:64:0:44:M1460: Tru64:5.1:noRFC1323:Tru64 6.1 (no RFC1323) (or QNX 6)
+61440:64:0:48:M*,N,W0: Tru64:5.1a:JP4:Tru64 v5.1a JP4 (or OpenVMS 7.x on Compaq 5.x stack)
+
+# ----------------- OpenVMS -----------------
+
+6144:64:1:60:M*,N,W0,N,N,T: OpenVMS:7.2::OpenVMS 7.2 (Multinet 4.4 stack)
+
+# ----------------- MacOS -------------------
+
+# XXX Need EOL tcp opt support
+# S2:255:1:48:M*,W0,E:.:MacOS:8.6 classic
+
+# XXX some of these use EOL too
+16616:255:1:48:M*,W0: MacOS:7.3-7.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
+16616:255:1:48:M*,W0: MacOS:8.0-8.6:OTTCP:MacOS 7.3-8.6 (OTTCP)
+16616:255:1:48:M*,N,N,N: MacOS:8.1-8.6:OTTCP:MacOS 8.1-8.6 (OTTCP)
+32768:255:1:48:M*,W0,N: MacOS:9.0-9.2::MacOS 9.0-9.2
+65535:255:1:48:M*,N,N,N,N: MacOS:9.1::MacOS 9.1 (OT 2.7.4)
+
+
+# ----------------- Windows -----------------
+
+# Windows TCP/IP stack is a mess. For most recent XP, 2000 and
+# even 98, the patchlevel, not the actual OS version, is more
+# relevant to the signature. They share the same code, so it would
+# seem. Luckily for us, almost all Windows 9x boxes have an
+# awkward MSS of 536, which I use to tell one from another
+# in most difficult cases.
+
+8192:32:1:44:M*: Windows:3.11::Windows 3.11 (Tucows)
+S44:64:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95::Windows 95
+8192:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:95:b:Windows 95b
+
+# There were so many tweaking tools and so many stack versions for
+# Windows 98 it is no longer possible to tell them from each other
+# without some very serious research. Until then, there's an insane
+# number of signatures, for your amusement:
+
+S44:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL)
+8192:32:1:48:M*,N,N,S: Windows:98:lowTTL:Windows 98 (low TTL)
+%8192:64:1:48:M536,N,N,S: Windows:98::Windows 98
+%8192:128:1:48:M536,N,N,S: Windows:98::Windows 98
+S4:64:1:48:M*,N,N,S: Windows:98::Windows 98
+S6:64:1:48:M*,N,N,S: Windows:98::Windows 98
+S12:64:1:48:M*,N,N,S: Windows:98::Windows 98
+T30:64:1:64:M1460,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
+32767:64:1:48:M*,N,N,S: Windows:98::Windows 98
+37300:64:1:48:M*,N,N,S: Windows:98::Windows 98
+46080:64:1:52:M*,N,W3,N,N,S: Windows:98:RFC1323:Windows 98 (RFC1323)
+65535:64:1:44:M*: Windows:98:noSack:Windows 98 (no sack)
+S16:128:1:48:M*,N,N,S: Windows:98::Windows 98
+S16:128:1:64:M*,N,W0,N,N,T0,N,N,S: Windows:98::Windows 98
+S26:128:1:48:M*,N,N,S: Windows:98::Windows 98
+T30:128:1:48:M*,N,N,S: Windows:98::Windows 98
+32767:128:1:52:M*,N,W0,N,N,S: Windows:98::Windows 98
+60352:128:1:48:M*,N,N,S: Windows:98::Windows 98
+60352:128:1:64:M*,N,W2,N,N,T0,N,N,S: Windows:98::Windows 98
+
+# What's with 1414 on NT?
+T31:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
+64512:128:1:44:M1414: Windows:NT:4.0:Windows NT 4.0 SP6a
+8192:128:1:44:M*: Windows:NT:4.0:Windows NT 4.0 (older)
+
+# Windows XP and 2000. Most of the signatures that were
+# either dubious or non-specific (no service pack data)
+# were deleted and replaced with generics at the end.
+
+65535:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP1
+65535:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP1
+%8192:128:1:48:M*,N,N,S: Windows:2000:SP2+:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
+%8192:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP2, XP SP1 (seldom 98 4.10.2222)
+S20:128:1:48:M*,N,N,S: Windows:2000::Windows 2000/XP SP3
+S20:128:1:48:M*,N,N,S: Windows:XP:SP3:Windows 2000/XP SP3
+S45:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4, XP SP 1
+S45:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows 2000 SP4, XP SP 1
+40320:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows 2000 SP4
+
+S6:128:1:48:M*,N,N,S: Windows:2000:SP2:Windows XP, 2000 SP2+
+S6:128:1:48:M*,N,N,S: Windows:XP::Windows XP, 2000 SP2+
+S12:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows XP SP1
+S44:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows Pro SP1, 2000 SP3
+S44:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows Pro SP1, 2000 SP3
+64512:128:1:48:M*,N,N,S: Windows:2000:SP3:Windows SP1, 2000 SP3
+64512:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP3
+32767:128:1:48:M*,N,N,S: Windows:2000:SP4:Windows SP1, 2000 SP4
+32767:128:1:48:M*,N,N,S: Windows:XP:SP1:Windows SP1, 2000 SP4
+
+# Odds, ends, mods:
+
+S52:128:1:48:M1260,N,N,S: Windows:2000:cisco:Windows XP/2000 via Cisco
+S52:128:1:48:M1260,N,N,S: Windows:XP:cisco:Windows XP/2000 via Cisco
+65520:128:1:48:M*,N,N,S: Windows:XP::Windows XP bare-bone
+16384:128:1:52:M536,N,W0,N,N,S: Windows:2000:ZoneAlarm:Windows 2000 w/ZoneAlarm?
+2048:255:0:40:.: Windows:.NET::Windows .NET Enterprise Server
+
+44620:64:0:48:M*,N,N,S: Windows:ME::Windows ME no SP (?)
+S6:255:1:48:M536,N,N,S: Windows:95:winsock2:Windows 95 winsock 2
+32768:32:1:52:M1460,N,W0,N,N,S: Windows:2003:AS:Windows 2003 AS
+
+
+# No need to be more specific, it passes:
+# *:128:1:48:M*,N,N,S:U:-Windows:XP/2000 while downloading (leak!) XXX quirk
+# there is an equiv similar generic sig w/o the quirk
+
+# ----------------- HP/UX -------------------
+
+32768:64:1:44:M*: HP-UX:B.10.20::HP-UX B.10.20
+32768:64:0:48:M*,W0,N: HP-UX:11.0::HP-UX 11.0
+32768:64:1:48:M*,W0,N: HP-UX:11.10::HP-UX 11.0 or 11.11
+32768:64:1:48:M*,W0,N: HP-UX:11.11::HP-UX 11.0 or 11.11
+
+# Whoa. Hardcore WSS.
+0:64:0:48:M*,W0,N: HP-UX:B.11.00:A:HP-UX B.11.00 A (RFC1323)
+
+# ----------------- RiscOS ------------------
+
+# We don't yet support the ?12 TCP option
+#16384:64:1:68:M1460,N,W0,N,N,T,N,N,?12: RISCOS:3.70-4.36::RISC OS 3.70-4.36
+12288:32:0:44:M536: RISC OS:3.70:4.10:RISC OS 3.70 inet 4.10
+
+# XXX quirk
+# 4096:64:1:56:M1460,N,N,T:T: RISC OS:3.70:freenet:RISC OS 3.70 freenet 2.00
+
+
+
+# ----------------- BSD/OS ------------------
+
+# Once again, power of two WSS is also shared by MacOS X with DF set
+8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:3.1::BSD/OS 3.1-4.3 (or MacOS X 10.2 w/DF)
+8192:64:1:60:M1460,N,W0,N,N,T: BSD/OS:4.0-4.3::BSD/OS 3.1-4.3 (or MacOS X 10.2)
+
+
+# ---------------- NewtonOS -----------------
+
+4096:64:0:44:M1420: NewtonOS:2.1::NewtonOS 2.1
+
+# ---------------- NeXTSTEP -----------------
+
+S4:64:0:44:M1024: NeXTSTEP:3.3::NeXTSTEP 3.3
+S8:64:0:44:M512: NeXTSTEP:3.3::NeXTSTEP 3.3
+
+# ------------------ BeOS -------------------
+
+1024:255:0:48:M*,N,W0: BeOS:5.0-5.1::BeOS 5.0-5.1
+12288:255:0:44:M1402: BeOS:5.0::BeOS 5.0.x
+
+# ------------------ OS/400 -----------------
+
+8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR4::OS/400 VR4/R5
+8192:64:1:60:M1440,N,W0,N,N,T: OS/400:VR5::OS/400 VR4/R5
+4096:64:1:60:M1440,N,W0,N,N,T: OS/400:V4R5:CF67032:OS/400 V4R5 + CF67032
+
+# XXX quirk
+# 28672:64:0:44:M1460:A:OS/390:?
+
+# ------------------ ULTRIX -----------------
+
+16384:64:0:40:.: ULTRIX:4.5::ULTRIX 4.5
+
+# ------------------- QNX -------------------
+
+S16:64:0:44:M512: QNX:::QNX demodisk
+
+# ------------------ Novell -----------------
+
+16384:128:1:44:M1460: Novell:NetWare:5.0:Novel Netware 5.0
+6144:128:1:44:M1460: Novell:IntranetWare:4.11:Novell IntranetWare 4.11
+6144:128:1:44:M1368: Novell:BorderManager::Novell BorderManager ?
+
+6144:128:1:52:M*,W0,N,S,N,N: Novell:Netware:6:Novell Netware 6 SP3
+
+
+# ----------------- SCO ------------------
+S3:64:1:60:M1460,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1
+S17:64:1:60:M1380,N,W0,N,N,T: SCO:UnixWare:7.1:SCO UnixWare 7.1.3 MP3
+S23:64:1:44:M1380: SCO:OpenServer:5.0:SCO OpenServer 5.0
+
+# ------------------- DOS -------------------
+
+2048:255:0:44:M536: DOS:WATTCP:1.05:DOS Arachne via WATTCP/1.05
+T2:255:0:44:M984: DOS:WATTCP:1.05Arachne:Arachne via WATTCP/1.05 (eepro)
+
+# ------------------ OS/2 -------------------
+
+S56:64:0:44:M512: OS/2:4::OS/2 4
+28672:64:0:44:M1460: OS/2:4::OS/2 Warp 4.0
+
+# ----------------- TOPS-20 -----------------
+
+# Another hardcore MSS, one of the ACK leakers hunted down.
+# XXX QUIRK 0:64:0:44:M1460:A:TOPS-20:version 7
+0:64:0:44:M1460: TOPS-20:7::TOPS-20 version 7
+
+# ----------------- FreeMiNT ----------------
+
+S44:255:0:44:M536: FreeMiNT:1:16A:FreeMiNT 1 patch 16A (Atari)
+
+# ------------------ AMIGA ------------------
+
+# XXX TCP option 12
+# S32:64:1:56:M*,N,N,S,N,N,?12:.:AMIGA:3.9 BB2 with Miami stack
+
+# ------------------ Plan9 ------------------
+
+65535:255:0:48:M1460,W0,N: Plan9:4::Plan9 edition 4
+
+# ----------------- AMIGAOS -----------------
+
+16384:64:1:48:M1560,N,N,S: AMIGAOS:3.9::AMIGAOS 3.9 BB2 MiamiDX
+
+###########################################
+# Appliance / embedded / other signatures #
+###########################################
+
+# ---------- Firewalls / routers ------------
+
+S12:64:1:44:M1460: @Checkpoint:::Checkpoint (unknown 1)
+S12:64:1:48:N,N,S,M1460: @Checkpoint:::Checkpoint (unknown 2)
+4096:32:0:44:M1460: ExtremeWare:4.x::ExtremeWare 4.x
+
+# XXX TCP option 12
+# S32:64:0:68:M512,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO w/Checkpoint NG FP3
+# S16:64:0:68:M1024,N,W0,N,N,T,N,N,?12:.:Nokia:IPSO 3.7 build 026
+
+S4:64:1:60:W0,N,S,T,M1460: FortiNet:FortiGate:50:FortiNet FortiGate 50
+
+8192:64:1:44:M1460: Eagle:::Eagle Secure Gateway
+
+S52:128:1:48:M1260,N,N,N,N: LinkSys:WRV54G::LinkSys WRV54G VPN router
+
+
+
+# ------- Switches and other stuff ----------
+
+4128:255:0:44:M*: Cisco:::Cisco Catalyst 3500, 7500 etc
+S8:255:0:44:M*: Cisco:12008::Cisco 12008
+60352:128:1:64:M1460,N,W2,N,N,T,N,N,S: Alteon:ACEswitch::Alteon ACEswitch
+64512:128:1:44:M1370: Nortel:Contivity Client::Nortel Conectivity Client
+
+
+# ---------- Caches and whatnots ------------
+
+S4:64:1:52:M1460,N,N,S,N,W0: AOL:web cache::AOL web cache
+
+32850:64:1:64:N,W1,N,N,T,N,N,S,M*: NetApp:5.x::NetApp Data OnTap 5.x
+16384:64:1:64:M1460,N,N,S,N,W0,N: NetApp:5.3:1:NetApp 5.3.1
+65535:64:0:64:M1460,N,N,S,N,W*,N,N,T: NetApp:5.3-5.5::NetApp 5.3-5.5
+65535:64:0:60:M1460,N,W0,N,N,T: NetApp:CacheFlow::NetApp CacheFlow
+8192:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:5.2:1:NetApp NetCache 5.2.1
+20480:64:1:64:M1460,N,N,S,N,W0,N,N,T: NetApp:4.1::NetApp NetCache4.1
+
+65535:64:0:60:M1460,N,W0,N,N,T: CacheFlow:4.1::CacheFlow CacheOS 4.1
+8192:64:0:60:M1380,N,N,N,N,N,N,T: CacheFlow:1.1::CacheFlow CacheOS 1.1
+
+S4:64:0:48:M1460,N,N,S: Cisco:Content Engine::Cisco Content Engine
+
+27085:128:0:40:.: Dell:PowerApp cache::Dell PowerApp (Linux-based)
+
+65535:255:1:48:N,W1,M1460: Inktomi:crawler::Inktomi crawler
+S1:255:1:60:M1460,S,T,N,W0: LookSmart:ZyBorg::LookSmart ZyBorg
+
+16384:255:0:40:.: Proxyblocker:::Proxyblocker (what's this?)
+
+65535:255:0:48:M*,N,N,S: Redline:::Redline T|X 2200
+
+32696:128:0:40:M1460: Spirent:Avalanche::Spirent Web Avalanche HTTP benchmarking engine
+
+# ----------- Embedded systems --------------
+
+S9:255:0:44:M536: PalmOS:Tungsten:C:PalmOS Tungsten C
+S5:255:0:44:M536: PalmOS:3::PalmOS 3/4
+S5:255:0:44:M536: PalmOS:4::PalmOS 3/4
+S4:255:0:44:M536: PalmOS:3:5:PalmOS 3.5
+2948:255:0:44:M536: PalmOS:3:5:PalmOS 3.5.3 (Handera)
+S29:255:0:44:M536: PalmOS:5::PalmOS 5.0
+16384:255:0:44:M1398: PalmOS:5.2:Clie:PalmOS 5.2 (Clie)
+S14:255:0:44:M1350: PalmOS:5.2:Treo:PalmOS 5.2.1 (Treo)
+
+S23:64:1:64:N,W1,N,N,T,N,N,S,M1460: SymbianOS:7::SymbianOS 7
+
+8192:255:0:44:M1460: SymbianOS:6048::Symbian OS 6048 (Nokia 7650?)
+8192:255:0:44:M536: SymbianOS:9210::Symbian OS (Nokia 9210?)
+S22:64:1:56:M1460,T,S: SymbianOS:P800::Symbian OS ? (SE P800?)
+S36:64:1:56:M1360,T,S: SymbianOS:6600::Symbian OS 60xx (Nokia 6600?)
+
+
+# Perhaps S4?
+5840:64:1:60:M1452,S,T,N,W1: Zaurus:3.10::Zaurus 3.10
+
+32768:128:1:64:M1460,N,W0,N,N,T0,N,N,S: PocketPC:2002::PocketPC 2002
+
+S1:255:0:44:M346: Contiki:1.1:rc0:Contiki 1.1-rc0
+
+4096:128:0:44:M1460: Sega:Dreamcast:3.0:Sega Dreamcast Dreamkey 3.0
+T5:64:0:44:M536: Sega:Dreamcast:HKT-3020:Sega Dreamcast HKT-3020 (browser disc 51027)
+S22:64:1:44:M1460: Sony:PS2::Sony Playstation 2 (SOCOM?)
+
+S12:64:0:44:M1452: AXIS:5600:v5.64:AXIS Printer Server 5600 v5.64
+
+3100:32:1:44:M1460: Windows:CE:2.0:Windows CE 2.0
+
+####################
+# Fancy signatures #
+####################
+
+1024:64:0:40:.: *NMAP:syn scan:1:NMAP syn scan (1)
+2048:64:0:40:.: *NMAP:syn scan:2:NMAP syn scan (2)
+3072:64:0:40:.: *NMAP:syn scan:3:NMAP syn scan (3)
+4096:64:0:40:.: *NMAP:syn scan:4:NMAP syn scan (4)
+
+# Requires quirks support
+# 1024:64:0:40:.:A:*NMAP:TCP sweep probe (1)
+# 2048:64:0:40:.:A:*NMAP:TCP sweep probe (2)
+# 3072:64:0:40:.:A:*NMAP:TCP sweep probe (3)
+# 4096:64:0:40:.:A:*NMAP:TCP sweep probe (4)
+
+1024:64:0:60:W10,N,M265,T: *NMAP:OS:1:NMAP OS detection probe (1)
+2048:64:0:60:W10,N,M265,T: *NMAP:OS:2:NMAP OS detection probe (2)
+3072:64:0:60:W10,N,M265,T: *NMAP:OS:3:NMAP OS detection probe (3)
+4096:64:0:60:W10,N,M265,T: *NMAP:OS:4:NMAP OS detection probe (4)
+
+32767:64:0:40:.: *NAST:::NASTsyn scan
+
+# Requires quirks support
+# 12345:255:0:40:.:A:-p0f:sendsyn utility
+
+
+#####################################
+# Generic signatures - just in case #
+#####################################
+
+#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:4.0-4.9::FreeBSD 4.x/5.x
+#*:64:1:60:M*,N,W*,N,N,T: @FreeBSD:5.0-5.1::FreeBSD 4.x/5.x
+
+*:128:1:52:M*,N,W0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W*,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:52:M*,N,W*,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323 no tstamp)
+*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP/2000 (RFC1323)
+*:128:1:64:M*,N,W0,N,N,T0,N,N,S: @Windows:2000:RFC1323:Windows XP/2000 (RFC1323)
+*:128:1:64:M*,N,W*,N,N,T0,N,N,S: @Windows:XP:RFC1323:Windows XP (RFC1323, w+)
+*:128:1:48:M536,N,N,S: @Windows:98::Windows 98
+*:128:1:48:M*,N,N,S: @Windows:XP::Windows XP/2000
+*:128:1:48:M*,N,N,S: @Windows:2000::Windows XP/2000
+
+
diff --git a/etc/phones b/etc/phones
new file mode 100644
index 0000000..fbeddf6
--- /dev/null
+++ b/etc/phones
@@ -0,0 +1,8 @@
+# $FreeBSD$
+# From: @(#)phones 5.2 (Berkeley) 6/30/90
+#
+# phones -- remote host phone number data base
+# see tip(1), phones(5)
+# examples:
+#system1 9=2225551212
+#system2 9995551212
diff --git a/etc/portsnap.conf b/etc/portsnap.conf
new file mode 100644
index 0000000..c209445
--- /dev/null
+++ b/etc/portsnap.conf
@@ -0,0 +1,35 @@
+# $FreeBSD$
+
+# Default directory where compressed snapshots are stored.
+# WORKDIR=/var/db/portsnap
+
+# Default location of the ports tree (target for "update" and "extract").
+# PORTSDIR=/usr/ports
+
+# Server or server pool from which to fetch updates. You can change
+# this to point at a specific server if you want, but in most cases
+# using a "nearby" server won't provide a measurable improvement in
+# performance.
+SERVERNAME=portsnap.FreeBSD.org
+
+# Trusted keyprint. Changing this is a Bad Idea unless you've received
+# a PGP-signed email from <security-officer@FreeBSD.org> telling you to
+# change it and explaining why.
+KEYPRINT=9b5feee6d69f170e3dd0a2c8e469ddbd64f13f978f2f3aede40c98633216c330
+
+# Example of ignoring parts of the ports tree. If you know that you
+# absolutely will not need certain parts of the tree, this will save
+# some bandwidth and disk space. See the manual page for more details.
+#
+# WARNING: Working with an incomplete ports tree is not supported and
+# can cause problems due to missing dependencies. If you have REFUSE
+# directives and experience problems, remove them and update your tree
+# before asking for help on the mailing lists.
+#
+# REFUSE arabic chinese french german hebrew hungarian japanese
+# REFUSE korean polish portuguese russian ukrainian vietnamese
+
+# List of INDEX files to build and the DESCRIBE file to use for each
+INDEX INDEX-7 DESCRIBE.7
+INDEX INDEX-8 DESCRIBE.8
+INDEX INDEX-9 DESCRIBE.9
diff --git a/etc/ppp/ppp.conf b/etc/ppp/ppp.conf
new file mode 100644
index 0000000..2b63834
--- /dev/null
+++ b/etc/ppp/ppp.conf
@@ -0,0 +1,37 @@
+#################################################################
+# PPP Sample Configuration File
+# Originally written by Toshiharu OHNO
+# Simplified 5/14/1999 by wself@cdrom.com
+#
+# See /usr/share/examples/ppp/ for some examples
+#
+# $FreeBSD$
+#################################################################
+
+default:
+ set log Phase Chat LCP IPCP CCP tun command
+ ident user-ppp VERSION
+
+ # Ensure that "device" references the correct serial port
+ # for your modem. (cuau0 = COM1, cuau1 = COM2)
+ #
+ set device /dev/cuau1
+
+ set speed 115200
+ set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \
+ \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT"
+ set timeout 180 # 3 minute idle timer (the default)
+ enable dns # request DNS info (for resolv.conf)
+
+papchap:
+ #
+ # edit the next three lines and replace the items in caps with
+ # the values which have been assigned by your ISP.
+ #
+
+ set phone PHONE_NUM
+ set authname USERNAME
+ set authkey PASSWORD
+
+ set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0
+ add default HISADDR # Add a (sticky) default route
diff --git a/etc/printcap b/etc/printcap
new file mode 100644
index 0000000..5319a0e
--- /dev/null
+++ b/etc/printcap
@@ -0,0 +1,54 @@
+# @(#)printcap 5.3 (Berkeley) 6/30/90
+# $FreeBSD$
+
+#
+# This enables a simple local "raw" printer, hooked up to the first
+# parallel port. No kind of filtering is done, so everything you pass
+# to the "lpr" command will be printed unmodified.
+#
+# Remember, for further print queues you're going to add, you have
+# to choose different spool directories (the "sd" capability below),
+# otherwise you will greatly confuse lpd.
+#
+# For some advanced printing, have a look at the "apsfilter" package.
+# It plugs into the lpd system, allowing you to print a variety of
+# different file types by converting everything to PostScript(tm)
+# format. For more information about apsfilter visit
+#
+# http://www.apsfilter.org/
+#
+# If you don't have a PostScript(tm) printer, don't panic, but do
+# also install the latest "ghostscript" package for best printer support.
+#
+# Do also refer to the "printing" section of the handbook.
+#
+# http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/printing.html
+#
+# A local copy can be found under
+#
+# /usr/share/doc/handbook/handbook.{html,latin1}.
+#
+# Banner pages are now suppressed by default. Remove the :sh: capability
+# to turn them back on.
+#
+#lp|local line printer:\
+# :sh:\
+# :lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs:
+#
+# Sample remote printer. The physical printer is on machine "lphost".
+# You can perform any kind of local filtering directly. If you need
+# local filters (e.g. LF -> CR-LF conversion for HP printers), create
+# a filter script that sends the proper escape sequence to the printer
+# and then concatenates stdin to stdout.
+#
+#remote|sample remote printer:\
+# :sh:\
+# :rm=lphost:sd=/var/spool/output/lphost:lf=/var/log/lpd-errs:\
+# :if=/usr/local/libexec/if-script:
+#
+# Simple Russian printer with hardware CP866 character set, output filter
+# used for KOI8-R -> CP866 conversion
+#
+#lp|Russian local line printer:\
+# :sh:of=/usr/libexec/lpr/ru/koi2alt:\
+# :lp=/dev/lpt0:sd=/var/spool/output/lpd:lf=/var/log/lpd-errs:
diff --git a/etc/profile b/etc/profile
new file mode 100644
index 0000000..23c993c
--- /dev/null
+++ b/etc/profile
@@ -0,0 +1,18 @@
+# $FreeBSD$
+#
+# System-wide .profile file for sh(1).
+#
+# Uncomment this to give you the default 4.2 behavior, where disk
+# information is shown in K-Blocks
+# BLOCKSIZE=K; export BLOCKSIZE
+#
+# For the setting of languages and character sets please see
+# login.conf(5) and in particular the charset and lang options.
+# For full locales list check /usr/share/locale/*
+# You should also read the setlocale(3) man page for information
+# on how to achieve more precise control of locale settings.
+#
+# Check system messages
+# msgs -q
+# Allow terminal messages
+# mesg y
diff --git a/etc/protocols b/etc/protocols
new file mode 100644
index 0000000..a27b226
--- /dev/null
+++ b/etc/protocols
@@ -0,0 +1,151 @@
+#
+# Internet protocols
+#
+# $FreeBSD$
+# from: @(#)protocols 5.1 (Berkeley) 4/17/89
+#
+# See also http://www.iana.org/assignments/protocol-numbers
+#
+ip 0 IP # internet protocol, pseudo protocol number
+#hopopt 0 HOPOPT # hop-by-hop options for ipv6
+icmp 1 ICMP # internet control message protocol
+igmp 2 IGMP # internet group management protocol
+ggp 3 GGP # gateway-gateway protocol
+ipencap 4 IP-ENCAP # IP encapsulated in IP (officially ``IP'')
+st2 5 ST2 # ST2 datagram mode (RFC 1819) (officially ``ST'')
+tcp 6 TCP # transmission control protocol
+cbt 7 CBT # CBT, Tony Ballardie <A.Ballardie@cs.ucl.ac.uk>
+egp 8 EGP # exterior gateway protocol
+igp 9 IGP # any private interior gateway (Cisco: for IGRP)
+bbn-rcc 10 BBN-RCC-MON # BBN RCC Monitoring
+nvp 11 NVP-II # Network Voice Protocol
+pup 12 PUP # PARC universal packet protocol
+argus 13 ARGUS # ARGUS
+emcon 14 EMCON # EMCON
+xnet 15 XNET # Cross Net Debugger
+chaos 16 CHAOS # Chaos
+udp 17 UDP # user datagram protocol
+mux 18 MUX # Multiplexing protocol
+dcn 19 DCN-MEAS # DCN Measurement Subsystems
+hmp 20 HMP # host monitoring protocol
+prm 21 PRM # packet radio measurement protocol
+xns-idp 22 XNS-IDP # Xerox NS IDP
+trunk-1 23 TRUNK-1 # Trunk-1
+trunk-2 24 TRUNK-2 # Trunk-2
+leaf-1 25 LEAF-1 # Leaf-1
+leaf-2 26 LEAF-2 # Leaf-2
+rdp 27 RDP # "reliable datagram" protocol
+irtp 28 IRTP # Internet Reliable Transaction Protocol
+iso-tp4 29 ISO-TP4 # ISO Transport Protocol Class 4
+netblt 30 NETBLT # Bulk Data Transfer Protocol
+mfe-nsp 31 MFE-NSP # MFE Network Services Protocol
+merit-inp 32 MERIT-INP # MERIT Internodal Protocol
+dccp 33 DCCP # Datagram Congestion Control Protocol
+3pc 34 3PC # Third Party Connect Protocol
+idpr 35 IDPR # Inter-Domain Policy Routing Protocol
+xtp 36 XTP # Xpress Tranfer Protocol
+ddp 37 DDP # Datagram Delivery Protocol
+idpr-cmtp 38 IDPR-CMTP # IDPR Control Message Transport Proto
+tp++ 39 TP++ # TP++ Transport Protocol
+il 40 IL # IL Transport Protocol
+ipv6 41 IPV6 # ipv6
+sdrp 42 SDRP # Source Demand Routing Protocol
+ipv6-route 43 IPV6-ROUTE # routing header for ipv6
+ipv6-frag 44 IPV6-FRAG # fragment header for ipv6
+idrp 45 IDRP # Inter-Domain Routing Protocol
+rsvp 46 RSVP # Resource ReSerVation Protocol
+gre 47 GRE # Generic Routing Encapsulation
+dsr 48 DSR # Dynamic Source Routing Protocol
+bna 49 BNA # BNA
+esp 50 ESP # encapsulating security payload
+ah 51 AH # authentication header
+i-nlsp 52 I-NLSP # Integrated Net Layer Security TUBA
+swipe 53 SWIPE # IP with Encryption
+narp 54 NARP # NBMA Address Resolution Protocol
+mobile 55 MOBILE # IP Mobility
+tlsp 56 TLSP # Transport Layer Security Protocol
+skip 57 SKIP # SKIP
+ipv6-icmp 58 IPV6-ICMP icmp6 # ICMP for IPv6
+ipv6-nonxt 59 IPV6-NONXT # no next header for ipv6
+ipv6-opts 60 IPV6-OPTS # destination options for ipv6
+# 61 # any host internal protocol
+cftp 62 CFTP # CFTP
+# 63 # any local network
+sat-expak 64 SAT-EXPAK # SATNET and Backroom EXPAK
+kryptolan 65 KRYPTOLAN # Kryptolan
+rvd 66 RVD # MIT Remote Virtual Disk Protocol
+ippc 67 IPPC # Internet Pluribus Packet Core
+# 68 # any distributed filesystem
+sat-mon 69 SAT-MON # SATNET Monitoring
+visa 70 VISA # VISA Protocol
+ipcv 71 IPCV # Internet Packet Core Utility
+cpnx 72 CPNX # Computer Protocol Network Executive
+cphb 73 CPHB # Computer Protocol Heart Beat
+wsn 74 WSN # Wang Span Network
+pvp 75 PVP # Packet Video Protocol
+br-sat-mon 76 BR-SAT-MON # Backroom SATNET Monitoring
+sun-nd 77 SUN-ND # SUN ND PROTOCOL-Temporary
+wb-mon 78 WB-MON # WIDEBAND Monitoring
+wb-expak 79 WB-EXPAK # WIDEBAND EXPAK
+iso-ip 80 ISO-IP # ISO Internet Protocol
+vmtp 81 VMTP # Versatile Message Transport
+secure-vmtp 82 SECURE-VMTP # SECURE-VMTP
+vines 83 VINES # VINES
+ttp 84 TTP # TTP
+nsfnet-igp 85 NSFNET-IGP # NSFNET-IGP
+dgp 86 DGP # Dissimilar Gateway Protocol
+tcf 87 TCF # TCF
+eigrp 88 EIGRP # Enhanced Interior Routing Protocol (Cisco)
+ospf 89 OSPFIGP # Open Shortest Path First IGP
+sprite-rpc 90 Sprite-RPC # Sprite RPC Protocol
+larp 91 LARP # Locus Address Resolution Protocol
+mtp 92 MTP # Multicast Transport Protocol
+ax.25 93 AX.25 # AX.25 Frames
+ipip 94 IPIP # Yet Another IP encapsulation
+micp 95 MICP # Mobile Internetworking Control Pro.
+scc-sp 96 SCC-SP # Semaphore Communications Sec. Pro.
+etherip 97 ETHERIP # Ethernet-within-IP Encapsulation
+encap 98 ENCAP # Yet Another IP encapsulation
+# 99 # any private encryption scheme
+gmtp 100 GMTP # GMTP
+ifmp 101 IFMP # Ipsilon Flow Management Protocol
+pnni 102 PNNI # PNNI over IP
+pim 103 PIM # Protocol Independent Multicast
+aris 104 ARIS # ARIS
+scps 105 SCPS # SCPS
+qnx 106 QNX # QNX
+a/n 107 A/N # Active Networks
+ipcomp 108 IPComp # IP Payload Compression Protocol
+snp 109 SNP # Sitara Networks Protocol
+compaq-peer 110 Compaq-Peer # Compaq Peer Protocol
+ipx-in-ip 111 IPX-in-IP # IPX in IP
+carp 112 CARP vrrp # Common Address Redundancy Protocol
+pgm 113 PGM # PGM Reliable Transport Protocol
+# 114 # any 0-hop protocol
+l2tp 115 L2TP # Layer Two Tunneling Protocol
+ddx 116 DDX # D-II Data Exchange
+iatp 117 IATP # Interactive Agent Transfer Protocol
+stp 118 STP # Schedule Transfer Protocol
+srp 119 SRP # SpectraLink Radio Protocol
+uti 120 UTI # UTI
+smp 121 SMP # Simple Message Protocol
+sm 122 SM # SM
+ptp 123 PTP # Performance Transparency Protocol
+isis 124 ISIS # ISIS over IPv4
+fire 125 FIRE
+crtp 126 CRTP # Combat Radio Transport Protocol
+crudp 127 CRUDP # Combat Radio User Datagram
+sscopmce 128 SSCOPMCE
+iplt 129 IPLT
+sps 130 SPS # Secure Packet Shield
+pipe 131 PIPE # Private IP Encapsulation within IP
+sctp 132 SCTP # Stream Control Transmission Protocol
+fc 133 FC # Fibre Channel
+rsvp-e2e-ignore 134 RSVP-E2E-IGNORE # Aggregation of RSVP for IP reservations
+mobility-header 135 Mobility-Header # Mobility Support in IPv6
+udplite 136 UDPLite # The UDP-Lite Protocol
+mpls-in-ip 137 MPLS-IN-IP # Encapsulating MPLS in IP
+# 138-254 # Unassigned
+pfsync 240 PFSYNC # PF Synchronization
+# 255 # Reserved
+divert 258 DIVERT # Divert pseudo-protocol [non IANA]
diff --git a/etc/rc b/etc/rc
new file mode 100644
index 0000000..cd22116
--- /dev/null
+++ b/etc/rc
@@ -0,0 +1,118 @@
+#!/bin/sh
+#
+# Copyright (c) 2000-2004 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# @(#)rc 5.27 (Berkeley) 6/5/91
+# $FreeBSD$
+#
+
+# System startup script run by init on autoboot
+# or after single-user.
+# Output and error are redirected to console by init,
+# and the console is the controlling terminal.
+
+# Note that almost all of the user-configurable behavior is no longer in
+# this file, but rather in /etc/defaults/rc.conf. Please check that file
+# first before contemplating any changes here. If you do need to change
+# this file for some reason, we would like to know about it.
+
+stty status '^T'
+
+# Set shell to ignore SIGINT (2), but not children;
+# shell catches SIGQUIT (3) and returns to single user.
+#
+trap : 2
+trap "echo 'Boot interrupted'; exit 1" 3
+
+HOME=/
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+export HOME PATH
+
+if [ "$1" = autoboot ]; then
+ autoboot=yes
+ _boot="faststart"
+ rc_fast=yes # run_rc_command(): do fast booting
+else
+ autoboot=no
+ _boot="quietstart"
+fi
+
+dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null`
+if [ ${dlv:=0} -ne 0 -o -f /etc/diskless ]; then
+ sh /etc/rc.initdiskless
+fi
+
+# Run these after determining whether we are booting diskless in order
+# to minimize the number of files that are needed on a diskless system,
+# and to make the configuration file variables available to rc itself.
+#
+. /etc/rc.subr
+load_rc_config 'XXX'
+
+skip="-s nostart"
+if [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ]; then
+ skip="$skip -s nojail"
+ if [ "$early_late_divider" = "FILESYSTEMS" ]; then
+ early_late_divider=NETWORKING
+ fi
+fi
+
+# Do a first pass to get everything up to $early_late_divider so that
+# we can do a second pass that includes $local_startup directories
+#
+files=`rcorder ${skip} /etc/rc.d/* 2>/dev/null`
+
+_rc_elem_done=' '
+for _rc_elem in ${files}; do
+ run_rc_script ${_rc_elem} ${_boot}
+ _rc_elem_done="${_rc_elem_done}${_rc_elem} "
+
+ case "$_rc_elem" in
+ */${early_late_divider}) break ;;
+ esac
+done
+
+unset files local_rc
+
+# Now that disks are mounted, for each dir in $local_startup
+# search for init scripts that use the new rc.d semantics.
+#
+case ${local_startup} in
+[Nn][Oo] | '') ;;
+*) find_local_scripts_new ;;
+esac
+
+files=`rcorder ${skip} /etc/rc.d/* ${local_rc} 2>/dev/null`
+for _rc_elem in ${files}; do
+ case "$_rc_elem_done" in
+ *" $_rc_elem "*) continue ;;
+ esac
+
+ run_rc_script ${_rc_elem} ${_boot}
+done
+
+echo ''
+date
+exit 0
diff --git a/etc/rc.bsdextended b/etc/rc.bsdextended
new file mode 100644
index 0000000..b933a96
--- /dev/null
+++ b/etc/rc.bsdextended
@@ -0,0 +1,138 @@
+#!/bin/sh
+#
+# Copyright (c) 2004 Tom Rhodes
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+####
+# Sample startup policy for the mac_bsdextended(4) security module.
+#
+# Suck in the system configuration variables.
+####
+if [ -z "${source_rc_confs_defined}" ]; then
+ if [ -r /etc/defaults/rc.conf ]; then
+ . /etc/defaults/rc.conf
+ source_rc_confs
+ elif [ -r /etc/rc.conf ]; then
+ . /etc/rc.conf
+ fi
+fi
+
+####
+# Set ugidfw(8) to CMD:
+####
+CMD=/usr/sbin/ugidfw
+
+####
+# WARNING: recommended reading is the handbook's MAC
+# chapter and the ugidfw(8) manual page. You can
+# lock yourself out of the system very quickly by setting
+# incorrect values here. These are only examples.
+####
+
+####
+# Build a generic list of rules here, these should be
+# modified before using this script.
+#
+# For apache to read user files, the ruleadd must give
+# it permissions by default.
+####
+#${CMD} add subject uid 80 object not uid 80 mode rxws;
+#${CMD} add subject gid 80 object not gid 80 mode rxws;
+
+####
+# majordomo compat:
+#${CMD} add subject uid 54 object not uid 54 mode rxws;
+#${CMD} add subject gid 26 object gid 54 mode rxws;
+
+####
+# This is for root:
+${CMD} add subject uid 0 object not uid 0 mode arxws;
+${CMD} add subject gid 0 object not gid 0 mode arxws;
+
+####
+# And for majordomo:
+#${CMD} add subject uid 54 object not uid 54 mode rxws;
+#${CMD} add subject gid 54 object not gid 54 mode rxws;
+
+####
+# And for bin:
+${CMD} add subject uid 3 object not uid 3 mode rxws;
+${CMD} add subject gid 7 object not gid 7 mode rxws;
+
+####
+# And for mail/pop:
+#${CMD} add subject uid 68 object not uid 68 mode rxws;
+#${CMD} add subject gid 6 object not gid 6 mode arxws;
+
+####
+# And for smmsp:
+${CMD} add subject uid 25 object not uid 25 mode rxws;
+${CMD} add subject gid 25 object not gid 25 mode rxws;
+
+####
+# And for mailnull:
+${CMD} add subject uid 26 object not uid 26 mode rxws;
+${CMD} add subject gid 26 object not gid 26 mode rxws;
+
+####
+# For cyrus:
+#${CMD} add subject uid 60 object not uid 60 mode rxws;
+#${CMD} add subject gid 60 object not gid 60 mode rxws;
+
+####
+# For stunnel:
+#${CMD} add subject uid 1018 object not uid 1018 mode rxws;
+#${CMD} add subject gid 1018 object not gid 1018 mode rxws;
+
+####
+# For the nobody account:
+${CMD} add subject uid 65534 object not uid 65534 mode rxws;
+${CMD} add subject gid 65534 object not gid 65534 mode rxws;
+
+####
+# NOTICE: The next script adds a rule to allow
+# access their mailbox which is owned by GID `6'.
+# Removing this will give mailbox lock issues.
+for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`;
+ do ${CMD} add subject uid $x object gid 6 mode arwxs;
+done;
+
+####
+# Use some script to get a list of users and
+# add all users to mode n for all other users. This
+# will isolate all users from other user home directories while
+# permitting them to use commands and browse the system.
+for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $1 }' /etc/passwd`;
+ do ${CMD} add subject not uid $x object uid $x mode n;
+done;
+
+###
+# Do the same thing but only for group ids in place of
+# user IDs.
+for x in `awk -F: '($3 >= 1001) && ($3 != 65534) { print $3 }' /etc/passwd`;
+ do ${CMD} add subject not gid $x object uid $x mode n;
+done;
diff --git a/etc/rc.d/DAEMON b/etc/rc.d/DAEMON
new file mode 100755
index 0000000..a656a88
--- /dev/null
+++ b/etc/rc.d/DAEMON
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: DAEMON
+# REQUIRE: NETWORKING SERVERS
+
+# This is a dummy dependency, to ensure that general purpose daemons
+# are run _after_ the above are.
diff --git a/etc/rc.d/FILESYSTEMS b/etc/rc.d/FILESYSTEMS
new file mode 100755
index 0000000..ba2a2d6
--- /dev/null
+++ b/etc/rc.d/FILESYSTEMS
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: FILESYSTEMS
+# REQUIRE: root mountcritlocal zfs
+
+# This is a dummy dependency, for services which require file systems
+# to be mounted before starting. It also serves as the default early /
+# late divider; after this point, rc.d directories are rescanned to
+# catch scripts from other file systems than /.
diff --git a/etc/rc.d/LOGIN b/etc/rc.d/LOGIN
new file mode 100755
index 0000000..2b45ba8
--- /dev/null
+++ b/etc/rc.d/LOGIN
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: LOGIN
+# REQUIRE: DAEMON
+
+# This is a dummy dependency to ensure user services such as xdm,
+# inetd, cron and kerberos are started after everything else, in case
+# the administrator has increased the system security level and
+# wants to delay user logins until the system is (almost) fully
+# operational.
diff --git a/etc/rc.d/Makefile b/etc/rc.d/Makefile
new file mode 100644
index 0000000..0a0ff0a
--- /dev/null
+++ b/etc/rc.d/Makefile
@@ -0,0 +1,68 @@
+# $FreeBSD$
+
+.include <bsd.own.mk>
+
+FILES= DAEMON FILESYSTEMS LOGIN NETWORKING SERVERS \
+ abi accounting addswap adjkerntz amd \
+ apm apmd archdep atm1 atm2 atm3 auditd \
+ bgfsck bluetooth bootparams bridge bsnmpd bthidd \
+ ccd cleanvar cleartmp cron \
+ ddb defaultroute devd devfs dhclient \
+ dmesg dumpon \
+ encswap \
+ faith fsck ftp-proxy ftpd \
+ gbde geli geli2 gptboot gssd \
+ hastd hcsecd \
+ hostapd hostid hostid_save hostname \
+ inetd initrandom \
+ ip6addrctl ipfilter ipfs ipfw ipmon \
+ ipnat ipsec \
+ jail \
+ kadmind kerberos keyserv kld kldxref kpasswdd \
+ ldconfig local localpkg lockd lpd \
+ mixer motd mountcritlocal mountcritremote mountlate \
+ mdconfig mdconfig2 mountd moused mroute6d mrouted msgs \
+ named natd netif netoptions netwait \
+ newsyslog nfsclient nfscbd nfsd \
+ nfsuserd nisdomain nsswitch ntpd ntpdate \
+ othermta \
+ pf pflog pfsync \
+ powerd power_profile ppp pppoed pwcheck \
+ quota \
+ random rarpd rctl resolv rfcomm_pppd_server root \
+ route6d routed routing rpcbind rtadvd rtsold rwho \
+ savecore sdpd securelevel sendmail \
+ serial sppp statd static_arp static_ndp stf swap1 \
+ syscons sysctl syslogd \
+ timed tmp \
+ ugidfw \
+ var virecover \
+ watchdogd wpa_supplicant \
+ ypbind yppasswdd ypserv \
+ ypset ypupdated ypxfrd \
+ zfs zvol
+
+.if ${MK_IPX} != "no"
+FILES+= ipxrouted
+.endif
+
+.if ${MK_OFED} != "no"
+FILES+= opensm
+.endif
+
+.if ${MK_OPENSSH} != "no"
+FILES+= sshd
+.endif
+
+.if ${MK_NS_CACHING} != "no"
+FILES+= nscd
+.endif
+
+.if ${MK_BLUETOOTH} != "no"
+FILES+= ubthidhci
+.endif
+
+FILESDIR= /etc/rc.d
+FILESMODE= ${BINMODE}
+
+.include <bsd.prog.mk>
diff --git a/etc/rc.d/NETWORKING b/etc/rc.d/NETWORKING
new file mode 100755
index 0000000..71cf26d
--- /dev/null
+++ b/etc/rc.d/NETWORKING
@@ -0,0 +1,12 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: NETWORKING NETWORK
+# REQUIRE: netif netoptions routing ppp ipfw stf faith
+# REQUIRE: defaultroute routed mrouted route6d mroute6d resolv bridge
+# REQUIRE: static_arp static_ndp
+
+# This is a dummy dependency, for services which require networking
+# to be operational before starting.
diff --git a/etc/rc.d/SERVERS b/etc/rc.d/SERVERS
new file mode 100755
index 0000000..3398487
--- /dev/null
+++ b/etc/rc.d/SERVERS
@@ -0,0 +1,10 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: SERVERS
+# REQUIRE: mountcritremote abi ldconfig savecore
+
+# This is a dummy dependency, for early-start servers relying on
+# some basic configuration.
diff --git a/etc/rc.d/abi b/etc/rc.d/abi
new file mode 100755
index 0000000..3765b05
--- /dev/null
+++ b/etc/rc.d/abi
@@ -0,0 +1,64 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: abi
+# REQUIRE: archdep
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="abi"
+start_cmd="${name}_start"
+stop_cmd=":"
+
+sysv_start()
+{
+ echo -n ' sysvipc'
+ load_kld sysvmsg
+ load_kld sysvsem
+ load_kld sysvshm
+}
+
+linux_start()
+{
+ local _tmpdir
+
+ echo -n ' linux'
+ load_kld -e 'linux(aout|elf)' linux
+ if [ -x /compat/linux/sbin/ldconfigDisabled ]; then
+ _tmpdir=`mktemp -d -t linux-ldconfig`
+ /compat/linux/sbin/ldconfig -C ${_tmpdir}/ld.so.cache
+ if ! cmp -s ${_tmpdir}/ld.so.cache /compat/linux/etc/ld.so.cache; then
+ cat ${_tmpdir}/ld.so.cache > /compat/linux/etc/ld.so.cache
+ fi
+ rm -rf ${_tmpdir}
+ fi
+}
+
+svr4_start()
+{
+ echo -n ' svr4'
+ load_kld -m svr4elf svr4
+}
+
+abi_start()
+{
+ local _echostop
+
+ _echostop=
+ if checkyesno sysvipc_enable || checkyesno linux_enable || checkyesno svr4_enable; then
+ echo -n 'Additional ABI support:'
+ _echostop=yes
+ fi
+
+ checkyesno sysvipc_enable && sysv_start
+ checkyesno linux_enable && linux_start
+ checkyesno svr4_enable && svr4_start
+
+ [ -n "${_echostop}" ] && echo '.'
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/accounting b/etc/rc.d/accounting
new file mode 100755
index 0000000..502ffe6
--- /dev/null
+++ b/etc/rc.d/accounting
@@ -0,0 +1,75 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: accounting
+# REQUIRE: mountcritremote
+# BEFORE: DAEMON
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="accounting"
+rcvar=`set_rcvar`
+accounting_command="/usr/sbin/accton"
+accounting_file="/var/account/acct"
+
+extra_commands="rotate_log"
+
+start_cmd="accounting_start"
+stop_cmd="accounting_stop"
+rotate_log_cmd="accounting_rotate_log"
+
+accounting_start()
+{
+ local _dir
+
+ _dir="${accounting_file%/*}"
+ if [ ! -d "$_dir" ]; then
+ if ! mkdir -p "$_dir"; then
+ err 1 "Could not create $_dir."
+ fi
+ fi
+
+ if [ ! -e "$accounting_file" ]; then
+ echo -n "Creating accounting file ${accounting_file}"
+ touch "$accounting_file"
+ echo '.'
+ fi
+ chmod 644 "$accounting_file"
+
+ echo "Turning on accounting."
+ ${accounting_command} ${accounting_file}
+}
+
+accounting_stop()
+{
+ echo "Turning off accounting."
+ ${accounting_command}
+}
+
+accounting_rotate_log()
+{
+ local _dir _file
+
+ _dir="${accounting_file%/*}"
+ cd $_dir
+
+ if checkyesno accounting_enable; then
+ _file=`mktemp newacct-XXXXX`
+ chmod 644 $_file
+ ${accounting_command} ${_dir}/${_file}
+ fi
+
+ mv ${accounting_file} ${accounting_file}.0
+
+ if checkyesno accounting_enable; then
+ ln $_file ${accounting_file##*/}
+ ${accounting_command} ${accounting_file}
+ unlink $_file
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/addswap b/etc/rc.d/addswap
new file mode 100755
index 0000000..79bf1f1
--- /dev/null
+++ b/etc/rc.d/addswap
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# Add additional swap files
+#
+# $FreeBSD$
+#
+
+# PROVIDE: addswap
+# REQUIRE: FILESYSTEMS
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="addswap"
+start_cmd="addswap_start"
+stop_cmd=":"
+
+addswap_start()
+{
+ case ${swapfile} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ if [ -w "${swapfile}" ]; then
+ echo "Adding ${swapfile} as additional swap"
+ mdev=`mdconfig -a -t vnode -f ${swapfile}` && swapon /dev/${mdev}
+ fi
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/adjkerntz b/etc/rc.d/adjkerntz
new file mode 100755
index 0000000..77e1e9d
--- /dev/null
+++ b/etc/rc.d/adjkerntz
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: adjkerntz
+# REQUIRE: FILESYSTEMS random
+# BEFORE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="adjkerntz"
+start_cmd="adjkerntz -i"
+stop_cmd=":"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/amd b/etc/rc.d/amd
new file mode 100755
index 0000000..8105aeb
--- /dev/null
+++ b/etc/rc.d/amd
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: amd
+# REQUIRE: rpcbind ypset nfsclient cleanvar ldconfig
+# BEFORE: DAEMON
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="amd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+start_precmd="amd_precmd"
+command_args="&"
+extra_commands="reload"
+
+amd_precmd()
+{
+ if ! checkyesno nfs_client_enable; then
+ force_depend nfsclient || return 1
+ fi
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+
+ case ${amd_map_program} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ rc_flags="${rc_flags} `echo $(eval ${amd_map_program})`"
+ ;;
+ esac
+
+ case "${amd_flags}" in
+ '')
+ if [ ! -r /etc/amd.conf ]; then
+ warn 'amd will not load without arguments'
+ return 1
+ fi
+ ;;
+ *)
+ rc_flags="-p ${rc_flags}"
+ command_args="> /var/run/amd.pid 2> /dev/null"
+ ;;
+ esac
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/apm b/etc/rc.d/apm
new file mode 100755
index 0000000..3d15701
--- /dev/null
+++ b/etc/rc.d/apm
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: apm
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="apm"
+rcvar=`set_rcvar`
+start_precmd="apm_precmd"
+command="/usr/sbin/${name}"
+start_cmd="${command} -e enable"
+stop_cmd="${command} -e disable"
+status_cmd="apm_status"
+
+apm_precmd()
+{
+ case `${SYSCTL_N} hw.machine_arch` in
+ i386)
+ return 0
+ ;;
+ esac
+ return 1
+}
+
+apm_status()
+{
+ case `${command} -s` in
+ 1)
+ echo "APM is enabled."
+ return 0
+ ;;
+ 0)
+ echo "APM is disabled"
+ ;;
+ esac
+ return 1
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/apmd b/etc/rc.d/apmd
new file mode 100755
index 0000000..c2d6967
--- /dev/null
+++ b/etc/rc.d/apmd
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: apmd
+# REQUIRE: DAEMON apm
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="apmd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+start_precmd="apmd_prestart"
+
+apmd_prestart()
+{
+ case `${SYSCTL_N} hw.machine_arch` in
+ i386)
+ # Enable apm if it is not already enabled
+ if ! checkyesno apm_enable && \
+ ! /etc/rc.d/apm forcestatus 1>/dev/null 2>&1
+ then
+ force_depend apm || return 1
+ fi
+
+ # Warn user about acpi apm compatibility support which
+ # does not work with apmd.
+ if [ ! -e /dev/apmctl ]; then
+ warn "/dev/apmctl not found; kernel is missing apm(4)"
+ fi
+ ;;
+ *)
+ return 1
+ ;;
+ esac
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/archdep b/etc/rc.d/archdep
new file mode 100755
index 0000000..157df8b
--- /dev/null
+++ b/etc/rc.d/archdep
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: archdep
+# REQUIRE: mountcritremote
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="archdep"
+start_cmd="archdep_start"
+stop_cmd=":"
+
+archdep_start()
+{
+ local _arch
+
+ _arch=`${SYSCTL_N} hw.machine_arch`
+ case $_arch in
+ i386)
+ # SCO binary emulation
+ #
+ if checkyesno ibcs2_enable; then
+ echo -n 'Initial i386 initialization:'
+ echo -n ' ibcs2'
+ load_kld ibcs2
+ case ${ibcs2_loaders} in
+ [Nn][Oo])
+ ;;
+ *)
+ for i in ${ibcs2_loaders}; do
+ load_kld ibcs2_$i
+ done
+ ;;
+ esac
+ echo '.'
+ fi
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/atm1 b/etc/rc.d/atm1
new file mode 100755
index 0000000..da50df0
--- /dev/null
+++ b/etc/rc.d/atm1
@@ -0,0 +1,176 @@
+#!/bin/sh
+#
+# Copyright (c) 2000 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: atm1
+# REQUIRE: root
+# BEFORE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="atm"
+rcvar="atm_enable"
+start_cmd="atm_start"
+stop_cmd=":"
+
+# ATM networking startup script
+#
+# Initial interface configuration.
+# N.B. /usr is not mounted.
+#
+atm_start()
+{
+ if [ -n "${natm_interfaces}" ] ; then
+ # Load the HARP pseudo interface
+ load_kld if_harp || return 1
+
+ # Load all the NATM drivers that we need
+ for natm in ${natm_interfaces} ; do
+ ifconfig ${natm} up
+ done
+ fi
+
+ # Load loadable HARP drivers
+ for dev in ${atm_load} ; do
+ load_kld ${dev} || return 1
+ done
+
+ # Locate all probed ATM adapters
+ atmdev=`atm sh stat int | while read dev junk; do
+ case ${dev} in
+ hea[0-9] | hea[0-9][0-9])
+ echo "${dev} "
+ ;;
+ hfa[0-9] | hfa[0-9][0-9])
+ echo "${dev} "
+ ;;
+ idt[0-9] | idt[0-9][0-9])
+ echo "${dev} "
+ ;;
+
+ # NATM interfaces per pseudo driver
+ en[0-9] | en[0-9][0-9])
+ echo "${dev} "
+ ;;
+ fatm[0-9] | fatm[0-9][0-9])
+ echo "${dev} "
+ ;;
+ hatm[0-9] | hatm[0-9][0-9])
+ echo "${dev} "
+ ;;
+ patm[0-9] | patm[0-9][0-9])
+ echo "${dev} "
+ ;;
+ *)
+ continue
+ ;;
+ esac
+ done`
+
+ if [ -z "${atmdev}" ]; then
+ echo 'No ATM adapters found'
+ return 0
+ fi
+
+ # Load microcode into FORE adapters (if needed)
+ if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then
+ fore_dnld
+ fi
+
+ # Configure physical interfaces
+ ilmid=0
+ for phy in ${atmdev}; do
+ echo -n "Configuring ATM device ${phy}:"
+
+ # Define network interfaces
+ eval netif_args=\$atm_netif_${phy}
+ if [ -n "${netif_args}" ]; then
+ atm set netif ${phy} ${netif_args} || continue
+ else
+ echo ' missing network interface definition'
+ continue
+ fi
+
+ # Override physical MAC address
+ eval macaddr_args=\$atm_macaddr_${phy}
+ if [ -n "${macaddr_args}" ]; then
+ case ${macaddr_args} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ atm set mac ${phy} ${macaddr_args} || continue
+ ;;
+ esac
+ fi
+
+ # Configure signalling manager
+ eval sigmgr_args=\$atm_sigmgr_${phy}
+ if [ -n "${sigmgr_args}" ]; then
+ atm attach ${phy} ${sigmgr_args} || continue
+ else
+ echo ' missing signalling manager definition'
+ continue
+ fi
+
+ # Configure UNI NSAP prefix
+ eval prefix_args=\$atm_prefix_${phy}
+ if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then
+ if [ -z "${prefix_args}" ]; then
+ echo ' missing NSAP prefix for UNI interface'
+ continue
+ fi
+
+ case ${prefix_args} in
+ ILMI)
+ ilmid=1
+ ;;
+ *)
+ atm set prefix ${phy} ${prefix_args} || continue
+ ;;
+ esac
+ fi
+
+ atm_phy="${atm_phy} ${phy}"
+ echo '.'
+ done
+
+ echo -n 'Starting initial ATM daemons:'
+ # Start ILMI daemon (if needed)
+ case ${ilmid} in
+ 1)
+ echo -n ' ilmid'
+ ilmid
+ ;;
+ esac
+
+ echo '.'
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/atm2 b/etc/rc.d/atm2
new file mode 100755
index 0000000..ffb63c3
--- /dev/null
+++ b/etc/rc.d/atm2
@@ -0,0 +1,97 @@
+#!/bin/sh
+#
+# Copyright (c) 2000 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: atm2
+# REQUIRE: atm1 netif
+# BEFORE: routing
+# KEYWORD: nojail
+
+#
+# Additional ATM interface configuration
+#
+. /etc/rc.subr
+
+name="atm2"
+rcvar="atm_enable"
+start_cmd="atm2_start"
+stop_cmd=":"
+
+atm2_start()
+{
+ # Configure network interfaces
+
+ # get a list of physical interfaces
+ atm_phy=`atm show stat int | { read junk ; read junk ; \
+ while read dev junk ; do
+ case ${dev} in
+ en[0-9] | en[0-9][0-9])
+ ;;
+ *)
+ echo "${dev} "
+ ;;
+ esac
+ done ; }`
+
+ for phy in ${atm_phy}; do
+ eval netif_args=\$atm_netif_${phy}
+ set -- ${netif_args}
+ # skip unused physical interfaces
+ if [ $# -lt 2 ] ; then
+ continue
+ fi
+
+ netname=$1
+ netcnt=$2
+ netindx=0
+ while [ ${netindx} -lt ${netcnt} ]; do
+ net="${netname}${netindx}"
+ netindx=$((${netindx} + 1))
+ echo -n " ${net}"
+
+ # Configure atmarp server
+ eval atmarp_args=\$atm_arpserver_${net}
+ if [ -n "${atmarp_args}" ]; then
+ atm set arpserver ${net} ${atmarp_args} ||
+ continue
+ fi
+ done
+ done
+ echo '.'
+
+ # Define any permanent ARP entries.
+ if [ -n "${atm_arps}" ]; then
+ for i in ${atm_arps}; do
+ eval arp_args=\$atm_arp_${i}
+ atm add arp ${arp_args}
+ done
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/atm3 b/etc/rc.d/atm3
new file mode 100755
index 0000000..4dbd128
--- /dev/null
+++ b/etc/rc.d/atm3
@@ -0,0 +1,93 @@
+#!/bin/sh
+#
+# Copyright (c) 2000 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# Start ATM daemons
+
+# PROVIDE: atm3
+# REQUIRE: atm2
+# BEFORE: DAEMON
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="atm3"
+rcvar="atm_enable"
+start_cmd="atm3_start"
+stop_cmd=":"
+
+atm3_start()
+{
+ echo -n 'Starting ATM daemons:'
+
+ # Get a list of network interfaces
+ atm_nif=`atm sh netif | { read junk ; \
+ while read dev junk ; do
+ echo "${dev} "
+ done
+ }`
+
+ for net in ${atm_nif} ; do
+ eval atmarp_args=\$atm_arpserver_${net}
+ eval scsparp_args=\$atm_scsparp_${net}
+
+ case ${scsparp_args} in
+ [Yy][Ee][Ss])
+ case ${atmarp_args} in
+ local)
+ ;;
+ *)
+ warn "${net}: local arpserver required for SCSP"
+ continue
+ ;;
+ esac
+
+ atm_atmarpd="${atm_atmarpd} ${net}"
+ atm_scspd=1
+ ;;
+ esac
+ done
+
+ # Start SCSP daemon (if needed)
+ case ${atm_scspd} in
+ 1)
+ echo -n ' scspd'
+ scspd
+ ;;
+ esac
+
+ # Start ATMARP daemon (if needed)
+ if [ -n "${atm_atmarpd}" ]; then
+ echo -n ' atmarpd'
+ atmarpd ${atm_atmarpd}
+ fi
+ echo '.'
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/auditd b/etc/rc.d/auditd
new file mode 100755
index 0000000..4d0760c
--- /dev/null
+++ b/etc/rc.d/auditd
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# Start up for the Audit daemon.
+#
+
+# PROVIDE: auditd
+# REQUIRE: syslogd
+# BEFORE: DAEMON
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="auditd"
+stop_cmd="auditd_stop"
+command="/usr/sbin/${name}"
+rcvar="auditd_enable"
+command_args="${auditd_flags}"
+required_files="/etc/security/audit_class /etc/security/audit_control
+ /etc/security/audit_event /etc/security/audit_user
+ /etc/security/audit_warn"
+
+auditd_stop()
+{
+
+ /usr/sbin/audit -t
+ sleep 1
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/bgfsck b/etc/rc.d/bgfsck
new file mode 100755
index 0000000..3715354
--- /dev/null
+++ b/etc/rc.d/bgfsck
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: bgfsck
+# REQUIRE: cron devfs syslogd
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="background-fsck"
+rcvar="background_fsck"
+start_cmd="bgfsck_start"
+stop_cmd=":"
+
+bgfsck_start ()
+{
+ if [ -z "${rc_force}" ]; then
+ background_fsck_delay=${background_fsck_delay:=0}
+ else
+ background_fsck_delay=0
+ fi
+ if [ ${background_fsck_delay} -lt 0 ]; then
+ echo "Background file system checks delayed indefinitly"
+ return 0
+ fi
+
+ bgfsck_msg='Starting background file system checks'
+ if [ "${background_fsck_delay}" -gt 0 ]; then
+ bgfsck_msg="${bgfsck_msg} in ${background_fsck_delay} seconds"
+ fi
+ if [ -z "${rc_force}" ]; then
+ check_startmsgs && echo "${bgfsck_msg}."
+ fi
+
+ (sleep ${background_fsck_delay}; nice -4 fsck -B -p) 2>&1 | \
+ logger -p daemon.notice -t fsck &
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/bluetooth b/etc/rc.d/bluetooth
new file mode 100755
index 0000000..183f835
--- /dev/null
+++ b/etc/rc.d/bluetooth
@@ -0,0 +1,365 @@
+#!/bin/sh
+#
+# Copyright (c) 2005 Maksim Yevmenkin <m_evmenkin@yahoo.com>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+
+# PROVIDE: bluetooth
+# REQUIRE: DAEMON
+# KEYWORD: nojail nostart
+
+. /etc/rc.subr
+
+name="bluetooth"
+rcvar=
+start_cmd="bluetooth_start"
+stop_cmd="bluetooth_stop"
+required_modules="ng_bluetooth ng_hci ng_l2cap ng_btsocket"
+
+##############################################################################
+# Read and parse Bluetooth device configuration file
+##############################################################################
+
+bluetooth_read_conf()
+{
+ local _err _file _line _namespace
+
+ _file=$1
+ _namespace=$2
+ _err=0
+
+ if [ ! -e $_file ]; then
+ return 0
+ fi
+
+ if [ ! -f $_file -o ! -r $_file ]; then
+ err 1 "Bluetooth configuration file $_file is not a file or not readable"
+ fi
+
+ while read _line
+ do
+ case "$_line" in
+ \#*)
+ continue
+ ;;
+
+ *)
+ if [ -z "$_line" ]; then
+ continue;
+ fi
+
+
+ if expr "$_line" : "[a-zA-Z0-9_]*=" > /dev/null 2>&1; then
+ eval "${_namespace}${_line}"
+ else
+ warn "Unable to parse line \"$_line\" in $_file"
+ _err=1
+ fi
+ ;;
+ esac
+ done < $_file
+
+ return $_err
+}
+
+##############################################################################
+# Setup Bluetooth stack. Create and connect nodes
+##############################################################################
+
+bluetooth_setup_stack()
+{
+ dev=$1
+ shift
+ hook=$1
+ shift
+
+ # Setup HCI
+ ngctl mkpeer ${dev}: hci ${hook} drv \
+ > /dev/null 2>&1 || return 1
+
+ ngctl name ${dev}:${hook} ${dev}hci \
+ > /dev/null 2>&1 || return 1
+
+ ngctl msg ${dev}hci: set_debug ${bluetooth_device_hci_debug_level} \
+ > /dev/null 2>&1 || return 1
+
+ # Setup L2CAP
+ ngctl mkpeer ${dev}hci: l2cap acl hci \
+ > /dev/null 2>&1 || return 1
+
+ ngctl name ${dev}hci:acl ${dev}l2cap \
+ > /dev/null 2>&1 || return 1
+
+ ngctl msg ${dev}l2cap: set_debug ${bluetooth_device_l2cap_debug_level} \
+ > /dev/null 2>&1 || return 1
+
+ # Connect HCI node to the Bluetooth sockets layer
+ ngctl connect ${dev}hci: btsock_hci_raw: raw ${dev}raw \
+ > /dev/null 2>&1 || return 1
+
+ # Connect L2CAP node to Bluetooth sockets layer
+ ngctl connect ${dev}l2cap: btsock_l2c_raw: ctl ${dev}ctl \
+ > /dev/null 2>&1 || return 1
+
+ ngctl connect ${dev}l2cap: btsock_l2c: l2c ${dev}l2c \
+ > /dev/null 2>&1 || return 1
+
+ # Initilalize HCI node
+ ${hccontrol} -n ${dev}hci reset \
+ > /dev/null 2>&1 || return 1
+
+ ${hccontrol} -n ${dev}hci read_bd_addr \
+ > /dev/null 2>&1 || return 1
+
+ ${hccontrol} -n ${dev}hci read_local_supported_features \
+ > /dev/null 2>&1 || return 1
+
+ ${hccontrol} -n ${dev}hci read_buffer_size \
+ > /dev/null 2>&1 || return 1
+
+ if checkyesno bluetooth_device_discoverable; then
+ if checkyesno bluetooth_device_connectable; then
+ ${hccontrol} -n ${dev}hci write_scan_enable 3 \
+ > /dev/null 2>&1 || return 1
+ else
+ ${hccontrol} -n ${dev}hci write_scan_enable 1 \
+ > /dev/null 2>&1 || return 1
+ fi
+ else
+ if checkyesno bluetooth_device_connectable; then
+ ${hccontrol} -n ${dev}hci write_scan_enable 2 \
+ > /dev/null 2>&1 || return 1
+ else
+ ${hccontrol} -n ${dev}hci write_scan_enable 0 \
+ > /dev/null 2>&1 || return 1
+ fi
+ fi
+
+
+ ${hccontrol} -n ${dev}hci write_class_of_device ${bluetooth_device_class} \
+ > /dev/null 2>&1 || return 1
+
+ if checkyesno bluetooth_device_authentication_enable; then
+ ${hccontrol} -n ${dev}hci write_authentication_enable 1 \
+ > /dev/null 2>&1 || return 1
+ else
+ ${hccontrol} -n ${dev}hci write_authentication_enable 0 \
+ > /dev/null 2>&1 || return 1
+ fi
+
+ case "${bluetooth_device_encryption_mode}" in
+ [Nn][Oo][Nn][Ee]|0)
+ ${hccontrol} -n ${dev}hci write_encryption_mode 0 \
+ > /dev/null 2>&1 || return 1
+ ;;
+
+ [Pp][2][Pp]|1)
+ ${hccontrol} -n ${dev}hci write_encryption_mode 1 \
+ > /dev/null 2>&1 || return 1
+ ;;
+
+ [Al][Ll][Ll]|2)
+ ${hccontrol} -n ${dev}hci write_encryption_mode 2 \
+ > /dev/null 2>&1 || return 1
+ ;;
+
+ *)
+ warn "Unsupported encryption mode ${bluetooth_device_encryption_mode} for device ${dev}"
+ return 1
+ ;;
+ esac
+
+ if checkyesno bluetooth_device_role_switch; then
+ ${hccontrol} -n ${dev}hci write_node_role_switch 1 \
+ > /dev/null 2>&1 || return 1
+ else
+ ${hccontrol} -n ${dev}hci write_node_role_switch 0 \
+ > /dev/null 2>&1 || return 1
+ fi
+
+ ${hccontrol} -n ${dev}hci change_local_name "${bluetooth_device_local_name}" \
+ > /dev/null 2>&1 || return 1
+
+ ${hccontrol} -n ${dev}hci initialize \
+ > /dev/null 2>&1 || return 1
+
+ return 0
+}
+
+##############################################################################
+# Shutdown Bluetooth stack. Destroy all nodes
+##############################################################################
+
+bluetooth_shutdown_stack()
+{
+ dev=$1
+
+ ngctl shutdown ${dev}hci: > /dev/null 2>&1
+ ngctl shutdown ${dev}l2cap: > /dev/null 2>&1
+
+ return 0
+}
+
+##############################################################################
+# bluetooth_start()
+##############################################################################
+
+bluetooth_start()
+{
+ local _file
+
+ dev=$1
+
+ # Try to figure out device type by looking at device name
+ case "${dev}" in
+ # uartX - serial/UART Bluetooth device
+ uart*)
+ load_kld ng_h4 || return 1
+
+ hook="hook"
+
+ # Obtain unit number from device.
+ unit=`expr ${dev} : 'uart\([0-9]\{1,\}\)'`
+ if [ -z "${unit}" ]; then
+ err 1 "Unable to get uart unit number: ${dev}"
+ fi
+
+ ${hcseriald} -f /dev/cuau${unit} -n ${dev}
+ sleep 1 # wait a little bit
+
+ if [ ! -f "/var/run/hcseriald.${dev}.pid" ]; then
+ err 1 "Unable to start hcseriald on ${dev}"
+ fi
+ ;;
+
+ # 3Com Bluetooth Adapter 3CRWB60-A
+ btccc*)
+ hook="hook"
+
+ # Obtain unit number from device.
+ unit=`expr ${dev} : 'btccc\([0-9]\{1,\}\)'`
+ if [ -z "${unit}" ]; then
+ err 1 "Unable to get bt3c unit number: ${dev}"
+ fi
+ ;;
+
+ # USB Bluetooth adapters
+ ubt*)
+ hook="hook"
+
+ # Obtain unit number from device.
+ unit=`expr ${dev} : 'ubt\([0-9]\{1,\}\)'`
+ if [ -z "${unit}" ]; then
+ err 1 "Unable to get ubt unit number: ${dev}"
+ fi
+ ;;
+
+ # Unknown
+ *)
+ err 1 "Unsupported device: ${dev}"
+ ;;
+ esac
+
+ # Be backward compatible and setup reasonable defaults
+ bluetooth_device_authentication_enable="0"
+ bluetooth_device_class="ff:01:0c"
+ bluetooth_device_connectable="1"
+ bluetooth_device_discoverable="1"
+ bluetooth_device_encryption_mode="0"
+ bluetooth_device_hci_debug_level="3"
+ bluetooth_device_l2cap_debug_level="3"
+ bluetooth_device_local_name="`/usr/bin/uname -n` (${dev})"
+ bluetooth_device_role_switch="1"
+
+ # Load default device configuration parameters
+ _file="/etc/defaults/bluetooth.device.conf"
+
+ if ! bluetooth_read_conf $_file bluetooth_device_ ; then
+ err 1 "Unable to read default Bluetooth configuration from $_file"
+ fi
+
+ # Load device specific overrides
+ _file="/etc/bluetooth/$dev.conf"
+
+ if ! bluetooth_read_conf $_file bluetooth_device_ ; then
+ err 1 "Unable to read Bluetooth device configuration from $_file"
+ fi
+
+ # Setup stack
+ if ! bluetooth_setup_stack ${dev} ${hook} ; then
+ bluetooth_shutdown_stack $dev
+ err 1 "Unable to setup Bluetooth stack for device ${dev}"
+ fi
+
+ return 0
+}
+
+##############################################################################
+# bluetooth_stop()
+##############################################################################
+
+bluetooth_stop()
+{
+ dev=$1
+
+ # Try to figure out device type by looking at device name
+ case "${dev}" in
+ # uartX - serial/UART Bluetooth device
+ uart*)
+ if [ -f "/var/run/hcseriald.${dev}.pid" ]; then
+ kill `cat /var/run/hcseriald.${dev}.pid`
+ sleep 1 # wait a little bit
+ fi
+ ;;
+
+ # 3Com Bluetooth Adapter 3CRWB60-A
+ btccc*)
+ ;;
+
+ # USB Bluetooth adapters
+ ubt*)
+ ;;
+
+ # Unknown
+ *)
+ err 1 "Unsupported device: ${dev}"
+ ;;
+ esac
+
+ bluetooth_shutdown_stack ${dev}
+
+ return 0
+}
+
+##############################################################################
+# Start here
+##############################################################################
+
+load_rc_config $name
+hccontrol="${bluetooth_hccontrol:-/usr/sbin/hccontrol}"
+hcseriald="${bluetooth_hcseriald:-/usr/sbin/hcseriald}"
+
+run_rc_command $*
+
diff --git a/etc/rc.d/bootparams b/etc/rc.d/bootparams
new file mode 100755
index 0000000..1081bbf
--- /dev/null
+++ b/etc/rc.d/bootparams
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: bootparams
+# REQUIRE: rpcbind DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="bootparamd"
+rcvar=`set_rcvar`
+required_files="/etc/bootparams"
+command="/usr/sbin/${name}"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/bridge b/etc/rc.d/bridge
new file mode 100755
index 0000000..2c3bfd0
--- /dev/null
+++ b/etc/rc.d/bridge
@@ -0,0 +1,93 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 The FreeBSD Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: bridge
+# REQUIRE: netif faith ppp stf
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="bridge"
+start_cmd="bridge_start"
+stop_cmd="bridge_stop"
+cmd=""
+
+glob_int () {
+ case "$1" in
+ $2 ) true ;;
+ * ) false ;;
+ esac
+}
+
+bridge_test () {
+ bridge=$1
+ iface=$2
+
+ eval interfaces=\$autobridge_${bridge}
+ if [ -n "${interfaces}" ]; then
+ for i in ${interfaces}; do
+ if glob_int $iface $i ; then
+ ifconfig $bridge $cmd $iface > /dev/null 2>&1
+ return
+ fi
+ done
+ fi
+}
+
+autobridge()
+{
+ if [ -n "${autobridge_interfaces}" ]; then
+ if [ -z "$iflist" ]; then
+ # We're operating as a general network start routine.
+ iflist="`list_net_interfaces`"
+ fi
+
+ for br in ${autobridge_interfaces}; do
+ for i in $iflist; do
+ bridge_test $br $i
+ done
+ done
+ fi
+}
+
+bridge_start()
+{
+ cmd="addm"
+ autobridge
+}
+
+bridge_stop()
+{
+ cmd="deletem"
+ autobridge
+}
+
+iflist=$2
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/bsnmpd b/etc/rc.d/bsnmpd
new file mode 100755
index 0000000..c24a08f
--- /dev/null
+++ b/etc/rc.d/bsnmpd
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: bsnmpd
+# REQUIRE: NETWORKING syslogd
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="bsnmpd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+pidfile="/var/run/snmpd.pid"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/bthidd b/etc/rc.d/bthidd
new file mode 100755
index 0000000..907305e
--- /dev/null
+++ b/etc/rc.d/bthidd
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: bthidd
+# REQUIRE: DAEMON hcsecd
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="bthidd"
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+rcvar=`set_rcvar`
+start_precmd="bthidd_prestart"
+
+bthidd_prestart()
+{
+ load_kld -m kbdmux kbdmux
+ load_kld -m vkbd vkbd
+ load_kld -m ng_btsocket ng_btsocket
+ return 0
+}
+
+load_rc_config $name
+config="${bthidd_config:-/etc/bluetooth/${name}.conf}"
+hids="${bthidd_hids:-/var/db/${name}.hids}"
+command_args="-c ${config} -H ${hids} -p ${pidfile}"
+required_files="${config}"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ccd b/etc/rc.d/ccd
new file mode 100755
index 0000000..1188148
--- /dev/null
+++ b/etc/rc.d/ccd
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ccd"
+start_cmd="ccd_start"
+stop_cmd=":"
+
+ccd_start()
+{
+ if [ -f /etc/ccd.conf ]; then
+ echo "Configuring CCD devices."
+ ccdconfig -C
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/cleanvar b/etc/rc.d/cleanvar
new file mode 100755
index 0000000..490b5c5
--- /dev/null
+++ b/etc/rc.d/cleanvar
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: cleanvar
+# REQUIRE: FILESYSTEMS var
+
+. /etc/rc.subr
+
+name="cleanvar"
+rcvar=`set_rcvar`
+
+start_precmd="${name}_prestart"
+start_cmd="${name}_start"
+stop_cmd=":"
+
+extra_commands="reload"
+reload_cmd="${name}_start"
+
+purgedir()
+{
+ local dir file
+
+ if [ $# -eq 0 ]; then
+ purgedir .
+ else
+ for dir
+ do
+ (
+ cd "$dir" && for file in .* *
+ do
+ # Skip over logging sockets
+ [ -S "$file" -a "$file" = "log" ] && continue
+ [ -S "$file" -a "$file" = "logpriv" ] && continue
+ [ ."$file" = .. -o ."$file" = ... ] && continue
+ if [ -d "$file" -a ! -L "$file" ]
+ then
+ purgedir "$file"
+ else
+ rm -f -- "$file"
+ fi
+ done
+ )
+ done
+ fi
+}
+
+cleanvar_prestart()
+{
+ # These files must be removed only the first time this script is run
+ # on boot.
+ #
+ rm -f /var/run/clean_var /var/spool/lock/clean_var
+}
+
+cleanvar_start ()
+{
+ if [ -d /var/run -a ! -f /var/run/clean_var ]; then
+ purgedir /var/run
+ # And an initial utmpx active session file
+ (cd /var/run && cp /dev/null utx.active && chmod 644 utx.active)
+ >/var/run/clean_var
+ fi
+ if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then
+ purgedir /var/spool/lock
+ >/var/spool/lock/clean_var
+ fi
+ rm -rf /var/spool/uucp/.Temp/*
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/cleartmp b/etc/rc.d/cleartmp
new file mode 100755
index 0000000..0d84987
--- /dev/null
+++ b/etc/rc.d/cleartmp
@@ -0,0 +1,60 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: cleartmp
+# REQUIRE: mountcritremote tmp
+# BEFORE: DAEMON
+
+. /etc/rc.subr
+
+name="cleartmp"
+# Disguise rcvar for the start method to run irrespective of its setting.
+rcvar1=`set_rcvar clear_tmp`
+start_cmd="${name}_start"
+stop_cmd=":"
+
+cleartmp_start()
+{
+ # Make /tmp location variable for easier debugging.
+ local tmp="/tmp"
+
+ # X related directories to create in /tmp.
+ local x11_socket_dirs="${tmp}/.X11-unix ${tmp}/.XIM-unix \
+ ${tmp}/.ICE-unix ${tmp}/.font-unix"
+
+ if checkyesno ${rcvar1}; then
+ check_startmsgs && echo "Clearing ${tmp}."
+
+ # This is not needed for mfs, but doesn't hurt anything.
+ # Things to note:
+ # + The dot in ${tmp}/. is important.
+ # + Put -prune before -exec so find never descends
+ # into a directory that was already passed to rm -rf.
+ # + "--" in rm arguments isn't strictly necessary, but
+ # it can prevent foot-shooting in future.
+ # + /tmp/lost+found is preserved, but its contents are removed.
+ # + lost+found and quota.* in subdirectories are removed.
+ # + .sujournal and .snap are preserved.
+ find -x ${tmp}/. ! -name . \
+ ! \( -name .sujournal -type f -user root \) \
+ ! \( -name .snap -type d -user root \) \
+ ! \( -name lost+found -type d -user root \) \
+ ! \( \( -name quota.user -or -name quota.group \) \
+ -type f -user root \) \
+ -prune -exec rm -rf -- {} +
+ elif checkyesno clear_tmp_X; then
+ # Remove X lock files, since they will prevent you from
+ # restarting X. Remove other X related directories.
+ check_startmsgs && echo "Clearing ${tmp} (X related)."
+ rm -rf ${tmp}/.X[0-9]-lock ${x11_socket_dirs}
+ fi
+ if checkyesno clear_tmp_X; then
+ # Create X related directories with proper permissions.
+ mkdir -m 1777 ${x11_socket_dirs}
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/cron b/etc/rc.d/cron
new file mode 100755
index 0000000..cc87d42
--- /dev/null
+++ b/etc/rc.d/cron
@@ -0,0 +1,23 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: cron
+# REQUIRE: LOGIN cleanvar
+# BEFORE: securelevel
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="cron"
+rcvar="`set_rcvar`"
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+
+load_rc_config $name
+if checkyesno cron_dst
+then
+ cron_flags="$cron_flags -s"
+fi
+run_rc_command "$1"
diff --git a/etc/rc.d/ddb b/etc/rc.d/ddb
new file mode 100755
index 0000000..51e24ea
--- /dev/null
+++ b/etc/rc.d/ddb
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ddb
+# REQUIRE: dumpon
+# BEFORE: disks
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ddb"
+rcvar=`set_rcvar`
+command="/sbin/${name}"
+start_precmd="ddb_prestart"
+stop_cmd=":"
+
+ddb_prestart()
+{
+ # Silently exit if ddb is not enabled
+ if [ -z "`sysctl -Nq debug.ddb.scripting.scripts`" ]; then
+ return 1
+ fi
+}
+
+load_rc_config $name
+
+required_files="${ddb_config}"
+command_args="${ddb_config}"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/defaultroute b/etc/rc.d/defaultroute
new file mode 100755
index 0000000..ea54c83
--- /dev/null
+++ b/etc/rc.d/defaultroute
@@ -0,0 +1,73 @@
+#!/bin/sh
+#
+# Wait for the default route to be up if DHCP is in use
+#
+# $FreeBSD$
+#
+
+# PROVIDE: defaultroute
+# REQUIRE: devd faith netif stf
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="defaultroute"
+start_cmd="defaultroute_start"
+stop_cmd=":"
+
+# Does any interface have a carrier?
+defaultroute_carrier()
+{
+ local carrier nocarrier
+
+ carrier=1
+ for _if in ${dhcp_interfaces}; do
+ output=`/sbin/ifconfig ${_if}`
+ nocarrier=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'`
+ [ -z "${nocarrier}" ] && carrier=0
+ done
+ return ${carrier}
+}
+
+defaultroute_start()
+{
+ local nl waited
+
+ afexists inet || return 0
+
+ # Return without waiting if we don't have dhcp interfaces or
+ # if none of the dhcp interfaces is plugged in.
+ dhcp_interfaces=`list_net_interfaces dhcp`
+ [ -z "${dhcp_interfaces}" ] && return
+
+ # Wait for a default route
+ waited=0
+ while [ ${waited} -lt ${defaultroute_delay} ]; do
+ defif=`get_default_if -inet`
+ if [ -n "${defif}" ]; then
+ if [ ${waited} -ne 0 ]; then
+ echo -n "($defif)"
+ nl=1
+ fi
+ break
+ fi
+ if [ ${waited} -eq 0 ]; then
+ echo -n "Waiting ${defaultroute_delay}s for the default route interface: "
+ else
+ echo -n .
+ fi
+ if [ ${waited} -eq ${defaultroute_carrier_delay} ] && ! defaultroute_carrier; then
+ echo -n "(no carrier)"
+ break
+ fi
+ nl=1
+ sleep 1
+ waited=$(($waited + 1))
+ done
+
+ [ -n "$nl" ] && echo
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/devd b/etc/rc.d/devd
new file mode 100755
index 0000000..e257da6
--- /dev/null
+++ b/etc/rc.d/devd
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: devd
+# REQUIRE: netif
+# BEFORE: NETWORKING mountcritremote
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="devd"
+rcvar=`set_rcvar`
+command="/sbin/${name}"
+
+start_precmd=${name}_prestart
+stop_precmd=find_pidfile
+
+find_pidfile()
+{
+ if get_pidfile_from_conf pid-file /etc/devd.conf; then
+ pidfile="$_pidfile_from_conf"
+ else
+ pidfile="/var/run/${name}.pid"
+ fi
+}
+
+devd_prestart ()
+{
+ find_pidfile
+
+ # If devd is disabled, turn it off in the kernel to avoid memory leaks.
+ if ! checkyesno ${rcvar}; then
+ $SYSCTL hw.bus.devctl_disable=1
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/devfs b/etc/rc.d/devfs
new file mode 100755
index 0000000..82278af
--- /dev/null
+++ b/etc/rc.d/devfs
@@ -0,0 +1,70 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: devfs
+# REQUIRE: mountcritremote
+# BEFORE: SERVERS securelevel
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="devfs"
+start_cmd='devfs_start'
+stop_cmd=':'
+
+devfs_start()
+{
+ if [ -n "$devfs_system_ruleset" -o -n "$devfs_set_rulesets" ]; then
+ devfs_init_rulesets
+ if [ -n "$devfs_system_ruleset" ]; then
+ devfs_set_ruleset $devfs_system_ruleset /dev
+ devfs_apply_ruleset $devfs_system_ruleset /dev
+ fi
+ if [ -n "$devfs_set_rulesets" ]; then
+ local _dir_set
+ local _dir
+ local _set
+ for _dir_set in $devfs_set_rulesets; do
+ _dir=${_dir_set%=*}
+ _set=${_dir_set#*=}
+ devfs_set_ruleset $_set $_dir
+ devfs_apply_ruleset $_set $_dir
+ done
+ fi
+ fi
+ read_devfs_conf
+}
+
+read_devfs_conf()
+{
+ if [ -r /etc/devfs.conf ]; then
+ cd /dev
+ while read action devicelist parameter; do
+ case "${action}" in
+ l*) for device in ${devicelist}; do
+ if [ ! -e ${parameter} ]; then
+ ln -fs ${device} ${parameter}
+ fi
+ done
+ ;;
+ o*) for device in ${devicelist}; do
+ if [ -c ${device} ]; then
+ chown ${parameter} ${device}
+ fi
+ done
+ ;;
+ p*) for device in ${devicelist}; do
+ if [ -c ${device} ]; then
+ chmod ${parameter} ${device}
+ fi
+ done
+ ;;
+ esac
+ done < /etc/devfs.conf
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/dhclient b/etc/rc.d/dhclient
new file mode 100755
index 0000000..adba369
--- /dev/null
+++ b/etc/rc.d/dhclient
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: dhclient
+# KEYWORD: nojail nostart
+
+. /etc/rc.subr
+. /etc/network.subr
+
+ifn="$2"
+
+name="dhclient"
+rcvar=
+pidfile="/var/run/${name}.${ifn}.pid"
+start_precmd="dhclient_prestart"
+stop_precmd="dhclient_pre_check"
+
+# rc_force check can only be done at the run_rc_command
+# time, so we're testing it in the pre* hooks.
+dhclient_pre_check()
+{
+ if [ -z "${rc_force}" ] && ! dhcpif $ifn; then
+ err 1 "'$ifn' is not a DHCP-enabled interface"
+ fi
+}
+
+dhclient_prestart()
+{
+ dhclient_pre_check
+
+ # Interface-specific flags (see rc.subr for $flags setting)
+ specific=$(get_if_var $ifn dhclient_flags_IF)
+ if [ -z "$flags" -a -n "$specific" ]; then
+ rc_flags=$specific
+ fi
+
+ background_dhclient=$(get_if_var $ifn background_dhclient_IF $background_dhclient)
+ if checkyesno background_dhclient; then
+ rc_flags="${rc_flags} -b"
+ fi
+
+ rc_flags="${rc_flags} ${ifn}"
+}
+
+load_rc_config $name
+load_rc_config network
+
+if [ -z $ifn ] ; then
+ # only complain if a command was specified but no interface
+ if [ -n "$1" ] ; then
+ err 1 "$0: no interface specified"
+ fi
+fi
+
+run_rc_command "$1"
diff --git a/etc/rc.d/dmesg b/etc/rc.d/dmesg
new file mode 100755
index 0000000..c6cdca3
--- /dev/null
+++ b/etc/rc.d/dmesg
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: dmesg
+# REQUIRE: mountcritremote cleanvar
+# BEFORE: DAEMON
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="dmesg"
+rcvar=`set_rcvar`
+dmesg_file="/var/run/dmesg.boot"
+start_cmd="do_dmesg"
+stop_cmd=":"
+
+do_dmesg()
+{
+ rm -f ${dmesg_file}
+ ( umask 022 ; /sbin/dmesg $rc_flags > ${dmesg_file} )
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/dumpon b/etc/rc.d/dumpon
new file mode 100755
index 0000000..ce5fc1c
--- /dev/null
+++ b/etc/rc.d/dumpon
@@ -0,0 +1,69 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: dumpon
+# REQUIRE: zvol
+# BEFORE: disks
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="dumpon"
+start_cmd="dumpon_start"
+stop_cmd="dumpon_stop"
+
+dumpon_try()
+{
+ if /sbin/dumpon "${1}" ; then
+ # Make a symlink in devfs for savecore
+ ln -fs "${1}" /dev/dumpdev
+ return 0
+ fi
+ warn "unable to specify $1 as a dump device"
+ return 1
+}
+
+dumpon_start()
+{
+ # Enable dumpdev so that savecore can see it. Enable it
+ # early so a crash early in the boot process can be caught.
+ #
+ case ${dumpdev} in
+ [Nn][Oo] | '')
+ ;;
+ [Aa][Uu][Tt][Oo])
+ dev=$(/bin/kenv -q dumpdev)
+ if [ -n "${dev}" ] ; then
+ dumpon_try "${dev}"
+ return $?
+ fi
+ while read dev mp type more ; do
+ [ "${type}" = "swap" ] || continue
+ [ -c "${dev}" ] || continue
+ dumpon_try "${dev}" 2>/dev/null && return 0
+ done </etc/fstab
+ echo "No suitable dump device was found." 1>&2
+ return 1
+ ;;
+ *)
+ dumpon_try "${dumpdev}"
+ ;;
+ esac
+}
+
+dumpon_stop()
+{
+ case ${dumpdev} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ rm -f /dev/dumpdev
+ /sbin/dumpon -v off
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/encswap b/etc/rc.d/encswap
new file mode 100755
index 0000000..6221998
--- /dev/null
+++ b/etc/rc.d/encswap
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# REQUIRE: initrandom
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="encswap"
+start_cmd="encswap_attach"
+stop_cmd="encswap_detach"
+
+encswap_attach()
+{
+ while read device mountpoint type options rest ; do
+ case ":${device}:${type}:${options}" in
+ :#*)
+ continue
+ ;;
+ *.bde:swap:sw)
+ passphrase=`dd if=/dev/random count=1 2>/dev/null | md5 -q`
+ device="${device%.bde}"
+ gbde init "${device}" -P "${passphrase}" || return 1
+ gbde attach "${device}" -p "${passphrase}" || return 1
+ ;;
+ *.eli:swap:sw)
+ device="${device%.eli}"
+ geli onetime ${geli_swap_flags} "${device}" || return 1
+ ;;
+ esac
+ done < /etc/fstab
+}
+
+encswap_detach()
+{
+ while read device mountpoint type options rest ; do
+ case ":${device}:${type}:${options}" in
+ :#*)
+ continue
+ ;;
+ *.bde:swap:sw)
+ device="${device%.bde}"
+ gbde detach "${device}"
+ ;;
+ *.eli:swap:sw)
+ # Nothing here, because geli swap devices should be
+ # created with the auto-detach-on-last-close option.
+ ;;
+ esac
+ done < /etc/fstab
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/faith b/etc/rc.d/faith
new file mode 100755
index 0000000..4790ebd
--- /dev/null
+++ b/etc/rc.d/faith
@@ -0,0 +1,75 @@
+#!/bin/sh
+# $FreeBSD$
+#
+
+# PROVIDE: faith
+# REQUIRE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="faith"
+start_cmd="faith_up"
+stop_cmd="faith_down"
+
+faith_up()
+{
+ case ${ipv6_faith_prefix} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ echo "Configuring IPv6-to-IPv4 TCP relay capturing interface:" \
+ " faith0."
+ ${SYSCTL} net.inet6.ip6.keepfaith=1
+ ifconfig faith0 create >/dev/null 2>&1
+ ifconfig faith0 up
+ for prefix in ${ipv6_faith_prefix}; do
+ prefixlen=`expr "${prefix}" : ".*/\(.*\)"`
+ case ${prefixlen} in
+ '')
+ prefixlen=96
+ ;;
+ *)
+ prefix=`expr "${prefix}" : \
+ "\(.*\)/${prefixlen}"`
+ ;;
+ esac
+ route add -inet6 ${prefix} -prefixlen ${prefixlen} ::1
+ route change -inet6 ${prefix} -prefixlen ${prefixlen} \
+ -ifp faith0
+ done
+ check_startmsgs && ifconfig faith0
+ ;;
+ esac
+}
+
+faith_down()
+{
+ echo "Removing IPv6-to-IPv4 TCP relay capturing interface: faith0."
+ ifconfig faith0 destroy
+ ${SYSCTL} net.inet6.ip6.keepfaith=0
+
+ case ${ipv6_faith_prefix} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ for prefix in ${ipv6_faith_prefix}; do
+ prefixlen=`expr "${prefix}" : ".*/\(.*\)"`
+ case ${prefixlen} in
+ '')
+ prefixlen=96
+ ;;
+ *)
+ prefix=`expr "${prefix}" : \
+ "\(.*\)/${prefixlen}"`
+ ;;
+ esac
+ route delete -inet6 ${prefix} -prefixlen ${prefixlen}
+ done
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/fsck b/etc/rc.d/fsck
new file mode 100755
index 0000000..c1fe155
--- /dev/null
+++ b/etc/rc.d/fsck
@@ -0,0 +1,78 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: fsck
+# REQUIRE: localswap
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="fsck"
+start_cmd="fsck_start"
+stop_cmd=":"
+
+fsck_start()
+{
+ if [ "$autoboot" = no ]; then
+ echo "Fast boot: skipping disk checks."
+ elif [ ! -r /etc/fstab ]; then
+ echo "Warning! No /etc/fstab: skipping disk checks."
+ elif [ "$autoboot" = yes ]; then
+ # During fsck ignore SIGQUIT
+ trap : 3
+
+ check_startmsgs && echo "Starting file system checks:"
+ if checkyesno background_fsck; then
+ fsck -F -p
+ else
+ fsck -p
+ fi
+
+ case $? in
+ 0)
+ ;;
+ 2)
+ stop_boot
+ ;;
+ 4)
+ echo "Rebooting..."
+ reboot
+ echo "Reboot failed; help!"
+ stop_boot
+ ;;
+ 8)
+ if checkyesno fsck_y_enable; then
+ echo "File system preen failed, trying fsck -y ${fsck_y_flags}"
+ fsck -y ${fsck_y_flags}
+ case $? in
+ 0)
+ ;;
+ *)
+ echo "Automatic file system check failed; help!"
+ stop_boot
+ ;;
+ esac
+ else
+ echo "Automatic file system check failed; help!"
+ stop_boot
+ fi
+ ;;
+ 12)
+ echo "Boot interrupted."
+ stop_boot
+ ;;
+ 130)
+ stop_boot
+ ;;
+ *)
+ echo "Unknown error; help!"
+ stop_boot
+ ;;
+ esac
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ftp-proxy b/etc/rc.d/ftp-proxy
new file mode 100755
index 0000000..6712e68
--- /dev/null
+++ b/etc/rc.d/ftp-proxy
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ftp-proxy
+# REQUIRE: DAEMON pf
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ftpproxy"
+rcvar=`set_rcvar`
+command="/usr/sbin/ftp-proxy"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ftpd b/etc/rc.d/ftpd
new file mode 100755
index 0000000..338d735
--- /dev/null
+++ b/etc/rc.d/ftpd
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ftpd
+# REQUIRE: LOGIN cleanvar
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ftpd"
+rcvar=`set_rcvar`
+command="/usr/libexec/${name}"
+pidfile="/var/run/${name}.pid"
+start_precmd=ftpd_prestart
+
+ftpd_prestart()
+{
+ rc_flags="-D ${rc_flags}"
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/gbde b/etc/rc.d/gbde
new file mode 100755
index 0000000..6117b86
--- /dev/null
+++ b/etc/rc.d/gbde
@@ -0,0 +1,119 @@
+#!/bin/sh
+#
+# This file, originally written by Garrett A. Wollman, is in the public
+# domain.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="gbde"
+start_precmd="find_gbde_devices start"
+stop_precmd="find_gbde_devices stop"
+start_cmd="gbde_start"
+stop_cmd="gbde_stop"
+
+find_gbde_devices()
+{
+ case "${gbde_devices-auto}" in
+ [Aa][Uu][Tt][Oo])
+ gbde_devices=""
+ ;;
+ *)
+ return 0
+ ;;
+ esac
+
+ case "$1" in
+ start)
+ fstab="/etc/fstab"
+ ;;
+ stop)
+ fstab=$(mktemp /tmp/mtab.XXXXXX)
+ mount -p >${fstab}
+ ;;
+ esac
+
+ #
+ # We can't use "mount -p | while ..." because when a shell loop
+ # is the target of a pipe it executes in a subshell, and so can't
+ # modify variables in the script.
+ #
+ while read device mountpt type options dump pass; do
+ case "$device" in
+ *.bde)
+ # Ignore swap devices
+ case "$type" in
+ swap)
+ continue
+ ;;
+ esac
+
+ case "$options" in
+ *noauto*)
+ if checkyesno gbde_autoattach_all; then
+ gbde_devices="${gbde_devices} ${device}"
+ fi
+ ;;
+ *)
+ gbde_devices="${gbde_devices} ${device}"
+ ;;
+ esac
+ ;;
+ esac
+ done <${fstab}
+
+ case "$1" in
+ stop)
+ rm -f ${fstab}
+ ;;
+ esac
+
+ return 0
+}
+
+gbde_start()
+{
+ for device in $gbde_devices; do
+ parent=${device%.bde}
+ parent=${parent#/dev/}
+ parent_=`ltr ${parent} '/' '_'`
+ eval "lock=\${gbde_lock_${parent_}-\"${gbde_lockdir}/${parent_}.lock\"}"
+ if [ -e "/dev/${parent}" -a ! -e "/dev/${parent}.bde" ]; then
+ echo "Configuring Disk Encryption for ${parent}."
+
+ count=1
+ while [ ${count} -le ${gbde_attach_attempts} ]; do
+ if [ -e "${lock}" ]; then
+ gbde attach ${parent} -l ${lock}
+ else
+ gbde attach ${parent}
+ fi
+ if [ -e "/dev/${parent}.bde" ]; then
+ break
+ fi
+ echo "Attach failed; attempt ${count} of ${gbde_attach_attempts}."
+ count=$((${count} + 1))
+ done
+ fi
+ done
+}
+
+gbde_stop()
+{
+ for device in $gbde_devices; do
+ parent=${device%.bde}
+ parent=${parent#/dev/}
+ if [ -e "/dev/${parent}.bde" ]; then
+ umount "/dev/${parent}.bde" 2>/dev/null
+ gbde detach "${parent}"
+ fi
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/geli b/etc/rc.d/geli
new file mode 100755
index 0000000..736b10a
--- /dev/null
+++ b/etc/rc.d/geli
@@ -0,0 +1,90 @@
+#!/bin/sh
+#
+# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: disks
+# REQUIRE: initrandom
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="geli"
+start_precmd='[ -n "$(geli_make_list)" ]'
+start_cmd="geli_start"
+stop_cmd="geli_stop"
+required_modules="geom_eli:g_eli"
+
+geli_start()
+{
+ devices=`geli_make_list`
+
+ if [ -z "${geli_tries}" ]; then
+ if [ -n "${geli_attach_attempts}" ]; then
+ # Compatibility with rc.d/gbde.
+ geli_tries=${geli_attach_attempts}
+ else
+ geli_tries=`${SYSCTL_N} kern.geom.eli.tries`
+ fi
+ fi
+
+ for provider in ${devices}; do
+ provider_=`ltr ${provider} '/' '_'`
+
+ eval "flags=\${geli_${provider_}_flags}"
+ if [ -z "${flags}" ]; then
+ flags=${geli_default_flags}
+ fi
+ if [ -e "/dev/${provider}" -a ! -e "/dev/${provider}.eli" ]; then
+ echo "Configuring Disk Encryption for ${provider}."
+ count=1
+ while [ ${count} -le ${geli_tries} ]; do
+ geli attach ${flags} ${provider}
+ if [ -e "/dev/${provider}.eli" ]; then
+ break
+ fi
+ echo "Attach failed; attempt ${count} of ${geli_tries}."
+ count=$((count+1))
+ done
+ fi
+ done
+}
+
+geli_stop()
+{
+ devices=`geli_make_list`
+
+ for provider in ${devices}; do
+ if [ -e "/dev/${provider}.eli" ]; then
+ umount "/dev/${provider}.eli" 2>/dev/null
+ geli detach "${provider}"
+ fi
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/geli2 b/etc/rc.d/geli2
new file mode 100755
index 0000000..4726de0
--- /dev/null
+++ b/etc/rc.d/geli2
@@ -0,0 +1,58 @@
+#!/bin/sh
+#
+# Copyright (c) 2005 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: geli2
+# REQUIRE: FILESYSTEMS
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="geli2"
+start_cmd="geli2_start"
+stop_cmd=":"
+
+geli2_start()
+{
+ devices=`geli_make_list`
+
+ for provider in ${devices}; do
+ provider_=`ltr ${provider} '/' '_'`
+
+ eval "autodetach=\${geli_${provider_}_autodetach}"
+ if [ -z "${autodetach}" ]; then
+ autodetach=${geli_autodetach}
+ fi
+ if checkyesno autodetach && [ -e "/dev/${provider}.eli" ]; then
+ geli detach -l ${provider}
+ fi
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/gptboot b/etc/rc.d/gptboot
new file mode 100755
index 0000000..abfcaa1
--- /dev/null
+++ b/etc/rc.d/gptboot
@@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# Copyright (c) 2010 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: gptboot
+# REQUIRE: mountcritremote
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="gptboot"
+rcvar=`set_rcvar`
+start_cmd="gptboot_report"
+
+gptboot_report()
+{
+ gpart show | \
+ egrep '(^=>| freebsd-ufs .*(\[|,)(bootfailed|bootonce)(,|\]))' | \
+ sed 's/^=>//' | \
+ egrep -v '(\[|,)bootme(,|\])' | \
+ while read start size pos type attrs rest; do
+ case "${pos}" in
+ [0-9]*)
+ if [ -n "${disk}" ]; then
+ part="${disk}p${pos}"
+ echo "${attrs}" | egrep -q '(\[|,)bootfailed(,|\])'
+ bootfailed=$?
+ echo "${attrs}" | egrep -q '(\[|,)bootonce(,|\])'
+ bootonce=$?
+ if [ ${bootfailed} -eq 0 ]; then
+ logger -t gptboot -p local0.notice "Boot from ${part} failed."
+ gpart unset -a bootfailed -i ${pos} ${disk} >/dev/null
+ elif [ ${bootonce} -eq 0 ]; then
+ # We want to log success after all failures.
+ echo -n "Boot from ${part} succeeded."
+ gpart unset -a bootonce -i ${pos} ${disk} >/dev/null
+ fi
+ fi
+ ;;
+ *)
+ if [ "${type}" = "GPT" ]; then
+ disk="${pos}"
+ else
+ disk=""
+ fi
+ ;;
+ esac
+ done | logger -t gptboot -p local0.notice
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/gssd b/etc/rc.d/gssd
new file mode 100755
index 0000000..3788307
--- /dev/null
+++ b/etc/rc.d/gssd
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: gssd
+# REQUIRE: root
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="gssd"
+
+load_rc_config $name
+rcvar="gssd_enable"
+command="${gssd:-/usr/sbin/${name}}"
+eval ${name}_flags=\"${gssd_flags}\"
+run_rc_command "$1"
diff --git a/etc/rc.d/hastd b/etc/rc.d/hastd
new file mode 100755
index 0000000..b9d9516
--- /dev/null
+++ b/etc/rc.d/hastd
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: hastd
+# REQUIRE: NETWORKING syslogd
+# BEFORE: DAEMON
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="hastd"
+rcvar=`set_rcvar`
+pidfile="/var/run/${name}.pid"
+command="/sbin/${name}"
+hastctl="/sbin/hastctl"
+required_files="/etc/hast.conf"
+stop_precmd="hastd_stop_precmd"
+required_modules="geom_gate:g_gate"
+extra_commands="reload"
+
+hastd_stop_precmd()
+{
+ ${hastctl} role init all
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/hcsecd b/etc/rc.d/hcsecd
new file mode 100755
index 0000000..fd6a925
--- /dev/null
+++ b/etc/rc.d/hcsecd
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: hcsecd
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="hcsecd"
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+rcvar=`set_rcvar`
+required_modules="ng_btsocket"
+
+load_rc_config $name
+config="${hcsecd_config:-/etc/bluetooth/${name}.conf}"
+command_args="-f ${config}"
+required_files="${config}"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/hostapd b/etc/rc.d/hostapd
new file mode 100755
index 0000000..5f8203e
--- /dev/null
+++ b/etc/rc.d/hostapd
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: hostapd
+# REQUIRE: mountcritremote
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="hostapd"
+command="/usr/sbin/${name}"
+rcvar=`set_rcvar`
+
+conf_file="/etc/${name}.conf"
+pidfile="/var/run/${name}.pid"
+
+command_args="-P ${pidfile} -B ${conf_file}"
+required_files="${conf_file}"
+required_modules="wlan_xauth wlan_wep wlan_tkip wlan_ccmp"
+extra_commands="reload"
+
+load_rc_config ${name}
+run_rc_command "$1"
diff --git a/etc/rc.d/hostid b/etc/rc.d/hostid
new file mode 100755
index 0000000..c4545bd
--- /dev/null
+++ b/etc/rc.d/hostid
@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# Copyright (c) 2007 Pawel Jakub Dawidek <pjd@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: hostid
+# REQUIRE: sysctl
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="hostid"
+start_cmd="hostid_start"
+stop_cmd=":"
+reset_cmd="hostid_reset"
+extra_commands="reset"
+rcvar="hostid_enable"
+
+hostid_set()
+{
+ uuid=$1
+ # Generate hostid based on hostuuid - take first four bytes from md5(uuid).
+ id=`echo -n $uuid | /sbin/md5`
+ id="0x${id%????????????????????????}"
+
+ # Set both kern.hostuuid and kern.hostid.
+ #
+ check_startmsgs && echo "Setting hostuuid: ${uuid}."
+ ${SYSCTL} kern.hostuuid="${uuid}" >/dev/null
+ check_startmsgs && echo "Setting hostid: ${id}."
+ ${SYSCTL} kern.hostid=${id} >/dev/null
+}
+
+hostid_hardware()
+{
+ uuid=`kenv -q smbios.system.uuid`
+ x="[0-9a-f]"
+ y=$x$x$x$x
+ case "${uuid}" in
+ $y$y-$y-$y-$y-$y$y$y)
+ echo "${uuid}"
+ ;;
+ esac
+}
+
+hostid_generate()
+{
+ # First look for UUID in hardware.
+ uuid=`hostid_hardware`
+ if [ -z ${uuid} ]; then
+ # If not found, fall back to software-generated UUID.
+ uuid=`uuidgen`
+ fi
+ hostid_set $uuid
+}
+
+hostid_reset()
+{
+ hostid_generate
+ # Store newly generated UUID in ${hostid_file}.
+ echo $uuid > ${hostid_file}
+ if [ $? -ne 0 ]; then
+ warn "could not store hostuuid in ${hostid_file}."
+ fi
+}
+
+hostid_start()
+{
+ # If ${hostid_file} already exists, we take UUID from there.
+ if [ -r ${hostid_file} ]; then
+ hostid_set `cat ${hostid_file}`
+ else
+ # No hostid file, generate UUID.
+ hostid_generate
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/hostid_save b/etc/rc.d/hostid_save
new file mode 100755
index 0000000..fca0521
--- /dev/null
+++ b/etc/rc.d/hostid_save
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: hostid_save
+# REQUIRE: root
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="hostid_save"
+start_cmd="hostid_save"
+stop_cmd=":"
+rcvar="hostid_enable"
+
+hostid_save()
+{
+ if [ ! -r ${hostid_file} ]; then
+ $SYSCTL_N kern.hostuuid > ${hostid_file}
+ if [ $? -ne 0 ]; then
+ warn "could not store hostuuid in ${hostid_file}."
+ fi
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/hostname b/etc/rc.d/hostname
new file mode 100755
index 0000000..142dc47
--- /dev/null
+++ b/etc/rc.d/hostname
@@ -0,0 +1,81 @@
+#!/bin/sh
+#
+# Copyright (c) 2003 The FreeBSD Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: hostname
+# REQUIRE: FILESYSTEMS
+# BEFORE: netif
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="hostname"
+start_cmd="hostname_start"
+stop_cmd=":"
+
+hostname_start()
+{
+ # If we are not inside a jail, set the host name if it is not already set.
+ # If we are inside a jail, set the host name even if it is already set,
+ # but first check if it is permitted.
+ #
+ if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then
+ if [ `$SYSCTL_N security.jail.set_hostname_allowed` -eq 0 ]; then
+ return
+ fi
+ elif [ -n "`/bin/hostname -s`" ]; then
+ return
+ else
+ # If we're not in a jail and rc.conf doesn't specify a
+ # hostname, see if we can get one from kenv.
+ #
+ if [ -z "${hostname}" -a \
+ -n "`/bin/kenv dhcp.host-name 2> /dev/null`" ]; then
+ hostname=`/bin/kenv dhcp.host-name`
+ fi
+ fi
+
+ # Have we got a hostname yet?
+ #
+ if [ -z "${hostname}" ]; then
+ # Null hostname is probably OK if DHCP is in use.
+ #
+ if [ -z "`list_net_interfaces dhcp`" ]; then
+ warn "\$hostname is not set -- see ${rcvar_manpage}."
+ fi
+ return
+ fi
+
+ # All right, it is safe to invoke hostname(1) now.
+ #
+ check_startmsgs && echo -n "Setting hostname: ${hostname}"
+ /bin/hostname "${hostname}"
+ check_startmsgs && echo '.'
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/inetd b/etc/rc.d/inetd
new file mode 100755
index 0000000..fc00f38
--- /dev/null
+++ b/etc/rc.d/inetd
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: inetd
+# REQUIRE: DAEMON LOGIN cleanvar
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="inetd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+required_files="/etc/${name}.conf"
+extra_commands="reload"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/initrandom b/etc/rc.d/initrandom
new file mode 100755
index 0000000..fcc047b
--- /dev/null
+++ b/etc/rc.d/initrandom
@@ -0,0 +1,82 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: initrandom
+# REQUIRE: dumpon ddb
+# BEFORE: disks
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="initrandom"
+start_cmd="initrandom_start"
+stop_cmd=":"
+
+feed_dev_random()
+{
+ if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
+ cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
+ fi
+}
+
+initrandom_start()
+{
+ soft_random_generator=`sysctl kern.random 2>/dev/null`
+
+ echo -n 'Entropy harvesting:'
+
+ if [ \! -z "${soft_random_generator}" ] ; then
+
+ if [ -w /dev/random ]; then
+ if checkyesno harvest_interrupt; then
+ ${SYSCTL} kern.random.sys.harvest.interrupt=1 >/dev/null
+ echo -n ' interrupts'
+ else
+ ${SYSCTL} kern.random.sys.harvest.interrupt=0 >/dev/null
+ fi
+
+ if checkyesno harvest_ethernet; then
+ ${SYSCTL} kern.random.sys.harvest.ethernet=1 >/dev/null
+ echo -n ' ethernet'
+ else
+ ${SYSCTL} kern.random.sys.harvest.ethernet=0 >/dev/null
+ fi
+
+ if checkyesno harvest_p_to_p; then
+ ${SYSCTL} kern.random.sys.harvest.point_to_point=1 >/dev/null
+ echo -n ' point_to_point'
+ else
+ ${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
+ fi
+ fi
+
+ # XXX temporary until we can improve the entropy
+ # harvesting rate.
+ # Entropy below is not great, but better than nothing.
+ # This unblocks the generator at startup
+ ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
+ | dd of=/dev/random bs=8k 2>/dev/null
+ cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
+
+ # First pass at reseeding /dev/random.
+ #
+ case ${entropy_file} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ if [ -w /dev/random ]; then
+ feed_dev_random "${entropy_file}"
+ fi
+ ;;
+ esac
+
+ echo -n ' kickstart'
+ fi
+
+ echo '.'
+}
+
+load_rc_config random
+run_rc_command "$1"
diff --git a/etc/rc.d/ip6addrctl b/etc/rc.d/ip6addrctl
new file mode 100755
index 0000000..d38018c
--- /dev/null
+++ b/etc/rc.d/ip6addrctl
@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ip6addrctl
+# REQUIRE: FILESYSTEMS
+# BEFORE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="ip6addrctl"
+rcvar=`set_rcvar`
+start_cmd="ip6addrctl_start"
+stop_cmd="ip6addrctl_stop"
+extra_commands="status prefer_ipv6 prefer_ipv4"
+status_cmd="ip6addrctl"
+prefer_ipv6_cmd="ip6addrctl_prefer_ipv6"
+prefer_ipv4_cmd="ip6addrctl_prefer_ipv4"
+config_file="/etc/ip6addrctl.conf"
+
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer ip6addrctl_policy
+
+ip6addrctl_prefer_ipv6()
+{
+ afexists inet6 || return 0
+
+ ip6addrctl flush >/dev/null 2>&1
+ ip6addrctl add ::1/128 50 0
+ ip6addrctl add ::/0 40 1
+ ip6addrctl add 2002::/16 30 2
+ ip6addrctl add ::/96 20 3
+ ip6addrctl add ::ffff:0:0/96 10 4
+ checkyesno ip6addrctl_verbose && ip6addrctl
+}
+
+ip6addrctl_prefer_ipv4()
+{
+ afexists inet6 || return 0
+
+ ip6addrctl flush >/dev/null 2>&1
+ ip6addrctl add ::ffff:0:0/96 50 0
+ ip6addrctl add ::1/128 40 1
+ ip6addrctl add ::/0 30 2
+ ip6addrctl add 2002::/16 20 3
+ ip6addrctl add ::/96 10 4
+ checkyesno ip6addrctl_verbose && ip6addrctl
+}
+
+ip6addrctl_start()
+{
+ afexists inet6 || return 0
+
+ # install the policy of the address selection algorithm.
+ case "${ip6addrctl_policy}" in
+ [Aa][Uu][Tt][Oo])
+ if [ -r "${config_file}" -a -s "${config_file}" ]; then
+ ip6addrctl flush >/dev/null 2>&1
+ ip6addrctl install "${config_file}"
+ checkyesno ip6addrctl_verbose && ip6addrctl
+ else
+ if checkyesno ipv6_activate_all_interfaces; then
+ ip6addrctl_prefer_ipv6
+ else
+ ip6addrctl_prefer_ipv4
+ fi
+ fi
+ ;;
+ ipv4_prefer)
+ ip6addrctl_prefer_ipv4
+ ;;
+ ipv6_prefer)
+ ip6addrctl_prefer_ipv6
+ ;;
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ # Backward compatibility when ipv6_prefer=YES
+ ip6addrctl_prefer_ipv6
+ ;;
+ [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+ # Backward compatibility when ipv6_prefer=NO
+ ip6addrctl_prefer_ipv4
+ ;;
+ *)
+ warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \
+ " \"ipv4_prefer\" is used instead."
+ ip6addrctl_prefer_ipv4
+ ;;
+ esac
+}
+
+ip6addrctl_stop()
+{
+ afexists inet6 || return 0
+
+ ip6addrctl flush >/dev/null 2>&1
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ipfilter b/etc/rc.d/ipfilter
new file mode 100755
index 0000000..b6bdb4b
--- /dev/null
+++ b/etc/rc.d/ipfilter
@@ -0,0 +1,92 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipfilter
+# REQUIRE: FILESYSTEMS
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ipfilter"
+rcvar=`set_rcvar`
+load_rc_config $name
+stop_precmd="test -f ${ipfilter_rules} -o -f ${ipv6_ipfilter_rules}"
+
+start_precmd="$stop_precmd"
+start_cmd="ipfilter_start"
+stop_cmd="ipfilter_stop"
+reload_precmd="$stop_precmd"
+reload_cmd="ipfilter_reload"
+resync_precmd="$stop_precmd"
+resync_cmd="ipfilter_resync"
+status_precmd="$stop_precmd"
+status_cmd="ipfilter_status"
+extra_commands="reload resync"
+required_modules="ipl:ipfilter"
+
+ipfilter_start()
+{
+ echo "Enabling ipfilter."
+ if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+ ${ipfilter_program:-/sbin/ipf} -E
+ fi
+ ${ipfilter_program:-/sbin/ipf} -Fa
+ if [ -r "${ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} \
+ -f "${ipfilter_rules}" ${ipfilter_flags}
+ fi
+ ${ipfilter_program:-/sbin/ipf} -6 -Fa
+ if [ -r "${ipv6_ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -6 \
+ -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+ fi
+}
+
+ipfilter_stop()
+{
+ # XXX - The ipf -D command is not effective for 'lkm's
+ if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+ echo "Saving firewall state tables"
+ ${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
+ echo "Disabling ipfilter."
+ ${ipfilter_program:-/sbin/ipf} -D
+ fi
+}
+
+ipfilter_reload()
+{
+ echo "Reloading ipfilter rules."
+
+ ${ipfilter_program:-/sbin/ipf} -I -Fa
+ if [ -r "${ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -I \
+ -f "${ipfilter_rules}" ${ipfilter_flags}
+ if [ $? -ne 0 ]; then
+ err 1 'Load of rules into alternate set failed; aborting reload'
+ fi
+ fi
+ ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
+ if [ -r "${ipv6_ipfilter_rules}" ]; then
+ ${ipfilter_program:-/sbin/ipf} -I -6 \
+ -f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
+ if [ $? -ne 0 ]; then
+ err 1 'Load of IPv6 rules into alternate set failed; aborting reload'
+ fi
+ fi
+ ${ipfilter_program:-/sbin/ipf} -s
+
+}
+
+ipfilter_resync()
+{
+ ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
+}
+
+ipfilter_status()
+{
+ ${ipfilter_program:-/sbin/ipf} -V
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ipfs b/etc/rc.d/ipfs
new file mode 100755
index 0000000..9b5ccac
--- /dev/null
+++ b/etc/rc.d/ipfs
@@ -0,0 +1,51 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipfs
+# REQUIRE: ipnat
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="ipfs"
+rcvar=`set_rcvar`
+start_cmd="ipfs_start"
+stop_cmd="ipfs_stop"
+start_precmd="ipfs_prestart"
+
+ipfs_prestart()
+{
+ # Do not continue if either ipnat or ipfilter is not enabled or
+ # if the ipfilter module is not loaded.
+ #
+ if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
+ err 1 "${name} requires either ipfilter or ipnat enabled"
+ fi
+ if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ err 1 "ipfilter module is not loaded"
+ fi
+ return 0
+}
+
+ipfs_start()
+{
+ if [ -r /var/db/ipf/ipstate.ipf -a -r /var/db/ipf/ipnat.ipf ]; then
+ ${ipfs_program} -R ${rc_flags}
+ rm -f /var/db/ipf/ipstate.ipf /var/db/ipf/ipnat.ipf
+ fi
+}
+
+ipfs_stop()
+{
+ if [ ! -d /var/db/ipf ]; then
+ mkdir /var/db/ipf
+ chmod 700 /var/db/ipf
+ chown root:wheel /var/db/ipf
+ fi
+ ${ipfs_program} -W ${rc_flags}
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ipfw b/etc/rc.d/ipfw
new file mode 100755
index 0000000..4beb609
--- /dev/null
+++ b/etc/rc.d/ipfw
@@ -0,0 +1,110 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipfw
+# REQUIRE: ppp
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="ipfw"
+rcvar="firewall_enable"
+start_cmd="ipfw_start"
+start_precmd="ipfw_prestart"
+start_postcmd="ipfw_poststart"
+stop_cmd="ipfw_stop"
+required_modules="ipfw"
+
+set_rcvar_obsolete ipv6_firewall_enable
+
+ipfw_prestart()
+{
+ if checkyesno dummynet_enable; then
+ required_modules="$required_modules dummynet"
+ fi
+
+ if checkyesno firewall_nat_enable; then
+ if ! checkyesno natd_enable; then
+ required_modules="$required_modules ipfw_nat"
+ fi
+ fi
+}
+
+ipfw_start()
+{
+ local _firewall_type
+
+ _firewall_type=$1
+
+ # set the firewall rules script if none was specified
+ [ -z "${firewall_script}" ] && firewall_script=/etc/rc.firewall
+
+ if [ -r "${firewall_script}" ]; then
+ /bin/sh "${firewall_script}" "${_firewall_type}"
+ echo 'Firewall rules loaded.'
+ elif [ "`ipfw list 65535`" = "65535 deny ip from any to any" ]; then
+ echo 'Warning: kernel has firewall functionality, but' \
+ ' firewall rules are not enabled.'
+ echo ' All ip services are disabled.'
+ fi
+
+ # Firewall logging
+ #
+ if checkyesno firewall_logging; then
+ echo 'Firewall logging enabled.'
+ sysctl net.inet.ip.fw.verbose=1 >/dev/null
+ fi
+}
+
+ipfw_poststart()
+{
+ local _coscript
+
+ # Start firewall coscripts
+ #
+ for _coscript in ${firewall_coscripts} ; do
+ if [ -f "${_coscript}" ]; then
+ ${_coscript} quietstart
+ fi
+ done
+
+ # Enable the firewall
+ #
+ if ! ${SYSCTL} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then
+ warn "failed to enable IPv4 firewall"
+ fi
+ if afexists inet6; then
+ if ! ${SYSCTL} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1
+ then
+ warn "failed to enable IPv6 firewall"
+ fi
+ fi
+}
+
+ipfw_stop()
+{
+ local _coscript
+
+ # Disable the firewall
+ #
+ ${SYSCTL} net.inet.ip.fw.enable=0
+ if afexists inet6; then
+ ${SYSCTL} net.inet6.ip6.fw.enable=0
+ fi
+
+ # Stop firewall coscripts
+ #
+ for _coscript in `reverse_list ${firewall_coscripts}` ; do
+ if [ -f "${_coscript}" ]; then
+ ${_coscript} quietstop
+ fi
+ done
+}
+
+load_rc_config $name
+firewall_coscripts="/etc/rc.d/natd ${firewall_coscripts}"
+
+run_rc_command $*
diff --git a/etc/rc.d/ipmon b/etc/rc.d/ipmon
new file mode 100755
index 0000000..cbed453
--- /dev/null
+++ b/etc/rc.d/ipmon
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipmon
+# REQUIRE: FILESYSTEMS hostname sysctl cleanvar ipfilter
+# BEFORE: SERVERS
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ipmon"
+rcvar=`set_rcvar`
+command="/sbin/${name}"
+start_precmd="ipmon_precmd"
+
+ipmon_precmd()
+{
+ # Continue only if ipfilter or ipnat is enabled and the
+ # ipfilter module is loaded.
+ #
+ if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
+ err 1 "${name} requires either ipfilter or ipnat enabled"
+ fi
+ if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ err 1 "ipfilter module is not loaded"
+ fi
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ipnat b/etc/rc.d/ipnat
new file mode 100755
index 0000000..6bf2e08
--- /dev/null
+++ b/etc/rc.d/ipnat
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipnat
+# REQUIRE: ipfilter
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ipnat"
+rcvar=`set_rcvar`
+load_rc_config $name
+start_cmd="ipnat_start"
+stop_cmd="${ipnat_program} -F -C"
+reload_cmd="${ipnat_program} -F -C -f ${ipnat_rules}"
+extra_commands="reload"
+required_files="${ipnat_rules}"
+required_modules="ipl:ipfilter"
+
+ipnat_start()
+{
+ echo "Installing NAT rules."
+ ${ipnat_program} -CF -f ${ipnat_rules} ${ipnat_flags}
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ipsec b/etc/rc.d/ipsec
new file mode 100755
index 0000000..0ad5490
--- /dev/null
+++ b/etc/rc.d/ipsec
@@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipsec
+# REQUIRE: FILESYSTEMS
+# BEFORE: DAEMON mountcritremote
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ipsec"
+rcvar=`set_rcvar`
+start_precmd="ipsec_prestart"
+start_cmd="ipsec_start"
+stop_precmd="test -f $ipsec_file"
+stop_cmd="ipsec_stop"
+reload_cmd="ipsec_reload"
+extra_commands="reload"
+ipsec_program="/sbin/setkey"
+# ipsec_file is set by rc.conf
+
+ipsec_prestart()
+{
+ if [ ! -f "$ipsec_file" ]; then
+ warn "$ipsec_file not readable; ipsec start aborted."
+ stop_boot
+ return 1
+ fi
+ return 0
+}
+
+ipsec_start()
+{
+ echo "Installing ipsec manual keys/policies."
+ ${ipsec_program} -f $ipsec_file
+}
+
+ipsec_stop()
+{
+ echo "Clearing ipsec manual keys/policies."
+
+ # Still not 100% sure if we would like to do this.
+ # It is very questionable to do this during shutdown session
+ # since it can hang any of the remaining IPv4/v6 sessions.
+ #
+ ${ipsec_program} -F
+ ${ipsec_program} -FP
+}
+
+ipsec_reload()
+{
+ echo "Reloading ipsec manual keys/policies."
+ ${ipsec_program} -f "$ipsec_file"
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ipxrouted b/etc/rc.d/ipxrouted
new file mode 100755
index 0000000..04d3586
--- /dev/null
+++ b/etc/rc.d/ipxrouted
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ipxrouted
+# REQUIRE: SERVERS
+# BEFORE: DAEMON
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ipxrouted"
+rcvar=`set_rcvar`
+command="/usr/sbin/IPXrouted"
+command_args="> /dev/null 2>&1"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/jail b/etc/rc.d/jail
new file mode 100755
index 0000000..09170bd
--- /dev/null
+++ b/etc/rc.d/jail
@@ -0,0 +1,742 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: jail
+# REQUIRE: LOGIN cleanvar
+# BEFORE: securelevel
+# KEYWORD: nojail shutdown
+
+# WARNING: This script deals with untrusted data (the data and
+# processes inside the jails) and care must be taken when changing the
+# code related to this! If you have any doubt whether a change is
+# correct and have security impact, please get the patch reviewed by
+# the FreeBSD Security Team prior to commit.
+
+. /etc/rc.subr
+
+name="jail"
+rcvar=`set_rcvar`
+
+start_precmd="jail_prestart"
+start_cmd="jail_start"
+stop_cmd="jail_stop"
+
+# init_variables _j
+# Initialize the various jail variables for jail _j.
+#
+init_variables()
+{
+ _j="$1"
+
+ if [ -z "$_j" ]; then
+ warn "init_variables: you must specify a jail"
+ return
+ fi
+
+ eval _rootdir=\"\$jail_${_j}_rootdir\"
+ _devdir="${_rootdir}/dev"
+ _fdescdir="${_devdir}/fd"
+ _procdir="${_rootdir}/proc"
+ eval _hostname=\"\$jail_${_j}_hostname\"
+ eval _ip=\"\$jail_${_j}_ip\"
+ eval _interface=\"\${jail_${_j}_interface:-${jail_interface}}\"
+ eval _exec=\"\$jail_${_j}_exec\"
+
+ i=0
+ while : ; do
+ eval _exec_prestart${i}=\"\${jail_${_j}_exec_prestart${i}:-\${jail_exec_prestart${i}}}\"
+ [ -z "$(eval echo \"\$_exec_prestart${i}\")" ] && break
+ i=$((i + 1))
+ done
+
+ eval _exec_start=\"\${jail_${_j}_exec_start:-${jail_exec_start}}\"
+
+ i=1
+ while : ; do
+ eval _exec_afterstart${i}=\"\${jail_${_j}_exec_afterstart${i}:-\${jail_exec_afterstart${i}}}\"
+ [ -z "$(eval echo \"\$_exec_afterstart${i}\")" ] && break
+ i=$((i + 1))
+ done
+
+ i=0
+ while : ; do
+ eval _exec_poststart${i}=\"\${jail_${_j}_exec_poststart${i}:-\${jail_exec_poststart${i}}}\"
+ [ -z "$(eval echo \"\$_exec_poststart${i}\")" ] && break
+ i=$((i + 1))
+ done
+
+ i=0
+ while : ; do
+ eval _exec_prestop${i}=\"\${jail_${_j}_exec_prestop${i}:-\${jail_exec_prestop${i}}}\"
+ [ -z "$(eval echo \"\$_exec_prestop${i}\")" ] && break
+ i=$((i + 1))
+ done
+
+ eval _exec_stop=\"\${jail_${_j}_exec_stop:-${jail_exec_stop}}\"
+
+ i=0
+ while : ; do
+ eval _exec_poststop${i}=\"\${jail_${_j}_exec_poststop${i}:-\${jail_exec_poststop${i}}}\"
+ [ -z "$(eval echo \"\$_exec_poststop${i}\")" ] && break
+ i=$((i + 1))
+ done
+
+ if [ -n "${_exec}" ]; then
+ # simple/backward-compatible execution
+ _exec_start="${_exec}"
+ _exec_stop=""
+ else
+ # flexible execution
+ if [ -z "${_exec_start}" ]; then
+ _exec_start="/bin/sh /etc/rc"
+ if [ -z "${_exec_stop}" ]; then
+ _exec_stop="/bin/sh /etc/rc.shutdown"
+ fi
+ fi
+ fi
+
+ # The default jail ruleset will be used by rc.subr if none is specified.
+ eval _ruleset=\"\${jail_${_j}_devfs_ruleset:-${jail_devfs_ruleset}}\"
+ eval _devfs=\"\${jail_${_j}_devfs_enable:-${jail_devfs_enable}}\"
+ [ -z "${_devfs}" ] && _devfs="NO"
+ eval _fdescfs=\"\${jail_${_j}_fdescfs_enable:-${jail_fdescfs_enable}}\"
+ [ -z "${_fdescfs}" ] && _fdescfs="NO"
+ eval _procfs=\"\${jail_${_j}_procfs_enable:-${jail_procfs_enable}}\"
+ [ -z "${_procfs}" ] && _procfs="NO"
+
+ eval _mount=\"\${jail_${_j}_mount_enable:-${jail_mount_enable}}\"
+ [ -z "${_mount}" ] && _mount="NO"
+ # "/etc/fstab.${_j}" will be used for {,u}mount(8) if none is specified.
+ eval _fstab=\"\${jail_${_j}_fstab:-${jail_fstab}}\"
+ [ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
+ eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
+ [ -z "${_flags}" ] && _flags="-l -U root"
+ eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
+ [ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+ eval _fib=\"\${jail_${_j}_fib:-${jail_fib}}\"
+
+ # Debugging aid
+ #
+ debug "$_j devfs enable: $_devfs"
+ debug "$_j fdescfs enable: $_fdescfs"
+ debug "$_j procfs enable: $_procfs"
+ debug "$_j mount enable: $_mount"
+ debug "$_j hostname: $_hostname"
+ debug "$_j ip: $_ip"
+ jail_show_addresses ${_j}
+ debug "$_j interface: $_interface"
+ debug "$_j fib: $_fib"
+ debug "$_j root: $_rootdir"
+ debug "$_j devdir: $_devdir"
+ debug "$_j fdescdir: $_fdescdir"
+ debug "$_j procdir: $_procdir"
+ debug "$_j ruleset: $_ruleset"
+ debug "$_j fstab: $_fstab"
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_prestart${i}:-''}\"
+ if [ -z "$out" ]; then
+ break
+ fi
+ debug "$_j exec pre-start #${i}: ${out}"
+ i=$((i + 1))
+ done
+
+ debug "$_j exec start: $_exec_start"
+
+ i=1
+ while : ; do
+ eval out=\"\${_exec_afterstart${i}:-''}\"
+
+ if [ -z "$out" ]; then
+ break;
+ fi
+
+ debug "$_j exec after start #${i}: ${out}"
+ i=$((i + 1))
+ done
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_poststart${i}:-''}\"
+ if [ -z "$out" ]; then
+ break
+ fi
+ debug "$_j exec post-start #${i}: ${out}"
+ i=$((i + 1))
+ done
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_prestop${i}:-''}\"
+ if [ -z "$out" ]; then
+ break
+ fi
+ debug "$_j exec pre-stop #${i}: ${out}"
+ i=$((i + 1))
+ done
+
+ debug "$_j exec stop: $_exec_stop"
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_poststop${i}:-''}\"
+ if [ -z "$out" ]; then
+ break
+ fi
+ debug "$_j exec post-stop #${i}: ${out}"
+ i=$((i + 1))
+ done
+
+ debug "$_j flags: $_flags"
+ debug "$_j consolelog: $_consolelog"
+
+ if [ -z "${_hostname}" ]; then
+ err 3 "$name: No hostname has been defined for ${_j}"
+ fi
+ if [ -z "${_rootdir}" ]; then
+ err 3 "$name: No root directory has been defined for ${_j}"
+ fi
+}
+
+# set_sysctl rc_knob mib msg
+# If the mib sysctl is set according to what rc_knob
+# specifies, this function does nothing. However if
+# rc_knob is set differently than mib, then the mib
+# is set accordingly and msg is displayed followed by
+# an '=" sign and the word 'YES' or 'NO'.
+#
+set_sysctl()
+{
+ _knob="$1"
+ _mib="$2"
+ _msg="$3"
+
+ _current=`${SYSCTL} -n $_mib 2>/dev/null`
+ if checkyesno $_knob ; then
+ if [ "$_current" -ne 1 ]; then
+ echo -n " ${_msg}=YES"
+ ${SYSCTL} 1>/dev/null ${_mib}=1
+ fi
+ else
+ if [ "$_current" -ne 0 ]; then
+ echo -n " ${_msg}=NO"
+ ${SYSCTL} 1>/dev/null ${_mib}=0
+ fi
+ fi
+}
+
+# is_current_mountpoint()
+# Is the directory mount point for a currently mounted file
+# system?
+#
+is_current_mountpoint()
+{
+ local _dir _dir2
+
+ _dir=$1
+
+ _dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
+ [ ! -d "${_dir}" ] && return 1
+ _dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
+ [ "${_dir}" = "${_dir2}" ]
+ return $?
+}
+
+# is_symlinked_mountpoint()
+# Is a mount point, or any of its parent directories, a symlink?
+#
+is_symlinked_mountpoint()
+{
+ local _dir
+
+ _dir=$1
+
+ [ -L "$_dir" ] && return 0
+ [ "$_dir" = "/" ] && return 1
+ is_symlinked_mountpoint `dirname $_dir`
+ return $?
+}
+
+# secure_umount
+# Try to unmount a mount point without being vulnerable to
+# symlink attacks.
+#
+secure_umount()
+{
+ local _dir
+
+ _dir=$1
+
+ if is_current_mountpoint ${_dir}; then
+ umount -f ${_dir} >/dev/null 2>&1
+ else
+ debug "Nothing mounted on ${_dir} - not unmounting"
+ fi
+}
+
+
+# jail_umount_fs
+# This function unmounts certain special filesystems in the
+# currently selected jail. The caller must call the init_variables()
+# routine before calling this one.
+#
+jail_umount_fs()
+{
+ local _device _mountpt _rest
+
+ if checkyesno _fdescfs; then
+ if [ -d "${_fdescdir}" ] ; then
+ secure_umount ${_fdescdir}
+ fi
+ fi
+ if checkyesno _devfs; then
+ if [ -d "${_devdir}" ] ; then
+ secure_umount ${_devdir}
+ fi
+ fi
+ if checkyesno _procfs; then
+ if [ -d "${_procdir}" ] ; then
+ secure_umount ${_procdir}
+ fi
+ fi
+ if checkyesno _mount; then
+ [ -f "${_fstab}" ] || warn "${_fstab} does not exist"
+ tail -r ${_fstab} | while read _device _mountpt _rest; do
+ case ":${_device}" in
+ :#* | :)
+ continue
+ ;;
+ esac
+ secure_umount ${_mountpt}
+ done
+ fi
+}
+
+# jail_mount_fstab()
+# Mount file systems from a per jail fstab while trying to
+# secure against symlink attacks at the mount points.
+#
+# If we are certain we cannot secure against symlink attacks we
+# do not mount all of the file systems (since we cannot just not
+# mount the file system with the problematic mount point).
+#
+# The caller must call the init_variables() routine before
+# calling this one.
+#
+jail_mount_fstab()
+{
+ local _device _mountpt _rest
+
+ while read _device _mountpt _rest; do
+ case ":${_device}" in
+ :#* | :)
+ continue
+ ;;
+ esac
+ if is_symlinked_mountpoint ${_mountpt}; then
+ warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}"
+ return
+ fi
+ done <${_fstab}
+ mount -a -F "${_fstab}"
+}
+
+# jail_show_addresses jail
+# Debug print the input for the given _multi aliases
+# for a jail for init_variables().
+#
+jail_show_addresses()
+{
+ local _j _type alias
+ _j="$1"
+ alias=0
+
+ if [ -z "${_j}" ]; then
+ warn "jail_show_addresses: you must specify a jail"
+ return
+ fi
+
+ while : ; do
+ eval _addr=\"\$jail_${_j}_ip_multi${alias}\"
+ if [ -n "${_addr}" ]; then
+ debug "${_j} ip_multi${alias}: $_addr"
+ alias=$((${alias} + 1))
+ else
+ break
+ fi
+ done
+}
+
+# jail_extract_address argument
+# The second argument is the string from one of the _ip
+# or the _multi variables. In case of a comma separated list
+# only one argument must be passed in at a time.
+# The function alters the _type, _iface, _addr and _mask variables.
+#
+jail_extract_address()
+{
+ local _i
+ _i=$1
+
+ if [ -z "${_i}" ]; then
+ warn "jail_extract_address: called without input"
+ return
+ fi
+
+ # Check if we have an interface prefix given and split into
+ # iFace and rest.
+ case "${_i}" in
+ *\|*) # ifN|.. prefix there
+ _iface=${_i%%|*}
+ _r=${_i##*|}
+ ;;
+ *) _iface=""
+ _r=${_i}
+ ;;
+ esac
+
+ # In case the IP has no interface given, check if we have a global one.
+ _iface=${_iface:-${_interface}}
+
+ # Set address, cut off any prefix/netmask/prefixlen.
+ _addr=${_r}
+ _addr=${_addr%%[/ ]*}
+
+ # Theoretically we can return here if interface is not set,
+ # as we only care about the _mask if we call ifconfig.
+ # This is not done because we may want to santize IP addresses
+ # based on _type later, and optionally change the type as well.
+
+ # Extract the prefix/netmask/prefixlen part by cutting off the address.
+ _mask=${_r}
+ _mask=`expr "${_mask}" : "${_addr}\(.*\)"`
+
+ # Identify type {inet,inet6}.
+ case "${_addr}" in
+ *\.*\.*\.*) _type="inet" ;;
+ *:*) _type="inet6" ;;
+ *) warn "jail_extract_address: type not identified"
+ ;;
+ esac
+
+ # Handle the special /netmask instead of /prefix or
+ # "netmask xxx" case for legacy IP.
+ # We do NOT support shortend class-full netmasks.
+ if [ "${_type}" = "inet" ]; then
+ case "${_mask}" in
+ /*\.*\.*\.*) _mask=" netmask ${_mask#/}" ;;
+ *) ;;
+ esac
+
+ # In case _mask is still not set use /32.
+ _mask=${_mask:-/32}
+
+ elif [ "${_type}" = "inet6" ]; then
+ # In case _maske is not set for IPv6, use /128.
+ _mask=${_mask:-/128}
+ fi
+}
+
+# jail_handle_ips_option {add,del} input
+# Handle a single argument imput which can be a comma separated
+# list of addresses (theoretically with an option interface and
+# prefix/netmask/prefixlen).
+#
+jail_handle_ips_option()
+{
+ local _x _action _type _i
+ _action=$1
+ _x=$2
+
+ if [ -z "${_x}" ]; then
+ # No IP given. This can happen for the primary address
+ # of each address family.
+ return
+ fi
+
+ # Loop, in case we find a comma separated list, we need to handle
+ # each argument on its own.
+ while [ ${#_x} -gt 0 ]; do
+ case "${_x}" in
+ *,*) # Extract the first argument and strip it off the list.
+ _i=`expr "${_x}" : '^\([^,]*\)'`
+ _x=`expr "${_x}" : "^[^,]*,\(.*\)"`
+ ;;
+ *) _i=${_x}
+ _x=""
+ ;;
+ esac
+
+ _type=""
+ _iface=""
+ _addr=""
+ _mask=""
+ jail_extract_address "${_i}"
+
+ # make sure we got an address.
+ case "${_addr}" in
+ "") continue ;;
+ *) ;;
+ esac
+
+ # Append address to list of addresses for the jail command.
+ case "${_addrl}" in
+ "") _addrl="${_addr}" ;;
+ *) _addrl="${_addrl},${_addr}" ;;
+ esac
+
+ # Configure interface alias if requested by a given interface
+ # and if we could correctly parse everything.
+ case "${_iface}" in
+ "") continue ;;
+ esac
+ case "${_type}" in
+ inet) ;;
+ inet6) ;;
+ *) warn "Could not determine address family. Not going" \
+ "to ${_action} address '${_addr}' for ${_jail}."
+ continue
+ ;;
+ esac
+ case "${_action}" in
+ add) ifconfig ${_iface} ${_type} ${_addr}${_mask} alias
+ ;;
+ del) # When removing the IP, ignore the _mask.
+ ifconfig ${_iface} ${_type} ${_addr} -alias
+ ;;
+ esac
+ done
+}
+
+# jail_ips {add,del}
+# Extract the comma separated list of addresses and return them
+# for the jail command.
+# Handle more than one address via the _multi option as well.
+# If an interface is given also add/remove an alias for the
+# address with an optional netmask.
+#
+jail_ips()
+{
+ local _action
+ _action=$1
+
+ case "${_action}" in
+ add) ;;
+ del) ;;
+ *) warn "jail_ips: invalid action '${_action}'"
+ return
+ ;;
+ esac
+
+ # Handle addresses.
+ jail_handle_ips_option ${_action} "${_ip}"
+ # Handle jail_xxx_ip_multi<N>
+ alias=0
+ while : ; do
+ eval _x=\"\$jail_${_jail}_ip_multi${alias}\"
+ case "${_x}" in
+ "") break ;;
+ *) jail_handle_ips_option ${_action} "${_x}"
+ alias=$((${alias} + 1))
+ ;;
+ esac
+ done
+}
+
+jail_prestart()
+{
+ if checkyesno jail_parallel_start; then
+ command_args='&'
+ fi
+}
+
+jail_start()
+{
+ echo -n 'Configuring jails:'
+ set_sysctl jail_set_hostname_allow security.jail.set_hostname_allowed \
+ set_hostname_allow
+ set_sysctl jail_socket_unixiproute_only \
+ security.jail.socket_unixiproute_only unixiproute_only
+ set_sysctl jail_sysvipc_allow security.jail.sysvipc_allowed \
+ sysvipc_allow
+ echo '.'
+
+ echo -n 'Starting jails:'
+ _tmp_dir=`mktemp -d /tmp/jail.XXXXXXXX` || \
+ err 3 "$name: Can't create temp dir, exiting..."
+ for _jail in ${jail_list}
+ do
+ init_variables $_jail
+ if [ -f /var/run/jail_${_jail}.id ]; then
+ echo -n " [${_hostname} already running (/var/run/jail_${_jail}.id exists)]"
+ continue;
+ fi
+ _addrl=""
+ jail_ips "add"
+ if [ -n "${_fib}" ]; then
+ _setfib="setfib -F '${_fib}'"
+ else
+ _setfib=""
+ fi
+ if checkyesno _mount; then
+ info "Mounting fstab for jail ${_jail} (${_fstab})"
+ if [ ! -f "${_fstab}" ]; then
+ err 3 "$name: ${_fstab} does not exist"
+ fi
+ jail_mount_fstab
+ fi
+ if checkyesno _devfs; then
+ # If devfs is already mounted here, skip it.
+ df -t devfs "${_devdir}" >/dev/null
+ if [ $? -ne 0 ]; then
+ if is_symlinked_mountpoint ${_devdir}; then
+ warn "${_devdir} has symlink as parent - not starting jail ${_jail}"
+ continue
+ fi
+ info "Mounting devfs on ${_devdir}"
+ devfs_mount_jail "${_devdir}" ${_ruleset}
+ # Transitional symlink for old binaries
+ if [ ! -L "${_devdir}/log" ]; then
+ __pwd="`pwd`"
+ cd "${_devdir}"
+ ln -sf ../var/run/log log
+ cd "$__pwd"
+ fi
+ fi
+
+ # XXX - It seems symlinks don't work when there
+ # is a devfs(5) device of the same name.
+ # Jail console output
+ # __pwd="`pwd`"
+ # cd "${_devdir}"
+ # ln -sf ../var/log/console console
+ # cd "$__pwd"
+ fi
+ if checkyesno _fdescfs; then
+ if is_symlinked_mountpoint ${_fdescdir}; then
+ warn "${_fdescdir} has symlink as parent, not mounting"
+ else
+ info "Mounting fdescfs on ${_fdescdir}"
+ mount -t fdescfs fdesc "${_fdescdir}"
+ fi
+ fi
+ if checkyesno _procfs; then
+ if is_symlinked_mountpoint ${_procdir}; then
+ warn "${_procdir} has symlink as parent, not mounting"
+ else
+ info "Mounting procfs onto ${_procdir}"
+ if [ -d "${_procdir}" ] ; then
+ mount -t procfs proc "${_procdir}"
+ fi
+ fi
+ fi
+ _tmp_jail=${_tmp_dir}/jail.$$
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_prestart${i}:-''}\"
+ [ -z "$out" ] && break
+ ${out}
+ i=$((i + 1))
+ done
+
+ eval ${_setfib} jail ${_flags} -i ${_rootdir} ${_hostname} \
+ \"${_addrl}\" ${_exec_start} > ${_tmp_jail} 2>&1 \
+ </dev/null
+
+ if [ "$?" -eq 0 ] ; then
+ _jail_id=$(head -1 ${_tmp_jail})
+ i=1
+ while : ; do
+ eval out=\"\${_exec_afterstart${i}:-''}\"
+
+ if [ -z "$out" ]; then
+ break;
+ fi
+
+ jexec "${_jail_id}" ${out}
+ i=$((i + 1))
+ done
+
+ echo -n " $_hostname"
+ tail +2 ${_tmp_jail} >${_consolelog}
+ echo ${_jail_id} > /var/run/jail_${_jail}.id
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_poststart${i}:-''}\"
+ [ -z "$out" ] && break
+ ${out}
+ i=$((i + 1))
+ done
+ else
+ jail_umount_fs
+ jail_ips "del"
+ echo " cannot start jail \"${_jail}\": "
+ tail +2 ${_tmp_jail}
+ fi
+ rm -f ${_tmp_jail}
+ done
+ rmdir ${_tmp_dir}
+ echo '.'
+}
+
+jail_stop()
+{
+ echo -n 'Stopping jails:'
+ for _jail in ${jail_list}
+ do
+ if [ -f "/var/run/jail_${_jail}.id" ]; then
+ _jail_id=$(cat /var/run/jail_${_jail}.id)
+ if [ ! -z "${_jail_id}" ]; then
+ init_variables $_jail
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_prestop${i}:-''}\"
+ [ -z "$out" ] && break
+ ${out}
+ i=$((i + 1))
+ done
+
+ if [ -n "${_exec_stop}" ]; then
+ eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
+ >> ${_consolelog} 2>&1
+ fi
+ killall -j ${_jail_id} -TERM > /dev/null 2>&1
+ sleep 1
+ killall -j ${_jail_id} -KILL > /dev/null 2>&1
+ jail_umount_fs
+ echo -n " $_hostname"
+
+ i=0
+ while : ; do
+ eval out=\"\${_exec_poststop${i}:-''}\"
+ [ -z "$out" ] && break
+ ${out}
+ i=$((i + 1))
+ done
+ fi
+ jail_ips "del"
+ rm /var/run/jail_${_jail}.id
+ else
+ echo " cannot stop jail ${_jail}. No jail id in /var/run"
+ fi
+ done
+ echo '.'
+}
+
+load_rc_config $name
+cmd="$1"
+if [ $# -gt 0 ]; then
+ shift
+fi
+if [ -n "$*" ]; then
+ jail_list="$*"
+fi
+
+run_rc_command "${cmd}"
diff --git a/etc/rc.d/kadmind b/etc/rc.d/kadmind
new file mode 100755
index 0000000..1e07938
--- /dev/null
+++ b/etc/rc.d/kadmind
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: kadmin
+# REQUIRE: kerberos
+# BEFORE: DAEMON
+
+. /etc/rc.subr
+
+name="kadmind5"
+load_rc_config $name
+rcvar="kadmind5_server_enable"
+unset start_cmd
+command="${kadmind5_server}"
+command_args="&"
+required_vars="kerberos5_server_enable"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/kerberos b/etc/rc.d/kerberos
new file mode 100755
index 0000000..3eeb32a
--- /dev/null
+++ b/etc/rc.d/kerberos
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: kerberos
+# REQUIRE: NETWORKING
+
+. /etc/rc.subr
+
+name="kerberos5"
+rcvar="kerberos5_server_enable"
+
+load_rc_config $name
+command="${kerberos5_server}"
+kerberos5_flags="${kerberos5_server_flags}"
+run_rc_command "$1"
diff --git a/etc/rc.d/keyserv b/etc/rc.d/keyserv
new file mode 100755
index 0000000..d1eaaee
--- /dev/null
+++ b/etc/rc.d/keyserv
@@ -0,0 +1,32 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# Start keyserv if we are running Secure RPC
+
+# PROVIDE: keyserv
+# REQUIRE: ypset
+# BEFORE: DAEMON
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="keyserv"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+start_precmd="keyserv_prestart"
+
+keyserv_prestart()
+{
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/kld b/etc/rc.d/kld
new file mode 100755
index 0000000..946ec69
--- /dev/null
+++ b/etc/rc.d/kld
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# Copyright (c) 2011 Douglas Barton
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+# PROVIDE: kld
+# REQUIRE: FILESYSTEMS
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="kld"
+
+start_cmd="${name}_start"
+stop_cmd=':'
+
+kld_start()
+{
+ [ -n "$kld_list" ] || return
+
+ local _kld
+
+ echo 'Loading kernel modules:'
+ for _kld in $kld_list ; do
+ load_kld -e ${_kld}.ko $_kld
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/kldxref b/etc/rc.d/kldxref
new file mode 100755
index 0000000..40140cc
--- /dev/null
+++ b/etc/rc.d/kldxref
@@ -0,0 +1,35 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: kldxref
+# REQUIRE: FILESYSTEMS
+# BEFORE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+rcvar="kldxref_enable"
+name="kldxref"
+stop_cmd=":"
+start_cmd="kldxref_start"
+
+kldxref_start () {
+ if [ -n "$kldxref_module_path" ]; then
+ MODULE_PATHS="$kldxref_module_path"
+ else
+ MODULE_PATHS=`sysctl -n kern.module_path`
+ fi
+ IFS=';'
+ for MODULE_DIR in $MODULE_PATHS; do
+ if [ ! -f "$MODULE_DIR/linker.hints" ] ||
+ checkyesno kldxref_clobber; then
+ echo "Building $MODULE_DIR/linker.hints"
+ kldxref "$MODULE_DIR"
+ fi
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/kpasswdd b/etc/rc.d/kpasswdd
new file mode 100755
index 0000000..d7f40ac
--- /dev/null
+++ b/etc/rc.d/kpasswdd
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: kpasswdd
+# REQUIRE: kadmin
+# BEFORE: DAEMON
+
+. /etc/rc.subr
+
+name="kpasswdd"
+load_rc_config $name
+rcvar="kpasswdd_server_enable"
+unset start_cmd
+command="${kpasswdd_server}"
+command_args="&"
+required_vars="kadmind5_server_enable"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ldconfig b/etc/rc.d/ldconfig
new file mode 100755
index 0000000..54114a6
--- /dev/null
+++ b/etc/rc.d/ldconfig
@@ -0,0 +1,83 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ldconfig
+# REQUIRE: mountcritremote cleanvar
+# BEFORE: DAEMON
+
+. /etc/rc.subr
+
+name="ldconfig"
+ldconfig_command="/sbin/ldconfig"
+start_cmd="ldconfig_start"
+stop_cmd=":"
+
+ldconfig_start()
+{
+ local _files _ins
+
+ _ins=
+ ldconfig=${ldconfig_command}
+ checkyesno ldconfig_insecure && _ins="-i"
+ if [ -x "${ldconfig_command}" ]; then
+ _LDC="/lib /usr/lib"
+ for i in ${ldconfig_local_dirs}; do
+ if [ -d "${i}" ]; then
+ _files=`find ${i} -type f`
+ if [ -n "${_files}" ]; then
+ ldconfig_paths="${ldconfig_paths} `cat ${_files} | sort -u`"
+ fi
+ fi
+ done
+ for i in ${ldconfig_paths} /etc/ld-elf.so.conf; do
+ if [ -r "${i}" ]; then
+ _LDC="${_LDC} ${i}"
+ fi
+ done
+ check_startmsgs && echo 'ELF ldconfig path:' ${_LDC}
+ ${ldconfig} -elf ${_ins} ${_LDC}
+
+ case `sysctl -n hw.machine_arch` in
+ amd64)
+ for i in ${ldconfig_local32_dirs}; do
+ if [ -d "${i}" ]; then
+ _files=`find ${i} -type f`
+ if [ -n "${_files}" ]; then
+ ldconfig32_paths="${ldconfig32_paths} `cat ${_files} | sort -u`"
+ fi
+ fi
+ done
+ _LDC=""
+ for i in ${ldconfig32_paths}; do
+ if [ -r "${i}" ]; then
+ _LDC="${_LDC} ${i}"
+ fi
+ done
+ check_startmsgs &&
+ echo '32-bit compatibility ldconfig path:' ${_LDC}
+ ${ldconfig} -32 -m ${_ins} ${_LDC}
+ ;;
+ esac
+
+ # Legacy aout support for i386 only
+ case `sysctl -n hw.machine_arch` in
+ i386)
+ # Default the a.out ldconfig path.
+ : ${ldconfig_paths_aout=${ldconfig_paths}}
+ _LDC=""
+ for i in /usr/lib/aout ${ldconfig_paths_aout} /etc/ld.so.conf; do
+ if [ -r "${i}" ]; then
+ _LDC="${_LDC} ${i}"
+ fi
+ done
+ check_startmsgs && echo 'a.out ldconfig path:' ${_LDC}
+ ${ldconfig} -aout ${_ins} ${_LDC}
+ ;;
+ esac
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/local b/etc/rc.d/local
new file mode 100755
index 0000000..61a0852
--- /dev/null
+++ b/etc/rc.d/local
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: local
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="local"
+start_cmd="local_start"
+stop_cmd="local_stop"
+
+local_start()
+{
+ if [ -f /etc/rc.local ]; then
+ echo -n 'Starting local daemons:'
+ . /etc/rc.local
+ echo '.'
+ fi
+}
+
+local_stop()
+{
+ if [ -f /etc/rc.shutdown.local ]; then
+ echo -n 'Shutting down local daemons:'
+ . /etc/rc.shutdown.local
+ echo '.'
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/localpkg b/etc/rc.d/localpkg
new file mode 100755
index 0000000..b3a3f68
--- /dev/null
+++ b/etc/rc.d/localpkg
@@ -0,0 +1,77 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: localpkg
+# REQUIRE: abi
+# BEFORE: securelevel
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="localpkg"
+start_cmd="pkg_start"
+stop_cmd="pkg_stop"
+
+pkg_start()
+{
+ local initdone
+
+ # For each dir in $local_startup, search for init scripts matching *.sh
+ #
+ case ${local_startup} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ initdone=
+ find_local_scripts_old
+ for script in ${zlist} ${slist}; do
+ if [ -z "${initdone}" -a -f "${script}" ]; then
+ echo -n 'Local package initialization:'
+ initdone=yes
+ fi
+ if [ -x "${script}" ]; then
+ (set -T
+ trap 'exit 1' 2
+ ${script} start)
+ elif [ -f "${script}" -o -L "${script}" ]; then
+ echo -n " (skipping ${script}, not executable)"
+ fi
+ done
+ [ -n "${initdone}" ] && echo '.'
+ ;;
+ esac
+}
+
+pkg_stop()
+{
+ local initdone
+
+ case ${local_startup} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ initdone=
+ find_local_scripts_old
+ for script in `reverse_list ${slist} ${zlist}`; do
+ if [ -z "${initdone}" -a -f "${script}" ]; then
+ echo -n 'Shutting down local packages:'
+ initdone=yes
+ fi
+ if [ -x "${script}" ]; then
+ if [ `sysctl -n debug.bootverbose` -eq 1 ]; then
+ echo "==>" ${script}
+ fi
+ (set -T
+ trap 'exit 1' 2
+ ${script} stop)
+ fi
+ done
+ [ -n "${initdone}" ] && echo '.'
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/lockd b/etc/rc.d/lockd
new file mode 100755
index 0000000..135dda7
--- /dev/null
+++ b/etc/rc.d/lockd
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm
+# $FreeBSD$
+#
+
+# PROVIDE: lockd
+# REQUIRE: nfsclient nfsd rpcbind statd
+# BEFORE: DAEMON
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="lockd"
+rcvar=rpc_lockd_enable
+command="/usr/sbin/rpc.${name}"
+start_precmd='lockd_precmd'
+stop_precmd='checkyesno nfs_server_enable || checkyesno nfs_client_enable'
+status_precmd=$stop_precmd
+
+# Make sure that we are either an NFS client or server, and that we get
+# the correct flags from rc.conf(5).
+#
+lockd_precmd()
+{
+ local ret
+ ret=0
+
+ if ! checkyesno nfs_server_enable && ! checkyesno nfs_client_enable
+ then
+ ret=1
+ fi
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || ret=1
+ fi
+ rc_flags=${rpc_lockd_flags}
+ return ${ret}
+}
+
+load_rc_config $name
+run_rc_command $1
diff --git a/etc/rc.d/lpd b/etc/rc.d/lpd
new file mode 100755
index 0000000..552e068
--- /dev/null
+++ b/etc/rc.d/lpd
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: lpd
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="lpd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+required_files="/etc/printcap"
+start_precmd="chkprintcap"
+
+chkprintcap()
+{
+ if checkyesno chkprintcap_enable ; then
+ /usr/sbin/chkprintcap ${chkprintcap_flags}
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/mdconfig b/etc/rc.d/mdconfig
new file mode 100755
index 0000000..c697c35
--- /dev/null
+++ b/etc/rc.d/mdconfig
@@ -0,0 +1,197 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mdconfig
+# REQUIRE: localswap root
+
+. /etc/rc.subr
+
+name="mdconfig"
+stop_cmd="mdconfig_stop"
+start_cmd="mdconfig_start"
+start_precmd='[ -n "${_mdconfig_list}" ]'
+required_modules="geom_md:g_md"
+
+is_readonly()
+{
+ local _mp _ret
+
+ _mp=$1
+ _ret=`mount | while read _line; do
+ case ${_line} in
+ *" ${_mp} "*read-only*)
+ echo "yes"
+ ;;
+
+ *)
+ ;;
+ esac;
+ done`
+
+ if [ -n "${_ret}" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+init_variables()
+{
+ local _i
+
+ _fs=""
+ _mp=""
+ _dev="/dev/${_md}"
+ eval _config=\$mdconfig_${_md}
+ eval _newfs=\$mdconfig_${_md}_newfs
+
+ _type=${_config##*-t\ }
+ _type=${_type%%\ *}
+ if [ -z "${_type}" ]; then
+ err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}"
+ fi
+
+ if [ "${_type}" = "vnode" ]; then
+ _file=${_config##*-f\ }
+ _file=${_file%%\ *}
+ if [ -z "${_file}" ]; then
+ err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices"
+ fi
+ if [ "${_file}" != "${_file%.uzip}" ]; then
+ _dev="/dev/${_md}.uzip"
+ fi
+ for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done
+ fi
+
+ # Debugging help.
+ debug "${_md} config: ${_config}"
+ debug "${_md} type: ${_type}"
+ debug "${_md} dev: ${_dev}"
+ debug "${_md} file: ${_file}"
+ debug "${_md} fs: ${_fs}"
+ debug "${_md} newfs flags: ${_newfs}"
+}
+
+mdconfig_start()
+{
+ local _md _mp _config _type _dev _file _fs _newfs _fsck_cmd
+
+ for _md in ${_mdconfig_list}; do
+ init_variables ${_md}
+ # Create md(4) devices of types swap, malloc and vnode if the
+ # file is on the root partition.
+ if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then
+ if [ "${_type}" = "vnode" ]; then
+ if is_readonly ${_fs}; then
+ warn "${_fs} is mounted read-only, skipping ${_md}."
+ continue
+ fi
+ if [ "${_file}" != "${_file%.uzip}" ]; then
+ load_kld -m g_uzip geom_uzip || return 3
+ # sleep a bit to allow creation of /dev/mdX.uzip
+ sleep 2
+ fi
+ fi
+ if mdconfig -l -u ${_md} >/dev/null 2>&1; then
+ err 3 "${_md} already exists"
+ fi
+ echo "Creating ${_md} device (${_type})."
+ if ! mdconfig -a ${_config} -u ${_md}; then
+ echo "Creating ${_md} device failed, moving on."
+ continue
+ fi
+ # Skip fsck for uzip devices.
+ if [ "${_type}" = "vnode" ]; then
+ if [ "${_file}" != "${_file%.uzip}" ]; then
+ _fsck_cmd=":"
+ elif checkyesno background_fsck; then
+ _fsck_cmd="fsck -F"
+ else
+ _fsck_cmd="fsck"
+ fi
+ if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then
+ echo "Fsck failed on ${_dev}, not mounting the filesystem."
+ continue
+
+ fi
+ else
+ newfs ${_newfs} ${_dev} >/dev/null
+ fi
+ if mount -d ${_dev} 2>&1 >/dev/null; then
+ echo "Mounting ${_dev}."
+ mount ${_dev}
+ fi
+ fi
+ done
+}
+
+mdconfig_stop()
+{
+ local _md _mp _config _type _dev _file _fs _newfs _i
+
+ for _md in ${_mdconfig_list}; do
+ init_variables ${_md}
+ if [ "${_type}" != "vnode" -o "${_fs}" = "/" ]; then
+ for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done
+ if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then
+ echo "Device ${_dev} isn't mounted."
+ else
+ echo "Umounting ${_dev}."
+ umount ${_dev}
+ fi
+ if mdconfig -l -u ${_md} >/dev/null 2>&1; then
+ echo "Destroying ${_md}."
+ mdconfig -d -u ${_md}
+ fi
+ fi
+ done
+}
+
+_mdconfig_cmd="$1"
+if [ $# -gt 0 ]; then
+ shift
+fi
+[ -n "$*" ] && _mdconfig_list="$*"
+
+load_rc_config $name
+
+_mdconfig_unit=0
+if [ -z "${_mdconfig_list}" ]; then
+ while :; do
+ eval _mdconfig_config=\$mdconfig_md${_mdconfig_unit}
+ if [ -z "${_mdconfig_config}" ]; then
+ break
+ else
+ _mdconfig_list="${_mdconfig_list}${_mdconfig_list:+ }md${_mdconfig_unit}"
+ _mdconfig_unit=$((${_mdconfig_unit} + 1))
+ fi
+ done
+fi
+
+run_rc_command "${_mdconfig_cmd}"
diff --git a/etc/rc.d/mdconfig2 b/etc/rc.d/mdconfig2
new file mode 100755
index 0000000..4b1535e
--- /dev/null
+++ b/etc/rc.d/mdconfig2
@@ -0,0 +1,227 @@
+#!/bin/sh
+#
+# Copyright (c) 2006 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mdconfig2
+# REQUIRE: mountcritremote
+# BEFORE: SERVERS
+
+. /etc/rc.subr
+
+name="mdconfig2"
+stop_cmd="mdconfig2_stop"
+start_cmd="mdconfig2_start"
+start_precmd='[ -n "${_mdconfig2_list}" ]'
+required_modules="geom_md:g_md"
+
+is_readonly()
+{
+ local _mp _ret
+
+ _mp=$1
+ _ret=`mount | while read _line; do
+ case ${_line} in
+ *" ${_mp} "*read-only*)
+ echo "yes"
+ ;;
+
+ *)
+ ;;
+ esac;
+ done`
+
+ if [ -n "${_ret}" ]; then
+ return 0
+ else
+ return 1
+ fi
+}
+
+init_variables()
+{
+ local _i
+
+ _fs=""
+ _mp=""
+ _mounted="no"
+ _dev="/dev/${_md}"
+ eval _config=\$mdconfig_${_md}
+ eval _owner=\$mdconfig_${_md}_owner
+ eval _perms=\$mdconfig_${_md}_perms
+ eval _files=\$mdconfig_${_md}_files
+ eval _populate=\$mdconfig_${_md}_cmd
+
+ _type=${_config##*-t\ }
+ _type=${_type%%\ *}
+ if [ -z "${_type}" ]; then
+ err 1 "You need to specify \"-t <type>\" in mdconfig_${_md}"
+ fi
+
+ if [ "${_type}" = "vnode" ]; then
+ _file=${_config##*-f\ }
+ _file=${_file%%\ *}
+ if [ -z "${_file}" ]; then
+ err 2 "You need to specify \"-f <file>\" in mdconfig_${_md} for vnode devices"
+ fi
+
+ if [ "${_file}" != "${_file%.uzip}" ]; then
+ _dev="/dev/${_md}.uzip"
+ fi
+ for _i in `df ${_file} 2>/dev/null`; do _fs=${_i}; done
+ fi
+
+ # Debugging help.
+ debug "${_md} config: ${_config}"
+ debug "${_md} type: ${_type}"
+ debug "${_md} dev: ${_dev}"
+ debug "${_md} file: ${_file}"
+ debug "${_md} fs: ${_fs}"
+ debug "${_md} owner: ${_owner}"
+ debug "${_md} perms: ${_perms}"
+ debug "${_md} files: ${_files}"
+ debug "${_md} populate cmd: ${_populate}"
+}
+
+mdconfig2_start()
+{
+ local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate _fsck_cmd _i
+
+ for _md in ${_mdconfig2_list}; do
+ init_variables ${_md}
+ if [ ! -r ${_file} ]; then
+ err 3 "${_file} doesn't exist"
+ continue
+ fi
+ # First pass: create md(4) vnode devices from files stored on
+ # non-root partition. Swap and malloc md(4) devices have already
+ # been created.
+ if [ "${_type}" = "vnode" -a "${_fs}" != "/" ]; then
+ if [ "${_file}" != "${_file%.uzip}" ]; then
+ load_kld -m g_uzip geom_uzip || return 3
+ fi
+ if is_readonly ${_fs}; then
+ warn "${_fs} is mounted read-only, skipping ${_md}."
+ continue
+ fi
+ if mdconfig -l -u ${_md} >/dev/null 2>&1; then
+ err 3 "${_md} already exists"
+ fi
+ echo "Creating ${_md} device (${_type})."
+ if ! mdconfig -a ${_config} -u ${_md}; then
+ echo "Creating ${_md} device failed, moving on."
+ continue
+ fi
+ # Skip fsck for uzip devices.
+ if [ "${_file}" != "${_file%.uzip}" ]; then
+ _fsck_cmd=":"
+ elif checkyesno background_fsck; then
+ _fsck_cmd="fsck -F"
+ else
+ _fsck_cmd="fsck"
+ fi
+ if ! eval ${_fsck_cmd} -p ${_dev} >/dev/null; then
+ echo "Fsck failed on ${_dev}, not mounting the filesystem."
+ continue
+ fi
+ if mount -d ${_dev} >/dev/null 2>&1; then
+ echo "Mounting ${_dev}."
+ mount ${_dev}
+ fi
+ fi
+
+ for _i in `df ${_dev} 2>/dev/null`; do _mp=${_i}; done
+ if [ ! -z "${_mp}" -a "${_mp}" = "${_mp%%%}" ]; then
+ _mounted="yes"
+ fi
+
+ if checkyesno _mounted; then
+ # Second pass: change permissions and ownership.
+ [ -z "${_owner}" ] || chown -f ${_owner} ${_dev} ${_mp}
+ [ -z "${_perms}" ] || chmod -f ${_perms} ${_dev} ${_mp}
+
+ # Third pass: populate with foreign files.
+ if [ -n "${_files}" -o -n "${_populate}" ]; then
+ echo "Populating ${_dev}."
+ fi
+ if [ -n "${_files}" ]; then
+ cp -Rp ${_files} ${_mp}
+ fi
+ if [ -n "${_populate}" ]; then
+ eval ${_populate}
+ fi
+ fi
+ done
+}
+
+mdconfig2_stop()
+{
+ local _md _fs _mp _mounted _dev _config _type _file _owner _perms _files _populate
+
+ for _md in ${_mdconfig2_list}; do
+ init_variables ${_md}
+ if [ "${_type}" = "vnode" ]; then
+ for i in `df ${_dev} 2>/dev/null`; do _mp=$i; done
+ if [ ! -r "${_file}" -o "${_fs}" = "/" ]; then
+ continue
+ fi
+ if [ -z "${_mp}" -o "${_mp}" != "${_mp%%%}" ]; then
+ echo "Device ${_dev} isn't mounted."
+ else
+ echo "Umounting ${_dev}."
+ umount ${_dev}
+ fi
+ if mdconfig -l -u ${_md} >/dev/null 2>&1; then
+ echo "Destroying ${_md}."
+ mdconfig -d -u ${_md}
+ fi
+ fi
+ done
+}
+
+_mdconfig2_cmd="$1"
+if [ $# -gt 0 ]; then
+ shift
+fi
+[ -n "$*" ] && _mdconfig2_list="$*"
+
+load_rc_config $name
+
+_mdconfig2_unit=0
+if [ -z "${_mdconfig2_list}" ]; then
+ while :; do
+ eval _mdconfig2_config=\$mdconfig_md${_mdconfig2_unit}
+ if [ -z "${_mdconfig2_config}" ]; then
+ break
+ else
+ _mdconfig2_list="${_mdconfig2_list}${_mdconfig2_list:+ }md${_mdconfig2_unit}"
+ _mdconfig2_unit=$((${_mdconfig2_unit} + 1))
+ fi
+ done
+fi
+
+run_rc_command "${_mdconfig2_cmd}"
diff --git a/etc/rc.d/mixer b/etc/rc.d/mixer
new file mode 100755
index 0000000..cc7fb2d
--- /dev/null
+++ b/etc/rc.d/mixer
@@ -0,0 +1,103 @@
+#!/bin/sh -
+#
+# Copyright (c) 2004 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mixer
+# REQUIRE: cleanvar
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="mixer"
+rcvar="mixer_enable"
+stop_cmd="mixer_stop"
+start_cmd="mixer_start"
+reload_cmd="mixer_start"
+extra_commands="reload"
+
+#
+# List current mixer devices to stdout.
+#
+list_mixers()
+{
+ ( cd /dev ; ls mixer* 2>/dev/null )
+}
+
+#
+# Save state of an individual mixer specified as $1
+#
+mixer_save()
+{
+ local dev
+
+ dev="/dev/${1}"
+ if [ -r ${dev} ]; then
+ /usr/sbin/mixer -f ${dev} -s > /var/db/${1}-state 2>/dev/null
+ fi
+}
+
+#
+# Restore the state of an individual mixer specified as $1
+#
+mixer_restore()
+{
+ local file dev
+
+ dev="/dev/${1}"
+ file="/var/db/${1}-state"
+ if [ -r ${dev} -a -r ${file} ]; then
+ /usr/sbin/mixer -f ${dev} `cat ${file}` > /dev/null
+ fi
+}
+
+#
+# Restore state of all mixers
+#
+mixer_start()
+{
+ local mixer
+
+ for mixer in `list_mixers`; do
+ mixer_restore ${mixer}
+ done
+}
+
+#
+# Save the state of all mixers
+#
+mixer_stop()
+{
+ local mixer
+
+ for mixer in `list_mixers`; do
+ mixer_save ${mixer}
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/motd b/etc/rc.d/motd
new file mode 100755
index 0000000..8256d96
--- /dev/null
+++ b/etc/rc.d/motd
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: motd
+# REQUIRE: mountcritremote
+# BEFORE: LOGIN
+
+. /etc/rc.subr
+
+name="motd"
+rcvar="update_motd"
+start_cmd="motd_start"
+stop_cmd=":"
+
+PERMS="644"
+
+motd_start()
+{
+ # Update kernel info in /etc/motd
+ # Must be done *before* interactive logins are possible
+ # to prevent possible race conditions.
+ #
+ check_startmsgs && echo -n 'Updating motd:'
+ if [ ! -f /etc/motd ]; then
+ install -c -o root -g wheel -m ${PERMS} /dev/null /etc/motd
+ fi
+
+ if [ ! -w /etc/motd ]; then
+ echo ' /etc/motd is not writable, update failed.'
+ return
+ fi
+
+ T=`mktemp -t motd`
+ uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T}
+ awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T}
+
+ cmp -s $T /etc/motd || {
+ cp $T /etc/motd
+ chmod ${PERMS} /etc/motd
+ }
+ rm -f $T
+
+ check_startmsgs && echo '.'
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/mountcritlocal b/etc/rc.d/mountcritlocal
new file mode 100755
index 0000000..06bf464
--- /dev/null
+++ b/etc/rc.d/mountcritlocal
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mountcritlocal
+# REQUIRE: root hostid_save mdconfig
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="mountcritlocal"
+start_cmd="mountcritlocal_start"
+stop_cmd=sync
+
+mountcritlocal_start()
+{
+ local err
+
+ # Set up the list of network filesystem types for which mounting
+ # should be delayed until after network initialization.
+ case ${extra_netfs_types} in
+ [Nn][Oo])
+ ;;
+ *)
+ netfs_types="${netfs_types} ${extra_netfs_types}"
+ ;;
+ esac
+
+ # Mount everything except nfs filesystems.
+ check_startmsgs && echo -n 'Mounting local file systems:'
+ mount_excludes='no'
+ for i in ${netfs_types}; do
+ fstype=${i%:*}
+ mount_excludes="${mount_excludes}${fstype},"
+ done
+ mount_excludes=${mount_excludes%,}
+ mount -a -t ${mount_excludes}
+ err=$?
+ check_startmsgs && echo '.'
+
+ case ${err} in
+ 0)
+ ;;
+ *)
+ echo 'Mounting /etc/fstab filesystems failed,' \
+ ' startup aborted'
+ stop_boot true
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/mountcritremote b/etc/rc.d/mountcritremote
new file mode 100755
index 0000000..62e5079
--- /dev/null
+++ b/etc/rc.d/mountcritremote
@@ -0,0 +1,79 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mountcritremote
+# REQUIRE: NETWORKING FILESYSTEMS cleanvar ipsec netwait
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="mountcritremote"
+stop_cmd=":"
+start_cmd="mountcritremote_start"
+start_precmd="mountcritremote_precmd"
+
+# Mount NFS filesystems if present in /etc/fstab
+#
+# XXX When the vfsload() issues with nfsclient support and related sysctls
+# have been resolved, this block can be removed, and the condition that
+# skips nfs in the following block (for "other network filesystems") can
+# be removed.
+#
+mountcritremote_precmd()
+{
+ case "`mount -d -a -t nfs 2> /dev/null`" in
+ *mount_nfs*)
+ # Handle absent nfs client support
+ load_kld -m nfs nfscl || return 1
+ ;;
+ esac
+ return 0
+}
+
+mountcritremote_start()
+{
+ # Mount nfs filesystems.
+ #
+ case "`/sbin/mount -d -a -t nfs`" in
+ '')
+ ;;
+ *)
+ echo -n 'Mounting NFS file systems:'
+ mount -a -t nfs
+ echo '.'
+ ;;
+ esac
+
+ # Mount other network filesystems if present in /etc/fstab.
+ case ${extra_netfs_types} in
+ [Nn][Oo])
+ ;;
+ *)
+ netfs_types="${netfs_types} ${extra_netfs_types}"
+ ;;
+ esac
+
+ for i in ${netfs_types}; do
+ fstype=${i%:*}
+ fsdecr=${i#*:}
+
+ [ "${fstype}" = "nfs" ] && continue
+
+ case "`mount -d -a -t ${fstype}`" in
+ *mount_${fstype}*)
+ echo -n "Mounting ${fsdecr} file systems:"
+ mount -a -t ${fstype}
+ echo '.'
+ ;;
+ esac
+ done
+
+ # Cleanup /var again just in case it's a network mount.
+ /etc/rc.d/cleanvar quietreload
+ rm -f /var/run/clean_var /var/spool/lock/clean_var
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/mountd b/etc/rc.d/mountd
new file mode 100755
index 0000000..017418d
--- /dev/null
+++ b/etc/rc.d/mountd
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mountd
+# REQUIRE: NETWORKING rpcbind quota
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="mountd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+required_files="/etc/exports"
+start_precmd="mountd_precmd"
+extra_commands="reload"
+
+mountd_precmd()
+{
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+
+ # mountd flags will differ depending on rc.conf settings
+ #
+ if checkyesno nfs_server_enable ; then
+ if checkyesno weak_mountd_authentication; then
+ rc_flags="${mountd_flags} -n"
+ fi
+ else
+ if checkyesno mountd_enable; then
+ checkyesno weak_mountd_authentication && rc_flags="-n"
+ fi
+ fi
+
+ # If oldnfs_server_enable is yes, force use of the old NFS server
+ #
+ if checkyesno oldnfs_server_enable; then
+ rc_flags="-o ${rc_flags}"
+ fi
+
+ if checkyesno zfs_enable; then
+ rc_flags="${rc_flags} /etc/exports /etc/zfs/exports"
+ fi
+
+ rm -f /var/db/mountdtab
+ ( umask 022 ; > /var/db/mountdtab )
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/mountlate b/etc/rc.d/mountlate
new file mode 100755
index 0000000..5b8ff73
--- /dev/null
+++ b/etc/rc.d/mountlate
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mountlate
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="mountlate"
+start_cmd="mountlate_start"
+stop_cmd=":"
+
+mountlate_start()
+{
+ local err latefs
+
+ # Mount "late" filesystems.
+ #
+ err=0
+ latefs=
+ # / (root) fs is always remounted, so remove from list
+ latefs="`/sbin/mount -d -a -l | grep -v ' /$'`"
+ case ${latefs} in
+ '')
+ ;;
+ *)
+ echo -n 'Mounting late file systems:'
+ mount -a -l
+ err=$?
+ echo '.'
+ ;;
+ esac
+
+ case ${err} in
+ 0)
+ ;;
+ *)
+ echo 'Mounting /etc/fstab filesystems failed,' \
+ ' startup aborted'
+ stop_boot true
+ ;;
+ esac
+
+ # If we booted a special kernel remove the record
+ # so we will boot the default kernel next time.
+ if [ -x /sbin/nextboot ]; then
+ /sbin/nextboot -D
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/moused b/etc/rc.d/moused
new file mode 100755
index 0000000..fd2c447
--- /dev/null
+++ b/etc/rc.d/moused
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: moused
+# REQUIRE: DAEMON cleanvar
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="moused"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+start_cmd="moused_start"
+pidprefix="/var/run/moused"
+pidfile="${pidprefix}.pid"
+pidarg=
+load_rc_config $name
+
+# Set the pid file and variable name. The second argument, if it exists, is
+# expected to be the mouse device.
+#
+if [ -n "$2" ]; then
+ eval moused_$2_enable=\${moused_$2_enable-${moused_nondefault_enable}}
+ rcvar=`set_rcvar moused_$2`
+ pidfile="${pidprefix}.$2.pid"
+ pidarg="-I $pidfile"
+fi
+
+moused_start()
+{
+ local ms myflags myport mytype
+
+ # Set the mouse device and get any related variables. If
+ # a moused device has been specified on the commandline, then
+ # rc.conf(5) variables defined for that device take precedence
+ # over the generic moused_* variables. The only exception is
+ # the moused_port variable, which if not defined sets it to the
+ # passed in device name.
+ #
+ ms=$1
+ if [ -n "$ms" ]; then
+ eval myflags=\${moused_${ms}_flags-$moused_flags}
+ eval myport=\${moused_${ms}_port-/dev/$ms}
+ eval mytype=\${moused_${ms}_type-$moused_type}
+ else
+ ms="default"
+ myflags="$moused_flags"
+ myport="$moused_port"
+ mytype="$moused_type"
+ fi
+
+ check_startmsgs && echo -n "Starting ${ms} moused"
+ /usr/sbin/moused ${myflags} -p ${myport} -t ${mytype} ${pidarg}
+ check_startmsgs && echo '.'
+
+ mousechar_arg=
+ case ${mousechar_start} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ mousechar_arg="-M ${mousechar_start}"
+ ;;
+ esac
+
+ for ttyv in /dev/ttyv* ; do
+ vidcontrol < ${ttyv} ${mousechar_arg} -m on
+ done
+}
+
+run_rc_command $*
diff --git a/etc/rc.d/mroute6d b/etc/rc.d/mroute6d
new file mode 100755
index 0000000..047f241
--- /dev/null
+++ b/etc/rc.d/mroute6d
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mroute6d
+# REQUIRE: netif routing
+# BEFORE: NETWORKING
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="mroute6d"
+rcvar=`set_rcvar`
+command="/usr/local/sbin/pim6dd"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/mrouted b/etc/rc.d/mrouted
new file mode 100755
index 0000000..2eb9144
--- /dev/null
+++ b/etc/rc.d/mrouted
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mrouted
+# REQUIRE: netif routing cleanvar
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="mrouted"
+rcvar=`set_rcvar`
+command="/usr/local/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+required_files="/etc/${name}.conf"
+extra_commands="reload"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/msgs b/etc/rc.d/msgs
new file mode 100755
index 0000000..6031acc
--- /dev/null
+++ b/etc/rc.d/msgs
@@ -0,0 +1,13 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: msgs
+# REQUIRE: LOGIN
+
+# Make a bounds file for msgs(1) if there isn't one already
+#
+if [ -d /var/msgs -a ! -f /var/msgs/bounds -a ! -L /var/msgs/bounds ]; then
+ echo 0 > /var/msgs/bounds
+fi
diff --git a/etc/rc.d/named b/etc/rc.d/named
new file mode 100755
index 0000000..676de76
--- /dev/null
+++ b/etc/rc.d/named
@@ -0,0 +1,301 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: named
+# REQUIRE: SERVERS cleanvar
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="named"
+rcvar=named_enable
+
+extra_commands="reload"
+
+start_precmd="named_prestart"
+start_postcmd="named_poststart"
+reload_cmd="named_reload"
+stop_cmd="named_stop"
+stop_postcmd="named_poststop"
+
+# If running in a chroot cage, ensure that the appropriate files
+# exist inside the cage, as well as helper symlinks into the cage
+# from outside.
+#
+# As this is called after the is_running and required_dir checks
+# are made in run_rc_command(), we can safely assume ${named_chrootdir}
+# exists and named isn't running at this point (unless forcestart
+# is used).
+#
+chroot_autoupdate()
+{
+ local file
+
+ # Create (or update) the chroot directory structure
+ #
+ if [ -r /etc/mtree/BIND.chroot.dist ]; then
+ mtree -deU -f /etc/mtree/BIND.chroot.dist \
+ -p ${named_chrootdir}
+ else
+ warn "/etc/mtree/BIND.chroot.dist missing,"
+ warn "chroot directory structure not updated"
+ fi
+
+ # Create (or update) the configuration directory symlink
+ #
+ if [ ! -L "${named_conf%/*}" ]; then
+ if [ -d "${named_conf%/*}" ]; then
+ warn "named chroot: ${named_conf%/*} is a directory!"
+ elif [ -e "${named_conf%/*}" ]; then
+ warn "named chroot: ${named_conf%/*} exists!"
+ else
+ ln -s ${named_confdir} ${named_conf%/*}
+ fi
+ else
+ # Make sure it points to the right place.
+ ln -shf ${named_confdir} ${named_conf%/*}
+ fi
+
+ # Mount a devfs in the chroot directory if needed
+ #
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null
+ devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
+ devfs -m ${named_chrootdir}/dev rule apply path null unhide
+ devfs -m ${named_chrootdir}/dev rule apply path random unhide
+ else
+ if [ -c ${named_chrootdir}/dev/null -a \
+ -c ${named_chrootdir}/dev/random ]; then
+ info "named chroot: using pre-mounted devfs."
+ else
+ err 1 "named chroot: devfs cannot be mounted from" \
+ "within a jail. Thus a chrooted named cannot" \
+ "be run from within a jail." \
+ "To run named without chrooting it, set" \
+ "named_chrootdir=\"\" in /etc/rc.conf."
+ fi
+ fi
+
+ # Copy and/or update key files to the chroot /etc
+ #
+ for file in localtime protocols services; do
+ if [ -r /etc/$file ]; then
+ cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
+ cp -p /etc/$file "${named_chrootdir}/etc/$file"
+ fi
+ done
+}
+
+# Make symlinks to the correct pid file
+#
+make_symlinks()
+{
+ checkyesno named_symlink_enable &&
+ ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
+}
+
+named_poststart () {
+ make_symlinks
+
+ if checkyesno named_wait; then
+ until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
+ echo " Waiting for nameserver to resolve $named_wait_host"
+ sleep 1
+ done
+ fi
+}
+
+named_reload()
+{
+ ${command%/named}/rndc reload
+}
+
+find_pidfile()
+{
+ if get_pidfile_from_conf pid-file $named_conf; then
+ pidfile="$_pidfile_from_conf"
+ else
+ pidfile="/var/run/named/pid"
+ fi
+}
+
+named_stop()
+{
+ find_pidfile
+
+ # This duplicates an undesirably large amount of code from the stop
+ # routine in rc.subr in order to use rndc to shut down the process,
+ # and to give it a second chance in case rndc fails.
+ rc_pid=$(check_pidfile $pidfile $command)
+ if [ -z "$rc_pid" ]; then
+ [ -n "$rc_fast" ] && return 0
+ _run_rc_notrunning
+ return 1
+ fi
+ echo 'Stopping named.'
+ if ${command%/named}/rndc stop 2>/dev/null; then
+ wait_for_pids $rc_pid
+ else
+ echo -n 'rndc failed, trying kill: '
+ kill -TERM $rc_pid
+ wait_for_pids $rc_pid
+ fi
+}
+
+named_poststop()
+{
+ if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
+ if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
+ umount ${named_chrootdir}/dev 2>/dev/null || true
+ else
+ warn "named chroot:" \
+ "cannot unmount devfs from inside jail!"
+ fi
+ fi
+}
+
+create_file () {
+ if [ -e "$1" ]; then
+ unlink $1
+ fi
+ > $1
+ chown root:wheel $1
+ chmod 644 $1
+}
+
+named_prestart()
+{
+ find_pidfile
+
+ if [ -n "$named_pidfile" ]; then
+ warn 'named_pidfile: now determined from the conf file'
+ fi
+
+ command_args="-u ${named_uid:=root}"
+
+ if [ ! "$named_conf" = '/etc/namedb/named.conf' ]; then
+ case "$named_flags" in
+ -c*|*' -c'*) ;; # No need to add it
+ *) command_args="-c $named_conf $command_args" ;;
+ esac
+ fi
+
+ local line nsip firstns
+
+ # Is the user using a sandbox?
+ #
+ if [ -n "$named_chrootdir" ]; then
+ rc_flags="$rc_flags -t $named_chrootdir"
+ checkyesno named_chroot_autoupdate && chroot_autoupdate
+ else
+ named_symlink_enable=NO
+ fi
+
+ # Create an rndc.key file for the user if none exists
+ #
+ confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
+ -c ${named_confdir}/rndc.key"
+ if [ -s "${named_confdir}/rndc.conf" ]; then
+ unset confgen_command
+ fi
+ if [ -s "${named_confdir}/rndc.key" ]; then
+ case `stat -f%Su ${named_confdir}/rndc.key` in
+ root|$named_uid) ;;
+ *) $confgen_command ;;
+ esac
+ else
+ $confgen_command
+ fi
+
+ local checkconf
+
+ checkconf="${command%/named}/named-checkconf"
+ if ! checkyesno named_chroot_autoupdate && [ -n "$named_chrootdir" ]; then
+ checkconf="$checkconf -t $named_chrootdir"
+ fi
+
+ # Create a forwarder configuration based on /etc/resolv.conf
+ if checkyesno named_auto_forward; then
+ if [ ! -s /etc/resolv.conf ]; then
+ warn "named_auto_forward enabled, but no /etc/resolv.conf"
+
+ # Empty the file in case it is included in named.conf
+ [ -s "${named_confdir}/auto_forward.conf" ] &&
+ create_file ${named_confdir}/auto_forward.conf
+
+ $checkconf $named_conf ||
+ err 3 'named-checkconf for $named_conf failed'
+ return
+ fi
+
+ create_file /var/run/naf-resolv.conf
+ create_file /var/run/auto_forward.conf
+
+ echo ' forwarders {' > /var/run/auto_forward.conf
+
+ while read line; do
+ case "$line" in
+ 'nameserver '*|'nameserver '*)
+ nsip=${line##nameserver[ ]}
+
+ if [ -z "$firstns" ]; then
+ if [ ! "$nsip" = '127.0.0.1' ]; then
+ echo 'nameserver 127.0.0.1'
+ echo " ${nsip};" >> /var/run/auto_forward.conf
+ fi
+
+ firstns=1
+ else
+ [ "$nsip" = '127.0.0.1' ] && continue
+ echo " ${nsip};" >> /var/run/auto_forward.conf
+ fi
+ ;;
+ esac
+
+ echo $line
+ done < /etc/resolv.conf > /var/run/naf-resolv.conf
+
+ echo ' };' >> /var/run/auto_forward.conf
+ echo '' >> /var/run/auto_forward.conf
+ if checkyesno named_auto_forward_only; then
+ echo " forward only;" >> /var/run/auto_forward.conf
+ else
+ echo " forward first;" >> /var/run/auto_forward.conf
+ fi
+
+ if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
+ unlink /var/run/naf-resolv.conf
+ else
+ [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
+ mv /var/run/naf-resolv.conf /etc/resolv.conf
+ fi
+
+ if cmp -s ${named_confdir}/auto_forward.conf \
+ /var/run/auto_forward.conf; then
+ unlink /var/run/auto_forward.conf
+ else
+ [ -e "${named_confdir}/auto_forward.conf" ] &&
+ unlink ${named_confdir}/auto_forward.conf
+ mv /var/run/auto_forward.conf \
+ ${named_confdir}/auto_forward.conf
+ fi
+ else
+ # Empty the file in case it is included in named.conf
+ [ -s "${named_confdir}/auto_forward.conf" ] &&
+ create_file ${named_confdir}/auto_forward.conf
+ fi
+
+ $checkconf $named_conf || err 3 'named-checkconf for $named_conf failed'
+}
+
+load_rc_config $name
+
+# Updating the following variables requires that rc.conf be loaded first
+#
+required_dirs="$named_chrootdir" # if it is set, it must exist
+
+named_confdir="${named_chrootdir}${named_conf%/*}"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/natd b/etc/rc.d/natd
new file mode 100755
index 0000000..e22353a
--- /dev/null
+++ b/etc/rc.d/natd
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: natd
+# KEYWORD: nostart nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="natd"
+rcvar=`set_rcvar`
+command="/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+start_precmd="natd_precmd"
+required_modules="ipdivert"
+
+natd_precmd()
+{
+ if [ -n "${natd_interface}" ]; then
+ dhcp_list="`list_net_interfaces dhcp`"
+ for ifn in ${dhcp_list}; do
+ case "${natd_interface}" in
+ ${ifn})
+ rc_flags="$rc_flags -dynamic"
+ ;;
+ esac
+ done
+
+ if echo "${natd_interface}" | \
+ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
+ rc_flags="$rc_flags -a ${natd_interface}"
+ else
+ rc_flags="$rc_flags -n ${natd_interface}"
+ fi
+ fi
+
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/netif b/etc/rc.d/netif
new file mode 100755
index 0000000..01da302
--- /dev/null
+++ b/etc/rc.d/netif
@@ -0,0 +1,158 @@
+#!/bin/sh
+#
+# Copyright (c) 2003 The FreeBSD Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE PROJECT ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE PROJECT BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: netif
+# REQUIRE: atm1 cleanvar FILESYSTEMS serial sppp sysctl
+# REQUIRE: ipfilter ipfs
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="network"
+start_cmd="network_start"
+stop_cmd="network_stop"
+cloneup_cmd="clone_up"
+clonedown_cmd="clone_down"
+extra_commands="cloneup clonedown"
+cmdifn=
+
+set_rcvar_obsolete ipv6_enable ipv6_activate_all_interfaces
+set_rcvar_obsolete ipv6_prefer
+
+network_start()
+{
+ # Set the list of interfaces to work on.
+ #
+ cmdifn=$*
+
+ if [ -z "$cmdifn" ]; then
+ #
+ # We're operating as a general network start routine.
+ #
+
+ # disable SIGINT (Ctrl-c) when running at startup
+ trap : 2
+
+ # Create cloned interfaces
+ clone_up
+
+ # Create Fast EtherChannel interfaces
+ fec_up
+
+ # Create IPv6<-->IPv4 tunnels
+ gif_up
+
+ # Rename interfaces.
+ ifnet_rename
+ fi
+
+ # Configure the interface(s).
+ network_common ifn_start
+
+ if [ -f /etc/rc.d/ipfilter ] ; then
+ # Resync ipfilter
+ /etc/rc.d/ipfilter quietresync
+ fi
+ if [ -f /etc/rc.d/bridge -a -n "$cmdifn" ] ; then
+ /etc/rc.d/bridge start $cmdifn
+ fi
+}
+
+network_stop()
+{
+ # Set the list of interfaces to work on.
+ #
+ cmdifn=$*
+
+ # Deconfigure the interface(s)
+ network_common ifn_stop
+}
+
+# network_common routine
+# Common configuration subroutine for network interfaces. This
+# routine takes all the preparatory steps needed for configuriing
+# an interface and then calls $routine.
+network_common()
+{
+ local _cooked_list _fail _func _ok _str
+
+ _func=
+
+ if [ -z "$1" ]; then
+ err 1 "network_common(): No function name specified."
+ else
+ _func="$1"
+ fi
+
+ # Set the scope of the command (all interfaces or just one).
+ #
+ _cooked_list=
+ if [ -n "$cmdifn" ]; then
+ # Don't check that the interface(s) exist. We need to run
+ # the down code even when the interface doesn't exist to
+ # kill off wpa_supplicant.
+ # XXXBED: is this really true or does wpa_supplicant die?
+ # if so, we should get rid of the devd entry
+ _cooked_list="$cmdifn"
+ else
+ _cooked_list="`list_net_interfaces`"
+ fi
+
+ _fail=
+ _ok=
+ for ifn in ${_cooked_list}; do
+ if ${_func} ${ifn} $2; then
+ _ok="${_ok} ${ifn}"
+ else
+ _fail="${_fail} ${ifn}"
+ fi
+ done
+
+ _str=
+ if [ -n "${_ok}" ]; then
+ case ${_func} in
+ ifn_start)
+ _str='Starting'
+ ;;
+ ifn_stop)
+ _str='Stopping'
+ ;;
+ esac
+ echo "${_str} Network:${_ok}."
+ if check_startmsgs; then
+ for ifn in ${_ok}; do
+ /sbin/ifconfig ${ifn}
+ done
+ fi
+ fi
+
+ debug "The following interfaces were not configured: $_fail"
+}
+
+load_rc_config $name
+run_rc_command $*
diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
new file mode 100755
index 0000000..1547ade
--- /dev/null
+++ b/etc/rc.d/netoptions
@@ -0,0 +1,125 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: netoptions
+# REQUIRE: FILESYSTEMS
+# BEFORE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="netoptions"
+start_cmd="netoptions_start"
+stop_cmd=:
+
+_netoptions_initdone=
+netoptions_init()
+{
+ if [ -z "${_netoptions_initdone}" ]; then
+ echo -n 'Additional TCP/IP options:'
+ _netoptions_initdone=yes
+ fi
+}
+
+netoptions_start()
+{
+ local _af
+
+ for _af in inet inet6; do
+ afexists ${_af} && eval netoptions_${_af}
+ done
+ [ -n "${_netoptions_initdone}" ] && echo '.'
+}
+
+netoptions_inet()
+{
+ case ${log_in_vain} in
+ [12])
+ netoptions_init
+ echo -n " log_in_vain=${log_in_vain}"
+ ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null
+ ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null
+ ;;
+ *)
+ ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null
+ ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null
+ ;;
+ esac
+
+ if checkyesno tcp_extensions; then
+ ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null
+ else
+ netoptions_init
+ echo -n " rfc1323 extensions=${tcp_extensions}"
+ ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null
+ fi
+
+ if checkyesno tcp_keepalive; then
+ ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null
+ else
+ netoptions_init
+ echo -n " TCP keepalive=${tcp_keepalive}"
+ ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null
+ fi
+
+ if checkyesno tcp_drop_synfin; then
+ netoptions_init
+ echo -n " drop SYN+FIN packets=${tcp_drop_synfin}"
+ ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null
+ else
+ ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null
+ fi
+
+ case ${ip_portrange_first} in
+ [0-9]*)
+ netoptions_init
+ echo -n " ip_portrange_first=$ip_portrange_first"
+ ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
+ ;;
+ esac
+
+ case ${ip_portrange_last} in
+ [0-9]*)
+ netoptions_init
+ echo -n " ip_portrange_last=$ip_portrange_last"
+ ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
+ ;;
+ esac
+}
+
+netoptions_inet6()
+{
+ if checkyesno ipv6_ipv4mapping; then
+ netoptions_init
+ echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}"
+ ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null
+ else
+ ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null
+ fi
+
+ if checkyesno ipv6_privacy; then
+ netoptions_init
+ echo -n " IPv6 Privacy Addresses"
+ ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null
+ ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
+ fi
+
+ case $ipv6_cpe_wanif in
+ ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+ ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null
+ ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null
+ ;;
+ *)
+ netoptions_init
+ echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}"
+ ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null
+ ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command $1
diff --git a/etc/rc.d/netwait b/etc/rc.d/netwait
new file mode 100755
index 0000000..1d3556a
--- /dev/null
+++ b/etc/rc.d/netwait
@@ -0,0 +1,98 @@
+#!/bin/sh
+
+# $FreeBSD$
+#
+# PROVIDE: netwait
+# REQUIRE: NETWORKING
+# KEYWORD: nojail
+#
+# The netwait script is intended to be used by systems which have
+# statically-configured IP addresses in rc.conf(5). If your system
+# uses DHCP, you should use synchronous_dhclient="YES" in your
+# /etc/rc.conf instead of using netwait.
+
+. /etc/rc.subr
+
+name="netwait"
+rcvar=`set_rcvar`
+
+start_cmd="${name}_start"
+stop_cmd=":"
+
+netwait_start()
+{
+ local ip rc count output link
+
+ if [ -z "${netwait_ip}" ]; then
+ err 1 "You must define one or more IP addresses in netwait_ip"
+ fi
+
+ if [ ${netwait_timeout} -lt 1 ]; then
+ err 1 "netwait_timeout must be >= 1"
+ fi
+
+ # Handle SIGINT (Ctrl-C); force abort of while() loop
+ trap break SIGINT
+
+ if [ -n "${netwait_if}" ]; then
+ echo -n "Waiting for $netwait_if to have link"
+
+ count=1
+ while [ ${count} -le ${netwait_if_timeout} ]; do
+ if output=`/sbin/ifconfig ${netwait_if} 2>/dev/null`; then
+ link=`expr "${output}" : '.*[[:blank:]]status: \(no carrier\)'`
+ if [ -z "${link}" ]; then
+ echo '.'
+ break
+ fi
+ else
+ echo ''
+ err 1 "ifconfig ${netwait_if} failed"
+ fi
+ sleep 1
+ count=$((count+1))
+ done
+ if [ -n "${link}" ]; then
+ # Restore default SIGINT handler
+ trap - SIGINT
+
+ echo ''
+ warn "Interface still has no link. Continuing with startup, but"
+ warn "be aware you may not have a fully functional networking"
+ warn "layer at this point."
+ return
+ fi
+ fi
+
+ # Handle SIGINT (Ctrl-C); force abort of while() loop
+ trap break SIGINT
+
+ for ip in ${netwait_ip}; do
+ echo -n "Waiting for ${ip} to respond to ICMP"
+
+ count=1
+ while [ ${count} -le ${netwait_timeout} ]; do
+ /sbin/ping -t 1 -c 1 -o ${ip} >/dev/null 2>&1
+ rc=$?
+
+ if [ $rc -eq 0 ]; then
+ # Restore default SIGINT handler
+ trap - SIGINT
+
+ echo '.'
+ return
+ fi
+ count=$((count+1))
+ done
+ echo ': No response from host.'
+ done
+
+ # Restore default SIGINT handler
+ trap - SIGINT
+
+ warn "Exhausted IP list. Continuing with startup, but be aware you may"
+ warn "not have a fully functional networking layer at this point."
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/newsyslog b/etc/rc.d/newsyslog
new file mode 100755
index 0000000..ab8f2d3
--- /dev/null
+++ b/etc/rc.d/newsyslog
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: newsyslog
+# REQUIRE: cleanvar mountcritremote
+
+. /etc/rc.subr
+
+name="newsyslog"
+rcvar=`set_rcvar`
+required_files="/etc/newsyslog.conf"
+command="/usr/sbin/${name}"
+start_cmd="newsyslog_start"
+stop_cmd=":"
+
+newsyslog_start()
+{
+ check_startmsgs && echo -n 'Creating and/or trimming log files'
+ ${command} ${rc_flags}
+ check_startmsgs && echo '.'
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/nfscbd b/etc/rc.d/nfscbd
new file mode 100755
index 0000000..8fecfe9
--- /dev/null
+++ b/etc/rc.d/nfscbd
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: nfscbd
+# REQUIRE: NETWORKING nfsuserd
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="nfscbd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+sig_stop="USR1"
+
+load_rc_config $name
+
+run_rc_command "$1"
diff --git a/etc/rc.d/nfsclient b/etc/rc.d/nfsclient
new file mode 100755
index 0000000..fa7906d
--- /dev/null
+++ b/etc/rc.d/nfsclient
@@ -0,0 +1,50 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: nfsclient
+# REQUIRE: NETWORKING mountcritremote rpcbind
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="nfsclient"
+rcvar="nfs_client_enable"
+start_cmd="nfsclient_start"
+stop_cmd="unmount_all"
+required_modules="nfscl:nfs"
+
+nfsclient_start()
+{
+ #
+ # Set some nfs client related sysctls
+ #
+
+ if [ -n "${nfs_access_cache}" ]; then
+ check_startmsgs &&
+ echo "NFS access cache time=${nfs_access_cache}"
+ if ! sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null; then
+ warn "failed to set access cache timeout"
+ fi
+ fi
+ if [ -n "${nfs_bufpackets}" ]; then
+ if ! sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null; then
+ warn "failed to set vfs.nfs.bufpackets"
+ fi
+ fi
+
+ unmount_all
+}
+
+unmount_all()
+{
+ # If /var/db/mounttab exists, some nfs-server has not been
+ # successfully notified about a previous client shutdown.
+ # If there is no /var/db/mounttab, we do nothing.
+ if [ -f /var/db/mounttab ]; then
+ rpc.umntall -k
+ fi
+}
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/nfsd b/etc/rc.d/nfsd
new file mode 100755
index 0000000..e1fd968
--- /dev/null
+++ b/etc/rc.d/nfsd
@@ -0,0 +1,78 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: nfsd
+# REQUIRE: mountd hostname gssd nfsuserd
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="nfsd"
+rcvar=`set_rcvar nfs_server`
+command="/usr/sbin/${name}"
+
+load_rc_config $name
+start_precmd="nfsd_precmd"
+sig_stop="USR1"
+
+nfsd_precmd()
+{
+ if checkyesno oldnfs_server_enable; then
+ rc_flags="-o ${nfs_server_flags}"
+
+ # Load the module now, so that the vfs.nfsrv sysctl
+ # oids are available.
+ load_kld nfsserver
+
+ if checkyesno nfs_reserved_port_only; then
+ echo 'NFS on reserved port only=YES'
+ sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
+ else
+ sysctl vfs.nfsrv.nfs_privport=0 > /dev/null
+ fi
+ else
+ rc_flags="${nfs_server_flags}"
+
+ # Load the modules now, so that the vfs.nfsd sysctl
+ # oids are available.
+ load_kld nfsd
+
+ if checkyesno nfs_reserved_port_only; then
+ echo 'NFS on reserved port only=YES'
+ sysctl vfs.nfsd.nfs_privport=1 > /dev/null
+ else
+ sysctl vfs.nfsd.nfs_privport=0 > /dev/null
+ fi
+
+ if checkyesno nfsv4_server_enable; then
+ sysctl vfs.nfsd.server_max_nfsvers=4 > /dev/null
+ if ! checkyesno nfsuserd_enable && \
+ ! /etc/rc.d/nfsuserd forcestatus 1>/dev/null 2>&1
+ then
+ if ! force_depend nfsuserd; then
+ err 1 "Cannot run nfsuserd"
+ fi
+ fi
+ else
+ echo 'NFSv4 is disabled'
+ sysctl vfs.nfsd.server_max_nfsvers=3 > /dev/null
+ fi
+ fi
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+
+ if ! checkyesno mountd_enable && \
+ ! /etc/rc.d/mountd forcestatus 1>/dev/null 2>&1
+ then
+ force_depend mountd || return 1
+ fi
+ return 0
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/nfsuserd b/etc/rc.d/nfsuserd
new file mode 100755
index 0000000..278c666
--- /dev/null
+++ b/etc/rc.d/nfsuserd
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: nfsuserd
+# REQUIRE: NETWORKING
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="nfsuserd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+sig_stop="USR1"
+
+load_rc_config $name
+
+run_rc_command "$1"
diff --git a/etc/rc.d/nisdomain b/etc/rc.d/nisdomain
new file mode 100755
index 0000000..9763a9a
--- /dev/null
+++ b/etc/rc.d/nisdomain
@@ -0,0 +1,54 @@
+#!/bin/sh
+#
+# Copyright (c) 1993 - 2003 The FreeBSD Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: nisdomain
+# REQUIRE: SERVERS rpcbind
+# BEFORE: ypset ypbind ypserv ypxfrd
+
+. /etc/rc.subr
+
+name="nisdomain"
+start_cmd="nisdomain_start"
+stop_cmd=":"
+
+nisdomain_start()
+{
+ # Set the domainname if we're using NIS
+ #
+ case ${nisdomainname} in
+ [Nn][Oo]|'')
+ ;;
+ *)
+ domainname ${nisdomainname}
+ echo "Setting NIS domain: `/bin/domainname`."
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/nscd b/etc/rc.d/nscd
new file mode 100755
index 0000000..42041a7
--- /dev/null
+++ b/etc/rc.d/nscd
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: nscd
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+#
+# Add the following lines to /etc/rc.conf to enable nscd:
+#
+# nscd_enable="YES"
+#
+# See nscd(8) for flags
+#
+
+. /etc/rc.subr
+
+name="nscd"
+rcvar=`set_rcvar`
+
+command=/usr/sbin/nscd
+extra_commands="flush"
+flush_cmd="${command} -I all"
+
+# usage: _nscd_set_option <option name> <default value>
+#
+_nscd_set_option() {
+ local _optname _defoptval _nscd_opt_val _cached_opt_val
+ _optname=$1
+ _defoptval=$2
+
+ _nscd_opt_val=$(eval "echo \$nscd_${_optname}")
+ _cached_opt_val=$(eval "echo \$cached_${_optname}")
+
+ if [ -n "$_cached_opt_val" -a "$_nscd_opt_val" != "$_defoptval" ]; then
+ warn "You should use nscd_${_optname} instead of" \
+ "cached_${_optname}"
+ setvar "nscd_${_optname}" "$_cached_opt_val"
+ else
+ setvar "nscd_${_optname}" "${_nscd_opt_val:-$_defoptval}"
+ fi
+}
+
+
+load_rc_config $name
+_nscd_set_option "enable" "NO"
+_nscd_set_option "pidfile" "/var/run/nscd.pid"
+_nscd_set_option "flags" ""
+run_rc_command "$1"
+
diff --git a/etc/rc.d/nsswitch b/etc/rc.d/nsswitch
new file mode 100755
index 0000000..caca52f
--- /dev/null
+++ b/etc/rc.d/nsswitch
@@ -0,0 +1,103 @@
+#!/bin/sh
+#
+# Copyright (c) 1993 - 2004 The FreeBSD Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: nsswitch
+# REQUIRE: root
+# BEFORE: NETWORK
+
+. /etc/rc.subr
+
+name="nsswitch"
+start_cmd="nsswitch_start"
+stop_cmd=":"
+
+generate_host_conf()
+{
+ local _cont _sources
+
+ nsswitch_conf=$1; shift;
+ host_conf=$1; shift;
+
+ _cont=0
+ _sources=""
+ while read line; do
+ line=${line##[ ]}
+ case $line in
+ hosts:*)
+ ;;
+ *)
+ if [ $_cont -ne 1 ]; then
+ continue
+ fi
+ ;;
+ esac
+ if [ "${line%\\}" = "${line}\\" ]; then
+ _cont=1
+ fi
+ line=${line#hosts:}
+ line=${line%\\}
+ line=${line%%#*}
+ _sources="${_sources}${_sources:+ }$line"
+ done < $nsswitch_conf
+
+ echo "# Auto-generated from nsswitch.conf" > $host_conf
+ for _s in ${_sources}; do
+ case $_s in
+ files)
+ echo "hosts" >> $host_conf
+ ;;
+ dns)
+ echo "dns" >> $host_conf
+ ;;
+ nis)
+ echo "nis" >> $host_conf
+ ;;
+ cache | *=*)
+ ;;
+ *)
+ echo "Warning: unrecognized source [$_s]" >&2
+ ;;
+ esac
+ done
+}
+
+nsswitch_start()
+{
+ # Generate host.conf for compatibility
+ #
+ if [ ! -f "/etc/host.conf" -o \
+ "/etc/host.conf" -ot "/etc/nsswitch.conf" ]
+ then
+ echo 'Generating host.conf.'
+ generate_host_conf /etc/nsswitch.conf /etc/host.conf
+ fi
+
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ntpd b/etc/rc.d/ntpd
new file mode 100755
index 0000000..b7b009c
--- /dev/null
+++ b/etc/rc.d/ntpd
@@ -0,0 +1,53 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ntpd
+# REQUIRE: DAEMON ntpdate cleanvar devfs
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="ntpd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+start_precmd="ntpd_precmd"
+
+load_rc_config $name
+
+ntpd_precmd()
+{
+ rc_flags="-c ${ntpd_config} ${ntpd_flags}"
+
+ if checkyesno ntpd_sync_on_start; then
+ rc_flags="-g $rc_flags"
+ fi
+
+ if [ -z "$ntpd_chrootdir" ]; then
+ return 0;
+ fi
+
+ # If running in a chroot cage, ensure that the appropriate files
+ # exist inside the cage, as well as helper symlinks into the cage
+ # from outside.
+ #
+ # As this is called after the is_running and required_dir checks
+ # are made in run_rc_command(), we can safely assume ${ntpd_chrootdir}
+ # exists and ntpd isn't running at this point (unless forcestart
+ # is used).
+ #
+ if [ ! -c "${ntpd_chrootdir}/dev/clockctl" ]; then
+ rm -f "${ntpd_chrootdir}/dev/clockctl"
+ ( cd /dev ; /bin/pax -rw -pe clockctl "${ntpd_chrootdir}/dev" )
+ fi
+ ln -fs "${ntpd_chrootdir}/var/db/ntp.drift" /var/db/ntp.drift
+
+ # Change run_rc_commands()'s internal copy of $ntpd_flags
+ #
+ rc_flags="-u ntpd:ntpd -i ${ntpd_chrootdir} $rc_flags"
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ntpdate b/etc/rc.d/ntpdate
new file mode 100755
index 0000000..3f93e27
--- /dev/null
+++ b/etc/rc.d/ntpdate
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ntpdate
+# REQUIRE: NETWORKING syslogd named
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ntpdate"
+rcvar=`set_rcvar`
+stop_cmd=":"
+start_cmd="ntpdate_start"
+
+ntpdate_start()
+{
+ if [ -z "$ntpdate_hosts" -a -f ${ntpdate_config} ]; then
+ ntpdate_hosts=`awk '
+ /^server[ \t]*127.127/ {next}
+ /^(server|peer)/ {
+ if ($2 ~/^-/) {print $3}
+ else {print $2}}
+ ' < ${ntpdate_config}`
+ fi
+ if [ -n "$ntpdate_hosts" -o -n "$rc_flags" ]; then
+ echo "Setting date via ntp."
+ ${ntpdate_program:-ntpdate} $rc_flags $ntpdate_hosts
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/opensm b/etc/rc.d/opensm
new file mode 100755
index 0000000..310476b
--- /dev/null
+++ b/etc/rc.d/opensm
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: opensm
+# BEFORE: netif
+# REQUIRE: FILESYSTEMS
+
+. /etc/rc.subr
+
+name="opensm"
+start_cmd="opensm_start"
+rcvar="opensm_enable"
+
+command=/usr/bin/opensm
+command_args="-B"
+
+opensm_start()
+{
+ for guid in `ibstat | grep "Port GUID" | cut -d ':' -f2`; do
+ [ -z "${rc_quiet}" ] && echo "Starting ${guid} opensm."
+ ${command} ${command_args} -g ${guid} >> /dev/null
+ done
+}
+
+load_rc_config $name
+run_rc_command $*
diff --git a/etc/rc.d/othermta b/etc/rc.d/othermta
new file mode 100755
index 0000000..7ab3e63
--- /dev/null
+++ b/etc/rc.d/othermta
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mail
+# REQUIRE: LOGIN
+
+# XXX - TEMPORARY SCRIPT UNTIL YOU WRITE YOUR OWN REPLACEMENT.
+#
+. /etc/rc.subr
+
+load_rc_config 'XXX'
+
+if [ -n "${mta_start_script}" ]; then
+ [ "${mta_start_script}" != "/etc/rc.sendmail" ] && \
+ sh ${mta_start_script} "$1"
+fi
diff --git a/etc/rc.d/pf b/etc/rc.d/pf
new file mode 100755
index 0000000..3180a2c
--- /dev/null
+++ b/etc/rc.d/pf
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pf
+# REQUIRE: FILESYSTEMS netif pflog pfsync
+# BEFORE: routing
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="pf"
+rcvar=`set_rcvar`
+load_rc_config $name
+start_cmd="pf_start"
+stop_cmd="pf_stop"
+check_cmd="pf_check"
+reload_cmd="pf_reload"
+resync_cmd="pf_resync"
+status_cmd="pf_status"
+extra_commands="check reload resync"
+required_files="$pf_rules"
+required_modules="pf"
+
+pf_start()
+{
+ check_startmsgs && echo -n 'Enabling pf'
+ $pf_program -F all > /dev/null 2>&1
+ $pf_program -f "$pf_rules" $pf_flags
+ if ! $pf_program -s info | grep -q "Enabled" ; then
+ $pf_program -eq
+ fi
+ check_startmsgs && echo '.'
+}
+
+pf_stop()
+{
+ if $pf_program -s info | grep -q "Enabled" ; then
+ echo -n 'Disabling pf'
+ $pf_program -dq
+ echo '.'
+ fi
+}
+
+pf_check()
+{
+ echo "Checking pf rules."
+ $pf_program -n -f "$pf_rules"
+}
+
+pf_reload()
+{
+ echo "Reloading pf rules."
+ $pf_program -n -f "$pf_rules" || return 1
+ # Flush everything but existing state entries that way when
+ # rules are read in, it doesn't break established connections.
+ $pf_program -Fnat -Fqueue -Frules -FSources -Finfo -FTables -Fosfp > /dev/null 2>&1
+ $pf_program -f "$pf_rules" $pf_flags
+}
+
+pf_resync()
+{
+ $pf_program -f "$pf_rules" $pf_flags
+}
+
+pf_status()
+{
+ $pf_program -s info
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/pflog b/etc/rc.d/pflog
new file mode 100755
index 0000000..001ad38
--- /dev/null
+++ b/etc/rc.d/pflog
@@ -0,0 +1,56 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pflog
+# REQUIRE: FILESYSTEMS netif cleanvar
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="pflog"
+rcvar=`set_rcvar`
+command="/sbin/pflogd"
+pidfile="/var/run/pflogd.pid"
+start_precmd="pflog_prestart"
+stop_postcmd="pflog_poststop"
+extra_commands="reload resync"
+
+# for backward compatibility
+resync_cmd="pflog_resync"
+
+pflog_prestart()
+{
+ load_kld pflog || return 1
+
+ # set pflog0 interface to up state
+ if ! ifconfig pflog0 up; then
+ warn 'could not bring up pflog0.'
+ return 1
+ fi
+
+ # prepare the command line for pflogd
+ rc_flags="-f $pflog_logfile $rc_flags"
+
+ # report we're ready to run pflogd
+ return 0
+}
+
+pflog_poststop()
+{
+ if ! ifconfig pflog0 down; then
+ warn 'could not bring down pflog0.'
+ return 1
+ fi
+ return 0
+}
+
+# for backward compatibility
+pflog_resync()
+{
+ run_rc_command reload
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/pfsync b/etc/rc.d/pfsync
new file mode 100755
index 0000000..8be8928
--- /dev/null
+++ b/etc/rc.d/pfsync
@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pfsync
+# REQUIRE: FILESYSTEMS netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="pfsync"
+rcvar=`set_rcvar`
+start_precmd="pfsync_prestart"
+start_cmd="pfsync_start"
+stop_cmd="pfsync_stop"
+required_modules="pf"
+
+pfsync_prestart()
+{
+ # XXX Currently pfsync cannot be a module as it must register
+ # a network protocol in a static kernel table.
+ if ! kldstat -q -m pfsync; then
+ warn "pfsync(4) must be statically compiled in the kernel."
+ return 1
+ fi
+
+ case "$pfsync_syncdev" in
+ '')
+ warn "pfsync_syncdev is not set."
+ return 1
+ ;;
+ esac
+ return 0
+}
+
+pfsync_start()
+{
+ local _syncpeer
+
+ echo "Enabling pfsync."
+ if [ -n "${pfsync_syncpeer}" ]; then
+ _syncpeer="syncpeer ${pfsync_syncpeer}"
+ fi
+ ifconfig pfsync0 $_syncpeer syncdev $pfsync_syncdev $pfsync_ifconfig up
+}
+
+pfsync_stop()
+{
+ echo "Disabling pfsync."
+ ifconfig pfsync0 -syncdev down
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/power_profile b/etc/rc.d/power_profile
new file mode 100755
index 0000000..03d36be
--- /dev/null
+++ b/etc/rc.d/power_profile
@@ -0,0 +1,97 @@
+#!/bin/sh
+#
+# Modify the power profile based on AC line state. This script is
+# usually called from devd(8).
+#
+# Arguments: 0x00 (AC offline, economy) or 0x01 (AC online, performance)
+#
+# $FreeBSD$
+#
+
+# PROVIDE: power_profile
+# REQUIRE: FILESYSTEMS syslogd
+# KEYWORD: nojail nostart
+
+. /etc/rc.subr
+
+name="power_profile"
+stop_cmd=':'
+LOGGER="logger -t power_profile -p daemon.notice"
+
+# Set a given sysctl node to a value.
+#
+# Variables:
+# $node: sysctl node to set with the new value
+# $value: HIGH for the highest performance value, LOW for the best
+# economy value, or the value itself.
+# $highest_value: maximum value for this sysctl, when $value is "HIGH"
+# $lowest_value: minimum value for this sysctl, when $value is "LOW"
+#
+sysctl_set ()
+{
+ # Check if the node exists
+ if [ -z "$(sysctl -n ${node} 2> /dev/null)" ]; then
+ return
+ fi
+
+ # Get the new value, checking for special types HIGH or LOW
+ case ${value} in
+ [Hh][Ii][Gg][Hh])
+ value=${highest_value}
+ ;;
+ [Ll][Oo][Ww])
+ value=${lowest_value}
+ ;;
+ [Nn][Oo][Nn][Ee])
+ return
+ ;;
+ *)
+ ;;
+ esac
+
+ # Set the desired value
+ if [ -n "${value}" ]; then
+ if ! sysctl ${node}=${value} > /dev/null 2>&1; then
+ warn "unable to set ${node}=${value}"
+ fi
+ fi
+}
+
+if [ $# -ne 1 ]; then
+ err 1 "Usage: $0 [0x00|0x01]"
+fi
+load_rc_config $name
+
+# Find the next state (performance or economy).
+state=$1
+case ${state} in
+0x01 | '')
+ ${LOGGER} "changed to 'performance'"
+ profile="performance"
+ ;;
+0x00)
+ ${LOGGER} "changed to 'economy'"
+ profile="economy"
+ ;;
+*)
+ echo "Usage: $0 [0x00|0x01]"
+ exit 1
+esac
+
+# Set the various sysctls based on the profile's values.
+node="hw.acpi.cpu.cx_lowest"
+highest_value="C1"
+lowest_value="`(sysctl -n dev.cpu.0.cx_supported | \
+ awk '{ print "C" split($0, a) }' -) 2> /dev/null`"
+eval value=\$${profile}_cx_lowest
+sysctl_set
+
+node="dev.cpu.0.freq"
+highest_value="`(sysctl -n dev.cpu.0.freq_levels | \
+ awk '{ split($0, a, "[/ ]"); print a[1] }' -) 2> /dev/null`"
+lowest_value="`(sysctl -n dev.cpu.0.freq_levels | \
+ awk '{ split($0, a, "[/ ]"); print a[length(a) - 1] }' -) 2> /dev/null`"
+eval value=\$${profile}_cpu_freq
+sysctl_set
+
+exit 0
diff --git a/etc/rc.d/powerd b/etc/rc.d/powerd
new file mode 100755
index 0000000..e59d979
--- /dev/null
+++ b/etc/rc.d/powerd
@@ -0,0 +1,25 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: powerd
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="powerd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+stop_postcmd=powerd_poststop
+
+powerd_poststop()
+{
+ sysctl dev.cpu.0.freq=`sysctl -n dev.cpu.0.freq_levels |
+ sed -e 's:/.*::'` > /dev/null
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ppp b/etc/rc.d/ppp
new file mode 100755
index 0000000..84d6bc4
--- /dev/null
+++ b/etc/rc.d/ppp
@@ -0,0 +1,134 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ppp
+# REQUIRE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="ppp"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+start_cmd="ppp_start"
+stop_cmd="ppp_stop"
+start_postcmd="ppp_poststart"
+
+ppp_start_profile()
+{
+ local _ppp_profile _ppp_mode _ppp_nat _ppp_unit
+ local _ppp_profile_cleaned _punct _punct_c
+
+ _ppp_profile=$1
+ _ppp_profile_cleaned=$1
+ _punct=". - / +"
+ for _punct_c in $_punct; do
+ _ppp_profile_cleaned=`ltr ${_ppp_profile_cleaned} ${_punct_c} '_'`
+ done
+
+ # Check for ppp profile mode override.
+ #
+ eval _ppp_mode=\$ppp_${_ppp_profile_cleaned}_mode
+ if [ -z "$_ppp_mode" ]; then
+ _ppp_mode=$ppp_mode
+ fi
+
+ # Check for ppp profile nat override.
+ #
+ eval _ppp_nat=\$ppp_${_ppp_profile_cleaned}_nat
+ if [ -z "$_ppp_nat" ]; then
+ _ppp_nat=$ppp_nat
+ fi
+
+ # Establish ppp mode.
+ #
+ if [ "${_ppp_mode}" != "ddial" -a "${_ppp_mode}" != "direct" \
+ -a "${_ppp_mode}" != "dedicated" \
+ -a "${_ppp_mode}" != "background" ]; then
+ _ppp_mode="auto"
+ fi
+
+ rc_flags="-quiet -${_ppp_mode}"
+
+ # Switch on NAT mode?
+ #
+ case ${_ppp_nat} in
+ [Yy][Ee][Ss])
+ rc_flags="$rc_flags -nat"
+ ;;
+ esac
+
+ # Check for hard wired unit
+ eval _ppp_unit=\$ppp_${_ppp_profile_cleaned}_unit
+ if [ -n "${_ppp_unit}" ]; then
+ _ppp_unit="-unit${_ppp_unit}"
+ fi
+ rc_flags="$rc_flags $_ppp_unit"
+
+ # Run!
+ #
+ su -m $ppp_user -c "$command ${rc_flags} ${_ppp_profile}"
+}
+
+ppp_start()
+{
+ local _ppp_profile _p
+
+ _ppp_profile=$*
+ if [ -z "${_ppp_profile}" ]; then
+ _ppp_profile=$ppp_profile
+ fi
+
+ echo -n "Starting PPP profile:"
+
+ for _p in $_ppp_profile; do
+ echo -n " $_p"
+ ppp_start_profile $_p
+ done
+
+ echo "."
+}
+
+ppp_poststart()
+{
+ # Re-Sync ipfilter and pf so they pick up any new network interfaces
+ #
+ if [ -f /etc/rc.d/ipfilter ]; then
+ /etc/rc.d/ipfilter quietresync
+ fi
+ if [ -f /etc/rc.d/pf ]; then
+ /etc/rc.d/pf quietresync
+ fi
+}
+
+ppp_stop_profile() {
+ local _ppp_profile
+
+ _ppp_profile=$1
+
+ /bin/pkill -f "^${command}.*[[:space:]]${_ppp_profile}\$" || \
+ echo -n "(not running)"
+}
+
+ppp_stop() {
+ local _ppp_profile _p
+
+ _ppp_profile=$*
+ if [ -z "${_ppp_profile}" ]; then
+ _ppp_profile=$ppp_profile
+ fi
+
+ echo -n "Stopping PPP profile:"
+
+ for _p in $_ppp_profile; do
+ echo -n " $_p"
+ ppp_stop_profile $_p
+ done
+
+ echo "."
+}
+
+load_rc_config $name
+run_rc_command $*
diff --git a/etc/rc.d/pppoed b/etc/rc.d/pppoed
new file mode 100755
index 0000000..c939112
--- /dev/null
+++ b/etc/rc.d/pppoed
@@ -0,0 +1,33 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pppoed
+# REQUIRE: NETWORKING
+# BEFORE: DAEMON
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="pppoed"
+rcvar="`set_rcvar`"
+start_cmd="pppoed_start"
+# XXX stop_cmd will not be straightforward
+stop_cmd=":"
+
+pppoed_start()
+{
+ local _opts
+
+ if [ -n "${pppoed_provider}" ]; then
+ pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
+ fi
+ echo 'Starting pppoed'
+ _opts=$-; set -f
+ /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
+ set +f; set -${_opts}
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/pwcheck b/etc/rc.d/pwcheck
new file mode 100755
index 0000000..a8df716
--- /dev/null
+++ b/etc/rc.d/pwcheck
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: pwcheck
+# REQUIRE: mountcritremote syslogd
+# BEFORE: DAEMON
+
+. /etc/rc.subr
+
+name="pwcheck"
+start_cmd="pwcheck_start"
+stop_cmd=":"
+
+pwcheck_start()
+{
+ # check the password temp/lock file
+ #
+ if [ -f /etc/ptmp ]; then
+ logger -s -p auth.err \
+ "password file may be incorrect -- /etc/ptmp exists"
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/quota b/etc/rc.d/quota
new file mode 100755
index 0000000..edc90ef
--- /dev/null
+++ b/etc/rc.d/quota
@@ -0,0 +1,34 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# Enable/Check the quotas (must be after ypbind if using NIS)
+
+# PROVIDE: quota
+# REQUIRE: mountcritremote ypset
+# BEFORE: DAEMON
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="quota"
+rcvar=`set_rcvar`
+load_rc_config $name
+start_cmd="quota_start"
+stop_cmd="/usr/sbin/quotaoff ${quotaoff_flags}"
+
+quota_start()
+{
+ if checkyesno check_quotas; then
+ echo -n 'Checking quotas:'
+ quotacheck ${quotacheck_flags}
+ echo ' done.'
+ fi
+
+ echo -n 'Enabling quotas:'
+ quotaon ${quotaon_flags}
+ echo ' done.'
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/random b/etc/rc.d/random
new file mode 100755
index 0000000..160b1d4
--- /dev/null
+++ b/etc/rc.d/random
@@ -0,0 +1,93 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: random
+# REQUIRE: var initrandom
+# BEFORE: netif
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="random"
+start_cmd="random_start"
+stop_cmd="random_stop"
+
+feed_dev_random()
+{
+ if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
+ cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
+ fi
+}
+
+random_start()
+{
+ # Reseed /dev/random with previously stored entropy.
+ case ${entropy_dir} in
+ [Nn][Oo])
+ ;;
+ *)
+ entropy_dir=${entropy_dir:-/var/db/entropy}
+ if [ -d "${entropy_dir}" ]; then
+ if [ -w /dev/random ]; then
+ for seedfile in ${entropy_dir}/*; do
+ feed_dev_random "${seedfile}"
+ done
+ fi
+ fi
+ ;;
+ esac
+
+ case ${entropy_file} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ if [ -w /dev/random ]; then
+ feed_dev_random "${entropy_file}"
+ feed_dev_random /var/db/entropy-file
+ fi
+ ;;
+ esac
+}
+
+random_stop()
+{
+ # Write some entropy so when the machine reboots /dev/random
+ # can be reseeded
+ #
+ case ${entropy_file} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ echo -n 'Writing entropy file:'
+ rm -f ${entropy_file} 2> /dev/null
+ oumask=`umask`
+ umask 077
+ if touch ${entropy_file} 2> /dev/null; then
+ entropy_file_confirmed="${entropy_file}"
+ else
+ # Try this as a reasonable alternative for read-only
+ # roots, diskless workstations, etc.
+ rm -f /var/db/entropy-file 2> /dev/null
+ if touch /var/db/entropy-file 2> /dev/null; then
+ entropy_file_confirmed=/var/db/entropy-file
+ fi
+ fi
+ case ${entropy_file_confirmed} in
+ '')
+ warn 'write failed (read-only fs?)'
+ ;;
+ *)
+ dd if=/dev/random of=${entropy_file_confirmed} \
+ bs=4096 count=1 2> /dev/null
+ echo '.'
+ ;;
+ esac
+ umask ${oumask}
+ ;;
+ esac
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/rarpd b/etc/rc.d/rarpd
new file mode 100755
index 0000000..3602c87
--- /dev/null
+++ b/etc/rc.d/rarpd
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: rarpd
+# REQUIRE: DAEMON cleanvar
+# BEFORE: LOGIN
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="rarpd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+required_files="/etc/ethers"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/rctl b/etc/rc.d/rctl
new file mode 100755
index 0000000..4fa0579
--- /dev/null
+++ b/etc/rc.d/rctl
@@ -0,0 +1,39 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: rctl
+# BEFORE: LOGIN
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="rctl"
+start_cmd="rctl_start"
+stop_cmd="rctl_stop"
+
+rctl_start()
+{
+ if [ -f /etc/rctl.conf ]; then
+ while read var comments
+ do
+ case ${var} in
+ \#*|'')
+ ;;
+ *)
+ rctl -a "${var}"
+ ;;
+ esac
+ done < /etc/rctl.conf
+ fi
+}
+
+rctl_stop()
+{
+
+ rctl -r :
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/resolv b/etc/rc.d/resolv
new file mode 100755
index 0000000..aa7921f
--- /dev/null
+++ b/etc/rc.d/resolv
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# Copyright (c) 1999 Matt Dillon
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: resolv
+# REQUIRE: netif var
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="resolv"
+stop_cmd=':'
+
+load_rc_config $name
+
+# if the info is available via dhcp/kenv
+# build the resolv.conf
+#
+if [ -n "`/bin/kenv dhcp.domain-name-servers 2> /dev/null`" ]; then
+ interface="`/bin/kenv boot.netif.name`"
+ (
+ if [ -n "`/bin/kenv dhcp.domain-name 2> /dev/null`" ]; then
+ echo domain `/bin/kenv dhcp.domain-name`
+ fi
+
+ set -- `/bin/kenv dhcp.domain-name-servers`
+ for ns in `IFS=','; echo $*`; do
+ echo nameserver $ns
+ done
+ ) | /sbin/resolvconf -a ${interface}:dhcp4
+fi
+
diff --git a/etc/rc.d/rfcomm_pppd_server b/etc/rc.d/rfcomm_pppd_server
new file mode 100755
index 0000000..f666684
--- /dev/null
+++ b/etc/rc.d/rfcomm_pppd_server
@@ -0,0 +1,122 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: rfcomm_pppd_server
+# REQUIRE: DAEMON sdpd
+# BEFORE: LOGIN
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="rfcomm_pppd_server"
+rcvar=`set_rcvar`
+command="/usr/sbin/rfcomm_pppd"
+start_cmd="rfcomm_pppd_server_start"
+stop_cmd="rfcomm_pppd_server_stop"
+required_modules="ng_btsocket"
+
+rfcomm_pppd_server_start_profile()
+{
+ local _profile _profile_cleaned _punct _punct_c
+ local _bdaddr _channel _x
+
+ _profile=$1
+ _profile_cleaned=$1
+
+ _punct=". - / +"
+ for _punct_c in ${_punct} ; do
+ _profile_cleaned=`ltr ${_profile_cleaned} ${_punct_c} '_'`
+ done
+
+ rc_flags=""
+
+ # Check for RFCOMM PPP profile bdaddr override
+ #
+ eval _bdaddr=\$rfcomm_pppd_server_${_profile_cleaned}_bdaddr
+ if [ -n "${_bdaddr}" ]; then
+ rc_flags="${rc_flags} -a ${_bdaddr}"
+ fi
+
+ # Check for RFCOMM PPP profile channel override
+ #
+ eval _channel=\$rfcomm_pppd_server_${_profile_cleaned}_channel
+ if [ -z "${_channel}" ]; then
+ _channel=1
+ fi
+ rc_flags="${rc_flags} -C ${_channel}"
+
+ # Check for RFCOMM PPP profile register SP override
+ #
+ eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_sp
+ if [ -n "${_x}" ]; then
+ if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_sp" ; then
+ rc_flags="${rc_flags} -S"
+ fi
+ fi
+
+ # Check for RFCOMM PPP profile register DUN override
+ #
+ eval _x=\$rfcomm_pppd_server_${_profile_cleaned}_register_dun
+ if [ -n "${_x}" ]; then
+ if checkyesno "rfcomm_pppd_server_${_profile_cleaned}_register_dun" ; then
+ rc_flags="${rc_flags} -D"
+ fi
+ fi
+
+ # Run!
+ #
+ $command -s ${rc_flags} -l ${_profile}
+}
+
+rfcomm_pppd_server_stop_profile()
+{
+ local _profile
+
+ _profile=$1
+
+ /bin/pkill -f "^${command}.*[[:space:]]${_profile}\$" || \
+ echo -n "(not running)"
+}
+
+rfcomm_pppd_server_start()
+{
+ local _profile _p
+
+ _profile=$*
+ if [ -z "${_profile}" ]; then
+ _profile=${rfcomm_pppd_server_profile}
+ fi
+
+ echo -n "Starting RFCOMM PPP profile:"
+
+ for _p in ${_profile} ; do
+ echo -n " ${_p}"
+ rfcomm_pppd_server_start_profile ${_p}
+ done
+
+ echo "."
+}
+
+rfcomm_pppd_server_stop()
+{
+ local _profile _p
+
+ _profile=$*
+ if [ -z "${_profile}" ]; then
+ _profile=${rfcomm_pppd_server_profile}
+ fi
+
+ echo -n "Stopping RFCOMM PPP profile:"
+
+ for _p in ${_profile} ; do
+ echo -n " ${_p}"
+ rfcomm_pppd_server_stop_profile ${_p}
+ done
+
+ echo "."
+}
+
+load_rc_config $name
+run_rc_command $*
diff --git a/etc/rc.d/root b/etc/rc.d/root
new file mode 100755
index 0000000..6bddb17
--- /dev/null
+++ b/etc/rc.d/root
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: root
+# REQUIRE: fsck
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="root"
+start_cmd="root_start"
+stop_cmd=":"
+
+root_start()
+{
+ # root normally must be read/write, but if this is a BOOTP NFS
+ # diskless boot it does not have to be.
+ #
+ case ${root_rw_mount} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ if ! mount -uw /; then
+ echo 'Mounting root filesystem rw failed, startup aborted'
+ stop_boot true
+ fi
+ ;;
+ esac
+
+ umount -a >/dev/null 2>&1
+
+ # If we booted a special kernel remove the record
+ # so we will boot the default kernel next time.
+ if [ -x /sbin/nextboot ]; then
+ /sbin/nextboot -D > /dev/null 2>&1
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/route6d b/etc/rc.d/route6d
new file mode 100755
index 0000000..a94c3e4
--- /dev/null
+++ b/etc/rc.d/route6d
@@ -0,0 +1,20 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: route6d
+# REQUIRE: netif routing
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="route6d"
+rcvar=`set_rcvar`
+
+set_rcvar_obsolete ipv6_router_enable route6d_enable
+set_rcvar_obsolete ipv6_router route6d_program
+set_rcvar_obsolete ipv6_router_flags route6d_flags
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/routed b/etc/rc.d/routed
new file mode 100755
index 0000000..c0bd5f7
--- /dev/null
+++ b/etc/rc.d/routed
@@ -0,0 +1,21 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: routed
+# REQUIRE: netif routing
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="routed"
+desc="network RIP and router discovery routing daemon"
+rcvar=`set_rcvar`
+
+set_rcvar_obsolete router_enable routed_enable
+set_rcvar_obsolete router routed_program
+set_rcvar_obsolete router_flags routed_flags
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
new file mode 100755
index 0000000..616a19c
--- /dev/null
+++ b/etc/rc.d/routing
@@ -0,0 +1,361 @@
+#!/bin/sh
+#
+# Configure routing and miscellaneous network tunables
+#
+# $FreeBSD$
+#
+
+# PROVIDE: routing
+# REQUIRE: faith netif ppp stf
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="routing"
+start_cmd="routing_start doall"
+stop_cmd="routing_stop"
+extra_commands="options static"
+static_cmd="routing_start static"
+options_cmd="routing_start options"
+
+afcheck()
+{
+ case $_af in
+ ""|inet|inet6|ipx|atm)
+ ;;
+ *)
+ err 1 "Unsupported address family: $_af."
+ ;;
+ esac
+}
+
+routing_start()
+{
+ local _cmd _af _a
+ _cmd=$1
+ _af=$2
+
+ afcheck
+
+ case $_af in
+ inet|inet6|ipx|atm)
+ setroutes $_cmd $_af
+ ;;
+ "")
+ for _a in inet inet6 ipx atm; do
+ afexists $_a && setroutes $_cmd $_a
+ done
+ ;;
+ esac
+}
+
+routing_stop()
+{
+ local _af _a
+ _af=$1
+
+ afcheck
+
+ case $_af in
+ inet|inet6|ipx|atm)
+ eval static_${_af} delete
+ eval routing_stop_${_af}
+ ;;
+ "")
+ for _a in inet inet6 ipx atm; do
+ afexists $_a || continue
+ eval static_${_a} delete
+ eval routing_stop_${_a}
+ done
+ ;;
+ esac
+}
+
+setroutes()
+{
+ case $1 in
+ static)
+ static_$2 add
+ ;;
+ options)
+ options_$2
+ ;;
+ doall)
+ static_$2 add
+ options_$2
+ ;;
+ esac
+}
+
+routing_stop_inet()
+{
+ route -n flush -inet
+}
+
+routing_stop_inet6()
+{
+ local i
+
+ route -n flush -inet6
+ for i in ${ipv6_network_interfaces}; do
+ ifconfig $i inet6 -defaultif
+ done
+}
+
+routing_stop_atm()
+{
+ return 0
+}
+
+routing_stop_ipx()
+{
+ return 0
+}
+
+static_inet()
+{
+ local _action
+ _action=$1
+
+ case ${defaultrouter} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ static_routes="default ${static_routes}"
+ route_default="default ${defaultrouter}"
+ ;;
+ esac
+
+ if [ -n "${static_routes}" ]; then
+ for i in ${static_routes}; do
+ route_args=`get_if_var $i route_IF`
+ route ${_action} ${route_args}
+ done
+ fi
+}
+
+static_inet6()
+{
+ local _action i
+ _action=$1
+
+ # disallow "internal" addresses to appear on the wire
+ route ${_action} -inet6 ::ffff:0.0.0.0 -prefixlen 96 ::1 -reject
+ route ${_action} -inet6 ::0.0.0.0 -prefixlen 96 ::1 -reject
+
+ case ${ipv6_defaultrouter} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ ipv6_static_routes="default ${ipv6_static_routes}"
+ ipv6_route_default="default ${ipv6_defaultrouter}"
+ ;;
+ esac
+
+ if [ -n "${ipv6_static_routes}" ]; then
+ for i in ${ipv6_static_routes}; do
+ ipv6_route_args=`get_if_var $i ipv6_route_IF`
+ route ${_action} -inet6 ${ipv6_route_args}
+ done
+ fi
+
+ # Fixup $ipv6_network_interfaces
+ case ${ipv6_network_interfaces} in
+ [Nn][Oo][Nn][Ee])
+ ipv6_network_interfaces=''
+ ;;
+ esac
+
+ if checkyesno ipv6_gateway_enable; then
+ for i in ${ipv6_network_interfaces}; do
+
+ laddr=`network6_getladdr $i exclude_tentative`
+ case ${laddr} in
+ '')
+ ;;
+ *)
+ ipv6_working_interfaces="$i \
+ ${ipv6_working_interfaces}"
+ ;;
+ esac
+ done
+ ipv6_network_interfaces=${ipv6_working_interfaces}
+ fi
+
+ # Install the "default interface" to kernel, which will be used
+ # as the default route when there's no router.
+ case "${ipv6_default_interface}" in
+ [Nn][Oo] | [Nn][Oo][Nn][Ee])
+ ipv6_default_interface=""
+ ;;
+ [Aa][Uu][Tt][Oo] | "")
+ for i in ${ipv6_network_interfaces}; do
+ case $i in
+ lo0|faith[0-9]*)
+ continue
+ ;;
+ esac
+ laddr=`network6_getladdr $i exclude_tentative`
+ case ${laddr} in
+ '')
+ ;;
+ *)
+ ipv6_default_interface=$i
+ break
+ ;;
+ esac
+ done
+ ;;
+ esac
+
+ # Disallow link-local unicast packets without outgoing scope
+ # identifiers. However, if you set "ipv6_default_interface",
+ # for the host case, you will allow to omit the identifiers.
+ # Under this configuration, the packets will go to the default
+ # interface.
+ route ${_action} -inet6 fe80:: -prefixlen 10 ::1 -reject
+ route ${_action} -inet6 ff02:: -prefixlen 16 ::1 -reject
+
+ case ${ipv6_default_interface} in
+ '')
+ ;;
+ *)
+ # Disable installing the default interface when we act
+ # as router to avoid conflict between the default
+ # router list and the manual configured default route.
+ if ! checkyesno ipv6_gateway_enable; then
+ ifconfig ${ipv6_default_interface} inet6 defaultif
+ sysctl net.inet6.ip6.use_defaultzone=1
+ fi
+ ;;
+ esac
+}
+
+static_atm()
+{
+ local _action i route_args
+ _action=$1
+
+ if [ -n "${natm_static_routes}" ]; then
+ for i in ${natm_static_routes}; do
+ route_args=`get_if_var $i route_IF`
+ atmconfig natm ${_action} ${route_args}
+ done
+ fi
+}
+
+static_ipx()
+{
+ :
+}
+
+ropts_init()
+{
+ if [ -z "${_ropts_initdone}" ]; then
+ echo -n "Additional $1 routing options:"
+ _ropts_initdone=yes
+ fi
+}
+
+options_inet()
+{
+ _ropts_initdone=
+ if checkyesno icmp_bmcastecho; then
+ ropts_init inet
+ echo -n ' broadcast ping responses=YES'
+ ${SYSCTL} net.inet.icmp.bmcastecho=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.icmp.bmcastecho=0 > /dev/null
+ fi
+
+ if checkyesno icmp_drop_redirect; then
+ ropts_init inet
+ echo -n ' ignore ICMP redirect=YES'
+ ${SYSCTL} net.inet.icmp.drop_redirect=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.icmp.drop_redirect=0 > /dev/null
+ fi
+
+ if checkyesno icmp_log_redirect; then
+ ropts_init inet
+ echo -n ' log ICMP redirect=YES'
+ ${SYSCTL} net.inet.icmp.log_redirect=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.icmp.log_redirect=0 > /dev/null
+ fi
+
+ if checkyesno gateway_enable; then
+ ropts_init inet
+ echo -n ' gateway=YES'
+ ${SYSCTL} net.inet.ip.forwarding=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.ip.forwarding=0 > /dev/null
+ fi
+
+ if checkyesno forward_sourceroute; then
+ ropts_init inet
+ echo -n ' do source routing=YES'
+ ${SYSCTL} net.inet.ip.sourceroute=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.ip.sourceroute=0 > /dev/null
+ fi
+
+ if checkyesno accept_sourceroute; then
+ ropts_init inet
+ echo -n ' accept source routing=YES'
+ ${SYSCTL} net.inet.ip.accept_sourceroute=1 > /dev/null
+ else
+ ${SYSCTL} net.inet.ip.accept_sourceroute=0 > /dev/null
+ fi
+
+ if checkyesno arpproxy_all; then
+ ropts_init inet
+ echo -n ' ARP proxyall=YES'
+ ${SYSCTL} net.link.ether.inet.proxyall=1 > /dev/null
+ else
+ ${SYSCTL} net.link.ether.inet.proxyall=0 > /dev/null
+ fi
+
+ [ -n "${_ropts_initdone}" ] && echo '.'
+}
+
+options_inet6()
+{
+ _ropts_initdone=
+
+ if checkyesno ipv6_gateway_enable; then
+ ropts_init inet6
+ echo -n ' gateway=YES'
+ ${SYSCTL} net.inet6.ip6.forwarding=1 > /dev/null
+ else
+ ${SYSCTL} net.inet6.ip6.forwarding=0 > /dev/null
+ fi
+
+ [ -n "${_ropts_initdone}" ] && echo '.'
+}
+
+options_atm()
+{
+ _ropts_initdone=
+
+ [ -n "${_ropts_initdone}" ] && echo '.'
+}
+
+options_ipx()
+{
+ _ropts_initdone=
+
+ if checkyesno ipxgateway_enable; then
+ ropts_init ipx
+ echo -n ' gateway=YES'
+ ${SYSCTL} net.ipx.ipx.ipxforwarding=1 > /dev/null
+ else
+ ${SYSCTL} net.ipx.ipx.ipxforwarding=0 > /dev/null
+ fi
+
+ [ -n "${_ropts_initdone}" ] && echo '.'
+}
+
+load_rc_config $name
+run_rc_command "$@"
diff --git a/etc/rc.d/rpcbind b/etc/rc.d/rpcbind
new file mode 100755
index 0000000..94f4580
--- /dev/null
+++ b/etc/rc.d/rpcbind
@@ -0,0 +1,19 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: rpcbind
+# REQUIRE: NETWORKING ntpdate syslogd named
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="rpcbind"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+
+stop_postcmd='/bin/rm -f /var/run/rpcbind.*'
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/rtadvd b/etc/rc.d/rtadvd
new file mode 100755
index 0000000..2ead892
--- /dev/null
+++ b/etc/rc.d/rtadvd
@@ -0,0 +1,61 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: rtadvd
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="rtadvd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+start_precmd="rtadvd_precmd"
+
+rtadvd_precmd()
+{
+ # This should be enabled with a great care.
+ # You may want to fine-tune /etc/rtadvd.conf.
+ #
+ # And if you wish your rtadvd to receive and process
+ # router renumbering messages, specify your Router Renumbering
+ # security policy by -R option.
+ #
+ # See `man 3 ipsec_set_policy` for IPsec policy specification
+ # details.
+ # (CAUTION: This enables your routers prefix renumbering
+ # from another machine, so if you enable this, do it with
+ # enough care.)
+ #
+ # If specific interfaces haven't been specified,
+ # get a list of interfaces and enable it on them
+ #
+ case ${rtadvd_interfaces} in
+ [Aa][Uu][Tt][Oo]|'')
+ for i in `list_net_interfaces`; do
+ case $i in
+ lo0) continue ;;
+ esac
+ if ipv6if $i; then
+ rtadvd_interfaces="${rtadvd_interfaces} ${i}"
+ fi
+ done
+ ;;
+ esac
+ command_args="${rtadvd_interfaces}"
+
+ # Enable Router Renumbering, unicast case
+ # (use correct src/dst addr)
+ # rtadvd -R "in ipsec ah/transport/fec0:0:0:1::1-fec0:0:0:10::1/require" ${ipv6_network_interfaces}
+ # Enable Router Renumbering, multicast case
+ # (use correct src addr)
+ # rtadvd -R "in ipsec ah/transport/ff05::2-fec0:0:0:10::1/require" ${ipv6_network_interfaces}
+ return 0
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/rtsold b/etc/rc.d/rtsold
new file mode 100755
index 0000000..64a83e3
--- /dev/null
+++ b/etc/rc.d/rtsold
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: rtsold
+# REQUIRE: netif
+# BEFORE: NETWORKING
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="rtsold"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+start_postcmd="rtsold_poststart"
+
+rtsold_poststart()
+{
+ # wait for DAD
+ sleep $(($(${SYSCTL_N} net.inet6.ip6.dad_count) + 1))
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/rwho b/etc/rc.d/rwho
new file mode 100755
index 0000000..e088d99
--- /dev/null
+++ b/etc/rc.d/rwho
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: rwho
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="rwhod"
+rcvar="`set_rcvar`"
+command="/usr/sbin/${name}"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/savecore b/etc/rc.d/savecore
new file mode 100755
index 0000000..4efb7db
--- /dev/null
+++ b/etc/rc.d/savecore
@@ -0,0 +1,76 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: savecore
+# REQUIRE: dumpon ddb syslogd
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="savecore"
+start_cmd="savecore_start"
+start_precmd="savecore_prestart"
+stop_cmd=":"
+
+savecore_prestart()
+{
+ # Quit if we have no dump device
+ case ${dumpdev} in
+ [Nn][Oo] | '')
+ debug 'No dump device. Quitting.'
+ return 1
+ ;;
+ [Aa][Uu][Tt][Oo])
+ dumpdev=`/bin/realpath /dev/dumpdev`
+ ;;
+ esac
+
+ # If there is no crash directory set it now
+ case ${dumpdir} in
+ '')
+ dumpdir='/var/crash'
+ ;;
+ [Nn][Oo])
+ dumpdir='NO'
+ ;;
+ esac
+
+ if [ ! -c "${dumpdev}" ]; then
+ warn "Dump device does not exist. Savecore not run."
+ return 1
+ fi
+
+ if [ ! -d "${dumpdir}" ]; then
+ warn "Dump directory does not exist. Savecore not run."
+ return 1
+ fi
+ return 0
+}
+
+savecore_start()
+{
+ local dev
+
+ case "${dumpdev}" in
+ [Aa][Uu][Tt][Oo])
+ dev=
+ ;;
+ *)
+ dev="${dumpdev}"
+ ;;
+ esac
+
+ if savecore -C "${dumpdir}" "${dev}" >/dev/null; then
+ savecore ${savecore_flags} ${dumpdir} ${dumpdev}
+ if checkyesno crashinfo_enable; then
+ ${crashinfo_program} -d ${dumpdir}
+ fi
+ else
+ check_startmsgs && echo 'No core dumps found.'
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/sdpd b/etc/rc.d/sdpd
new file mode 100755
index 0000000..acaf380
--- /dev/null
+++ b/etc/rc.d/sdpd
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sdpd
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="sdpd"
+command="/usr/sbin/${name}"
+rcvar=`set_rcvar`
+required_modules="ng_btsocket"
+
+load_rc_config $name
+control="${sdpd_control:-/var/run/sdp}"
+group="${sdpd_groupname:-nobody}"
+user="${sdpd_username:-nobody}"
+command_args="-c ${control} -g ${group} -u ${user}"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/securelevel b/etc/rc.d/securelevel
new file mode 100755
index 0000000..f179004
--- /dev/null
+++ b/etc/rc.d/securelevel
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: securelevel
+
+. /etc/rc.subr
+
+name="securelevel"
+rcvar='kern_securelevel_enable'
+start_cmd="securelevel_start"
+stop_cmd=":"
+
+# Last chance to set sysctl variables that failed the first time.
+#
+/etc/rc.d/sysctl lastload
+
+securelevel_start()
+{
+ if [ ${kern_securelevel} -ge 0 ]; then
+ echo 'Raising kernel security level: '
+ ${SYSCTL} kern.securelevel=${kern_securelevel}
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/sendmail b/etc/rc.d/sendmail
new file mode 100755
index 0000000..dfaa8e0
--- /dev/null
+++ b/etc/rc.d/sendmail
@@ -0,0 +1,99 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: mail
+# REQUIRE: LOGIN cleanvar
+# we make mail start late, so that things like .forward's are not
+# processed until the system is fully operational
+# KEYWORD: shutdown
+
+# XXX - Get together with sendmail mantainer to figure out how to
+# better handle SENDMAIL_ENABLE and 3rd party MTAs.
+#
+. /etc/rc.subr
+
+name="sendmail"
+rcvar=`set_rcvar`
+required_files="/etc/mail/${name}.cf"
+start_precmd="sendmail_precmd"
+
+load_rc_config $name
+command=${sendmail_program:-/usr/sbin/${name}}
+pidfile=${sendmail_pidfile:-/var/run/${name}.pid}
+procname=${sendmail_procname:-/usr/sbin/${name}}
+
+case ${sendmail_enable} in
+[Nn][Oo][Nn][Ee])
+ sendmail_enable="NO"
+ sendmail_submit_enable="NO"
+ sendmail_outbound_enable="NO"
+ sendmail_msp_queue_enable="NO"
+ ;;
+esac
+
+# If sendmail_enable=yes, don't need submit or outbound daemon
+if checkyesno sendmail_enable; then
+ sendmail_submit_enable="NO"
+ sendmail_outbound_enable="NO"
+fi
+
+# If sendmail_submit_enable=yes, don't need outbound daemon
+if checkyesno sendmail_submit_enable; then
+ sendmail_outbound_enable="NO"
+fi
+
+sendmail_precmd()
+{
+ # Die if there's pre-8.10 custom configuration file. This check is
+ # mandatory for smooth upgrade. See NetBSD PR 10100 for details.
+ #
+ if checkyesno ${rcvar} && [ -f "/etc/${name}.cf" ]; then
+ if ! cmp -s "/etc/mail/${name}.cf" "/etc/${name}.cf"; then
+ warn \
+ "${name} was not started; you have multiple copies of sendmail.cf."
+ return 1
+ fi
+ fi
+
+ # check modifications on /etc/mail/aliases
+ if checkyesno sendmail_rebuild_aliases; then
+ if [ -f "/etc/mail/aliases.db" ]; then
+ if [ "/etc/mail/aliases" -nt "/etc/mail/aliases.db" ]; then
+ echo \
+ "${name}: /etc/mail/aliases newer than /etc/mail/aliases.db, regenerating"
+ /usr/bin/newaliases
+ fi
+ else
+ echo \
+ "${name}: /etc/mail/aliases.db not present, generating"
+ /usr/bin/newaliases
+ fi
+ fi
+}
+
+run_rc_command "$1"
+
+required_files=
+
+if checkyesno sendmail_submit_enable; then
+ name="sendmail_submit"
+ rcvar=`set_rcvar`
+ start_cmd="${command} ${sendmail_submit_flags}"
+ run_rc_command "$1"
+fi
+
+if checkyesno sendmail_outbound_enable; then
+ name="sendmail_outbound"
+ rcvar=`set_rcvar`
+ start_cmd="${command} ${sendmail_outbound_flags}"
+ run_rc_command "$1"
+fi
+
+name="sendmail_clientmqueue"
+rcvar="sendmail_msp_queue_enable"
+start_cmd="${command} ${sendmail_msp_queue_flags}"
+pidfile="${sendmail_mspq_pidfile:-/var/spool/clientmqueue/sm-client.pid}"
+required_files="/etc/mail/submit.cf"
+run_rc_command "$1"
diff --git a/etc/rc.d/serial b/etc/rc.d/serial
new file mode 100755
index 0000000..d569a0b
--- /dev/null
+++ b/etc/rc.d/serial
@@ -0,0 +1,168 @@
+#!/bin/sh
+#
+# Copyright (c) 1996 Andrey A. Chernov
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: serial
+# REQUIRE: root
+# KEYWORD: nojail
+
+# Change some defaults for serial devices.
+# Standard defaults are:
+# dtrwait 300 drainwait `sysctl -n kern.drainwait`
+# initial cflag from <sys/ttydefaults.h> = cread cs8 hupcl
+# initial iflag, lflag and oflag all 0
+# speed 9600
+# special chars from <sys/ttydefaults.h>
+# nothing locked
+# except for serial consoles the initial iflag, lflag and oflag are from
+# <sys/ttydefaults.h> and clocal is locked on.
+
+default() {
+ # Reset everything changed by the other functions to initial defaults.
+
+ dc=$1; shift # device name character
+ drainwait=`sysctl -n kern.drainwait`
+
+ for i in $*
+ do
+ comcontrol /dev/tty${dc}${i} dtrwait 300 drainwait $drainwait
+ stty < /dev/tty${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R
+ stty < /dev/tty${dc}${i}.lock -clocal -crtscts -hupcl 0
+ stty < /dev/cua${dc}${i}.init -clocal crtscts hupcl 9600 reprint ^R
+ stty < /dev/cua${dc}${i}.lock -clocal -crtscts -hupcl 0
+ done
+}
+
+maybe() {
+ # Special settings.
+
+ dc=$1; shift
+
+ for i in $*
+ do
+ # Don't use ^R; it breaks bash's ^R when typed ahead.
+ stty < /dev/tty${dc}${i}.init reprint undef
+ stty < /dev/cua${dc}${i}.init reprint undef
+ # Lock clocal off on dialin device for security.
+ stty < /dev/tty${dc}${i}.lock clocal
+ # Lock the speeds to use old binaries that don't support them.
+ # Any legal speed works to lock the initial speed.
+ stty < /dev/tty${dc}${i}.lock 300
+ stty < /dev/cua${dc}${i}.lock 300
+ done
+}
+
+modem() {
+ # Modem that supports CTS and perhaps RTS handshaking.
+
+ dc=$1; shift
+
+ for i in $*
+ do
+ # may depend on modem
+ comcontrol /dev/tty${dc}${i} dtrwait 100 drainwait 180
+ # Lock crtscts on.
+ # Speed reasonable for V42bis.
+ stty < /dev/tty${dc}${i}.init crtscts 115200
+ stty < /dev/tty${dc}${i}.lock crtscts
+ stty < /dev/cua${dc}${i}.init crtscts 115200
+ stty < /dev/cua${dc}${i}.lock crtscts
+ done
+}
+
+mouse() {
+ # Mouse on either callin or callout port.
+
+ dc=$1; shift
+
+ for i in $*
+ do
+ # Lock clocal on, hupcl off.
+ # Standard speed for Microsoft mouse.
+ stty < /dev/tty${dc}${i}.init clocal -hupcl 1200
+ stty < /dev/tty${dc}${i}.lock clocal hupcl
+ stty < /dev/cua${dc}${i}.init clocal -hupcl 1200
+ stty < /dev/cua${dc}${i}.lock clocal hupcl
+ done
+}
+
+terminal() {
+ # Terminal that supports CTS and perhaps RTS handshaking
+ # with the cable or terminal arranged so that DCD is on
+ # at least while the terminal is on.
+ # Also works for bidirectional communications to another pc
+ # provided at most one side runs getty.
+ # Same as modem() except we want a faster speed and no dtrwait.
+
+ dc=$1; shift
+
+ modem ${dc} $*
+ for i in $*
+ do
+ comcontrol /dev/tty${dc}${i} dtrwait 0
+ stty < /dev/tty${dc}${i}.init 115200
+ stty < /dev/cua${dc}${i}.init 115200
+ done
+}
+
+3wire() {
+ # 3-wire serial terminals. These don't supply carrier, so
+ # clocal needs to be set, and crtscts needs to be unset.
+
+ dc=$1; shift
+
+ terminal ${dc} $*
+ for i in $*
+ do
+ stty < /dev/tty${dc}${i}.init clocal -crtscts
+ stty < /dev/cua${dc}${i}.init clocal -crtscts
+ done
+}
+
+# Don't use anything from this file unless you have some buggy programs
+# that require it.
+
+# Edit the functions and the examples to suit your system.
+# $1 is the device identifier, and the remainder of the line
+# lists the device numbers.
+
+# Initialize assorted 8250-16550 (uart) ports.
+# maybe u 0 1 2 3 4 5 6 7 8 9 a b c d e f g h i j k l m n o p q r s t u v
+# mouse u 2
+# modem u 1
+# terminal u 0
+# 3wire u 0
+
+# Initialize all ports on a Cyclades-8yo.
+# modem c 00 01 02 03 04 05 06 07
+
+# Initialize all ports on a Cyclades-16ye.
+# modem c 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f
+
+# Initialize all ports on a Digiboard 8.
+# modem D 00 01 02 03 04 05 06 07
diff --git a/etc/rc.d/sppp b/etc/rc.d/sppp
new file mode 100755
index 0000000..d4a183b
--- /dev/null
+++ b/etc/rc.d/sppp
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sppp
+# REQUIRE: root
+# BEFORE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="sppp"
+start_cmd="sppp_start"
+stop_cmd=":"
+
+sppp_start()
+{
+ # Special options for sppp(4) interfaces go here. These need
+ # to go _before_ the general ifconfig since in the case
+ # of hardwired (no link1 flag) but required authentication, you
+ # cannot pass auth parameters down to the already running interface.
+ #
+ for ifn in ${sppp_interfaces}; do
+ eval spppcontrol_args=\$spppconfig_${ifn}
+ if [ -n "${spppcontrol_args}" ]; then
+ # The auth secrets might contain spaces; in order
+ # to retain the quotation, we need to eval them
+ # here.
+ eval spppcontrol ${ifn} ${spppcontrol_args}
+ fi
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/sshd b/etc/rc.d/sshd
new file mode 100755
index 0000000..9f00199
--- /dev/null
+++ b/etc/rc.d/sshd
@@ -0,0 +1,102 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sshd
+# REQUIRE: LOGIN cleanvar
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="sshd"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+keygen_cmd="sshd_keygen"
+start_precmd="sshd_precmd"
+pidfile="/var/run/${name}.pid"
+extra_commands="keygen reload"
+
+timeout=300
+
+user_reseed()
+{
+ (
+ seeded=`sysctl -n kern.random.sys.seeded 2>/dev/null`
+ if [ "x${seeded}" != "x" ] && [ ${seeded} -eq 0 ] ; then
+ warn "Setting entropy source to blocking mode."
+ echo "===================================================="
+ echo "Type a full screenful of random junk to unblock"
+ echo "it and remember to finish with <enter>. This will"
+ echo "timeout in ${timeout} seconds, but waiting for"
+ echo "the timeout without typing junk may make the"
+ echo "entropy source deliver predictable output."
+ echo ""
+ echo "Just hit <enter> for fast+insecure startup."
+ echo "===================================================="
+ sysctl kern.random.sys.seeded=0 2>/dev/null
+ read -t ${timeout} junk
+ echo "${junk}" `sysctl -a` `date` > /dev/random
+ fi
+ )
+}
+
+sshd_keygen()
+{
+ (
+ umask 022
+
+ # Can't do anything if ssh is not installed
+ [ -x /usr/bin/ssh-keygen ] || {
+ warn "/usr/bin/ssh-keygen does not exist."
+ return 1
+ }
+
+ if [ -f /etc/ssh/ssh_host_key ]; then
+ echo "You already have an RSA host key" \
+ "in /etc/ssh/ssh_host_key"
+ echo "Skipping protocol version 1 RSA Key Generation"
+ else
+ /usr/bin/ssh-keygen -t rsa1 -b 1024 \
+ -f /etc/ssh/ssh_host_key -N ''
+ fi
+
+ if [ -f /etc/ssh/ssh_host_dsa_key ]; then
+ echo "You already have a DSA host key" \
+ "in /etc/ssh/ssh_host_dsa_key"
+ echo "Skipping protocol version 2 DSA Key Generation"
+ else
+ /usr/bin/ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N ''
+ fi
+
+ if [ -f /etc/ssh/ssh_host_rsa_key ]; then
+ echo "You already have an RSA host key" \
+ "in /etc/ssh/ssh_host_rsa_key"
+ echo "Skipping protocol version 2 RSA Key Generation"
+ else
+ /usr/bin/ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key -N ''
+ fi
+
+ if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then
+ echo "You already have an ECDSA host key" \
+ "in /etc/ssh/ssh_host_ecdsa_key"
+ echo "Skipping protocol version 2 ECDSA Key Generation"
+ else
+ /usr/bin/ssh-keygen -t ecdsa -f /etc/ssh/ssh_host_ecdsa_key -N ''
+ fi
+ )
+}
+
+sshd_precmd()
+{
+ if [ ! -f /etc/ssh/ssh_host_key -o \
+ ! -f /etc/ssh/ssh_host_dsa_key -o \
+ ! -f /etc/ssh/ssh_host_ecdsa_key -o \
+ ! -f /etc/ssh/ssh_host_rsa_key ]; then
+ user_reseed
+ run_rc_command keygen
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/statd b/etc/rc.d/statd
new file mode 100755
index 0000000..4e4a0a4
--- /dev/null
+++ b/etc/rc.d/statd
@@ -0,0 +1,43 @@
+#!/bin/sh
+#
+# FreeBSD History: src/etc/rc.d/nfslocking,v 1.11 2004/10/07 13:55:26 mtm Exp
+# $FreeBSD$
+#
+
+# PROVIDE: statd
+# REQUIRE: nfsclient nfsd rpcbind
+# BEFORE: DAEMON
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="statd"
+rcvar=rpc_statd_enable
+command="/usr/sbin/rpc.${name}"
+start_precmd='statd_precmd'
+stop_precmd='checkyesno nfs_server_enable || checkyesno nfs_client_enable'
+status_precmd=$stop_precmd
+
+# Make sure that we are either an NFS client or server, and that we get
+# the correct flags from rc.conf(5).
+#
+statd_precmd()
+{
+ local ret
+ ret=0
+
+ if ! checkyesno nfs_server_enable && ! checkyesno nfs_client_enable
+ then
+ ret=1
+ fi
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || ret=1
+ fi
+ rc_flags=${rpc_statd_flags}
+ return ${ret}
+}
+
+load_rc_config $name
+run_rc_command $1
diff --git a/etc/rc.d/static_arp b/etc/rc.d/static_arp
new file mode 100755
index 0000000..6283b56
--- /dev/null
+++ b/etc/rc.d/static_arp
@@ -0,0 +1,74 @@
+#!/bin/sh
+#
+# Copyright (c) 2009 Xin LI <delphij@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# Configure static ARP table
+#
+# $FreeBSD$
+#
+
+# PROVIDE: static_arp
+# REQUIRE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="static_arp"
+start_cmd="static_arp_start"
+stop_cmd="static_arp_stop"
+
+static_arp_start()
+{
+ local e arp_args
+
+ if [ -n "${static_arp_pairs}" ]; then
+ echo -n 'Binding static ARP pair(s):'
+ for e in ${static_arp_pairs}; do
+ echo -n " ${e}"
+ eval arp_args=\$static_arp_${e}
+ arp -S ${arp_args} >/dev/null 2>&1
+ done
+ echo '.'
+ fi
+}
+
+static_arp_stop()
+{
+ local e arp_args
+
+ if [ -n "${static_arp_pairs}" ]; then
+ echo -n 'Unbinding static ARP pair(s):'
+ for e in ${static_arp_pairs}; do
+ echo -n " ${e}"
+ eval arp_args=\$static_arp_${e}
+ arp -d ${arp_args%%[ ]*} > /dev/null 2>&1
+ done
+ echo '.'
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/static_ndp b/etc/rc.d/static_ndp
new file mode 100755
index 0000000..314adbf
--- /dev/null
+++ b/etc/rc.d/static_ndp
@@ -0,0 +1,74 @@
+#!/bin/sh
+#
+# Copyright (c) 2011 Xin Li <delphij@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# Configure static NDP table
+#
+# $FreeBSD$
+#
+
+# PROVIDE: static_ndp
+# REQUIRE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="static_ndp"
+start_cmd="static_ndp_start"
+stop_cmd="static_ndp_stop"
+
+static_ndp_start()
+{
+ local e ndp_args
+
+ if [ -n "${static_ndp_pairs}" ]; then
+ echo -n 'Binding static NDP pair(s):'
+ for e in ${static_ndp_pairs}; do
+ echo -n " ${e}"
+ eval ndp_args=\$static_ndp_${e}
+ ndp -s ${ndp_args} >/dev/null 2>&1
+ done
+ echo '.'
+ fi
+}
+
+static_ndp_stop()
+{
+ local e ndp_args
+
+ if [ -n "${static_ndp_pairs}" ]; then
+ echo -n 'Unbinding static NDP pair(s):'
+ for e in ${static_ndp_pairs}; do
+ echo -n " ${e}"
+ eval ndp_args=\$static_ndp_${e}
+ ndp -d ${ndp_args%%[ ]*} > /dev/null 2>&1
+ done
+ echo '.'
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/stf b/etc/rc.d/stf
new file mode 100755
index 0000000..feb7b52
--- /dev/null
+++ b/etc/rc.d/stf
@@ -0,0 +1,78 @@
+#!/bin/sh
+# $FreeBSD$
+#
+
+# PROVIDE: stf
+# REQUIRE: netif
+# KEYWORD: nojail
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="stf"
+start_cmd="stf_up"
+stop_cmd="stf_down"
+
+stf_up()
+{
+ case ${stf_interface_ipv4addr} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ # assign IPv6 addr and interface route for 6to4 interface
+ stf_prefixlen=$((16+${stf_interface_ipv4plen:-0}))
+ OIFS="$IFS"
+ IFS=".$IFS"
+ set ${stf_interface_ipv4addr}
+ IFS="$OIFS"
+ hexfrag1=`hexprint $(($1*256 + $2))`
+ hexfrag2=`hexprint $(($3*256 + $4))`
+ ipv4_in_hexformat="${hexfrag1}:${hexfrag2}"
+ case ${stf_interface_ipv6_ifid} in
+ [Aa][Uu][Tt][Oo] | '')
+ for i in ${ipv6_network_interfaces}; do
+ laddr=`network6_getladdr ${i}`
+ case ${laddr} in
+ '')
+ ;;
+ *)
+ break
+ ;;
+ esac
+ done
+ stf_interface_ipv6_ifid=`expr "${laddr}" : \
+ 'fe80::\(.*\)%\(.*\)'`
+ case ${stf_interface_ipv6_ifid} in
+ '')
+ stf_interface_ipv6_ifid=0:0:0:1
+ ;;
+ esac
+ ;;
+ esac
+ echo "Configuring 6to4 tunnel interface: stf0."
+ ifconfig stf0 create >/dev/null 2>&1
+ ifconfig stf0 inet6 2002:${ipv4_in_hexformat}:${stf_interface_ipv6_slaid:-0}:${stf_interface_ipv6_ifid} \
+ prefixlen ${stf_prefixlen}
+ check_startmsgs && /sbin/ifconfig stf0
+
+ # disallow packets to malicious 6to4 prefix
+ route add -inet6 2002:e000:: -prefixlen 20 ::1 -reject
+ route add -inet6 2002:7f00:: -prefixlen 24 ::1 -reject
+ route add -inet6 2002:0000:: -prefixlen 24 ::1 -reject
+ route add -inet6 2002:ff00:: -prefixlen 24 ::1 -reject
+ ;;
+ esac
+}
+
+stf_down()
+{
+ echo "Removing 6to4 tunnel interface: stf0."
+ ifconfig stf0 destroy
+ route delete -inet6 2002:e000:: -prefixlen 20 ::1
+ route delete -inet6 2002:7f00:: -prefixlen 24 ::1
+ route delete -inet6 2002:0000:: -prefixlen 24 ::1
+ route delete -inet6 2002:ff00:: -prefixlen 24 ::1
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/swap1 b/etc/rc.d/swap1
new file mode 100755
index 0000000..71a1908
--- /dev/null
+++ b/etc/rc.d/swap1
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: localswap
+# REQUIRE: disks
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="swap1"
+start_cmd='swapon -aq'
+stop_cmd=':'
+
+load_rc_config swap
+run_rc_command "$1"
diff --git a/etc/rc.d/syscons b/etc/rc.d/syscons
new file mode 100755
index 0000000..f611e3b
--- /dev/null
+++ b/etc/rc.d/syscons
@@ -0,0 +1,263 @@
+#!/bin/sh -
+#
+# Copyright (c) 2000 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: syscons
+# REQUIRE: LOGIN
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="syscons"
+extra_commands="setkeyboard"
+setkeyboard_cmd="syscons_setkeyboard"
+start_precmd="syscons_precmd"
+start_cmd="syscons_start"
+stop_cmd=":"
+
+# stdin must be redirected because it might be for a serial console
+#
+kbddev=/dev/ttyv0
+viddev=/dev/ttyv0
+
+_sc_config="syscons"
+_sc_initdone=
+sc_init()
+{
+ if [ -z "${_sc_initdone}" ]; then
+ echo -n "Configuring ${_sc_config}:"
+ _sc_initdone=yes
+ fi
+}
+
+# helper
+syscons_configure_keyboard()
+{
+ # keymap
+ #
+ case ${keymap} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' keymap'; kbdcontrol < ${kbddev} -l ${keymap}
+ ;;
+ esac
+
+ # keyrate
+ #
+ case ${keyrate} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' keyrate'; kbdcontrol < ${kbddev} -r ${keyrate}
+ ;;
+ esac
+
+ # keybell
+ #
+ case ${keybell} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' keybell'; kbdcontrol < ${kbddev} -b ${keybell}
+ ;;
+ esac
+
+ # change function keys
+ #
+ case ${keychange} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' keychange'
+ set -- ${keychange}
+ while [ $# -gt 0 ]; do
+ kbdcontrol <${kbddev} -f "$1" "$2"
+ shift; shift
+ done
+ ;;
+ esac
+
+ # set this keyboard mode for all virtual terminals
+ #
+ if [ -n "${allscreens_kbdflags}" ]; then
+ sc_init
+ echo -n ' allscreens_kbd'
+ for ttyv in /dev/ttyv*; do
+ kbdcontrol ${allscreens_kbdflags} < ${ttyv} > ${ttyv} 2>&1
+ done
+ fi
+}
+
+syscons_setkeyboard()
+{
+ kbd=$1
+
+ if [ -z "${kbd}" ]; then
+ return 1
+ fi
+
+ # Check if the kbdmux(4) is the current active keyboard
+ kbdcontrol -i < ${kbddev} | grep kbdmux > /dev/null 2>&1
+ if [ $? -ne 0 ]; then
+ kbdcontrol -k ${kbd} < ${kbddev} > /dev/null 2>&1
+ fi
+
+ _sc_config="keyboard"
+ syscons_configure_keyboard
+
+ # Terminate keyboard configuration line and reset global variables.
+ #
+ if [ -n "${_sc_initdone}" ]; then
+ echo '.'
+ _sc_config="syscons"
+ _sc_initdone=
+ fi
+
+}
+
+syscons_precmd()
+{
+ if [ ! -c $kbddev ]
+ then
+ return 1
+ fi
+ return 0
+}
+
+syscons_start()
+{
+ # keyboard
+ #
+ if [ -n "${keyboard}" ]; then
+ syscons_setkeyboard ${keyboard}
+ fi
+
+ syscons_configure_keyboard
+
+ # cursor type
+ #
+ case ${cursor} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' cursor'; vidcontrol < ${viddev} -c ${cursor}
+ ;;
+ esac
+
+ # screen mapping
+ #
+ case ${scrnmap} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' scrnmap'; vidcontrol < ${viddev} -l ${scrnmap}
+ ;;
+ esac
+
+ # font 8x16
+ #
+ case ${font8x16} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' font8x16'; vidcontrol < ${viddev} -f 8x16 ${font8x16}
+ ;;
+ esac
+
+ # font 8x14
+ #
+ case ${font8x14} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' font8x14'; vidcontrol < ${viddev} -f 8x14 ${font8x14}
+ ;;
+ esac
+
+ # font 8x8
+ #
+ case ${font8x8} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' font8x8'; vidcontrol < ${viddev} -f 8x8 ${font8x8}
+ ;;
+ esac
+
+ # blank time
+ #
+ case ${blanktime} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' blanktime'; vidcontrol < ${viddev} -t ${blanktime}
+ ;;
+ esac
+
+ # screen saver
+ #
+ case ${saver} in
+ [Nn][Oo] | '')
+ ;;
+ *)
+ sc_init
+ echo -n ' screensaver'
+ for i in `kldstat | awk '$5 ~ "_saver\.ko$" { print $5 }'`; do
+ kldunload ${i}
+ done
+ load_kld -e _saver ${saver}_saver
+ ;;
+ esac
+
+ # set this mode for all virtual screens
+ #
+ if [ -n "${allscreens_flags}" ]; then
+ sc_init
+ echo -n ' allscreens'
+ for ttyv in /dev/ttyv*; do
+ vidcontrol ${allscreens_flags} < ${ttyv} > ${ttyv} 2>&1
+ done
+ fi
+
+ [ -n "${_sc_initdone}" ] && echo '.'
+}
+
+load_rc_config $name
+run_rc_command $*
+
diff --git a/etc/rc.d/sysctl b/etc/rc.d/sysctl
new file mode 100755
index 0000000..34fb3b5
--- /dev/null
+++ b/etc/rc.d/sysctl
@@ -0,0 +1,59 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: sysctl
+
+. /etc/rc.subr
+
+name="sysctl"
+stop_cmd=":"
+start_cmd="sysctl_start"
+reload_cmd="sysctl_start"
+lastload_cmd="sysctl_start last"
+extra_commands="reload lastload"
+
+#
+# Read in a file containing sysctl settings and set things accordingly.
+#
+parse_file()
+{
+ if [ -f $1 ]; then
+ while read var comments
+ do
+ case ${var} in
+ \#*|'')
+ ;;
+ *)
+ mib=${var%=*}
+ val=${var#*=}
+
+ if current_value=`${SYSCTL} -n ${mib} 2>/dev/null`; then
+ case ${current_value} in
+ ${val})
+ ;;
+ *)
+ if ! sysctl "${var}" >/dev/null 2>&1; then
+ warn "unable to set ${var}"
+ fi
+ ;;
+ esac
+ elif [ "$2" = "last" ]; then
+ warn "sysctl ${mib} does not exist."
+ fi
+ ;;
+ esac
+ done < $1
+ fi
+}
+
+sysctl_start()
+{
+
+ parse_file /etc/sysctl.conf $1
+ parse_file /etc/sysctl.conf.local $1
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/syslogd b/etc/rc.d/syslogd
new file mode 100755
index 0000000..5dcd3e9
--- /dev/null
+++ b/etc/rc.d/syslogd
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: syslogd
+# REQUIRE: mountcritremote cleanvar newsyslog
+# BEFORE: SERVERS
+
+. /etc/rc.subr
+
+name="syslogd"
+rcvar=`set_rcvar`
+pidfile="/var/run/syslog.pid"
+command="/usr/sbin/${name}"
+required_files="/etc/syslog.conf"
+start_precmd="syslogd_precmd"
+extra_commands="reload"
+
+sockfile="/var/run/syslogd.sockets"
+evalargs="rc_flags=\"\`set_socketlist\` \$rc_flags\""
+altlog_proglist="named"
+
+syslogd_precmd()
+{
+ local _l _ldir
+
+ # Transitional symlink for old binaries
+ #
+ if [ ! -L /dev/log ]; then
+ ln -sf /var/run/log /dev/log
+ fi
+ rm -f /var/run/log
+
+ # Create default list of syslog sockets to watch
+ #
+ ( umask 022 ; > $sockfile )
+
+ # If running named(8) or ntpd(8) chrooted, added appropriate
+ # syslog socket to list of sockets to watch.
+ #
+ for _l in $altlog_proglist; do
+ eval _ldir=\$${_l}_chrootdir
+ if checkyesno `set_rcvar $_l` && [ -n "$_ldir" ]; then
+ echo "${_ldir}/var/run/log" >> $sockfile
+ fi
+ done
+
+ # If other sockets have been provided, change run_rc_command()'s
+ # internal copy of $syslogd_flags to force use of specific
+ # syslogd sockets.
+ #
+ if [ -s $sockfile ]; then
+ echo "/var/run/log" >> $sockfile
+ eval $evalargs
+ fi
+
+ return 0
+}
+
+set_socketlist()
+{
+ local _s _socketargs
+
+ _socketargs=
+ for _s in `cat $sockfile | tr '\n' ' '` ; do
+ _socketargs="-l $_s $_socketargs"
+ done
+ echo $_socketargs
+}
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/timed b/etc/rc.d/timed
new file mode 100755
index 0000000..d1cf1a2
--- /dev/null
+++ b/etc/rc.d/timed
@@ -0,0 +1,18 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: timed
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="timed"
+rcvar=`set_rcvar`
+command="/usr/sbin/${name}"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/tmp b/etc/rc.d/tmp
new file mode 100755
index 0000000..dfb439e
--- /dev/null
+++ b/etc/rc.d/tmp
@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# Copyright (c) 1999 Matt Dillon
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: tmp
+# REQUIRE: mountcritremote
+
+. /etc/rc.subr
+
+name="tmp"
+stop_cmd=':'
+
+load_rc_config $name
+
+mount_tmpmfs ()
+{
+ if ! /bin/df /tmp | grep -q "^/dev/md[0-9]"; then
+ mount_md ${tmpsize} /tmp "${tmpmfs_flags}"
+ chmod 01777 /tmp
+ fi
+}
+
+# If we do not have a writable /tmp, create a memory
+# filesystem for /tmp. If /tmp is a symlink (e.g. to /var/tmp,
+# then it should already be writable).
+#
+case "${tmpmfs}" in
+[Aa][Uu][Tt][Oo])
+ if _tmpdir=$(mktemp -d -q /tmp/.diskless.XXXXXX); then
+ rmdir ${_tmpdir}
+ else
+ if [ -h /tmp ]; then
+ echo "*** /tmp is a symlink to a non-writable area!"
+ echo "dropping into shell, ^D to continue anyway."
+ /bin/sh
+ else
+ mount_tmpmfs
+ fi
+ fi
+ ;;
+*)
+ if checkyesno tmpmfs; then
+ mount_tmpmfs
+ fi
+ ;;
+esac
diff --git a/etc/rc.d/ubthidhci b/etc/rc.d/ubthidhci
new file mode 100755
index 0000000..529f8d6
--- /dev/null
+++ b/etc/rc.d/ubthidhci
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ubthidhci
+# REQUIRE: DAEMON
+# BEFORE: bluetooth
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="ubthidhci"
+command="/usr/sbin/usbconfig"
+rcvar=`set_rcvar`
+start_precmd="ubthidhci_prestart"
+
+ubthidhci_prestart()
+{
+
+ if [ -z ${ubthidhci_busnum} ]; then
+ warn ubthidhci_busnum is not set
+ return 1
+ fi
+ if [ -z ${ubthidhci_addr} ]; then
+ warn ubthidhci_addr is not set
+ return 1
+ fi
+}
+
+load_rc_config $name
+#
+# We discard the output because:
+# 1) we don't want it to show up during boot; and
+# 2) the request usually returns an error, but that doesn't mean it failed
+#
+# NB: 0x40 is UT_VENDOR
+command_args="-u ${ubthidhci_busnum} -a ${ubthidhci_addr} do_request 0x40 0 0 0 0 > /dev/null 2>&1"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ugidfw b/etc/rc.d/ugidfw
new file mode 100755
index 0000000..d65d6a3
--- /dev/null
+++ b/etc/rc.d/ugidfw
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# $FreeBSD$
+
+# PROVIDE: ugidfw
+# BEFORE: LOGIN
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="ugidfw"
+rcvar="ugidfw_enable"
+start_cmd="ugidfw_start"
+stop_cmd="ugidfw_stop"
+required_modules="mac_bsdextended"
+
+ugidfw_load()
+{
+ if [ -r "${bsdextended_script}" ]; then
+ . "${bsdextended_script}"
+ fi
+}
+
+ugidfw_start()
+{
+ [ -z "${bsdextended_script}" ] && bsdextended_script=/etc/rc.bsdextended
+
+ if [ -r "${bsdextended_script}" ]; then
+ ugidfw_load
+ echo "MAC bsdextended rules loaded."
+ fi
+}
+
+ugidfw_stop()
+{
+ # Disable the policy
+ #
+ kldunload mac_bsdextended
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/var b/etc/rc.d/var
new file mode 100755
index 0000000..0655658
--- /dev/null
+++ b/etc/rc.d/var
@@ -0,0 +1,109 @@
+#!/bin/sh
+#
+# Copyright (c) 1999 Matt Dillon
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: var
+# REQUIRE: FILESYSTEMS kld
+
+. /etc/rc.subr
+
+name="var"
+stop_cmd=':'
+
+load_rc_config $name
+
+populate_var()
+{
+ /usr/sbin/mtree -deU -f /etc/mtree/BSD.var.dist -p /var > /dev/null
+ case ${sendmail_enable} in
+ [Nn][Oo][Nn][Ee])
+ ;;
+ *)
+ /usr/sbin/mtree -deU -f /etc/mtree/BSD.sendmail.dist -p / > /dev/null
+ ;;
+ esac
+}
+
+# If we do not have a writable /var, create a memory filesystem for /var
+# unless told otherwise by rc.conf. We don't have /usr yet so use mkdir
+# instead of touch to test. We want mount to record its mounts so we
+# have to make sure /var/db exists before doing the mount -a.
+#
+case "${varmfs}" in
+[Yy][Ee][Ss])
+ mount_md ${varsize} /var "${varmfs_flags}"
+ ;;
+[Nn][Oo])
+ ;;
+*)
+ if /bin/mkdir -p /var/.diskless 2> /dev/null; then
+ rmdir /var/.diskless
+ else
+ mount_md ${varsize} /var "${varmfs_flags}"
+ fi
+esac
+
+
+# If we have an empty looking /var, populate it, but only if we have
+# /usr available. Hopefully, we'll eventually find a workaround, but
+# in realistic diskless setups, we're probably ok.
+case "${populate_var}" in
+[Yy][Ee][Ss])
+ populate_var
+ ;;
+[Nn][Oo])
+ exit 0
+ ;;
+*)
+ if [ -d /var/run -a -d /var/db -a -d /var/empty ] ; then
+ true
+ elif [ -x /usr/sbin/mtree ] ; then
+ populate_var
+ else
+ # We need mtree to populate /var so try mounting /usr.
+ # If this does not work, we can not boot so it is OK to
+ # try to mount out of order.
+ mount /usr
+ if [ ! -x /usr/sbin/mtree ] ; then
+ exit 1
+ else
+ populate_var
+ fi
+ fi
+ ;;
+esac
+
+# Make sure we have /var/log/utx.lastlogin and /var/log/utx.log files
+if [ ! -f /var/log/utx.lastlogin ]; then
+ cp /dev/null /var/log/utx.lastlogin
+ chmod 644 /var/log/utx.lastlogin
+fi
+if [ ! -f /var/log/utx.log ]; then
+ cp /dev/null /var/log/utx.log
+ chmod 644 /var/log/utx.log
+fi
diff --git a/etc/rc.d/virecover b/etc/rc.d/virecover
new file mode 100755
index 0000000..77cd9a0
--- /dev/null
+++ b/etc/rc.d/virecover
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: virecover
+# REQUIRE: mountcritremote ldconfig
+# BEFORE: DAEMON
+#
+# XXX: should require `mail'!
+
+. /etc/rc.subr
+
+name="virecover"
+rcvar="`set_rcvar`"
+stop_cmd=":"
+start_cmd="virecover_start"
+
+virecover_start()
+{
+ [ -d /var/tmp/vi.recover ] || return
+ find /var/tmp/vi.recover ! -type f -a ! -type d -delete
+ vibackup=`echo /var/tmp/vi.recover/vi.*`
+ if [ "${vibackup}" != '/var/tmp/vi.recover/vi.*' ]; then
+ echo -n 'Recovering vi editor sessions:'
+ for i in /var/tmp/vi.recover/vi.*; do
+ # Only test files that are readable.
+ if [ ! -r "${i}" ]; then
+ continue
+ fi
+
+ # Unmodified nvi editor backup files either have the
+ # execute bit set or are zero length. Delete them.
+ if [ -x "${i}" -o ! -s "${i}" ]; then
+ rm -f "${i}"
+ fi
+ done
+
+ # It is possible to get incomplete recovery files, if the editor
+ # crashes at the right time.
+ virecovery=`echo /var/tmp/vi.recover/recover.*`
+ if [ "${virecovery}" != "/var/tmp/vi.recover/recover.*" ]; then
+ for i in /var/tmp/vi.recover/recover.*; do
+ # Only test files that are readable.
+ if [ ! -r "${i}" ]; then
+ continue
+ fi
+
+ # Delete any recovery files that are zero length,
+ # corrupted, or that have no corresponding backup file.
+ # Else send mail to the user.
+ recfile=`awk '/^X-vi-recover-path:/{print $2}' < "${i}"`
+ if [ -n "${recfile}" -a -s "${recfile}" ]; then
+ sendmail -t < "${i}"
+ else
+ rm -f "${i}"
+ fi
+ done
+ fi
+ echo '.'
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/watchdogd b/etc/rc.d/watchdogd
new file mode 100755
index 0000000..e852126
--- /dev/null
+++ b/etc/rc.d/watchdogd
@@ -0,0 +1,42 @@
+#!/bin/sh
+
+# Copyright (c) 2003 Sean M. Kelly <smkelly@FreeBSD.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# PROVIDE: watchdogd
+# REQUIRE: DAEMON cleanvar
+# KEYWORD: nojail shutdown
+
+. /etc/rc.subr
+
+name="watchdogd"
+rcvar="`set_rcvar`"
+command="/usr/sbin/${name}"
+pidfile="/var/run/${name}.pid"
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/wpa_supplicant b/etc/rc.d/wpa_supplicant
new file mode 100755
index 0000000..8514efc
--- /dev/null
+++ b/etc/rc.d/wpa_supplicant
@@ -0,0 +1,46 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: wpa_supplicant
+# REQUIRE: mountcritremote
+# KEYWORD: nojail nostart
+
+. /etc/rc.subr
+. /etc/network.subr
+
+name="wpa_supplicant"
+rcvar=
+
+ifn="$2"
+if [ -z "$ifn" ]; then
+ return 1
+fi
+
+is_ndis_interface()
+{
+ case `sysctl -n net.wlan.${1#wlan}.%parent 2>/dev/null` in
+ ndis*) true ;;
+ *) false ;;
+ esac
+}
+
+if is_wired_interface ${ifn} ; then
+ driver="wired"
+elif is_ndis_interface ${ifn} ; then
+ driver="ndis"
+else
+ driver="bsd"
+fi
+
+load_rc_config $name
+
+command=${wpa_supplicant_program}
+conf_file=${wpa_supplicant_conf_file}
+pidfile="/var/run/${name}/${ifn}.pid"
+command_args="-B -i $ifn -c $conf_file -D $driver -P $pidfile"
+required_files=$conf_file
+required_modules="wlan_wep wlan_tkip wlan_ccmp"
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ypbind b/etc/rc.d/ypbind
new file mode 100755
index 0000000..4dbf351
--- /dev/null
+++ b/etc/rc.d/ypbind
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ypbind
+# REQUIRE: ypserv
+# BEFORE: DAEMON
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ypbind"
+command="/usr/sbin/${name}"
+start_precmd="ypbind_precmd"
+
+load_rc_config $name
+rcvar="nis_client_enable"
+command_args="${nis_client_flags}"
+
+ypbind_precmd()
+{
+ local _domain
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+
+ _domain=`domainname`
+ if [ -z "$_domain" ]; then
+ warn "NIS domainname(1) is not set."
+ return 1
+ fi
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/yppasswdd b/etc/rc.d/yppasswdd
new file mode 100755
index 0000000..fbb80bc
--- /dev/null
+++ b/etc/rc.d/yppasswdd
@@ -0,0 +1,42 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: yppasswdd
+# REQUIRE: ypserv ypset
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="yppasswdd"
+command="/usr/sbin/rpc.${name}"
+start_precmd="yppasswdd_precmd"
+
+load_rc_config $name
+rcvar="nis_yppasswdd_enable"
+command_args="${nis_yppasswdd_flags}"
+
+yppasswdd_precmd()
+{
+ local _domain
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+ if ! checkyesno nis_server_enable && \
+ ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1
+ then
+ force_depend ypserv || return 1
+ fi
+ _domain=`domainname`
+ if [ -z "$_domain" ]; then
+ warn "NIS domainname(1) is not set."
+ return 1
+ fi
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ypserv b/etc/rc.d/ypserv
new file mode 100755
index 0000000..8e17fd7
--- /dev/null
+++ b/etc/rc.d/ypserv
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ypserv
+# REQUIRE: rpcbind
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ypserv"
+rcvar="nis_server_enable"
+command="/usr/sbin/${name}"
+start_precmd="ypserv_prestart"
+
+load_rc_config $name
+command_args="${nis_server_flags}"
+
+ypserv_prestart()
+{
+ local _domain
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+ _domain=`domainname`
+ if [ -z "$_domain" ]; then
+ warn "NIS domainname(1) is not set."
+ return 1
+ fi
+ if [ ! -d /var/yp/$_domain/. ]; then
+ warn "/var/yp/$_domain is not a directory."
+ return 1
+ fi
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ypset b/etc/rc.d/ypset
new file mode 100755
index 0000000..78c408b
--- /dev/null
+++ b/etc/rc.d/ypset
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ypset
+# REQUIRE: ypbind
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ypset"
+rcvar="nis_ypset_enable"
+command="/usr/sbin/${name}"
+start_precmd="ypset_precmd"
+load_rc_config $name
+command_args="${nis_ypset_flags}"
+
+ypset_precmd()
+{
+ local _domain
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+ if ! checkyesno nis_client_enable && \
+ ! /etc/rc.d/ypbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend ypbind || return 1
+ fi
+
+ _domain=`domainname`
+ if [ -z "$_domain" ]; then
+ warn "NIS domainname(1) is not set."
+ return 1
+ fi
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/ypupdated b/etc/rc.d/ypupdated
new file mode 100755
index 0000000..98ef203
--- /dev/null
+++ b/etc/rc.d/ypupdated
@@ -0,0 +1,40 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ypupdated
+# REQUIRE: rpcbind ypserv
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ypupdated"
+rcvar="rpc_ypupdated_enable"
+command="/usr/sbin/rpc.${name}"
+start_precmd="rpc_ypupdated_precmd"
+
+rpc_ypupdated_precmd()
+{
+ local _domain
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+ if ! checkyesno nis_server_enable && \
+ ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1
+ then
+ force_depend ypserv || return 1
+ fi
+
+ _domain=`domainname`
+ if [ -z "$_domain" ]; then
+ warn "NIS domainname(1) is not set."
+ return 1
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/ypxfrd b/etc/rc.d/ypxfrd
new file mode 100755
index 0000000..f125a30
--- /dev/null
+++ b/etc/rc.d/ypxfrd
@@ -0,0 +1,41 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: ypxfrd
+# REQUIRE: rpcbind ypserv
+# KEYWORD: shutdown
+
+. /etc/rc.subr
+
+name="ypxfrd"
+rcvar="nis_ypxfrd_enable"
+command="/usr/sbin/rpc.${name}"
+start_precmd="ypxfrd_precmd"
+load_rc_config $name
+command_args="${nis_ypxfrd_flags}"
+
+ypxfrd_precmd()
+{
+ local _domain
+
+ if ! checkyesno rpcbind_enable && \
+ ! /etc/rc.d/rpcbind forcestatus 1>/dev/null 2>&1
+ then
+ force_depend rpcbind || return 1
+ fi
+ if ! checkyesno nis_server_enable && \
+ ! /etc/rc.d/ypserv forcestatus 1>/dev/null 2>&1
+ then
+ force_depend ypserv || return 1
+ fi
+
+ _domain=`domainname`
+ if [ -z "$_domain" ]; then
+ warn "NIS domainname(1) is not set."
+ return 1
+ fi
+}
+
+run_rc_command "$1"
diff --git a/etc/rc.d/zfs b/etc/rc.d/zfs
new file mode 100755
index 0000000..cabbcf6
--- /dev/null
+++ b/etc/rc.d/zfs
@@ -0,0 +1,65 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: zfs
+# REQUIRE: mountcritlocal
+
+. /etc/rc.subr
+
+name="zfs"
+rcvar="zfs_enable"
+start_cmd="zfs_start"
+stop_cmd="zfs_stop"
+required_modules="zfs"
+
+zfs_start_jail()
+{
+ if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then
+ zfs mount -a
+ fi
+}
+
+zfs_start_main()
+{
+ zfs mount -a
+ zfs share -a
+ if [ ! -r /etc/zfs/exports ]; then
+ touch /etc/zfs/exports
+ fi
+}
+
+zfs_start()
+{
+ if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then
+ zfs_start_jail
+ else
+ zfs_start_main
+ fi
+}
+
+zfs_stop_jail()
+{
+ if [ `$SYSCTL_N security.jail.mount_allowed` -eq 1 ]; then
+ zfs unmount -a
+ fi
+}
+
+zfs_stop_main()
+{
+ zfs unshare -a
+ zfs unmount -a
+}
+
+zfs_stop()
+{
+ if [ `$SYSCTL_N security.jail.jailed` -eq 1 ]; then
+ zfs_stop_jail
+ else
+ zfs_stop_main
+ fi
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.d/zvol b/etc/rc.d/zvol
new file mode 100755
index 0000000..b52f4ce
--- /dev/null
+++ b/etc/rc.d/zvol
@@ -0,0 +1,45 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+
+# PROVIDE: zvol
+# REQUIRE: hostid
+# KEYWORD: nojail
+
+. /etc/rc.subr
+
+name="zvol"
+rcvar="zfs_enable"
+start_cmd="zvol_start"
+stop_cmd="zvol_stop"
+required_modules="zfs"
+
+zvol_start()
+{
+ # Enable swap on ZVOLs with property org.freebsd:swap=on.
+ zfs list -H -o org.freebsd:swap,name -t volume | \
+ while read state name; do
+ case "${state}" in
+ [oO][nN])
+ swapon /dev/zvol/${name}
+ ;;
+ esac
+ done
+}
+
+zvol_stop()
+{
+ # Disable swap on ZVOLs with property org.freebsd:swap=on.
+ zfs list -H -o org.freebsd:swap,name -t volume | \
+ while read state name; do
+ case "${state}" in
+ [oO][nN])
+ swapoff /dev/zvol/${name}
+ ;;
+ esac
+ done
+}
+
+load_rc_config $name
+run_rc_command "$1"
diff --git a/etc/rc.firewall b/etc/rc.firewall
new file mode 100644
index 0000000..3db984e
--- /dev/null
+++ b/etc/rc.firewall
@@ -0,0 +1,539 @@
+#!/bin/sh -
+# Copyright (c) 1996 Poul-Henning Kamp
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+#
+# Setup system for ipfw(4) firewall service.
+#
+
+# Suck in the configuration variables.
+if [ -z "${source_rc_confs_defined}" ]; then
+ if [ -r /etc/defaults/rc.conf ]; then
+ . /etc/defaults/rc.conf
+ source_rc_confs
+ elif [ -r /etc/rc.conf ]; then
+ . /etc/rc.conf
+ fi
+fi
+
+############
+# Define the firewall type in /etc/rc.conf. Valid values are:
+# open - will allow anyone in
+# client - will try to protect just this machine
+# simple - will try to protect a whole network
+# closed - totally disables IP services except via lo0 interface
+# workstation - will try to protect just this machine using statefull
+# firewalling. See below for rc.conf variables used
+# UNKNOWN - disables the loading of firewall rules.
+# filename - will load the rules in the given filename (full path required)
+#
+# For ``client'' and ``simple'' the entries below should be customized
+# appropriately.
+
+############
+#
+# If you don't know enough about packet filtering, we suggest that you
+# take time to read this book:
+#
+# Building Internet Firewalls, 2nd Edition
+# Brent Chapman and Elizabeth Zwicky
+#
+# O'Reilly & Associates, Inc
+# ISBN 1-56592-871-7
+# http://www.ora.com/
+# http://www.oreilly.com/catalog/fire2/
+#
+# For a more advanced treatment of Internet Security read:
+#
+# Firewalls and Internet Security: Repelling the Wily Hacker, 2nd Edition
+# William R. Cheswick, Steven M. Bellowin, Aviel D. Rubin
+#
+# Addison-Wesley / Prentice Hall
+# ISBN 0-201-63466-X
+# http://www.pearsonhighered.com/
+# http://www.pearsonhighered.com/educator/academic/product/0,3110,020163466X,00.html
+#
+
+setup_loopback () {
+ ############
+ # Only in rare cases do you want to change these rules
+ #
+ ${fwcmd} add 100 pass all from any to any via lo0
+ ${fwcmd} add 200 deny all from any to 127.0.0.0/8
+ ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add 400 deny all from any to ::1
+ ${fwcmd} add 500 deny all from ::1 to any
+ fi
+}
+
+setup_ipv6_mandatory () {
+ [ $ipv6_available -eq 0 ] || return 0
+
+ ############
+ # Only in rare cases do you want to change these rules
+ #
+ # ND
+ #
+ # DAD
+ ${fwcmd} add pass ipv6-icmp from :: to ff02::/16
+ # RS, RA, NS, NA, redirect...
+ ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10
+ ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16
+
+ # Allow ICMPv6 destination unreach
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1
+
+ # Allow NS/NA/toobig (don't filter it out)
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136
+}
+
+if [ -n "${1}" ]; then
+ firewall_type="${1}"
+fi
+
+. /etc/rc.subr
+. /etc/network.subr
+afexists inet6
+ipv6_available=$?
+
+############
+# Set quiet mode if requested
+#
+case ${firewall_quiet} in
+[Yy][Ee][Ss])
+ fwcmd="/sbin/ipfw -q"
+ ;;
+*)
+ fwcmd="/sbin/ipfw"
+ ;;
+esac
+
+############
+# Flush out the list before we begin.
+#
+${fwcmd} -f flush
+
+setup_loopback
+setup_ipv6_mandatory
+
+############
+# Network Address Translation. All packets are passed to natd(8)
+# before they encounter your remaining rules. The firewall rules
+# will then be run again on each packet after translation by natd
+# starting at the rule number following the divert rule.
+#
+# For ``simple'' firewall type the divert rule should be put to a
+# different place to not interfere with address-checking rules.
+#
+case ${firewall_type} in
+[Oo][Pp][Ee][Nn]|[Cc][Ll][Ii][Ee][Nn][Tt])
+ case ${natd_enable} in
+ [Yy][Ee][Ss])
+ if [ -n "${natd_interface}" ]; then
+ ${fwcmd} add 50 divert natd ip4 from any to any via ${natd_interface}
+ fi
+ ;;
+ esac
+ case ${firewall_nat_enable} in
+ [Yy][Ee][Ss])
+ if [ -n "${firewall_nat_interface}" ]; then
+ if echo "${firewall_nat_interface}" | \
+ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
+ firewall_nat_flags="ip ${firewall_nat_interface} ${firewall_nat_flags}"
+ else
+ firewall_nat_flags="if ${firewall_nat_interface} ${firewall_nat_flags}"
+ fi
+ ${fwcmd} nat 123 config log ${firewall_nat_flags}
+ ${fwcmd} add 50 nat 123 ip4 from any to any via ${firewall_nat_interface}
+ fi
+ ;;
+ esac
+esac
+
+############
+# If you just configured ipfw in the kernel as a tool to solve network
+# problems or you just want to disallow some particular kinds of traffic
+# then you will want to change the default policy to open. You can also
+# do this as your only action by setting the firewall_type to ``open''.
+#
+# ${fwcmd} add 65000 pass all from any to any
+
+
+# Prototype setups.
+#
+case ${firewall_type} in
+[Oo][Pp][Ee][Nn])
+ ${fwcmd} add 65000 pass all from any to any
+ ;;
+
+[Cc][Ll][Ii][Ee][Nn][Tt])
+ ############
+ # This is a prototype setup that will protect your system somewhat
+ # against people from outside your own network.
+ #
+ # Configuration:
+ # firewall_client_net: Network address of local IPv4 network.
+ # firewall_client_net_ipv6: Network address of local IPv6 network.
+ ############
+
+ # set this to your local network
+ net="$firewall_client_net"
+ net6="$firewall_client_net_ipv6"
+
+ # Allow limited broadcast traffic from my own net.
+ ${fwcmd} add pass all from ${net} to 255.255.255.255
+
+ # Allow any traffic to or from my own net.
+ ${fwcmd} add pass all from me to ${net}
+ ${fwcmd} add pass all from ${net} to me
+ if [ -n "$net6" ]; then
+ ${fwcmd} add pass all from me to ${net6}
+ ${fwcmd} add pass all from ${net6} to me
+ fi
+
+ if [ -n "$net6" ]; then
+ # Allow any link-local multicast traffic
+ ${fwcmd} add pass all from fe80::/10 to ff02::/16
+ ${fwcmd} add pass all from ${net6} to ff02::/16
+ # Allow DHCPv6
+ ${fwcmd} add pass udp from fe80::/10 to me 546
+ fi
+
+ # Allow TCP through if setup succeeded
+ ${fwcmd} add pass tcp from any to any established
+
+ # Allow IP fragments to pass through
+ ${fwcmd} add pass all from any to any frag
+
+ # Allow setup of incoming email
+ ${fwcmd} add pass tcp from any to me 25 setup
+
+ # Allow setup of outgoing TCP connections only
+ ${fwcmd} add pass tcp from me to any setup
+
+ # Disallow setup of all other TCP connections
+ ${fwcmd} add deny tcp from any to any setup
+
+ # Allow DNS queries out in the world
+ ${fwcmd} add pass udp from me to any 53 keep-state
+
+ # Allow NTP queries out in the world
+ ${fwcmd} add pass udp from me to any 123 keep-state
+
+ # Everything else is denied by default, unless the
+ # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
+ # config file.
+ ;;
+
+[Ss][Ii][Mm][Pp][Ll][Ee])
+ ############
+ # This is a prototype setup for a simple firewall. Configure this
+ # machine as a DNS and NTP server, and point all the machines
+ # on the inside at this machine for those services.
+ #
+ # Configuration:
+ # firewall_simple_iif: Inside IPv4 network interface.
+ # firewall_simple_inet: Inside IPv4 network address.
+ # firewall_simple_oif: Outside IPv4 network interface.
+ # firewall_simple_onet: Outside IPv4 network address.
+ # firewall_simple_iif_ipv6: Inside IPv6 network interface.
+ # firewall_simple_inet_ipv6: Inside IPv6 network prefix.
+ # firewall_simple_oif_ipv6: Outside IPv6 network interface.
+ # firewall_simple_onet_ipv6: Outside IPv6 network prefix.
+ ############
+
+ # set these to your outside interface network
+ oif="$firewall_simple_oif"
+ onet="$firewall_simple_onet"
+ oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}"
+ onet6="$firewall_simple_onet_ipv6"
+
+ # set these to your inside interface network
+ iif="$firewall_simple_iif"
+ inet="$firewall_simple_inet"
+ iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}"
+ inet6="$firewall_simple_inet_ipv6"
+
+ # Stop spoofing
+ ${fwcmd} add deny all from ${inet} to any in via ${oif}
+ ${fwcmd} add deny all from ${onet} to any in via ${iif}
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add deny all from ${inet6} to any in via ${oif6}
+ if [ -n "$onet6" ]; then
+ ${fwcmd} add deny all from ${onet6} to any in \
+ via ${iif6}
+ fi
+ fi
+
+ # Stop RFC1918 nets on the outside interface
+ ${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
+ ${fwcmd} add deny all from any to 172.16.0.0/12 via ${oif}
+ ${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
+
+ # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
+ # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
+ # on the outside interface
+ ${fwcmd} add deny all from any to 0.0.0.0/8 via ${oif}
+ ${fwcmd} add deny all from any to 169.254.0.0/16 via ${oif}
+ ${fwcmd} add deny all from any to 192.0.2.0/24 via ${oif}
+ ${fwcmd} add deny all from any to 224.0.0.0/4 via ${oif}
+ ${fwcmd} add deny all from any to 240.0.0.0/4 via ${oif}
+
+ # Network Address Translation. This rule is placed here deliberately
+ # so that it does not interfere with the surrounding address-checking
+ # rules. If for example one of your internal LAN machines had its IP
+ # address set to 192.0.2.1 then an incoming packet for it after being
+ # translated by natd(8) would match the `deny' rule above. Similarly
+ # an outgoing packet originated from it before being translated would
+ # match the `deny' rule below.
+ case ${natd_enable} in
+ [Yy][Ee][Ss])
+ if [ -n "${natd_interface}" ]; then
+ ${fwcmd} add divert natd ip4 from any to any via ${natd_interface}
+ fi
+ ;;
+ esac
+
+ # Stop RFC1918 nets on the outside interface
+ ${fwcmd} add deny all from 10.0.0.0/8 to any via ${oif}
+ ${fwcmd} add deny all from 172.16.0.0/12 to any via ${oif}
+ ${fwcmd} add deny all from 192.168.0.0/16 to any via ${oif}
+
+ # Stop draft-manning-dsua-03.txt (1 May 2000) nets (includes RESERVED-1,
+ # DHCP auto-configuration, NET-TEST, MULTICAST (class D), and class E)
+ # on the outside interface
+ ${fwcmd} add deny all from 0.0.0.0/8 to any via ${oif}
+ ${fwcmd} add deny all from 169.254.0.0/16 to any via ${oif}
+ ${fwcmd} add deny all from 192.0.2.0/24 to any via ${oif}
+ ${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
+ ${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
+
+ if [ -n "$inet6" ]; then
+ # Stop unique local unicast address on the outside interface
+ ${fwcmd} add deny all from fc00::/7 to any via ${oif6}
+ ${fwcmd} add deny all from any to fc00::/7 via ${oif6}
+
+ # Stop site-local on the outside interface
+ ${fwcmd} add deny all from fec0::/10 to any via ${oif6}
+ ${fwcmd} add deny all from any to fec0::/10 via ${oif6}
+
+ # Disallow "internal" addresses to appear on the wire.
+ ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \
+ via ${oif6}
+ ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \
+ via ${oif6}
+
+ # Disallow packets to malicious IPv4 compatible prefix.
+ ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6}
+ ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6}
+ ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6}
+ ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6}
+
+ ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6}
+
+ # Disallow packets to malicious 6to4 prefix.
+ ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6}
+ ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6}
+
+ ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6}
+ ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6}
+
+ ${fwcmd} add deny all from ff05::/16 to any via ${oif6}
+ ${fwcmd} add deny all from any to ff05::/16 via ${oif6}
+ fi
+
+ # Allow TCP through if setup succeeded
+ ${fwcmd} add pass tcp from any to any established
+
+ # Allow IP fragments to pass through
+ ${fwcmd} add pass all from any to any frag
+
+ # Allow setup of incoming email
+ ${fwcmd} add pass tcp from any to me 25 setup
+
+ # Allow access to our DNS
+ ${fwcmd} add pass tcp from any to me 53 setup
+ ${fwcmd} add pass udp from any to me 53
+ ${fwcmd} add pass udp from me 53 to any
+
+ # Allow access to our WWW
+ ${fwcmd} add pass tcp from any to me 80 setup
+
+ # Reject&Log all setup of incoming connections from the outside
+ ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add deny log ip6 from any to any in via ${oif6} \
+ setup proto tcp
+ fi
+
+ # Allow setup of any other TCP connection
+ ${fwcmd} add pass tcp from any to any setup
+
+ # Allow DNS queries out in the world
+ ${fwcmd} add pass udp from me to any 53 keep-state
+
+ # Allow NTP queries out in the world
+ ${fwcmd} add pass udp from me to any 123 keep-state
+
+ # Everything else is denied by default, unless the
+ # IPFIREWALL_DEFAULT_TO_ACCEPT option is set in your kernel
+ # config file.
+ ;;
+
+[Ww][Oo][Rr][Kk][Ss][Tt][Aa][Tt][Ii][Oo][Nn])
+ # Configuration:
+ # firewall_myservices: List of TCP ports on which this host
+ # offers services.
+ # firewall_allowservices: List of IPv4 and/or IPv6 addresses
+ # that have access to
+ # $firewall_myservices.
+ # firewall_trusted: List of IPv4 and/or IPv6 addresses
+ # that have full access to this host.
+ # Be very careful when setting this.
+ # This option can seriously degrade
+ # the level of protection provided by
+ # the firewall.
+ # firewall_logdeny: Boolean (YES/NO) specifying if the
+ # default denied packets should be
+ # logged (in /var/log/security).
+ # firewall_nologports: List of TCP/UDP ports for which
+ # denied incomming packets are not
+ # logged.
+
+ # Allow packets for which a state has been built.
+ ${fwcmd} add check-state
+
+ # For services permitted below.
+ ${fwcmd} add pass tcp from me to any established
+
+ # Allow any connection out, adding state for each.
+ ${fwcmd} add pass tcp from me to any setup keep-state
+ ${fwcmd} add pass udp from me to any keep-state
+ ${fwcmd} add pass icmp from me to any keep-state
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass ipv6-icmp from me to any keep-state
+ fi
+
+ # Allow DHCP.
+ ${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out
+ ${fwcmd} add pass udp from any 67 to me 68 in
+ ${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass udp from fe80::/10 to me 546 in
+ fi
+ # Some servers will ping the IP while trying to decide if it's
+ # still in use.
+ ${fwcmd} add pass icmp from any to any icmptype 8
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129
+ fi
+
+ # Allow "mandatory" ICMP in.
+ ${fwcmd} add pass icmp from any to any icmptype 3,4,11
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6type 3
+ fi
+
+ # Add permits for this workstations published services below
+ # Only IPs and nets in firewall_allowservices is allowed in.
+ # If you really wish to let anyone use services on your
+ # workstation, then set "firewall_allowservices='any'" in /etc/rc.conf
+ #
+ # Note: We don't use keep-state as that would allow DoS of
+ # our statetable.
+ # You can add 'keep-state' to the lines for slightly
+ # better performance if you fell that DoS of your
+ # workstation won't be a problem.
+ #
+ for i in ${firewall_allowservices} ; do
+ for j in ${firewall_myservices} ; do
+ ${fwcmd} add pass tcp from $i to me $j
+ done
+ done
+
+ # Allow all connections from trusted IPs.
+ # Playing with the content of firewall_trusted could seriously
+ # degrade the level of protection provided by the firewall.
+ for i in ${firewall_trusted} ; do
+ ${fwcmd} add pass ip from $i to me
+ done
+
+ ${fwcmd} add 65000 count ip from any to any
+
+ # Drop packets to ports where we don't want logging
+ for i in ${firewall_nologports} ; do
+ ${fwcmd} add deny { tcp or udp } from any to any $i in
+ done
+
+ # Broadcasts and muticasts
+ ${fwcmd} add deny ip from any to 255.255.255.255
+ ${fwcmd} add deny ip from any to 224.0.0.0/24 in # XXX
+
+ # Noise from routers
+ ${fwcmd} add deny udp from any to any 520 in
+
+ # Noise from webbrowsing.
+ # The statefull filter is a bit agressive, and will cause some
+ # connection teardowns to be logged.
+ ${fwcmd} add deny tcp from any 80,443 to any 1024-65535 in
+
+ # Deny and (if wanted) log the rest unconditionally.
+ log=""
+ if [ ${firewall_logdeny:-x} = "YES" -o ${firewall_logdeny:-x} = "yes" ] ; then
+ log="log logamount 500" # The default of 100 is too low.
+ sysctl net.inet.ip.fw.verbose=1 >/dev/null
+ fi
+ ${fwcmd} add deny $log ip from any to any
+ ;;
+
+[Cc][Ll][Oo][Ss][Ee][Dd])
+ ${fwcmd} add 65000 deny ip from any to any
+ ;;
+[Uu][Nn][Kk][Nn][Oo][Ww][Nn])
+ ;;
+*)
+ if [ -r "${firewall_type}" ]; then
+ ${fwcmd} ${firewall_flags} ${firewall_type}
+ fi
+ ;;
+esac
diff --git a/etc/rc.initdiskless b/etc/rc.initdiskless
new file mode 100644
index 0000000..e731abb
--- /dev/null
+++ b/etc/rc.initdiskless
@@ -0,0 +1,381 @@
+#!/bin/sh
+#
+# Copyright (c) 1999 Matt Dillon
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+
+# On entry to this script the entire system consists of a read-only root
+# mounted via NFS. The kernel has run BOOTP and configured an interface
+# (otherwise it would not have been able to mount the NFS root!)
+#
+# We use the contents of /conf to create and populate memory filesystems
+# that are mounted on top of this root to implement the writable
+# (and host-specific) parts of the root filesystem, and other volatile
+# filesystems.
+#
+# The hierarchy in /conf has the form /conf/T/M/ where M are directories
+# for which memory filesystems will be created and filled,
+# and T is one of the "template" directories below:
+#
+# base universal base, typically a replica of the original root;
+# default secondary universal base, typically overriding some
+# of the files in the original root;
+# ${ipba} where ${ipba} is the assigned broadcast IP address
+# bcast/${ipba} same as above
+# ${class} where ${class} is a list of directories supplied by
+# bootp/dhcp through the T134 option.
+# ${ipba} and ${class} are typicall used to configure features
+# for group of diskless clients, or even individual features;
+# ${ip} where ${ip} is the machine's assigned IP address, typically
+# used to set host-specific features;
+# ip/${ip} same as above
+#
+# Template directories are scanned in the order they are listed above,
+# with each sucessive directory overriding (merged into) the previous one;
+# non-existing directories are ignored. The subdirectory forms exist to
+# help keep the top level /conf managable in large installations.
+#
+# The existence of a directory /conf/T/M causes this script to create a
+# memory filesystem mounted as /M on the client.
+#
+# Some files in /conf have special meaning, namely:
+#
+# Filename Action
+# ----------------------------------------------------------------
+# /conf/T/M/remount
+# The contents of the file is a mount command. E.g. if
+# /conf/1.2.3.4/foo/remount contains "mount -o ro /dev/ad0s3",
+# then /dev/ad0s3 will be be mounted on /conf/1.2.3.4/foo/
+#
+# /conf/T/M/remount_optional
+# If this file exists, then failure to execute the mount
+# command contained in /conf/T/M/remount is non-fatal.
+#
+# /conf/T/M/remount_subdir
+# If this file exists, then the behaviour of /conf/T/M/remount
+# changes as follows:
+# 1. /conf/T/M/remount is invoked to mount the root of the
+# filesystem where the configuration data exists on a
+# temporary mountpoint.
+# 2. /conf/T/M/remount_subdir is then invoked to mount a
+# *subdirectory* of the filesystem mounted by
+# /conf/T/M/remount on /conf/T/M/.
+#
+# /conf/T/M/diskless_remount
+# The contents of the file points to an NFS filesystem,
+# possibly followed by mount_nfs options. If the server name
+# is omitted, the script will prepend the root path used when
+# booting. E.g. if you booted from foo.com:/path/to/root,
+# an entry for /conf/base/etc/diskless_remount could be any of
+# foo.com:/path/to/root/etc
+# /etc -o ro
+# Because mount_nfs understands ".." in paths, it is
+# possible to mount from locations above the NFS root with
+# paths such as "/../../etc".
+#
+# /conf/T/M/md_size
+# The contents of the file specifies the size of the memory
+# filesystem to be created, in 512 byte blocks.
+# The default size is 10240 blocks (5MB). E.g. if
+# /conf/base/etc/md_size contains "30000" then a 15MB MFS
+# will be created. In case of multiple entries for the same
+# directory M, the last one in the scanning order is used.
+# NOTE: If you only need to create a memory filesystem but not
+# initialize it from a template, it is preferrable to specify
+# it in fstab e.g. as "md /tmp mfs -s=30m,rw 0 0"
+#
+# /conf/T/SUBDIR.cpio.gz
+# The file is cpio'd into /SUBDIR (and a memory filesystem is
+# created for /SUBDIR if necessary). The presence of this file
+# prevents the copy from /conf/T/SUBDIR/
+#
+# /conf/T/SUBDIR.remove
+# The list of paths contained in the file are rm -rf'd
+# relative to /SUBDIR.
+#
+# /conf/diskless_remount
+# Similar to /conf/T/M/diskless_remount above, but allows
+# all of /conf to be remounted. This can be used to allow
+# multiple roots to share the same /conf.
+#
+#
+# You will almost universally want to create the following files under /conf
+#
+# File Content
+# ---------------------------- ----------------------------------
+# /conf/base/etc/md_size size of /etc filesystem
+# /conf/base/etc/diskless_remount "/etc"
+# /conf/default/etc/rc.conf generic diskless config parameters
+# /conf/default/etc/fstab generic diskless fstab e.g. like this
+#
+# foo:/root_part / nfs ro 0 0
+# foo:/usr_part /usr nfs ro 0 0
+# foo:/home_part /home nfs rw 0 0
+# md /tmp mfs -s=30m,rw 0 0
+# md /var mfs -s=30m,rw 0 0
+# proc /proc procfs rw 0 0
+#
+# plus, possibly, overrides for password files etc.
+#
+# NOTE! /var, /tmp, and /dev will be typically created elsewhere, e.g.
+# as entries in the fstab as above.
+# Those filesystems should not be specified in /conf.
+#
+# (end of documentation, now get to the real code)
+
+dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null`
+
+# DEBUGGING
+# log something on stdout if verbose.
+o_verbose=0 # set to 1 or 2 if you want more debugging
+log() {
+ [ ${o_verbose} -gt 0 ] && echo "*** $* ***"
+ [ ${o_verbose} -gt 1 ] && read -p "=== Press enter to continue" foo
+}
+
+# chkerr:
+#
+# Routine to check for error
+#
+# checks error code and drops into shell on failure.
+# if shell exits, terminates script as well as /etc/rc.
+# if remount_optional exists under the mountpoint, skip this check.
+#
+chkerr() {
+ lastitem () ( n=$(($# - 1)) ; shift $n ; echo $1 )
+ mountpoint="$(lastitem $2)"
+ [ -r $mountpoint/remount_optional ] && ( echo "$2 failed: ignoring due to remount_optional" ; return )
+ case $1 in
+ 0)
+ ;;
+ *)
+ echo "$2 failed: dropping into /bin/sh"
+ /bin/sh
+ # RESUME
+ ;;
+ esac
+}
+
+# The list of filesystems to umount after the copy
+to_umount=""
+
+handle_remount() { # $1 = mount point
+ local nfspt mountopts b
+ b=$1
+ log handle_remount $1
+ [ -d $b -a -f $b/diskless_remount ] || return
+ read nfspt mountopts < $b/diskless_remount
+ log "nfspt ${nfspt} mountopts ${mountopts}"
+ # prepend the nfs root if not present
+ [ `expr "$nfspt" : '\(.\)'` = "/" ] && nfspt="${nfsroot}${nfspt}"
+ mount_nfs $mountopts $nfspt $b
+ chkerr $? "mount_nfs $nfspt $b"
+ to_umount="$b ${to_umount}"
+}
+
+# Create a generic memory disk
+#
+mount_md() {
+ /sbin/mdmfs -S -i 4096 -s $1 -M md $2
+}
+
+# Create the memory filesystem if it has not already been created
+#
+create_md() {
+ [ "x`eval echo \\$md_created_$1`" = "x" ] || return # only once
+ if [ "x`eval echo \\$md_size_$1`" = "x" ]; then
+ md_size=10240
+ else
+ md_size=`eval echo \\$md_size_$1`
+ fi
+ log create_md $1 with size $md_size
+ mount_md $md_size /$1
+ /bin/chmod 755 /$1
+ eval md_created_$1=created
+}
+
+# DEBUGGING
+#
+# set -v
+
+# Figure out our interface and IP.
+#
+bootp_ifc=""
+bootp_ipa=""
+bootp_ipbca=""
+class=""
+if [ ${dlv:=0} -ne 0 ] ; then
+ iflist=`ifconfig -l`
+ for i in ${iflist} ; do
+ set -- `ifconfig ${i}`
+ while [ $# -ge 1 ] ; do
+ if [ "${bootp_ifc}" = "" -a "$1" = "inet" ] ; then
+ bootp_ifc=${i} ; bootp_ipa=${2} ; shift
+ fi
+ if [ "${bootp_ipbca}" = "" -a "$1" = "broadcast" ] ; then
+ bootp_ipbca=$2; shift
+ fi
+ shift
+ done
+ if [ "${bootp_ifc}" != "" ] ; then
+ break
+ fi
+ done
+ # Get the values passed with the T134 bootp cookie.
+ class="`/sbin/sysctl -qn kern.bootp_cookie`"
+
+ echo "Interface ${bootp_ifc} IP-Address ${bootp_ipa} Broadcast ${bootp_ipbca} ${class}"
+fi
+
+log Figure out our NFS root path
+#
+set -- `mount -t nfs`
+while [ $# -ge 1 ] ; do
+ if [ "$2" = "on" -a "$3" = "/" ]; then
+ nfsroot="$1"
+ break
+ fi
+ shift
+done
+
+# The list of directories with template files
+templates="base default"
+if [ -n "${bootp_ipbca}" ]; then
+ templates="${templates} ${bootp_ipbca} bcast/${bootp_ipbca}"
+fi
+if [ -n "${class}" ]; then
+ templates="${templates} ${class}"
+fi
+if [ -n "${bootp_ipa}" ]; then
+ templates="${templates} ${bootp_ipa} ip/${bootp_ipa}"
+fi
+
+# If /conf/diskless_remount exists, remount all of /conf.
+handle_remount /conf
+
+# Resolve templates in /conf/base, /conf/default, /conf/${bootp_ipbca},
+# and /conf/${bootp_ipa}. For each subdirectory found within these
+# directories:
+#
+# - calculate memory filesystem sizes. If the subdirectory (prior to
+# NFS remounting) contains the file 'md_size', the contents specified
+# in 512 byte sectors will be used to size the memory filesystem. Otherwise
+# 8192 sectors (4MB) is used.
+#
+# - handle NFS remounts. If the subdirectory contains the file
+# diskless_remount, the contents of the file is NFS mounted over
+# the directory. For example /conf/base/etc/diskless_remount
+# might contain 'myserver:/etc'. NFS remounts allow you to avoid
+# having to dup your system directories in /conf. Your server must
+# be sure to export those filesystems -alldirs, however.
+# If the diskless_remount file contains a string beginning with a
+# '/' it is assumed that the local nfsroot should be prepended to
+# it before attemping to the remount. This allows the root to be
+# relocated without needing to change the remount files.
+#
+log "templates are ${templates}"
+for i in ${templates} ; do
+ for j in /conf/$i/* ; do
+ [ -d $j ] || continue
+
+ # memory filesystem size specification
+ subdir=${j##*/}
+ [ -f $j/md_size ] && eval md_size_$subdir=`cat $j/md_size`
+
+ # remount. Beware, the command is in the file itself!
+ if [ -f $j/remount ]; then
+ if [ -f $j/remount_subdir ]; then
+ k="/conf.tmp/$i/$subdir"
+ [ -d $k ] || continue
+
+ # Mount the filesystem root where the config data is
+ # on the temporary mount point.
+ nfspt=`/bin/cat $j/remount`
+ $nfspt $k
+ chkerr $? "$nfspt $k"
+
+ # Now use a nullfs mount to get the data where we
+ # really want to see it.
+ remount_subdir=`/bin/cat $j/remount_subdir`
+ remount_subdir_cmd="mount -t nullfs $k/$remount_subdir"
+
+ $remount_subdir_cmd $j
+ chkerr $? "$remount_subdir_cmd $j"
+
+ # XXX check order -- we must force $k to be unmounted
+ # after j, as j depends on k.
+ to_umount="$j $k ${to_umount}"
+ else
+ nfspt=`/bin/cat $j/remount`
+ $nfspt $j
+ chkerr $? "$nfspt $j"
+ to_umount="$j ${to_umount}" # XXX hope it is really a mount!
+ fi
+ fi
+
+ # NFS remount
+ handle_remount $j
+ done
+done
+
+# - Create all required MFS filesystems and populate them from
+# our templates. Support both a direct template and a dir.cpio.gz
+# archive. Support dir.remove files containing a list of relative
+# paths to remove.
+#
+# The dir.cpio.gz form is there to make the copy process more efficient,
+# so if the cpio archive is present, it prevents the files from dir/
+# from being copied.
+
+for i in ${templates} ; do
+ for j in /conf/$i/* ; do
+ subdir=${j##*/}
+ if [ -d $j -a ! -f $j.cpio.gz ]; then
+ create_md $subdir
+ cp -Rp $j/ /$subdir
+ fi
+ done
+ for j in /conf/$i/*.cpio.gz ; do
+ subdir=${j%*.cpio.gz}
+ subdir=${subdir##*/}
+ if [ -f $j ]; then
+ create_md $subdir
+ echo "Loading /$subdir from cpio archive $j"
+ (cd / ; /rescue/tar -xpf $j)
+ fi
+ done
+ for j in /conf/$i/*.remove ; do
+ subdir=${j%*.remove}
+ subdir=${subdir##*/}
+ if [ -f $j ]; then
+ # doubly sure it is a memory disk before rm -rf'ing
+ create_md $subdir
+ (cd /$subdir; rm -rf `/bin/cat $j`)
+ fi
+ done
+done
+
+# umount partitions used to fill the memory filesystems
+[ -n "${to_umount}" ] && umount $to_umount
diff --git a/etc/rc.resume b/etc/rc.resume
new file mode 100755
index 0000000..3b2e970
--- /dev/null
+++ b/etc/rc.resume
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# Copyright (c) 1999 Mitsuru IWASAKI
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# sample run command file for APM Resume Event
+
+if [ $# -ne 2 ]; then
+ echo "Usage: $0 [apm|acpi] [standby,suspend|1-4]"
+ exit 1
+fi
+
+subsystem=$1
+state=$2
+
+if [ -r /var/run/rc.suspend.pid ]; then
+ kill -9 `cat /var/run/rc.suspend.pid`
+ /bin/rm -f /var/run/rc.suspend.pid
+ echo 'rc.resume: killed rc.suspend that was still around'
+fi
+
+if [ -r /var/run/rc.suspend.tch ]; then
+ _t=`cat /var/run/rc.suspend.tch`
+ /sbin/sysctl -n kern.timecounter.hardware=$_t > /dev/null 2>&1
+ /bin/rm -f /var/run/rc.suspend.tch
+fi
+
+if [ -r /var/run/moused.pid ]; then
+ pkill -HUP -F /var/run/moused.pid
+fi
+
+# Turns on a power supply of a card in the slot inactivated.
+# See also contrib/pccardq.c (only for PAO users).
+# pccardq | awk -F '~' '$5 == "inactive" \
+# { printf("pccardc power %d 1", $1); }' | sh
+
+# If a device driver has problems resuming, try unloading it before
+# suspend and reloading it on resume. Example:
+# kldload usb
+
+# wpa_supplicant(8) doesn't seem to reassociate during resume. Uncomment
+# the following to signal it to reassociate.
+# /usr/sbin/wpa_cli reassociate
+
+/usr/bin/logger -t $subsystem resumed at `/bin/date +'%Y%m%d %H:%M:%S'`
+/bin/sync && /bin/sync && /bin/sync
+
+exit 0
diff --git a/etc/rc.sendmail b/etc/rc.sendmail
new file mode 100644
index 0000000..b025bc0
--- /dev/null
+++ b/etc/rc.sendmail
@@ -0,0 +1,277 @@
+#!/bin/sh
+
+#
+# Copyright (c) 2002 Gregory Neil Shapiro. All Rights Reserved.
+# Copyright (c) 2000, 2002 The FreeBSD Project
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# This script is used by /etc/rc at boot time to start sendmail. It
+# is meant to be sendmail specific and not a generic script for all
+# MTAs. It is only called by /etc/rc if the rc.conf mta_start_script is
+# set to /etc/rc.sendmail. This provides the opportunity for other MTAs
+# to provide their own startup script.
+
+# The script is also used by /etc/mail/Makefile to enable the
+# start/stop/restart targets.
+
+# The source for the script can be found in src/etc/sendmail/rc.sendmail.
+
+if [ -r /etc/defaults/rc.conf ]; then
+ . /etc/defaults/rc.conf
+ source_rc_confs
+elif [ -r /etc/rc.conf ]; then
+ . /etc/rc.conf
+fi
+
+# The sendmail binary
+sendmail_program=${sendmail_program:-/usr/sbin/sendmail}
+
+# The pid is used to stop and restart the running daemon(s).
+sendmail_pidfile=${sendmail_pidfile:-/var/run/sendmail.pid}
+sendmail_mspq_pidfile=${sendmail_mspq_pidfile:-/var/spool/clientmqueue/sm-client.pid}
+
+start_mta()
+{
+ case ${sendmail_enable} in
+ [Nn][Oo][Nn][Ee])
+ ;;
+ [Yy][Ee][Ss])
+ echo -n ' sendmail'
+ ${sendmail_program} ${sendmail_flags}
+ ;;
+ *)
+ case ${sendmail_submit_enable} in
+ [Yy][Ee][Ss])
+ echo -n ' sendmail-submit'
+ ${sendmail_program} ${sendmail_submit_flags}
+ ;;
+ *)
+ case ${sendmail_outbound_enable} in
+ [Yy][Ee][Ss])
+ echo -n ' sendmail-outbound'
+ ${sendmail_program} ${sendmail_outbound_flags}
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+}
+
+stop_mta()
+{
+ # Check to make sure we are configured to start an MTA
+ case ${sendmail_enable} in
+ [Nn][Oo][Nn][Ee])
+ return
+ ;;
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ case ${sendmail_submit_enable} in
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ case ${sendmail_outbound_enable} in
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ return
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+
+ if [ -r ${sendmail_pidfile} ]; then
+ echo -n ' sendmail'
+ kill -TERM `head -1 ${sendmail_pidfile}`
+ else
+ echo "$0: stop-mta: ${sendmail_pidfile} not found"
+ fi
+}
+
+restart_mta()
+{
+ # Check to make sure we are configured to start an MTA
+ case ${sendmail_enable} in
+ [Nn][Oo][Nn][Ee])
+ return
+ ;;
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ case ${sendmail_submit_enable} in
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ case ${sendmail_outbound_enable} in
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ return
+ ;;
+ esac
+ ;;
+ esac
+ ;;
+ esac
+ if [ -r ${sendmail_pidfile} ]; then
+ echo -n ' sendmail'
+ kill -HUP `head -1 ${sendmail_pidfile}`
+ else
+ echo "$0: restart-mta: ${sendmail_pidfile} not found"
+ fi
+}
+
+start_mspq()
+{
+ case ${sendmail_enable} in
+ [Nn][Oo][Nn][Ee])
+ ;;
+ *)
+ if [ -r /etc/mail/submit.cf ]; then
+ case ${sendmail_msp_queue_enable} in
+ [Yy][Ee][Ss])
+ echo -n ' sendmail-clientmqueue'
+ ${sendmail_program} ${sendmail_msp_queue_flags}
+ ;;
+ esac
+ fi
+ ;;
+ esac
+}
+
+stop_mspq()
+{
+ # Check to make sure we are configured to start an MSP queue runner
+ case ${sendmail_enable} in
+ [Nn][Oo][Nn][Ee])
+ return
+ ;;
+ *)
+ if [ -r /etc/mail/submit.cf ]; then
+ case ${sendmail_msp_queue_enable} in
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ return
+ ;;
+ esac
+ fi
+ ;;
+ esac
+
+ if [ -r ${sendmail_mspq_pidfile} ]; then
+ echo -n ' sendmail-clientmqueue'
+ kill -TERM `head -1 ${sendmail_mspq_pidfile}`
+ else
+ echo "$0: stop-mspq: ${sendmail_mspq_pidfile} not found"
+ fi
+}
+
+restart_mspq()
+{
+ # Check to make sure we are configured to start an MSP queue runner
+ case ${sendmail_enable} in
+ [Nn][Oo][Nn][Ee])
+ return
+ ;;
+ *)
+ if [ -r /etc/mail/submit.cf ]; then
+ case ${sendmail_msp_queue_enable} in
+ [Yy][Ee][Ss])
+ ;;
+ *)
+ return
+ ;;
+ esac
+ fi
+ ;;
+ esac
+
+ if [ -r ${sendmail_mspq_pidfile} ]; then
+ echo -n ' sendmail-clientmqueue'
+ kill -HUP `head -1 ${sendmail_mspq_pidfile}`
+ else
+ echo "$0: restart-mspq: ${sendmail_mspq_pidfile} not found"
+ fi
+}
+
+# If no argument is given, assume we are being called at boot time.
+_action=${1:-start}
+
+case ${_action} in
+start)
+ start_mta
+ start_mspq
+ ;;
+
+stop)
+ stop_mta
+ stop_mspq
+ ;;
+
+restart)
+ restart_mta
+ restart_mspq
+ ;;
+
+start-mta)
+ start_mta
+ ;;
+
+stop-mta)
+ stop_mta
+ ;;
+
+restart-mta)
+ restart_mta
+ ;;
+
+start-mspq)
+ start_mspq
+ ;;
+
+stop-mspq)
+ stop_mspq
+ ;;
+
+restart-mspq)
+ restart_mspq
+ ;;
+
+*)
+ echo "usage: `basename $0` {start|stop|restart}" >&2
+ echo " `basename $0` {start-mta|stop-mta|restart-mta}" >&2
+ echo " `basename $0` {start-mspq|stop-mspq|restart-mspq}" >&2
+ exit 64
+ ;;
+
+esac
+exit 0
diff --git a/etc/rc.shutdown b/etc/rc.shutdown
new file mode 100644
index 0000000..dc1ca13
--- /dev/null
+++ b/etc/rc.shutdown
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# Copyright (c) 1997 Ollivier Robert
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# Site-specific closing actions for daemons run by init on shutdown,
+# or before going single-user from multi-user.
+# Output and errors are directed to console by init, and the
+# console is the controlling terminal.
+
+stty status '^T'
+
+# Set shell to ignore SIGINT (2), but not children;
+# shell catches SIGQUIT (3) and returns to single user after fsck.
+trap : 2
+trap : 3 # shouldn't be needed
+
+HOME=/
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
+export HOME PATH
+
+. /etc/rc.subr
+
+load_rc_config 'XXX'
+
+# reverse_list list
+# print the list in reverse order
+#
+reverse_list()
+{
+ _revlist=
+ for _revfile in $*; do
+ _revlist="$_revfile${script_name_sep}$_revlist"
+ done
+ echo $_revlist
+}
+
+# If requested, start a watchdog timer in the background which
+# will terminate rc.shutdown if rc.shutdown doesn't complete
+# within the specified time.
+#
+_rcshutdown_watchdog=
+if [ -n "$rcshutdown_timeout" ]; then
+ debug "Initiating watchdog timer."
+ sleep $rcshutdown_timeout && (
+ _msg="$rcshutdown_timeout second watchdog"
+ _msg="$_msg timeout expired. Shutdown terminated."
+ logger -t rc.shutdown "$_msg"
+ echo "$_msg"
+ date
+ kill -KILL $$ >/dev/null 2>&1
+ ) &
+ _rcshutdown_watchdog=$!
+fi
+
+# Determine the shutdown order of the /etc/rc.d scripts,
+# and perform the operation
+#
+rcorder_opts="-k shutdown"
+[ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] && rcorder_opts="$rcorder_opts -s nojail"
+
+case ${local_startup} in
+[Nn][Oo] | '') ;;
+*) find_local_scripts_new ;;
+esac
+
+files=`rcorder ${rcorder_opts} /etc/rc.d/* ${local_rc} 2>/dev/null`
+
+for _rc_elem in `reverse_list $files`; do
+ debug "run_rc_script $_rc_elem faststop"
+ run_rc_script $_rc_elem faststop
+done
+
+# Terminate the background watchdog timer (if it is running)
+#
+if [ -n "$_rcshutdown_watchdog" ]; then
+ pkill -TERM -P $_rcshutdown_watchdog >/dev/null 2>&1
+fi
+
+# Insert other shutdown procedures here
+
+
+echo '.'
+exit 0
diff --git a/etc/rc.subr b/etc/rc.subr
new file mode 100644
index 0000000..29ed3dd
--- /dev/null
+++ b/etc/rc.subr
@@ -0,0 +1,1778 @@
+# $NetBSD: rc.subr,v 1.67 2006/10/07 11:25:15 elad Exp $
+# $FreeBSD$
+#
+# Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
+# All rights reserved.
+#
+# This code is derived from software contributed to The NetBSD Foundation
+# by Luke Mewburn.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+# POSSIBILITY OF SUCH DAMAGE.
+#
+# rc.subr
+# functions used by various rc scripts
+#
+
+: ${rcvar_manpage:='rc.conf(5)'}
+: ${RC_PID:=$$}; export RC_PID
+
+#
+# Operating System dependent/independent variables
+#
+
+if [ -z "${_rc_subr_loaded}" ]; then
+
+_rc_subr_loaded="YES"
+
+SYSCTL="/sbin/sysctl"
+SYSCTL_N="${SYSCTL} -n"
+SYSCTL_W="${SYSCTL}"
+ID="/usr/bin/id"
+IDCMD="if [ -x $ID ]; then $ID -un; fi"
+PS="/bin/ps -ww"
+JID=`$PS -p $$ -o jid=`
+
+#
+# functions
+# ---------
+
+# set_rcvar [var] [defval] [desc]
+#
+# Echo or define a rc.conf(5) variable name. Global variable
+# $rcvars is used.
+#
+# If no argument is specified, echo "${name}_enable".
+#
+# If only a var is specified, echo "${var}_enable".
+#
+# If var and defval are specified, the ${var} is defined as
+# rc.conf(5) variable and the default value is ${defvar}. An
+# optional argument $desc can also be specified to add a
+# description for that.
+#
+set_rcvar()
+{
+ case $# in
+ 0)
+ echo ${name}_enable
+ ;;
+ 1)
+ echo ${1}_enable
+ ;;
+ *)
+ debug "rcvar_define: \$$1=$2 is added" \
+ " as a rc.conf(5) variable."
+
+ local _var
+ _var=$1
+ rcvars="${rcvars# } $_var"
+ eval ${_var}_defval=\"$2\"
+ shift 2
+ # encode multiple lines of _desc
+ for l in "$@"; do
+ eval ${_var}_desc=\"\${${_var}_desc#^^}^^$l\"
+ done
+ eval ${_var}_desc=\"\${${_var}_desc#^^}\"
+ ;;
+ esac
+}
+
+# set_rcvar_obsolete oldvar [newvar] [msg]
+# Define obsolete variable.
+# Global variable $rcvars_obsolete is used.
+#
+set_rcvar_obsolete()
+{
+ local _var
+ _var=$1
+ debug "rcvar_obsolete: \$$1(old) -> \$$2(new) is defined"
+
+ rcvars_obsolete="${rcvars_obsolete# } $1"
+ eval ${1}_newvar=\"$2\"
+ shift 2
+ eval ${_var}_obsolete_msg=\"$*\"
+}
+
+#
+# force_depend script
+# Force a service to start. Intended for use by services
+# to resolve dependency issues. It is assumed the caller
+# has check to make sure this call is necessary
+# $1 - filename of script, in /etc/rc.d, to run
+#
+force_depend()
+{
+ _depend="$1"
+
+ info "${name} depends on ${_depend}, which will be forced to start."
+ if ! /etc/rc.d/${_depend} forcestart; then
+ warn "Unable to force ${_depend}. It may already be running."
+ return 1
+ fi
+ return 0
+}
+
+#
+# checkyesno var
+# Test $1 variable, and warn if not set to YES or NO.
+# Return 0 if it's "yes" (et al), nonzero otherwise.
+#
+checkyesno()
+{
+ eval _value=\$${1}
+ debug "checkyesno: $1 is set to $_value."
+ case $_value in
+
+ # "yes", "true", "on", or "1"
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ return 0
+ ;;
+
+ # "no", "false", "off", or "0"
+ [Nn][Oo]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
+ return 1
+ ;;
+ *)
+ warn "\$${1} is not set properly - see ${rcvar_manpage}."
+ return 1
+ ;;
+ esac
+}
+
+#
+# reverse_list list
+# print the list in reverse order
+#
+reverse_list()
+{
+ _revlist=
+ for _revfile; do
+ _revlist="$_revfile $_revlist"
+ done
+ echo $_revlist
+}
+
+# stop_boot always
+# If booting directly to multiuser or $always is enabled,
+# send SIGTERM to the parent (/etc/rc) to abort the boot.
+# Otherwise just exit.
+#
+stop_boot()
+{
+ local always
+
+ case $1 in
+ # "yes", "true", "on", or "1"
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ always=true
+ ;;
+ *)
+ always=false
+ ;;
+ esac
+ if [ "$autoboot" = yes -o "$always" = true ]; then
+ echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
+ kill -TERM ${RC_PID}
+ fi
+ exit 1
+}
+
+#
+# mount_critical_filesystems type
+# Go through the list of critical filesystems as provided in
+# the rc.conf(5) variable $critical_filesystems_${type}, checking
+# each one to see if it is mounted, and if it is not, mounting it.
+#
+mount_critical_filesystems()
+{
+ eval _fslist=\$critical_filesystems_${1}
+ for _fs in $_fslist; do
+ mount | (
+ _ismounted=false
+ while read what _on on _type type; do
+ if [ $on = $_fs ]; then
+ _ismounted=true
+ fi
+ done
+ if $_ismounted; then
+ :
+ else
+ mount $_fs >/dev/null 2>&1
+ fi
+ )
+ done
+}
+
+#
+# check_pidfile pidfile procname [interpreter]
+# Parses the first line of pidfile for a PID, and ensures
+# that the process is running and matches procname.
+# Prints the matching PID upon success, nothing otherwise.
+# interpreter is optional; see _find_processes() for details.
+#
+check_pidfile()
+{
+ _pidfile=$1
+ _procname=$2
+ _interpreter=$3
+ if [ -z "$_pidfile" -o -z "$_procname" ]; then
+ err 3 'USAGE: check_pidfile pidfile procname [interpreter]'
+ fi
+ if [ ! -f $_pidfile ]; then
+ debug "pid file ($_pidfile): not readable."
+ return
+ fi
+ read _pid _junk < $_pidfile
+ if [ -z "$_pid" ]; then
+ debug "pid file ($_pidfile): no pid in file."
+ return
+ fi
+ _find_processes $_procname ${_interpreter:-.} '-p '"$_pid"
+}
+
+#
+# check_process procname [interpreter]
+# Ensures that a process (or processes) named procname is running.
+# Prints a list of matching PIDs.
+# interpreter is optional; see _find_processes() for details.
+#
+check_process()
+{
+ _procname=$1
+ _interpreter=$2
+ if [ -z "$_procname" ]; then
+ err 3 'USAGE: check_process procname [interpreter]'
+ fi
+ _find_processes $_procname ${_interpreter:-.} '-ax'
+}
+
+#
+# _find_processes procname interpreter psargs
+# Search for procname in the output of ps generated by psargs.
+# Prints the PIDs of any matching processes, space separated.
+#
+# If interpreter == ".", check the following variations of procname
+# against the first word of each command:
+# procname
+# `basename procname`
+# `basename procname` + ":"
+# "(" + `basename procname` + ")"
+# "[" + `basename procname` + "]"
+#
+# If interpreter != ".", read the first line of procname, remove the
+# leading #!, normalise whitespace, append procname, and attempt to
+# match that against each command, either as is, or with extra words
+# at the end. As an alternative, to deal with interpreted daemons
+# using perl, the basename of the interpreter plus a colon is also
+# tried as the prefix to procname.
+#
+_find_processes()
+{
+ if [ $# -ne 3 ]; then
+ err 3 'USAGE: _find_processes procname interpreter psargs'
+ fi
+ _procname=$1
+ _interpreter=$2
+ _psargs=$3
+
+ _pref=
+ if [ $_interpreter != "." ]; then # an interpreted script
+ _script=${_chroot}${_chroot:+"/"}$_procname
+ if [ -r $_script ]; then
+ read _interp < $_script # read interpreter name
+ case "$_interp" in
+ \#!*)
+ _interp=${_interp#\#!} # strip #!
+ set -- $_interp
+ case $1 in
+ */bin/env)
+ shift # drop env to get real name
+ ;;
+ esac
+ if [ $_interpreter != $1 ]; then
+ warn "\$command_interpreter $_interpreter != $1"
+ fi
+ ;;
+ *)
+ warn "no shebang line in $_script"
+ set -- $_interpreter
+ ;;
+ esac
+ else
+ warn "cannot read shebang line from $_script"
+ set -- $_interpreter
+ fi
+ _interp="$* $_procname" # cleanup spaces, add _procname
+ _interpbn=${1##*/}
+ _fp_args='_argv'
+ _fp_match='case "$_argv" in
+ ${_interp}|"${_interp} "*|"${_interpbn}: ${_procname}"*)'
+ else # a normal daemon
+ _procnamebn=${_procname##*/}
+ _fp_args='_arg0 _argv'
+ _fp_match='case "$_arg0" in
+ $_procname|$_procnamebn|${_procnamebn}:|"(${_procnamebn})"|"[${_procnamebn}]")'
+ fi
+
+ _proccheck="\
+ $PS 2>/dev/null -o pid= -o jid= -o command= $_psargs"' |
+ while read _npid _jid '"$_fp_args"'; do
+ '"$_fp_match"'
+ if [ "$JID" -eq "$_jid" ];
+ then echo -n "$_pref$_npid";
+ _pref=" ";
+ fi
+ ;;
+ esac
+ done'
+
+# debug "in _find_processes: proccheck is ($_proccheck)."
+ eval $_proccheck
+}
+
+#
+# wait_for_pids pid [pid ...]
+# spins until none of the pids exist
+#
+wait_for_pids()
+{
+ local _list _prefix _nlist _j
+
+ _list="$@"
+ if [ -z "$_list" ]; then
+ return
+ fi
+ _prefix=
+ while true; do
+ _nlist="";
+ for _j in $_list; do
+ if kill -0 $_j 2>/dev/null; then
+ _nlist="${_nlist}${_nlist:+ }$_j"
+ [ -n "$_prefix" ] && sleep 1
+ fi
+ done
+ if [ -z "$_nlist" ]; then
+ break
+ fi
+ _list=$_nlist
+ echo -n ${_prefix:-"Waiting for PIDS: "}$_list
+ _prefix=", "
+ pwait $_list 2>/dev/null
+ done
+ if [ -n "$_prefix" ]; then
+ echo "."
+ fi
+}
+
+#
+# get_pidfile_from_conf string file
+#
+# Takes a string to search for in the specified file.
+# Ignores lines with traditional comment characters.
+#
+# Example:
+#
+# if get_pidfile_from_conf string file; then
+# pidfile="$_pidfile_from_conf"
+# else
+# pidfile='appropriate default'
+# fi
+#
+get_pidfile_from_conf()
+{
+ if [ -z "$1" -o -z "$2" ]; then
+ err 3 "USAGE: get_pidfile_from_conf string file ($name)"
+ fi
+
+ local string file line
+
+ string="$1" ; file="$2"
+
+ if [ ! -s "$file" ]; then
+ err 3 "get_pidfile_from_conf: $file does not exist ($name)"
+ fi
+
+ while read line; do
+ case "$line" in
+ *[#\;]*${string}*) continue ;;
+ *${string}*) break ;;
+ esac
+ done < $file
+
+ if [ -n "$line" ]; then
+ line=${line#*/}
+ _pidfile_from_conf="/${line%%[\"\;]*}"
+ else
+ return 1
+ fi
+}
+
+#
+# check_startmsgs
+# If rc_quiet is set (usually as a result of using faststart at
+# boot time) check if rc_startmsgs is enabled.
+#
+check_startmsgs()
+{
+ if [ -n "$rc_quiet" ]; then
+ checkyesno rc_startmsgs
+ else
+ return 0
+ fi
+}
+
+#
+# run_rc_command argument
+# Search for argument in the list of supported commands, which is:
+# "start stop restart rcvar status poll ${extra_commands}"
+# If there's a match, run ${argument}_cmd or the default method
+# (see below).
+#
+# If argument has a given prefix, then change the operation as follows:
+# Prefix Operation
+# ------ ---------
+# fast Skip the pid check, and set rc_fast=yes, rc_quiet=yes
+# force Set ${rcvar} to YES, and set rc_force=yes
+# one Set ${rcvar} to YES
+# quiet Don't output some diagnostics, and set rc_quiet=yes
+#
+# The following globals are used:
+#
+# Name Needed Purpose
+# ---- ------ -------
+# name y Name of script.
+#
+# command n Full path to command.
+# Not needed if ${rc_arg}_cmd is set for
+# each keyword.
+#
+# command_args n Optional args/shell directives for command.
+#
+# command_interpreter n If not empty, command is interpreted, so
+# call check_{pidfile,process}() appropriately.
+#
+# desc n Description of script.
+#
+# extra_commands n List of extra commands supported.
+#
+# pidfile n If set, use check_pidfile $pidfile $command,
+# otherwise use check_process $command.
+# In either case, only check if $command is set.
+#
+# procname n Process name to check for instead of $command.
+#
+# rcvar n This is checked with checkyesno to determine
+# if the action should be run.
+#
+# ${name}_program n Full path to command.
+# Meant to be used in /etc/rc.conf to override
+# ${command}.
+#
+# ${name}_chroot n Directory to chroot to before running ${command}
+# Requires /usr to be mounted.
+#
+# ${name}_chdir n Directory to cd to before running ${command}
+# (if not using ${name}_chroot).
+#
+# ${name}_flags n Arguments to call ${command} with.
+# NOTE: $flags from the parent environment
+# can be used to override this.
+#
+# ${name}_nice n Nice level to run ${command} at.
+#
+# ${name}_user n User to run ${command} as, using su(1) if not
+# using ${name}_chroot.
+# Requires /usr to be mounted.
+#
+# ${name}_group n Group to run chrooted ${command} as.
+# Requires /usr to be mounted.
+#
+# ${name}_groups n Comma separated list of supplementary groups
+# to run the chrooted ${command} with.
+# Requires /usr to be mounted.
+#
+# ${rc_arg}_cmd n If set, use this as the method when invoked;
+# Otherwise, use default command (see below)
+#
+# ${rc_arg}_precmd n If set, run just before performing the
+# ${rc_arg}_cmd method in the default
+# operation (i.e, after checking for required
+# bits and process (non)existence).
+# If this completes with a non-zero exit code,
+# don't run ${rc_arg}_cmd.
+#
+# ${rc_arg}_postcmd n If set, run just after performing the
+# ${rc_arg}_cmd method, if that method
+# returned a zero exit code.
+#
+# required_dirs n If set, check for the existence of the given
+# directories before running a (re)start command.
+#
+# required_files n If set, check for the readability of the given
+# files before running a (re)start command.
+#
+# required_modules n If set, ensure the given kernel modules are
+# loaded before running a (re)start command.
+# The check and possible loads are actually
+# done after start_precmd so that the modules
+# aren't loaded in vain, should the precmd
+# return a non-zero status to indicate a error.
+# If a word in the list looks like "foo:bar",
+# "foo" is the KLD file name and "bar" is the
+# module name. If a word looks like "foo~bar",
+# "foo" is the KLD file name and "bar" is a
+# egrep(1) pattern matching the module name.
+# Otherwise the module name is assumed to be
+# the same as the KLD file name, which is most
+# common. See load_kld().
+#
+# required_vars n If set, perform checkyesno on each of the
+# listed variables before running the default
+# (re)start command.
+#
+# Default behaviour for a given argument, if no override method is
+# provided:
+#
+# Argument Default behaviour
+# -------- -----------------
+# start if !running && checkyesno ${rcvar}
+# ${command}
+#
+# stop if ${pidfile}
+# rc_pid=$(check_pidfile $pidfile $command)
+# else
+# rc_pid=$(check_process $command)
+# kill $sig_stop $rc_pid
+# wait_for_pids $rc_pid
+# ($sig_stop defaults to TERM.)
+#
+# reload Similar to stop, except use $sig_reload instead,
+# and doesn't wait_for_pids.
+# $sig_reload defaults to HUP.
+# Note that `reload' isn't provided by default,
+# it should be enabled via $extra_commands.
+#
+# restart Run `stop' then `start'.
+#
+# status Show if ${command} is running, etc.
+#
+# poll Wait for ${command} to exit.
+#
+# rcvar Display what rc.conf variable is used (if any).
+#
+# Variables available to methods, and after run_rc_command() has
+# completed:
+#
+# Variable Purpose
+# -------- -------
+# rc_arg Argument to command, after fast/force/one processing
+# performed
+#
+# rc_flags Flags to start the default command with.
+# Defaults to ${name}_flags, unless overridden
+# by $flags from the environment.
+# This variable may be changed by the precmd method.
+#
+# rc_pid PID of command (if appropriate)
+#
+# rc_fast Not empty if "fast" was provided (q.v.)
+#
+# rc_force Not empty if "force" was provided (q.v.)
+#
+# rc_quiet Not empty if "quiet" was provided
+#
+#
+run_rc_command()
+{
+ _return=0
+ rc_arg=$1
+ if [ -z "$name" ]; then
+ err 3 'run_rc_command: $name is not set.'
+ fi
+
+ # Don't repeat the first argument when passing additional command-
+ # line arguments to the command subroutines.
+ #
+ shift 1
+ rc_extra_args="$*"
+
+ _rc_prefix=
+ case "$rc_arg" in
+ fast*) # "fast" prefix; don't check pid
+ rc_arg=${rc_arg#fast}
+ rc_fast=yes
+ rc_quiet=yes
+ ;;
+ force*) # "force" prefix; always run
+ rc_force=yes
+ _rc_prefix=force
+ rc_arg=${rc_arg#${_rc_prefix}}
+ if [ -n "${rcvar}" ]; then
+ eval ${rcvar}=YES
+ fi
+ ;;
+ one*) # "one" prefix; set ${rcvar}=yes
+ _rc_prefix=one
+ rc_arg=${rc_arg#${_rc_prefix}}
+ if [ -n "${rcvar}" ]; then
+ eval ${rcvar}=YES
+ fi
+ ;;
+ quiet*) # "quiet" prefix; omit some messages
+ _rc_prefix=quiet
+ rc_arg=${rc_arg#${_rc_prefix}}
+ rc_quiet=yes
+ ;;
+ esac
+
+ eval _override_command=\$${name}_program
+ command=${_override_command:-$command}
+
+ _keywords="start stop restart rcvar $extra_commands"
+ rc_pid=
+ _pidcmd=
+ _procname=${procname:-${command}}
+
+ # setup pid check command
+ if [ -n "$_procname" ]; then
+ if [ -n "$pidfile" ]; then
+ _pidcmd='rc_pid=$(check_pidfile '"$pidfile $_procname $command_interpreter"')'
+ else
+ _pidcmd='rc_pid=$(check_process '"$_procname $command_interpreter"')'
+ fi
+ if [ -n "$_pidcmd" ]; then
+ _keywords="${_keywords} status poll"
+ fi
+ fi
+
+ if [ -z "$rc_arg" ]; then
+ rc_usage $_keywords
+ fi
+
+ if [ -n "$flags" ]; then # allow override from environment
+ rc_flags=$flags
+ else
+ eval rc_flags=\$${name}_flags
+ fi
+ eval _chdir=\$${name}_chdir _chroot=\$${name}_chroot \
+ _nice=\$${name}_nice _user=\$${name}_user \
+ _group=\$${name}_group _groups=\$${name}_groups
+
+ if [ -n "$_user" ]; then # unset $_user if running as that user
+ if [ "$_user" = "$(eval $IDCMD)" ]; then
+ unset _user
+ fi
+ fi
+
+ eval $_pidcmd # determine the pid if necessary
+
+ for _elem in $_keywords; do
+ if [ "$_elem" != "$rc_arg" ]; then
+ continue
+ fi
+ # if ${rcvar} is set, $1 is not "rcvar"
+ # and ${rc_pid} is not set, then run
+ # checkyesno ${rcvar}
+ # and return if that failed
+ #
+ if [ -n "${rcvar}" -a "$rc_arg" != "rcvar" -a "$rc_arg" != "stop" ] ||
+ [ -n "${rcvar}" -a "$rc_arg" = "stop" -a -z "${rc_pid}" ]; then
+ if ! checkyesno ${rcvar}; then
+ if [ -n "${rc_quiet}" ]; then
+ return 0
+ fi
+ echo -n "Cannot '${rc_arg}' $name. Set ${rcvar} to "
+ echo -n "YES in /etc/rc.conf or use 'one${rc_arg}' "
+ echo "instead of '${rc_arg}'."
+ return 0
+ fi
+ fi
+
+ # if there's a custom ${XXX_cmd},
+ # run that instead of the default
+ #
+ eval _cmd=\$${rc_arg}_cmd \
+ _precmd=\$${rc_arg}_precmd \
+ _postcmd=\$${rc_arg}_postcmd
+
+ if [ -n "$_cmd" ]; then
+ _run_rc_precmd || return 1
+ _run_rc_doit "$_cmd $rc_extra_args" || return 1
+ _run_rc_postcmd
+ return $_return
+ fi
+
+ case "$rc_arg" in # default operations...
+
+ status)
+ _run_rc_precmd || return 1
+ if [ -n "$rc_pid" ]; then
+ echo "${name} is running as pid $rc_pid."
+ else
+ echo "${name} is not running."
+ return 1
+ fi
+ _run_rc_postcmd
+ ;;
+
+ start)
+ if [ -z "$rc_fast" -a -n "$rc_pid" ]; then
+ echo 1>&2 "${name} already running? (pid=$rc_pid)."
+ return 1
+ fi
+
+ if [ ! -x ${_chroot}${_chroot:+"/"}${command} ]; then
+ warn "run_rc_command: cannot run $command"
+ return 1
+ fi
+
+ if ! _run_rc_precmd; then
+ warn "failed precmd routine for ${name}"
+ return 1
+ fi
+
+ # setup the full command to run
+ #
+ check_startmsgs && echo "Starting ${name}."
+ if [ -n "$_chroot" ]; then
+ _doit="\
+${_nice:+nice -n $_nice }\
+chroot ${_user:+-u $_user }${_group:+-g $_group }${_groups:+-G $_groups }\
+$_chroot $command $rc_flags $command_args"
+ else
+ _doit="\
+${_chdir:+cd $_chdir && }\
+$command $rc_flags $command_args"
+ if [ -n "$_user" ]; then
+ _doit="su -m $_user -c 'sh -c \"$_doit\"'"
+ fi
+ if [ -n "$_nice" ]; then
+ if [ -z "$_user" ]; then
+ _doit="sh -c \"$_doit\""
+ fi
+ _doit="nice -n $_nice $_doit"
+ fi
+ fi
+
+ # run the full command
+ #
+ if ! _run_rc_doit "$_doit"; then
+ warn "failed to start ${name}"
+ return 1
+ fi
+
+ # finally, run postcmd
+ #
+ _run_rc_postcmd
+ ;;
+
+ stop)
+ if [ -z "$rc_pid" ]; then
+ [ -n "$rc_fast" ] && return 0
+ _run_rc_notrunning
+ return 1
+ fi
+
+ _run_rc_precmd || return 1
+
+ # send the signal to stop
+ #
+ echo "Stopping ${name}."
+ _doit=$(_run_rc_killcmd "${sig_stop:-TERM}")
+ _run_rc_doit "$_doit" || return 1
+
+ # wait for the command to exit,
+ # and run postcmd.
+ wait_for_pids $rc_pid
+
+ _run_rc_postcmd
+ ;;
+
+ reload)
+ if [ -z "$rc_pid" ]; then
+ _run_rc_notrunning
+ return 1
+ fi
+
+ _run_rc_precmd || return 1
+
+ _doit=$(_run_rc_killcmd "${sig_reload:-HUP}")
+ _run_rc_doit "$_doit" || return 1
+
+ _run_rc_postcmd
+ ;;
+
+ restart)
+ # prevent restart being called more
+ # than once by any given script
+ #
+ if ${_rc_restart_done:-false}; then
+ return 0
+ fi
+ _rc_restart_done=true
+
+ _run_rc_precmd || return 1
+
+ # run those in a subshell to keep global variables
+ ( run_rc_command ${_rc_prefix}stop $rc_extra_args )
+ ( run_rc_command ${_rc_prefix}start $rc_extra_args )
+ _return=$?
+ [ $_return -ne 0 ] && [ -z "$rc_force" ] && return 1
+
+ _run_rc_postcmd
+ ;;
+
+ poll)
+ _run_rc_precmd || return 1
+ if [ -n "$rc_pid" ]; then
+ wait_for_pids $rc_pid
+ fi
+ _run_rc_postcmd
+ ;;
+
+ rcvar)
+ echo -n "# $name"
+ if [ -n "$desc" ]; then
+ echo " : $desc"
+ else
+ echo ""
+ fi
+ echo "#"
+ # Get unique vars in $rcvar $rcvars
+ for _v in $rcvar $rcvars; do
+ case $v in
+ $_v\ *|\ *$_v|*\ $_v\ *) ;;
+ *) v="${v# } $_v" ;;
+ esac
+ done
+
+ # Display variables.
+ for _v in $v; do
+ if [ -z "$_v" ]; then
+ continue
+ fi
+
+ eval _desc=\$${_v}_desc
+ eval _defval=\$${_v}_defval
+ _h="-"
+
+ eval echo \"$_v=\\\"\$$_v\\\"\"
+ # decode multiple lines of _desc
+ while [ -n "$_desc" ]; do
+ case $_desc in
+ *^^*)
+ echo "# $_h ${_desc%%^^*}"
+ _desc=${_desc#*^^}
+ _h=" "
+ ;;
+ *)
+ echo "# $_h ${_desc}"
+ break
+ ;;
+ esac
+ done
+ echo "# (default: \"$_defval\")"
+ done
+ echo ""
+ ;;
+
+ *)
+ rc_usage $_keywords
+ ;;
+
+ esac
+ return $_return
+ done
+
+ echo 1>&2 "$0: unknown directive '$rc_arg'."
+ rc_usage $_keywords
+ # not reached
+}
+
+#
+# Helper functions for run_rc_command: common code.
+# They use such global variables besides the exported rc_* ones:
+#
+# name R/W
+# ------------------
+# _precmd R
+# _postcmd R
+# _return W
+#
+_run_rc_precmd()
+{
+ check_required_before "$rc_arg" || return 1
+
+ if [ -n "$_precmd" ]; then
+ debug "run_rc_command: ${rc_arg}_precmd: $_precmd $rc_extra_args"
+ eval "$_precmd $rc_extra_args"
+ _return=$?
+
+ # If precmd failed and force isn't set, request exit.
+ if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
+ return 1
+ fi
+ fi
+
+ check_required_after "$rc_arg" || return 1
+
+ return 0
+}
+
+_run_rc_postcmd()
+{
+ if [ -n "$_postcmd" ]; then
+ debug "run_rc_command: ${rc_arg}_postcmd: $_postcmd $rc_extra_args"
+ eval "$_postcmd $rc_extra_args"
+ _return=$?
+ fi
+ return 0
+}
+
+_run_rc_doit()
+{
+ debug "run_rc_command: doit: $*"
+ eval "$@"
+ _return=$?
+
+ # If command failed and force isn't set, request exit.
+ if [ $_return -ne 0 ] && [ -z "$rc_force" ]; then
+ return 1
+ fi
+
+ return 0
+}
+
+_run_rc_notrunning()
+{
+ local _pidmsg
+
+ if [ -n "$pidfile" ]; then
+ _pidmsg=" (check $pidfile)."
+ else
+ _pidmsg=
+ fi
+ echo 1>&2 "${name} not running?${_pidmsg}"
+}
+
+_run_rc_killcmd()
+{
+ local _cmd
+
+ _cmd="kill -$1 $rc_pid"
+ if [ -n "$_user" ]; then
+ _cmd="su -m ${_user} -c 'sh -c \"${_cmd}\"'"
+ fi
+ echo "$_cmd"
+}
+
+#
+# run_rc_script file arg
+# Start the script `file' with `arg', and correctly handle the
+# return value from the script.
+# If `file' ends with `.sh', it's sourced into the current environment
+# when $rc_fast_and_loose is set, otherwise it is run as a child process.
+# If `file' appears to be a backup or scratch file, ignore it.
+# Otherwise if it is executable run as a child process.
+#
+run_rc_script()
+{
+ _file=$1
+ _arg=$2
+ if [ -z "$_file" -o -z "$_arg" ]; then
+ err 3 'USAGE: run_rc_script file arg'
+ fi
+
+ unset name command command_args command_interpreter \
+ extra_commands pidfile procname \
+ rcvar rcvars rcvars_obsolete required_dirs required_files \
+ required_vars
+ eval unset ${_arg}_cmd ${_arg}_precmd ${_arg}_postcmd
+
+ case "$_file" in
+ /etc/rc.d/*.sh) # no longer allowed in the base
+ warn "Ignoring old-style startup script $_file"
+ ;;
+ *[~#]|*.OLD|*.bak|*.orig|*,v) # scratch file; skip
+ warn "Ignoring scratch file $_file"
+ ;;
+ *) # run in subshell
+ if [ -x $_file ]; then
+ if [ -n "$rc_fast_and_loose" ]; then
+ set $_arg; . $_file
+ else
+ ( trap "echo Script $_file interrupted; kill -QUIT $$" 3
+ trap "echo Script $_file interrupted; exit 1" 2
+ trap "echo Script $_file running" 29
+ set $_arg; . $_file )
+ fi
+ fi
+ ;;
+ esac
+}
+
+#
+# load_rc_config name
+# Source in the configuration file for a given name.
+#
+load_rc_config()
+{
+ local _name _var _defval _v _msg _new
+ _name=$1
+ if [ -z "$_name" ]; then
+ err 3 'USAGE: load_rc_config name'
+ fi
+
+ if ${_rc_conf_loaded:-false}; then
+ :
+ else
+ if [ -r /etc/defaults/rc.conf ]; then
+ debug "Sourcing /etc/defaults/rc.conf"
+ . /etc/defaults/rc.conf
+ source_rc_confs
+ elif [ -r /etc/rc.conf ]; then
+ debug "Sourcing /etc/rc.conf (/etc/defaults/rc.conf doesn't exist)."
+ . /etc/rc.conf
+ fi
+ _rc_conf_loaded=true
+ fi
+ if [ -f /etc/rc.conf.d/"$_name" ]; then
+ debug "Sourcing /etc/rc.conf.d/${_name}"
+ . /etc/rc.conf.d/"$_name"
+ fi
+
+ # Set defaults if defined.
+ for _var in $rcvar $rcvars; do
+ eval _defval=\$${_var}_defval
+ if [ -n "$_defval" ]; then
+ eval : \${$_var:=\$${_var}_defval}
+ fi
+ done
+
+ # check obsolete rc.conf variables
+ for _var in $rcvars_obsolete; do
+ eval _v=\$$_var
+ eval _msg=\$${_var}_obsolete_msg
+ eval _new=\$${_var}_newvar
+ case $_v in
+ "")
+ ;;
+ *)
+ if [ -z "$_new" ]; then
+ _msg="Ignored."
+ else
+ eval $_new=\"\$$_var\"
+ if [ -z "$_msg" ]; then
+ _msg="Use \$$_new instead."
+ fi
+ fi
+ warn "\$$_var is obsolete. $_msg"
+ ;;
+ esac
+ done
+}
+
+#
+# load_rc_config_var name var
+# Read the rc.conf(5) var for name and set in the
+# current shell, using load_rc_config in a subshell to prevent
+# unwanted side effects from other variable assignments.
+#
+load_rc_config_var()
+{
+ if [ $# -ne 2 ]; then
+ err 3 'USAGE: load_rc_config_var name var'
+ fi
+ eval $(eval '(
+ load_rc_config '$1' >/dev/null;
+ if [ -n "${'$2'}" -o "${'$2'-UNSET}" != "UNSET" ]; then
+ echo '$2'=\'\''${'$2'}\'\'';
+ fi
+ )' )
+}
+
+#
+# rc_usage commands
+# Print a usage string for $0, with `commands' being a list of
+# valid commands.
+#
+rc_usage()
+{
+ echo -n 1>&2 "Usage: $0 [fast|force|one]("
+
+ _sep=
+ for _elem; do
+ echo -n 1>&2 "$_sep$_elem"
+ _sep="|"
+ done
+ echo 1>&2 ")"
+ exit 1
+}
+
+#
+# err exitval message
+# Display message to stderr and log to the syslog, and exit with exitval.
+#
+err()
+{
+ exitval=$1
+ shift
+
+ if [ -x /usr/bin/logger ]; then
+ logger "$0: ERROR: $*"
+ fi
+ echo 1>&2 "$0: ERROR: $*"
+ exit $exitval
+}
+
+#
+# warn message
+# Display message to stderr and log to the syslog.
+#
+warn()
+{
+ if [ -x /usr/bin/logger ]; then
+ logger "$0: WARNING: $*"
+ fi
+ echo 1>&2 "$0: WARNING: $*"
+}
+
+#
+# info message
+# Display informational message to stdout and log to syslog.
+#
+info()
+{
+ case ${rc_info} in
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ if [ -x /usr/bin/logger ]; then
+ logger "$0: INFO: $*"
+ fi
+ echo "$0: INFO: $*"
+ ;;
+ esac
+}
+
+#
+# debug message
+# If debugging is enabled in rc.conf output message to stderr.
+# BEWARE that you don't call any subroutine that itself calls this
+# function.
+#
+debug()
+{
+ case ${rc_debug} in
+ [Yy][Ee][Ss]|[Tt][Rr][Uu][Ee]|[Oo][Nn]|1)
+ if [ -x /usr/bin/logger ]; then
+ logger "$0: DEBUG: $*"
+ fi
+ echo 1>&2 "$0: DEBUG: $*"
+ ;;
+ esac
+}
+
+#
+# backup_file action file cur backup
+# Make a backup copy of `file' into `cur', and save the previous
+# version of `cur' as `backup' or use rcs for archiving.
+#
+# This routine checks the value of the backup_uses_rcs variable,
+# which can be either YES or NO.
+#
+# The `action' keyword can be one of the following:
+#
+# add `file' is now being backed up (and is possibly
+# being reentered into the backups system). `cur'
+# is created and RCS files, if necessary, are
+# created as well.
+#
+# update `file' has changed and needs to be backed up.
+# If `cur' exists, it is copied to to `back' or
+# checked into RCS (if the repository file is old),
+# and then `file' is copied to `cur'. Another RCS
+# check in done here if RCS is being used.
+#
+# remove `file' is no longer being tracked by the backups
+# system. If RCS is not being used, `cur' is moved
+# to `back', otherwise an empty file is checked in,
+# and then `cur' is removed.
+#
+#
+backup_file()
+{
+ _action=$1
+ _file=$2
+ _cur=$3
+ _back=$4
+
+ if checkyesno backup_uses_rcs; then
+ _msg0="backup archive"
+ _msg1="update"
+
+ # ensure that history file is not locked
+ if [ -f $_cur,v ]; then
+ rcs -q -u -U -M $_cur
+ fi
+
+ # ensure after switching to rcs that the
+ # current backup is not lost
+ if [ -f $_cur ]; then
+ # no archive, or current newer than archive
+ if [ ! -f $_cur,v -o $_cur -nt $_cur,v ]; then
+ ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur
+ rcs -q -kb -U $_cur
+ co -q -f -u $_cur
+ fi
+ fi
+
+ case $_action in
+ add|update)
+ cp -p $_file $_cur
+ ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur
+ rcs -q -kb -U $_cur
+ co -q -f -u $_cur
+ chown root:wheel $_cur $_cur,v
+ ;;
+ remove)
+ cp /dev/null $_cur
+ ci -q -f -u -t-"$_msg0" -m"$_msg1" $_cur
+ rcs -q -kb -U $_cur
+ chown root:wheel $_cur $_cur,v
+ rm $_cur
+ ;;
+ esac
+ else
+ case $_action in
+ add|update)
+ if [ -f $_cur ]; then
+ cp -p $_cur $_back
+ fi
+ cp -p $_file $_cur
+ chown root:wheel $_cur
+ ;;
+ remove)
+ mv -f $_cur $_back
+ ;;
+ esac
+ fi
+}
+
+# make_symlink src link
+# Make a symbolic link 'link' to src from basedir. If the
+# directory in which link is to be created does not exist
+# a warning will be displayed and an error will be returned.
+# Returns 0 on sucess, 1 otherwise.
+#
+make_symlink()
+{
+ local src link linkdir _me
+ src="$1"
+ link="$2"
+ linkdir="`dirname $link`"
+ _me="make_symlink()"
+
+ if [ -z "$src" -o -z "$link" ]; then
+ warn "$_me: requires two arguments."
+ return 1
+ fi
+ if [ ! -d "$linkdir" ]; then
+ warn "$_me: the directory $linkdir does not exist."
+ return 1
+ fi
+ if ! ln -sf $src $link; then
+ warn "$_me: unable to make a symbolic link from $link to $src"
+ return 1
+ fi
+ return 0
+}
+
+# devfs_rulesets_from_file file
+# Reads a set of devfs commands from file, and creates
+# the specified rulesets with their rules. Returns non-zero
+# if there was an error.
+#
+devfs_rulesets_from_file()
+{
+ local file _err _me
+ file="$1"
+ _me="devfs_rulesets_from_file"
+ _err=0
+
+ if [ -z "$file" ]; then
+ warn "$_me: you must specify a file"
+ return 1
+ fi
+ if [ ! -e "$file" ]; then
+ debug "$_me: no such file ($file)"
+ return 0
+ fi
+ debug "reading rulesets from file ($file)"
+ { while read line
+ do
+ case $line in
+ \#*)
+ continue
+ ;;
+ \[*\]*)
+ rulenum=`expr "$line" : "\[.*=\([0-9]*\)\]"`
+ if [ -z "$rulenum" ]; then
+ warn "$_me: cannot extract rule number ($line)"
+ _err=1
+ break
+ fi
+ rulename=`expr "$line" : "\[\(.*\)=[0-9]*\]"`
+ if [ -z "$rulename" ]; then
+ warn "$_me: cannot extract rule name ($line)"
+ _err=1
+ break;
+ fi
+ eval $rulename=\$rulenum
+ debug "found ruleset: $rulename=$rulenum"
+ if ! /sbin/devfs rule -s $rulenum delset; then
+ _err=1
+ break
+ fi
+ ;;
+ *)
+ rulecmd="${line%%"\#*"}"
+ # evaluate the command incase it includes
+ # other rules
+ if [ -n "$rulecmd" ]; then
+ debug "adding rule ($rulecmd)"
+ if ! eval /sbin/devfs rule -s $rulenum $rulecmd
+ then
+ _err=1
+ break
+ fi
+ fi
+ ;;
+ esac
+ if [ $_err -ne 0 ]; then
+ debug "error in $_me"
+ break
+ fi
+ done } < $file
+ return $_err
+}
+
+# devfs_init_rulesets
+# Initializes rulesets from configuration files. Returns
+# non-zero if there was an error.
+#
+devfs_init_rulesets()
+{
+ local file _me
+ _me="devfs_init_rulesets"
+
+ # Go through this only once
+ if [ -n "$devfs_rulesets_init" ]; then
+ debug "$_me: devfs rulesets already initialized"
+ return
+ fi
+ for file in $devfs_rulesets; do
+ if ! devfs_rulesets_from_file $file; then
+ warn "$_me: could not read rules from $file"
+ return 1
+ fi
+ done
+ devfs_rulesets_init=1
+ debug "$_me: devfs rulesets initialized"
+ return 0
+}
+
+# devfs_set_ruleset ruleset [dir]
+# Sets the default ruleset of dir to ruleset. The ruleset argument
+# must be a ruleset name as specified in devfs.rules(5) file.
+# Returns non-zero if it could not set it successfully.
+#
+devfs_set_ruleset()
+{
+ local devdir rs _me
+ [ -n "$1" ] && eval rs=\$$1 || rs=
+ [ -n "$2" ] && devdir="-m "$2"" || devdir=
+ _me="devfs_set_ruleset"
+
+ if [ -z "$rs" ]; then
+ warn "$_me: you must specify a ruleset number"
+ return 1
+ fi
+ debug "$_me: setting ruleset ($rs) on mount-point (${devdir#-m })"
+ if ! /sbin/devfs $devdir ruleset $rs; then
+ warn "$_me: unable to set ruleset $rs to ${devdir#-m }"
+ return 1
+ fi
+ return 0
+}
+
+# devfs_apply_ruleset ruleset [dir]
+# Apply ruleset number $ruleset to the devfs mountpoint $dir.
+# The ruleset argument must be a ruleset name as specified
+# in a devfs.rules(5) file. Returns 0 on success or non-zero
+# if it could not apply the ruleset.
+#
+devfs_apply_ruleset()
+{
+ local devdir rs _me
+ [ -n "$1" ] && eval rs=\$$1 || rs=
+ [ -n "$2" ] && devdir="-m "$2"" || devdir=
+ _me="devfs_apply_ruleset"
+
+ if [ -z "$rs" ]; then
+ warn "$_me: you must specify a ruleset"
+ return 1
+ fi
+ debug "$_me: applying ruleset ($rs) to mount-point (${devdir#-m })"
+ if ! /sbin/devfs $devdir rule -s $rs applyset; then
+ warn "$_me: unable to apply ruleset $rs to ${devdir#-m }"
+ return 1
+ fi
+ return 0
+}
+
+# devfs_domount dir [ruleset]
+# Mount devfs on dir. If ruleset is specified it is set
+# on the mount-point. It must also be a ruleset name as specified
+# in a devfs.rules(5) file. Returns 0 on success.
+#
+devfs_domount()
+{
+ local devdir rs _me
+ devdir="$1"
+ [ -n "$2" ] && rs=$2 || rs=
+ _me="devfs_domount()"
+
+ if [ -z "$devdir" ]; then
+ warn "$_me: you must specify a mount-point"
+ return 1
+ fi
+ debug "$_me: mount-point is ($devdir), ruleset is ($rs)"
+ if ! mount -t devfs dev "$devdir"; then
+ warn "$_me: Unable to mount devfs on $devdir"
+ return 1
+ fi
+ if [ -n "$rs" ]; then
+ devfs_init_rulesets
+ devfs_set_ruleset $rs $devdir
+ devfs -m $devdir rule applyset
+ fi
+ return 0
+}
+
+# devfs_mount_jail dir [ruleset]
+# Mounts a devfs file system appropriate for jails
+# on the directory dir. If ruleset is specified, the ruleset
+# it names will be used instead. If present, ruleset must
+# be the name of a ruleset as defined in a devfs.rules(5) file.
+# This function returns non-zero if an error occurs.
+#
+devfs_mount_jail()
+{
+ local jdev rs _me
+ jdev="$1"
+ [ -n "$2" ] && rs=$2 || rs="devfsrules_jail"
+ _me="devfs_mount_jail"
+
+ devfs_init_rulesets
+ if ! devfs_domount "$jdev" $rs; then
+ warn "$_me: devfs was not mounted on $jdev"
+ return 1
+ fi
+ return 0
+}
+
+# Provide a function for normalizing the mounting of memory
+# filesystems. This should allow the rest of the code here to remain
+# as close as possible between 5-current and 4-stable.
+# $1 = size
+# $2 = mount point
+# $3 = (optional) extra mdmfs flags
+mount_md()
+{
+ if [ -n "$3" ]; then
+ flags="$3"
+ fi
+ /sbin/mdmfs $flags -s $1 md $2
+}
+
+# Code common to scripts that need to load a kernel module
+# if it isn't in the kernel yet. Syntax:
+# load_kld [-e regex] [-m module] file
+# where -e or -m chooses the way to check if the module
+# is already loaded:
+# regex is egrep'd in the output from `kldstat -v',
+# module is passed to `kldstat -m'.
+# The default way is as though `-m file' were specified.
+load_kld()
+{
+ local _loaded _mod _opt _re
+
+ while getopts "e:m:" _opt; do
+ case "$_opt" in
+ e) _re="$OPTARG" ;;
+ m) _mod="$OPTARG" ;;
+ *) err 3 'USAGE: load_kld [-e regex] [-m module] file' ;;
+ esac
+ done
+ shift $(($OPTIND - 1))
+ if [ $# -ne 1 ]; then
+ err 3 'USAGE: load_kld [-e regex] [-m module] file'
+ fi
+ _mod=${_mod:-$1}
+ _loaded=false
+ if [ -n "$_re" ]; then
+ if kldstat -v | egrep -q -e "$_re"; then
+ _loaded=true
+ fi
+ else
+ if kldstat -q -m "$_mod"; then
+ _loaded=true
+ fi
+ fi
+ if ! $_loaded; then
+ if ! kldload "$1"; then
+ warn "Unable to load kernel module $1"
+ return 1
+ else
+ info "$1 kernel module loaded."
+ fi
+ else
+ debug "load_kld: $1 kernel module already loaded."
+ fi
+ return 0
+}
+
+# ltr str src dst
+# Change every $src in $str to $dst.
+# Useful when /usr is not yet mounted and we cannot use tr(1), sed(1) nor
+# awk(1).
+ltr()
+{
+ local _str _src _dst _out _com
+ _str=$1
+ _src=$2
+ _dst=$3
+ _out=""
+
+ IFS=${_src}
+ for _com in ${_str}; do
+ if [ -z "${_out}" ]; then
+ _out="${_com}"
+ else
+ _out="${_out}${_dst}${_com}"
+ fi
+ done
+ echo "${_out}"
+}
+
+# Creates a list of providers for GELI encryption.
+geli_make_list()
+{
+ local devices devices2
+ local provider mountpoint type options rest
+
+ # Create list of GELI providers from fstab.
+ while read provider mountpoint type options rest ; do
+ case ":${options}" in
+ :*noauto*)
+ noauto=yes
+ ;;
+ *)
+ noauto=no
+ ;;
+ esac
+
+ case ":${provider}" in
+ :#*)
+ continue
+ ;;
+ *.eli)
+ # Skip swap devices.
+ if [ "${type}" = "swap" -o "${options}" = "sw" -o "${noauto}" = "yes" ]; then
+ continue
+ fi
+ devices="${devices} ${provider}"
+ ;;
+ esac
+ done < /etc/fstab
+
+ # Append providers from geli_devices.
+ devices="${devices} ${geli_devices}"
+
+ for provider in ${devices}; do
+ provider=${provider%.eli}
+ provider=${provider#/dev/}
+ devices2="${devices2} ${provider}"
+ done
+
+ echo ${devices2}
+}
+
+# Find scripts in local_startup directories that use the old syntax
+#
+find_local_scripts_old () {
+ zlist=''
+ slist=''
+ for dir in ${local_startup}; do
+ if [ -d "${dir}" ]; then
+ for file in ${dir}/[0-9]*.sh; do
+ grep '^# PROVIDE:' $file >/dev/null 2>&1 &&
+ continue
+ zlist="$zlist $file"
+ done
+ for file in ${dir}/[!0-9]*.sh; do
+ grep '^# PROVIDE:' $file >/dev/null 2>&1 &&
+ continue
+ slist="$slist $file"
+ done
+ fi
+ done
+}
+
+find_local_scripts_new () {
+ local_rc=''
+ for dir in ${local_startup}; do
+ if [ -d "${dir}" ]; then
+ for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do
+ case "$file" in
+ *.sample) ;;
+ *) if [ -x "$file" ]; then
+ local_rc="${local_rc} ${file}"
+ fi
+ ;;
+ esac
+ done
+ fi
+ done
+}
+
+# check_required_{before|after} command
+# Check for things required by the command before and after its precmd,
+# respectively. The two separate functions are needed because some
+# conditions should prevent precmd from being run while other things
+# depend on precmd having already been run.
+#
+check_required_before()
+{
+ local _f
+
+ case "$1" in
+ start)
+ for _f in $required_vars; do
+ if ! checkyesno $_f; then
+ warn "\$${_f} is not enabled."
+ if [ -z "$rc_force" ]; then
+ return 1
+ fi
+ fi
+ done
+
+ for _f in $required_dirs; do
+ if [ ! -d "${_f}/." ]; then
+ warn "${_f} is not a directory."
+ if [ -z "$rc_force" ]; then
+ return 1
+ fi
+ fi
+ done
+
+ for _f in $required_files; do
+ if [ ! -r "${_f}" ]; then
+ warn "${_f} is not readable."
+ if [ -z "$rc_force" ]; then
+ return 1
+ fi
+ fi
+ done
+ ;;
+ esac
+
+ return 0
+}
+
+check_required_after()
+{
+ local _f _args
+
+ case "$1" in
+ start)
+ for _f in $required_modules; do
+ case "${_f}" in
+ *~*) _args="-e ${_f#*~} ${_f%%~*}" ;;
+ *:*) _args="-m ${_f#*:} ${_f%%:*}" ;;
+ *) _args="${_f}" ;;
+ esac
+ if ! load_kld ${_args}; then
+ if [ -z "$rc_force" ]; then
+ return 1
+ fi
+ fi
+ done
+ ;;
+ esac
+
+ return 0
+}
+
+# check_kern_features mib
+# Return existence of kern.features.* sysctl MIB as true or
+# false. The result will be cached in $_rc_cache_kern_features_
+# namespace. "0" means the kern.features.X exists.
+
+check_kern_features()
+{
+ local _v
+
+ [ -n "$1" ] || return 1;
+ eval _v=\$_rc_cache_kern_features_$1
+ [ -n "$_v" ] && return "$_v";
+
+ if ${SYSCTL_N} kern.features.$1 > /dev/null 2>&1; then
+ eval _rc_cache_kern_features_$1=0
+ return 0
+ else
+ eval _rc_cache_kern_features_$1=1
+ return 1
+ fi
+}
+
+# _echoonce var msg mode
+# mode=0: Echo $msg if ${$var} is empty.
+# After doing echo, a string is set to ${$var}.
+#
+# mode=1: Echo $msg if ${$var} is a string with non-zero length.
+#
+_echoonce()
+{
+ local _var _msg _mode
+ eval _var=\$$1
+ _msg=$2
+ _mode=$3
+
+ case $_mode in
+ 1) [ -n "$_var" ] && echo "$_msg" ;;
+ *) [ -z "$_var" ] && echo -n "$_msg" && eval "$1=finished" ;;
+ esac
+}
+
+fi # [ -z "${_rc_subr_loaded}" ]
+
+_rc_subr_loaded=:
diff --git a/etc/rc.suspend b/etc/rc.suspend
new file mode 100755
index 0000000..90c085b
--- /dev/null
+++ b/etc/rc.suspend
@@ -0,0 +1,79 @@
+#!/bin/sh
+#
+# Copyright (c) 1999 Mitsuru IWASAKI
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# $FreeBSD$
+#
+
+# sample run command file for APM Suspend Event
+
+if [ $# -ne 2 ]; then
+ echo "Usage: $0 [apm|acpi] [standby,suspend|1-4]"
+ exit 1
+fi
+
+subsystem=$1
+state=$2
+
+if [ -r /var/run/rc.suspend.pid ]; then
+ exit 1
+fi
+
+echo $$ 2> /dev/null > /var/run/rc.suspend.pid
+
+_t=`/sbin/sysctl -n kern.timecounter.hardware 2> /dev/null`
+case ${_t#ACPI-} in
+fast|safe)
+ /bin/rm -f /var/run/rc.suspend.tch
+ ;;
+*)
+ { /sbin/sysctl -n kern.timecounter.hardware=ACPI-fast || \
+ /sbin/sysctl -n kern.timecounter.hardware=ACPI-safe; } \
+ > /dev/null 2>&1 && echo $_t > /var/run/rc.suspend.tch
+ ;;
+esac
+
+# If you have troubles on suspending with PC-CARD modem, try this.
+# See also contrib/pccardq.c (Only for PAO users).
+# pccardq | awk -F '~' '$5 == "filled" && $4 ~ /uart/ \
+# { printf("pccardc power %d 0", $1); }' | sh
+
+# If a device driver has problems suspending, try unloading it before
+# suspend and reloading it on resume. Example:
+# kldunload usb
+
+/usr/bin/logger -t $subsystem suspend at `/bin/date +'%Y%m%d %H:%M:%S'`
+/bin/sync && /bin/sync && /bin/sync
+/bin/sleep 3
+
+/bin/rm -f /var/run/rc.suspend.pid
+if [ $subsystem = "apm" ]; then
+ /usr/sbin/zzz
+else
+ # Notify the kernel to continue the suspend process
+ /usr/sbin/acpiconf -k 0
+fi
+
+exit 0
diff --git a/etc/regdomain.xml b/etc/regdomain.xml
new file mode 100644
index 0000000..ff57113
--- /dev/null
+++ b/etc/regdomain.xml
@@ -0,0 +1,1901 @@
+<!--
+ Copyright (c) 2007-2008 Sam Leffler, Errno Consulting
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+ $FreeBSD$
+-->
+
+<regulatory-data>
+
+<!-- Regdomain/SKU definitions -->
+
+<regulatory-domains>
+
+<!--
+ DEBUG holds all available channels; the driver/device
+ defines what the capabilities and tx power caps are.
+ Regdomain code gets this information with the
+ IEEE80211_IOC_DRIVERCAPS ioctl.
+-->
+<rd id="debug">
+ <name>DEBUG</name>
+ <sku>0x1ff</sku>
+</rd>
+
+<rd id="fcc">
+ <name>FCC</name>
+ <sku>0x10</sku>
+ <defcc ref="US"/>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5825_5825"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+</rd>
+
+<!-- FCC3 is FCC w/ DFS on Upper-UNI -->
+
+<rd id="fcc3">
+ <name>FCC3</name>
+ <sku>0x3a</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5580"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5660_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5825_5825"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5580"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5500_5580"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5660_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5660_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+</rd>
+
+<!-- FCC4 is 2.4GHz FCC w/ Public Safety Band (PSB) -->
+
+<rd id="fcc4">
+ <name>FCC4</name>
+ <sku>0x12</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_4950_4980"/>
+ <maxpower>23</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_4945_4985_10"/>
+ <maxpower>27</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_4942_4987_5"/>
+ <maxpower>30</maxpower>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="japan">
+ <name>JAPAN</name>
+ <sku>0x40</sku>
+ <defcc ref="JP"/>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ <band>
+ <freqband ref="F1_2484_2484"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_4920_4980"/>
+ <maxpower>23</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5040_5080"/>
+ <maxpower>23</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>23</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2472"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_4920_4980"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_4920_4980"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5040_5080"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5040_5080"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5180_5240"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5500_5680"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="etsi">
+ <name>ETSI</name>
+ <sku>0x30</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5500_5680"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+</rd>
+
+<!-- ETSI w/o HT40 in 5GHz -->
+
+<rd id="etsi2">
+ <name>ETSI2</name>
+ <sku>0x32</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5120_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5120_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+</rd>
+
+<!-- ETSI - channel 36 -->
+
+<rd id="etsi3">
+ <name>ETSI3</name>
+ <sku>0x33</sku>
+ <defcc ref="RO"/>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5200_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5280_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5200_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5200_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5280_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5280_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5500_5680"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="apac">
+ <name>APAC</name>
+ <sku>0x50</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5825_5825"/>
+ <maxpower>23</maxpower>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+</rd>
+
+<!-- APAC w/ DFS on Mid-band -->
+
+<rd id="apac2">
+ <name>APAC2</name>
+ <sku>0x51</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5120_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5825_5825"/>
+ <maxpower>23</maxpower>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5120_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5120_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+</rd>
+
+<!-- APAC w/o ISM band -->
+
+<rd id="apac3">
+ <name>APAC3</name>
+ <sku>0x5d</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ <flags>IEEE80211_CHAN_DFS</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="korea">
+ <name>KOREA</name>
+ <sku>0x45</sku>
+ <defcc ref="KR"/>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ <band>
+ <freqband ref="F1_2467_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="F1_2467_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5620"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="F1_2467_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5180_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5620"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+</rd>
+
+<!-- Rest Of World -->
+
+<rd id="row">
+ <name>ROW</name>
+ <sku>0x8a</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="none">
+ <name>NONE</name>
+ <sku>0xf0</sku>
+ <netband mode="11b">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ </band>
+ <band>
+ <freqband ref="F1_2467_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_B</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11g">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="F1_2467_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11a">
+ <band>
+ <freqband ref="F1_5120_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5825_5825"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11ng">
+ <band>
+ <freqband ref="F1_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2412_2462"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ </band>
+ <band>
+ <freqband ref="F1_2467_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_2467_2472"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+ <netband mode="11na">
+ <band>
+ <freqband ref="F1_5120_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5120_5240"/>
+ <maxpower>17</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5260_5320"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5500_5700"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5500_5680"/>
+ <maxpower>24</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5745_5805"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="F1_5825_5825"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT20</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ <band>
+ <freqband ref="H4_5825_5825"/>
+ <maxpower>23</maxpower>
+ <flags>IEEE80211_CHAN_HT40</flags>
+ <flags>IEEE80211_CHAN_PASSIVE</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="sr9">
+ <name>SR9</name>
+ <sku>0x0298</sku>
+ <netband mode="11g">
+ <band>
+ <freqband ref="S1_907_922_5"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="S1_907_922_10"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="S1_912_917"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="xr9">
+ <name>XR9</name>
+ <sku>0x299</sku>
+ <netband mode="11g">
+ <band>
+ <freqband ref="S1_907_922_5"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="S1_907_922_10"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="S1_912_917"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+</rd>
+
+<rd id="gz901">
+ <name>GZ901</name>
+ <sku>0x29a</sku>
+ <netband mode="11g">
+ <band>
+ <freqband ref="S1_908_923_5"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="S1_913_918_10"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ <band>
+ <freqband ref="S1_913_918"/>
+ <maxpower>30</maxpower>
+ <flags>IEEE80211_CHAN_G</flags>
+ </band>
+ </netband>
+</rd>
+</regulatory-domains>
+
+<country-codes>
+<!--
+ ISO 3166 Country/Region codes and regdomain mapping.
+
+ http://ftp.ics.uci.edu/pub/ietf/http/related/iso3166.txt
+ has the list of codes.
+ XXX this table is incomplete
+-->
+<country id="AL">
+ <isocc>8</isocc> <name>Albania</name> <rd ref="none"/>
+</country>
+<country id="DZ">
+ <isocc>12</isocc> <name>Algeria</name> <rd ref="none"/>
+</country>
+<country id="AR">
+ <isocc>32</isocc> <name>Argentina</name> <rd ref="none"/>
+</country>
+<country id="AM">
+ <isocc>51</isocc> <name>Armenia</name> <rd ref="etsi"/>
+</country>
+<country id="AU">
+ <isocc>36</isocc> <name>Australia</name> <rd ref="row"/>
+</country>
+<country id="AT">
+ <isocc>40</isocc> <name>Austria</name> <rd ref="etsi2"/>
+</country>
+<country id="AZ">
+ <isocc>31</isocc> <name>Azerbaijan</name> <rd ref="etsi"/>
+</country>
+<country id="BH">
+ <isocc>48</isocc> <name>Bahrain</name> <rd ref="none"/>
+</country>
+<country id="BD">
+ <isocc>50</isocc> <name>Bangladesh</name> <rd ref="row"/>
+</country>
+<country id="BY">
+ <isocc>112</isocc> <name>Belarus</name> <rd ref="none"/>
+</country>
+<country id="BE">
+ <isocc>56</isocc> <name>Belgium</name> <rd ref="etsi"/>
+</country>
+<country id="BZ">
+ <isocc>84</isocc> <name>Belize</name> <rd ref="none"/>
+</country>
+<country id="BO">
+ <isocc>68</isocc> <name>Bolivia</name> <rd ref="none"/>
+</country>
+<country id="BR">
+ <isocc>76</isocc> <name>Brazil</name> <rd ref="fcc"/>
+</country>
+<country id="BN">
+ <isocc>96</isocc> <name>Brunei</name> <rd ref="apac"/>
+</country>
+<country id="BG">
+ <isocc>100</isocc> <name>Bulgaria</name> <rd ref="etsi"/>
+</country>
+<country id="CA">
+ <isocc>124</isocc> <name>Canada</name> <rd ref="fcc"/>
+</country>
+<country id="CL">
+ <isocc>152</isocc> <name>Chile</name> <rd ref="row"/>
+</country>
+<country id="CN">
+ <isocc>156</isocc> <name>China</name> <rd ref="row"/>
+</country>
+<country id="CO">
+ <isocc>170</isocc> <name>Colombia</name> <rd ref="fcc"/>
+</country>
+<country id="CR">
+ <isocc>188</isocc> <name>Costa Rica</name> <rd ref="none"/>
+</country>
+<country id="HR">
+ <isocc>191</isocc> <name>Croatia</name> <rd ref="etsi"/>
+</country>
+<country id="CY">
+ <isocc>196</isocc> <name>Cyprus</name> <rd ref="etsi"/>
+</country>
+<country id="CZ">
+ <isocc>203</isocc> <name>Czech Republic</name> <rd ref="etsi"/>
+</country>
+<country id="DK">
+ <isocc>208</isocc> <name>Denmark</name> <rd ref="etsi"/>
+</country>
+<country id="DO">
+ <isocc>214</isocc> <name>Dominican Republic</name> <rd ref="none"/>
+</country>
+<country id="EC">
+ <isocc>218</isocc> <name>Ecuador</name> <rd ref="none"/>
+</country>
+<country id="EG">
+ <isocc>818</isocc> <name>Egypt</name> <rd ref="none"/>
+</country>
+<country id="SV">
+ <isocc>222</isocc> <name>El Salvador</name> <rd ref="none"/>
+</country>
+<country id="EE">
+ <isocc>233</isocc> <name>Estonia</name> <rd ref="etsi"/>
+</country>
+<country id="FI">
+ <isocc>246</isocc> <name>Finland</name> <rd ref="etsi"/>
+</country>
+<country id="FR">
+ <isocc>250</isocc> <name>France</name> <rd ref="etsi"/>
+</country>
+<country id="F2">
+ <isocc>255</isocc> <name>France2</name> <rd ref="etsi"/>
+</country>
+<country id="GE">
+ <isocc>268</isocc> <name>Georgia</name> <rd ref="etsi"/>
+</country>
+<country id="DE">
+ <isocc>276</isocc> <name>Germany</name> <rd ref="etsi"/>
+</country>
+<country id="GR">
+ <isocc>300</isocc> <name>Greece</name> <rd ref="etsi"/>
+</country>
+<country id="GT">
+ <isocc>320</isocc> <name>Guatemala</name> <rd ref="none"/>
+</country>
+<country id="HN">
+ <isocc>340</isocc> <name>Honduras</name> <rd ref="none"/>
+</country>
+<country id="HK">
+ <isocc>344</isocc> <name>Hong Kong</name> <rd ref="apac"/>
+</country>
+<country id="HU">
+ <isocc>348</isocc> <name>Hungary</name> <rd ref="etsi"/>
+</country>
+<country id="IS">
+ <isocc>352</isocc> <name>Iceland</name> <rd ref="etsi"/>
+</country>
+<country id="IN">
+ <isocc>356</isocc> <name>India</name> <rd ref="apac"/>
+</country>
+<country id="ID">
+ <isocc>360</isocc> <name>Indonesia</name> <rd ref="none"/>
+</country>
+<country id="IR">
+ <isocc>364</isocc> <name>Iran</name> <rd ref="none"/>
+</country>
+<country id="IE">
+ <isocc>372</isocc> <name>Ireland</name> <rd ref="etsi"/>
+</country>
+<country id="IL">
+ <isocc>376</isocc> <name>Israel</name> <rd ref="none"/>
+</country>
+<country id="IT">
+ <isocc>380</isocc> <name>Italy</name> <rd ref="etsi"/>
+</country>
+<country id="JM">
+ <isocc>388</isocc> <name>Jamaica</name> <rd ref="none"/>
+</country>
+<country id="JP">
+ <isocc>392</isocc> <name>Japan</name> <rd ref="japan"/>
+</country>
+<country id="J1">
+ <isocc>393</isocc> <name>Japan1</name> <rd ref="japan"/>
+</country>
+<country id="J2">
+ <isocc>394</isocc> <name>Japan2</name> <rd ref="japan"/>
+</country>
+<country id="J3">
+ <isocc>395</isocc> <name>Japan3</name> <rd ref="japan"/>
+</country>
+<country id="J4">
+ <isocc>396</isocc> <name>Japan4</name> <rd ref="japan"/>
+</country>
+<country id="J5">
+ <isocc>397</isocc> <name>Japan5</name> <rd ref="japan"/>
+</country>
+<country id="JO">
+ <isocc>400</isocc> <name>Jordan</name> <rd ref="none"/>
+</country>
+<country id="KZ">
+ <isocc>398</isocc> <name>Kazakhstan</name> <rd ref="none"/>
+</country>
+<country id="KP">
+ <isocc>408</isocc> <name>North Korea</name> <rd ref="korea"/>
+</country>
+<country id="KR">
+ <isocc>410</isocc> <name>Korea Republic</name> <rd ref="korea"/>
+</country>
+<country id="K2">
+ <isocc>411</isocc> <name>Korea Republic2</name> <rd ref="none"/>
+</country>
+<country id="KW">
+ <isocc>414</isocc> <name>Kuwait</name> <rd ref="none"/>
+</country>
+<country id="LV">
+ <isocc>428</isocc> <name>Latvia</name> <rd ref="etsi2"/>
+</country>
+<country id="LB">
+ <isocc>422</isocc> <name>Lebanon</name> <rd ref="none"/>
+</country>
+<country id="LI">
+ <isocc>438</isocc> <name>Liechtenstein</name> <rd ref="etsi"/>
+</country>
+<country id="LT">
+ <isocc>440</isocc> <name>Lithuania</name> <rd ref="etsi"/>
+</country>
+<country id="LU">
+ <isocc>442</isocc> <name>Luxemborg</name> <rd ref="etsi"/>
+</country>
+<country id="MO">
+ <isocc>446</isocc> <name>Macau</name> <rd ref="none"/>
+</country>
+<country id="MK">
+ <isocc>807</isocc> <name>Macedonia</name> <rd ref="none"/>
+</country>
+<country id="MY">
+ <isocc>458</isocc> <name>Malaysia</name> <rd ref="apac3"/>
+</country>
+<country id="MT">
+ <isocc>470</isocc> <name>Malta</name> <rd ref="etsi"/>
+</country>
+<country id="MX">
+ <isocc>484</isocc> <name>Mexico</name> <rd ref="fcc"/>
+</country>
+<country id="MC">
+ <isocc>492</isocc> <name>Monaco</name> <rd ref="none"/>
+</country>
+<country id="MA">
+ <isocc>504</isocc> <name>Morocco</name> <rd ref="etsi"/>
+</country>
+<country id="NP">
+ <isocc>524</isocc> <name>Nepal</name> <rd ref="row"/>
+</country>
+<country id="NL">
+ <isocc>528</isocc> <name>Netherlands</name> <rd ref="etsi"/>
+</country>
+<country id="NZ">
+ <isocc>554</isocc> <name>New Zealand</name> <rd ref="apac"/>
+</country>
+<country id="NO">
+ <isocc>578</isocc> <name>Norway</name> <rd ref="etsi"/>
+</country>
+<country id="OM">
+ <isocc>512</isocc> <name>Oman</name> <rd ref="none"/>
+</country>
+<country id="PK">
+ <isocc>586</isocc> <name>Pakistan</name> <rd ref="row"/>
+</country>
+<country id="PA">
+ <isocc>591</isocc> <name>Panama</name> <rd ref="none"/>
+</country>
+<country id="PE">
+ <isocc>604</isocc> <name>Peru</name> <rd ref="none"/>
+</country>
+<country id="PH">
+ <isocc>608</isocc> <name>Phillipines</name> <rd ref="apac2"/>
+</country>
+<country id="PL">
+ <isocc>616</isocc> <name>Poland</name> <rd ref="etsi"/>
+</country>
+<country id="PT">
+ <isocc>620</isocc> <name>Portugal</name> <rd ref="etsi"/>
+</country>
+<country id="PR">
+ <isocc>630</isocc> <name>Puerto Rico</name> <rd ref="fcc"/>
+</country>
+<country id="QA">
+ <isocc>634</isocc> <name>Quatar</name> <rd ref="none"/>
+</country>
+<country id="RO">
+ <isocc>642</isocc> <name>Romania</name> <rd ref="etsi"/>
+</country>
+<country id="RU">
+ <isocc>643</isocc> <name>Rusia</name> <rd ref="none"/>
+</country>
+<country id="SA">
+ <isocc>682</isocc> <name>Saudi Arabia</name> <rd ref="none"/>
+</country>
+<country id="SG">
+ <isocc>702</isocc> <name>Singapore</name> <rd ref="apac2"/>
+</country>
+<country id="SK">
+ <isocc>703</isocc> <name>Slovak Republic</name> <rd ref="etsi2"/>
+</country>
+<country id="SI">
+ <isocc>705</isocc> <name>Slovenia</name> <rd ref="etsi"/>
+</country>
+<country id="ZA">
+ <isocc>710</isocc> <name>South Africa</name> <rd ref="none"/>
+</country>
+<country id="ES">
+ <isocc>724</isocc> <name>Spain</name> <rd ref="etsi2"/>
+</country>
+<country id="LK">
+ <isocc>144</isocc> <name>Sri Lanka</name> <rd ref="apac2"/>
+</country>
+<country id="SE">
+ <isocc>752</isocc> <name>Sweden</name> <rd ref="etsi"/>
+</country>
+<country id="CH">
+ <isocc>756</isocc> <name>Switzerland</name> <rd ref="etsi"/>
+</country>
+<country id="SY">
+ <isocc>760</isocc> <name>Syria</name> <rd ref="none"/>
+</country>
+<country id="TW">
+ <isocc>158</isocc> <name>Taiwan</name> <rd ref="row"/>
+</country>
+<country id="TH">
+ <isocc>764</isocc> <name>Thailand</name> <rd ref="none"/>
+</country>
+<country id="TT">
+ <isocc>780</isocc> <name>Tobago</name> <rd ref="none"/>
+</country>
+<country id="TN">
+ <isocc>788</isocc> <name>Tunisia</name> <rd ref="none"/>
+</country>
+<country id="TR">
+ <isocc>792</isocc> <name>Turkey</name> <rd ref="etsi"/>
+</country>
+<country id="UA">
+ <isocc>804</isocc> <name>Ukraine</name> <rd ref="none"/>
+</country>
+<country id="AE">
+ <isocc>784</isocc> <name>United Arab Emirates</name> <rd ref="none"/>
+</country>
+<country id="GB">
+ <isocc>826</isocc> <name>United Kingdom</name> <rd ref="etsi"/>
+</country>
+<country id="US">
+ <isocc>840</isocc> <name>United States</name> <rd ref="fcc"/>
+</country>
+<country id="UY">
+ <isocc>858</isocc> <name>Uruguay</name> <rd ref="none"/>
+</country>
+<country id="UZ">
+ <isocc>860</isocc> <name>Uzbekistan</name> <rd ref="none"/>
+</country>
+<country id="VE">
+ <isocc>862</isocc> <name>Venezuela</name> <rd ref="fcc"/>
+</country>
+<country id="VN">
+ <isocc>704</isocc> <name>Viet Nam</name> <rd ref="apac2"/>
+</country>
+<country id="YE">
+ <isocc>887</isocc> <name>Yemen</name> <rd ref="none"/>
+</country>
+<country id="ZW">
+ <isocc>716</isocc> <name>Zimbabwe</name> <rd ref="none"/>
+</country>
+
+<country id="DEBUG">
+ <isocc>0</isocc> <name>Debug</name> <rd ref="debug"/>
+</country>
+</country-codes>
+
+<!--
+ Band specifications referenced above.
+ NB: keep sorted by starting frequency, legacy before HT
+-->
+<shared-frequency-bands>
+<freqband id="F1_4942_4987_5">
+ <freqstart>4942</freqstart> <freqend>4987</freqend>
+ <chanwidth>5</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+ <flags>IEEE80211_CHAN_QUARTER</flags>
+</freqband>
+<freqband id="F1_4945_4985_10">
+ <freqstart>4945</freqstart> <freqend>4985</freqend>
+ <chanwidth>10</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+ <flags>IEEE80211_CHAN_HALF</flags>
+</freqband>
+<freqband id="F1_4920_4980">
+ <freqstart>4920</freqstart> <freqend>4980</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_4920_4980">
+ <freqstart>4920</freqstart> <freqend>4980</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_4950_4980">
+ <freqstart>4950</freqstart> <freqend>4980</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5040_5080">
+ <freqstart>5040</freqstart> <freqend>5080</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5040_5080">
+ <freqstart>5040</freqstart> <freqend>5080</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5120_5240">
+ <freqstart>5120</freqstart> <freqend>5240</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5120_5240">
+ <freqstart>5120</freqstart> <freqend>5240</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5180_5240">
+ <freqstart>5180</freqstart> <freqend>5240</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5180_5240">
+ <freqstart>5180</freqstart> <freqend>5240</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5200_5240">
+ <freqstart>5200</freqstart> <freqend>5240</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5200_5240">
+ <freqstart>5200</freqstart> <freqend>5240</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5260_5320">
+ <freqstart>5260</freqstart> <freqend>5320</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5260_5320">
+ <freqstart>5260</freqstart> <freqend>5320</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5260_5700">
+ <freqstart>5260</freqstart> <freqend>5700</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5280_5320">
+ <freqstart>5280</freqstart> <freqend>5320</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5280_5320">
+ <freqstart>5280</freqstart> <freqend>5320</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5500_5580">
+ <freqstart>5500</freqstart> <freqend>5580</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5500_5580">
+ <freqstart>5500</freqstart> <freqend>5580</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5500_5620">
+ <freqstart>5500</freqstart> <freqend>5620</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5500_5620">
+ <freqstart>5500</freqstart> <freqend>5620</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5500_5680">
+ <freqstart>5500</freqstart> <freqend>5680</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5500_5700">
+ <freqstart>5500</freqstart> <freqend>5700</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5660_5700">
+ <freqstart>5660</freqstart> <freqend>5700</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5660_5700">
+ <freqstart>5660</freqstart> <freqend>5700</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5725_5825">
+ <freqstart>5725</freqstart> <freqend>5825</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5745_5805">
+ <freqstart>5745</freqstart> <freqend>5805</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5745_5805">
+ <freqstart>5745</freqstart> <freqend>5805</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5745_5825">
+ <freqstart>5745</freqstart> <freqend>5825</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="F1_5825_5825">
+ <freqstart>5825</freqstart> <freqend>5825</freqend>
+ <chanwidth>20</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+<freqband id="H4_5825_5825">
+ <freqstart>5825</freqstart> <freqend>5825</freqend>
+ <chanwidth>40</chanwidth> <chansep>20</chansep>
+ <flags>IEEE80211_CHAN_A</flags>
+</freqband>
+
+<freqband id="F1_2312_2372">
+ <freqstart>2312</freqstart> <freqend>2372</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="F1_2412_2462">
+ <freqstart>2412</freqstart> <freqend>2462</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="H4_2412_2462">
+ <freqstart>2412</freqstart> <freqend>2462</freqend>
+ <chanwidth>40</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="F1_2412_2472">
+ <freqstart>2412</freqstart> <freqend>2472</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="H4_2412_2472">
+ <freqstart>2412</freqstart> <freqend>2472</freqend>
+ <chanwidth>40</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="F1_2467_2472">
+ <freqstart>2467</freqstart> <freqend>2472</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="H4_2467_2472">
+ <freqstart>2467</freqstart> <freqend>2472</freqend>
+ <chanwidth>40</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="F1_2484_2484">
+ <freqstart>2484</freqstart> <freqend>2484</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+</freqband>
+<freqband id="F1_2512_2732">
+ <freqstart>2512</freqstart> <freqend>2732</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+</freqband>
+
+<freqband id="S1_907_922_5">
+ <freqstart>907</freqstart> <freqend>922</freqend>
+ <chanwidth>5</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_GSM</flags>
+ <flags>IEEE80211_CHAN_QUARTER</flags>
+</freqband>
+<freqband id="S1_907_922_10">
+ <freqstart>907</freqstart> <freqend>922</freqend>
+ <chanwidth>10</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_GSM</flags>
+ <flags>IEEE80211_CHAN_HALF</flags>
+</freqband>
+<freqband id="S1_912_917">
+ <freqstart>912</freqstart> <freqend>917</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_GSM</flags>
+</freqband>
+
+<freqband id="S1_908_923_5">
+ <freqstart>908</freqstart> <freqend>923</freqend>
+ <chanwidth>5</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_GSM</flags>
+ <flags>IEEE80211_CHAN_QUARTER</flags>
+</freqband>
+<freqband id="S1_913_918_10">
+ <freqstart>913</freqstart> <freqend>918</freqend>
+ <chanwidth>10</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_GSM</flags>
+ <flags>IEEE80211_CHAN_HALF</flags>
+</freqband>
+<freqband id="S1_913_918">
+ <freqstart>913</freqstart> <freqend>918</freqend>
+ <chanwidth>20</chanwidth> <chansep>5</chansep>
+ <flags>IEEE80211_CHAN_GSM</flags>
+</freqband>
+
+</shared-frequency-bands>
+
+</regulatory-data>
diff --git a/etc/remote b/etc/remote
new file mode 100644
index 0000000..c3e7808
--- /dev/null
+++ b/etc/remote
@@ -0,0 +1,76 @@
+# $FreeBSD$
+#
+# @(#)remote 5.2 (Berkeley) 6/30/90
+#
+# remote -- remote host description file
+# see tip(1), remote(5)
+#
+# at ACU type
+# br bit rate (defaults to 9600)
+# cu call unit (default is dv)
+# du make a call flag (dial up)
+# dv device to use for the tty
+# el EOL marks (default is NULL)
+# fs frame size (default is BUFSIZ) -- used in buffering writes on
+# receive operations
+# ie input EOF marks (default is NULL)
+# oe output EOF string (default is NULL)
+# pa The parity type to use: even, odd, none, zero, one (default even)
+# pn phone numbers (@ =>'s search phones file; possibly taken from
+# PHONES environment variable)
+# tc to continue a capability
+
+# Example systems
+unixshell|Unix Access:\
+ :pn=\@:tc=unix57600:
+dosbbs|DOS-based BBS:\
+ :pn=\@:tc=dos57600:
+
+# UNIX system definitions
+unix57600|57600 Baud dial-out to a UNIX system:\
+ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial57600:
+unix33600|33600 Baud dial-out to a UNIX system:\
+ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^D:tc=dial33600:
+
+# DOS system definitions
+dos57600|57600 Baud dial-out to a DOS system:\
+ :el=^U^C^R^O^D^S^Q:ie=%$:oe=^Z:pa=none:tc=dial57600:
+
+# 33.6k and 56k modems run the com port at 115200 bps to allow for the
+# compression performed in the modem. Note that some serial hardware
+# does not support speeds above 38400 bps and that speeds above that have
+# never been formally standardized. Modern architectures with 16550 or
+# better UARTs typically have no issues with the higher speeds.
+dial57600|57600 Baud Hayes attributes:\
+ br#115200:tc=dial:
+dial33600|33600 Baud Hayes attributes:\
+ br#115200:tc=dial:
+# 14.4k and 28.8k modems ran the port at 4x. Some rare 19.2 baud modems
+# did too, but those aren't included in this example.
+dial28800|28800 Baud Hayes attributes:\
+ br#115200:tc=dial:
+dial14400|14400 Baud Hayes attributes:\
+ br#57600:tc=dial:
+dial|Generic dialing parameters:\
+ :dv=/dev/cuau0:cu=/dev/cuau0:at=hayes:du:pa=none:
+
+# Hardwired line
+cuau0c|cua0c:dv=/dev/cuau0:br#9600:pa=none:
+
+# Finger friendly shortcuts
+uart0|com1:dv=/dev/cuau0:br#9600:pa=none:
+uart1|com2:dv=/dev/cuau1:br#9600:pa=none:
+uart2|com3:dv=/dev/cuau2:br#9600:pa=none:
+uart3|com4:dv=/dev/cuau3:br#9600:pa=none:
+uart4|com5:dv=/dev/cuau4:br#9600:pa=none:
+uart5|com6:dv=/dev/cuau5:br#9600:pa=none:
+uart6|com7:dv=/dev/cuau6:br#9600:pa=none:
+uart7|com8:dv=/dev/cuau7:br#9600:pa=none:
+ucom1:dv=/dev/cuaU0:br#9600:pa=none:
+ucom2:dv=/dev/cuaU1:br#9600:pa=none:
+ucom3:dv=/dev/cuaU2:br#9600:pa=none:
+ucom4:dv=/dev/cuaU3:br#9600:pa=none:
+ucom5:dv=/dev/cuaU4:br#9600:pa=none:
+ucom6:dv=/dev/cuaU5:br#9600:pa=none:
+ucom7:dv=/dev/cuaU6:br#9600:pa=none:
+ucom8:dv=/dev/cuaU7:br#9600:pa=none:
diff --git a/etc/root/dot.cshrc b/etc/root/dot.cshrc
new file mode 100644
index 0000000..36df9c6
--- /dev/null
+++ b/etc/root/dot.cshrc
@@ -0,0 +1,35 @@
+# $FreeBSD$
+#
+# .cshrc - csh resource script, read at beginning of execution by each shell
+#
+# see also csh(1), environ(7).
+#
+
+alias h history 25
+alias j jobs -l
+alias la ls -a
+alias lf ls -FA
+alias ll ls -lA
+
+# A righteous umask
+umask 22
+
+set path = (/sbin /bin /usr/sbin /usr/bin /usr/games /usr/local/sbin /usr/local/bin $HOME/bin)
+
+setenv EDITOR vi
+setenv PAGER more
+setenv BLOCKSIZE K
+
+if ($?prompt) then
+ # An interactive shell -- set some stuff up
+ set prompt = "`/bin/hostname -s`# "
+ set filec
+ set history = 100
+ set savehist = 100
+ set mail = (/var/mail/$USER)
+ if ( $?tcsh ) then
+ bindkey "^W" backward-delete-word
+ bindkey -k up history-search-backward
+ bindkey -k down history-search-forward
+ endif
+endif
diff --git a/etc/root/dot.k5login b/etc/root/dot.k5login
new file mode 100644
index 0000000..e01b941
--- /dev/null
+++ b/etc/root/dot.k5login
@@ -0,0 +1,4 @@
+# $FreeBSD$
+#
+# user1/root@YOUR.REALM.WHEREVER
+# user2/root@YOUR.REALM.WHEREVER
diff --git a/etc/root/dot.login b/etc/root/dot.login
new file mode 100644
index 0000000..3032ef9
--- /dev/null
+++ b/etc/root/dot.login
@@ -0,0 +1,9 @@
+# $FreeBSD$
+#
+# .login - csh login script, read by login shell, after `.cshrc' at login.
+#
+# see also csh(1), environ(7).
+#
+
+# Uncomment to display a random cookie each login:
+# [ -x /usr/games/fortune ] && /usr/games/fortune -s
diff --git a/etc/root/dot.profile b/etc/root/dot.profile
new file mode 100644
index 0000000..1fca58e
--- /dev/null
+++ b/etc/root/dot.profile
@@ -0,0 +1,10 @@
+# $FreeBSD$
+#
+PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:~/bin
+export PATH
+HOME=/root
+export HOME
+TERM=${TERM:-xterm}
+export TERM
+PAGER=more
+export PAGER
diff --git a/etc/rpc b/etc/rpc
new file mode 100644
index 0000000..935ea2f
--- /dev/null
+++ b/etc/rpc
@@ -0,0 +1,68 @@
+#
+# $FreeBSD$
+# rpc 88/08/01 4.0 RPCSRC; from 1.12 99/07/25 SMI
+#
+rpcbind 100000 portmap sunrpc rpcbind
+rstatd 100001 rstat rstat_svc rup perfmeter
+rusersd 100002 rusers
+nfs 100003 nfsprog
+ypserv 100004 ypprog
+mountd 100005 mount showmount
+ypbind 100007
+walld 100008 rwall shutdown
+yppasswdd 100009 yppasswd
+etherstatd 100010 etherstat
+rquotad 100011 rquotaprog quota rquota
+sprayd 100012 spray
+3270_mapper 100013
+rje_mapper 100014
+selection_svc 100015 selnsvc
+database_svc 100016
+rexd 100017 rex
+alis 100018
+sched 100019
+llockmgr 100020
+nlockmgr 100021
+x25.inr 100022
+statmon 100023
+status 100024
+bootparamd 100026 bootparam
+ypupdated 100028 ypupdate
+keyserv 100029 keyserver
+sunlink_mapper 100033
+tfsd 100037
+nsed 100038
+nsemntd 100039
+showfhd 100043 showfh
+ioadmd 100055 rpc.ioadmd
+NETlicense 100062
+sunisamd 100065
+debug_svc 100066 dbsrv
+cmsd 100068
+bugtraqd 100071
+kerbd 100078
+ttdbserver 100083 tooltalk
+event 100101 na.event # SunNet Manager
+logger 100102 na.logger # SunNet Manager
+sync 100104 na.sync
+hostperf 100107 na.hostperf
+activity 100109 na.activity # SunNet Manager
+hostmem 100112 na.hostmem
+sample 100113 na.sample
+x25 100114 na.x25
+ping 100115 na.ping
+rpcnfs 100116 na.rpcnfs
+hostif 100117 na.hostif
+etherif 100118 na.etherif
+iproutes 100120 na.iproutes
+layers 100121 na.layers
+snmp 100122 na.snmp snmp-cmc snmp-synoptics snmp-unisys snmp-utk
+traffic 100123 na.traffic
+nfs_acl 100227
+sadmind 100232
+nisd 100300 rpc.nisd
+nispasswd 100303 rpc.nispasswdd
+ufsd 100233
+pcnfsd 150001 pcnfs
+amd 300019
+sgi_fam 391002 # file alteration monitor
diff --git a/etc/sendmail/Makefile b/etc/sendmail/Makefile
new file mode 100644
index 0000000..b79e722
--- /dev/null
+++ b/etc/sendmail/Makefile
@@ -0,0 +1,94 @@
+# @(#)Makefile 8.19 (Berkeley) 1/14/97
+# $FreeBSD$
+
+M4= m4
+CHMOD= chmod
+ROMODE= 444
+RM= rm -f
+
+SENDMAIL_DIR= ${.CURDIR}/../../contrib/sendmail
+SMDIR= ${SENDMAIL_DIR}/src
+SENDMAIL_CF_DIR?=${SENDMAIL_DIR}/cf
+
+# this is overkill, but....
+M4FILES!= find ${SENDMAIL_CF_DIR} -type f -name '*.m4' -print
+
+.SUFFIXES: .mc .cf
+
+.mc.cf: ${M4FILES}
+ ${RM} ${.TARGET}
+ ${M4} -D_CF_DIR_=${SENDMAIL_CF_DIR}/ ${SENDMAIL_M4_FLAGS} \
+ ${SENDMAIL_CF_DIR}/m4/cf.m4 ${.IMPSRC} > ${.TARGET}
+ ${CHMOD} ${ROMODE} ${.TARGET}
+
+DEST_CF= ${DESTDIR}/etc/mail/sendmail.cf
+DEST_SUBMIT_CF= ${DESTDIR}/etc/mail/submit.cf
+
+ALL= freebsd.cf freebsd.submit.cf
+CLEANFILES= freebsd.cf freebsd.submit.cf
+
+# Local SENDMAIL_MC or SENDMAIL_CF may be set in /etc/make.conf.
+# Warning! If set, this causes 'make install' to always copy it
+# over /etc/mail/sendmail.cf!!!
+# Caveat emptor! Be sure you want this before you enable it.
+.if defined(SENDMAIL_MC) && defined(SENDMAIL_CF)
+.error Both SENDMAIL_MC and SENDMAIL_CF cannot be set.
+.elif defined(SENDMAIL_MC)
+INSTALL_CF= ${SENDMAIL_MC:T:R}.cf
+ALL+= ${INSTALL_CF}
+CLEANFILES+= ${SENDMAIL_MC:T:R}.cf
+${INSTALL_CF}: ${SENDMAIL_MC}
+.elif defined(SENDMAIL_CF)
+ALL+= ${SENDMAIL_CF}
+INSTALL_CF= ${SENDMAIL_CF}
+.endif
+
+.if !defined(SENDMAIL_SET_USER_ID) && defined(SENDMAIL_SUBMIT_MC)
+INSTALL_SUBMIT_CF= ${SENDMAIL_SUBMIT_MC:T:R}.cf
+ALL+= ${INSTALL_SUBMIT_CF}
+CLEANFILES+= ${INSTALL_SUBMIT_CF}
+${INSTALL_SUBMIT_CF}: ${SENDMAIL_SUBMIT_MC}
+.endif
+
+# Additional .cf files to build.
+.if defined(SENDMAIL_ADDITIONAL_MC)
+SENDMAIL_ADDITIONAL_CF= ${SENDMAIL_ADDITIONAL_MC:T:S/.mc$/.cf/}
+ALL+= ${SENDMAIL_ADDITIONAL_CF}
+CLEANFILES+= ${SENDMAIL_ADDITIONAL_CF}
+.for mc in ${SENDMAIL_ADDITIONAL_MC}
+${mc:T:R}.cf: ${mc}
+.endfor
+.endif
+
+all: ${ALL}
+
+distribution:
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${.CURDIR}/freebsd.mc freebsd.cf ${DESTDIR}/etc/mail
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
+ ${.CURDIR}/freebsd.submit.mc freebsd.submit.cf ${DESTDIR}/etc/mail
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
+ ${SMDIR}/helpfile ${DESTDIR}/etc/mail
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 640 \
+ /dev/null ${DESTDIR}/var/log/sendmail.st
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ freebsd.cf ${DEST_CF}
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 444 \
+ freebsd.submit.cf ${DEST_SUBMIT_CF}
+
+install:
+.if defined(INSTALL_CF) && ${INSTALL_CF} != ${DEST_CF}
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${INSTALL_CF} ${DEST_CF}
+.endif
+.if defined(SENDMAIL_ADDITIONAL_CF)
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${SENDMAIL_ADDITIONAL_CF} ${DESTDIR}/etc/mail
+.endif
+.if !defined(SENDMAIL_SET_USER_ID) && \
+ defined(INSTALL_SUBMIT_CF) && ${INSTALL_SUBMIT_CF} != ${DEST_SUBMIT_CF}
+ ${INSTALL} -o ${BINOWN} -g ${BINGRP} -m 644 \
+ ${INSTALL_SUBMIT_CF} ${DEST_SUBMIT_CF}
+.endif
+
+.include <bsd.prog.mk>
diff --git a/etc/sendmail/freebsd.mc b/etc/sendmail/freebsd.mc
new file mode 100644
index 0000000..1e28c47
--- /dev/null
+++ b/etc/sendmail/freebsd.mc
@@ -0,0 +1,90 @@
+divert(-1)
+#
+# Copyright (c) 1983 Eric P. Allman
+# Copyright (c) 1988, 1993
+# The Regents of the University of California. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by the University of
+# California, Berkeley and its contributors.
+# 4. Neither the name of the University nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+#
+# This is a generic configuration file for FreeBSD 6.X and later systems.
+# If you want to customize it, copy it to a name appropriate for your
+# environment and do the modifications there.
+#
+# The best documentation for this .mc file is:
+# /usr/share/sendmail/cf/README or
+# /usr/src/contrib/sendmail/cf/README
+#
+
+divert(0)
+VERSIONID(`$FreeBSD$')
+OSTYPE(freebsd6)
+DOMAIN(generic)
+
+FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
+FEATURE(blacklist_recipients)
+FEATURE(local_lmtp)
+FEATURE(mailertable, `hash -o /etc/mail/mailertable')
+FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
+
+dnl Uncomment to allow relaying based on your MX records.
+dnl NOTE: This can allow sites to use your server as a backup MX without
+dnl your permission.
+dnl FEATURE(relay_based_on_MX)
+
+dnl DNS based black hole lists
+dnl --------------------------------
+dnl DNS based black hole lists come and go on a regular basis
+dnl so this file will not serve as a database of the available servers.
+dnl For that, visit
+dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
+
+dnl Uncomment to activate your chosen DNS based blacklist
+dnl FEATURE(dnsbl, `dnsbl.example.com')
+dnl Alternatively, you can provide your own server and rejection message:
+dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected'')
+
+dnl Dialup users should uncomment and define this appropriately
+dnl define(`SMART_HOST', `your.isp.mail.server')
+
+dnl Uncomment the first line to change the location of the default
+dnl /etc/mail/local-host-names and comment out the second line.
+dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
+define(`confCW_FILE', `-o /etc/mail/local-host-names')
+
+dnl Enable for both IPv4 and IPv6 (optional)
+DAEMON_OPTIONS(`Name=IPv4, Family=inet')
+DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
+
+define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
+define(`confNO_RCPT_ACTION', `add-to-undisclosed')
+define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
+MAILER(local)
+MAILER(smtp)
diff --git a/etc/sendmail/freebsd.submit.mc b/etc/sendmail/freebsd.submit.mc
new file mode 100644
index 0000000..c6ec655
--- /dev/null
+++ b/etc/sendmail/freebsd.submit.mc
@@ -0,0 +1,27 @@
+divert(-1)
+#
+# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
+# All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+#
+# This is the FreeBSD configuration for a set-group-ID sm-msp sendmail
+# that acts as a initial mail submission program.
+#
+
+divert(0)dnl
+VERSIONID(`$FreeBSD$')
+define(`confCF_VERSION', `Submit')dnl
+define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
+define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
+define(`confTIME_ZONE', `USE_TZ')dnl
+define(`confDONT_INIT_GROUPS', `True')dnl
+define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
+dnl
+dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
+FEATURE(`msp', `[127.0.0.1]')dnl
diff --git a/etc/sendmail/freefall.mc b/etc/sendmail/freefall.mc
new file mode 100644
index 0000000..9f77dbd
--- /dev/null
+++ b/etc/sendmail/freefall.mc
@@ -0,0 +1,47 @@
+divert(-1)
+#
+# Copyright (c) 1983 Eric P. Allman
+# Copyright (c) 1988, 1993
+# The Regents of the University of California. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by the University of
+# California, Berkeley and its contributors.
+# 4. Neither the name of the University nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+
+#
+# This is the prototype for a "null client" -- that is, a client that
+# does nothing except forward all mail to a mail hub, plus an extra
+# line to make the email all appear as coming from "FreeBSD.org".
+#
+
+divert(0)dnl
+VERSIONID(`$FreeBSD$')
+
+OSTYPE(freebsd6)
+FEATURE(nullclient, hub.$m)
+MASQUERADE_AS(FreeBSD.org)
diff --git a/etc/services b/etc/services
new file mode 100644
index 0000000..146fefc
--- /dev/null
+++ b/etc/services
@@ -0,0 +1,2483 @@
+#
+# Network services, Internet style
+#
+# Note that it is presently the policy of IANA to assign a single well-known
+# port number for both TCP and UDP; hence, most entries here have two entries
+# even if the protocol doesn't support UDP operations.
+#
+# The latest IANA port assignments can be gotten from
+#
+# http://www.iana.org/assignments/port-numbers
+#
+# The Well Known Ports are those from 0 through 1023.
+# The Registered Ports are those from 1024 through 49151
+# The Dynamic and/or Private Ports are those from 49152 through 65535
+#
+# Kerberos services are for Kerberos v4, and are unofficial. Sites running
+# v5 should uncomment v5 entries and comment v4 entries.
+#
+# $FreeBSD$
+# From: @(#)services 5.8 (Berkeley) 5/9/91
+#
+# WELL KNOWN PORT NUMBERS
+#
+rtmp 1/ddp #Routing Table Maintenance Protocol
+tcpmux 1/tcp #TCP Port Service Multiplexer
+tcpmux 1/udp #TCP Port Service Multiplexer
+nbp 2/ddp #Name Binding Protocol
+compressnet 2/tcp #Management Utility
+compressnet 2/udp #Management Utility
+compressnet 3/tcp #Compression Process
+compressnet 3/udp #Compression Process
+echo 4/ddp #AppleTalk Echo Protocol
+rje 5/tcp #Remote Job Entry
+rje 5/udp #Remote Job Entry
+zip 6/ddp #Zone Information Protocol
+echo 7/sctp
+echo 7/tcp
+echo 7/udp
+discard 9/sctp sink null
+discard 9/tcp sink null
+discard 9/udp sink null
+systat 11/tcp users #Active Users
+systat 11/udp users #Active Users
+daytime 13/sctp
+daytime 13/tcp
+daytime 13/udp
+qotd 17/tcp quote #Quote of the Day
+qotd 17/udp quote #Quote of the Day
+msp 18/tcp #Message Send Protocol
+msp 18/udp #Message Send Protocol
+chargen 19/sctp ttytst source #Character Generator
+chargen 19/tcp ttytst source #Character Generator
+chargen 19/udp ttytst source #Character Generator
+ftp-data 20/sctp #File Transfer [Default Data]
+ftp-data 20/tcp #File Transfer [Default Data]
+ftp-data 20/udp #File Transfer [Default Data]
+ftp 21/sctp #File Transfer [Control]
+ftp 21/tcp #File Transfer [Control]
+ftp 21/udp #File Transfer [Control]
+ssh 22/sctp #Secure Shell Login
+ssh 22/tcp #Secure Shell Login
+ssh 22/udp #Secure Shell Login
+telnet 23/tcp
+telnet 23/udp
+# 24/tcp any private mail system
+# 24/udp any private mail system
+smtp 25/tcp mail #Simple Mail Transfer
+smtp 25/udp mail #Simple Mail Transfer
+nsw-fe 27/tcp #NSW User System FE
+nsw-fe 27/udp #NSW User System FE
+msg-icp 29/tcp #MSG ICP
+msg-icp 29/udp #MSG ICP
+msg-auth 31/tcp #MSG Authentication
+msg-auth 31/udp #MSG Authentication
+dsp 33/tcp #Display Support Protocol
+dsp 33/udp #Display Support Protocol
+# 35/tcp any private printer server
+# 35/udp any private printer server
+time 37/tcp timserver
+time 37/udp timserver
+rap 38/tcp #Route Access Protocol
+rap 38/udp #Route Access Protocol
+rlp 39/tcp resource #Resource Location Protocol
+rlp 39/udp resource #Resource Location Protocol
+graphics 41/tcp
+graphics 41/udp
+nameserver 42/tcp name #Host Name Server
+nameserver 42/udp name #Host Name Server
+nicname 43/tcp whois
+nicname 43/udp whois
+mpm-flags 44/tcp #MPM FLAGS Protocol
+mpm-flags 44/udp #MPM FLAGS Protocol
+mpm 45/tcp #Message Processing Module [recv]
+mpm 45/udp #Message Processing Module [recv]
+mpm-snd 46/tcp #MPM [default send]
+mpm-snd 46/udp #MPM [default send]
+ni-ftp 47/tcp #NI FTP
+ni-ftp 47/udp #NI FTP
+auditd 48/tcp #Digital Audit Daemon
+auditd 48/udp #Digital Audit Daemon
+tacacs 49/tcp #Login Host Protocol (TACACS)
+tacacs 49/udp #Login Host Protocol (TACACS)
+re-mail-ck 50/tcp #Remote Mail Checking Protocol
+re-mail-ck 50/udp #Remote Mail Checking Protocol
+la-maint 51/tcp #IMP Logical Address Maintenance
+la-maint 51/udp #IMP Logical Address Maintenance
+xns-time 52/tcp #XNS Time Protocol
+xns-time 52/udp #XNS Time Protocol
+domain 53/tcp #Domain Name Server
+domain 53/udp #Domain Name Server
+xns-ch 54/tcp #XNS Clearinghouse
+xns-ch 54/udp #XNS Clearinghouse
+isi-gl 55/tcp #ISI Graphics Language
+isi-gl 55/udp #ISI Graphics Language
+xns-auth 56/tcp #XNS Authentication
+xns-auth 56/udp #XNS Authentication
+# 57/tcp any private terminal access
+# 57/udp any private terminal access
+xns-mail 58/tcp #XNS Mail
+xns-mail 58/udp #XNS Mail
+# 59/tcp any private file service
+# 59/udp any private file service
+ni-mail 61/tcp #NI MAIL
+ni-mail 61/udp #NI MAIL
+acas 62/tcp #ACA Services
+acas 62/udp #ACA Services
+whois++ 63/tcp
+whois++ 63/udp
+covia 64/tcp #Communications Integrator (CI)
+covia 64/udp #Communications Integrator (CI)
+tacacs-ds 65/tcp #TACACS-Database Service
+tacacs-ds 65/udp #TACACS-Database Service
+sql*net 66/tcp #Oracle SQL*NET
+sql*net 66/udp #Oracle SQL*NET
+bootps 67/tcp dhcps #Bootstrap Protocol Server
+bootps 67/udp dhcps #Bootstrap Protocol Server
+bootpc 68/tcp dhcpc #Bootstrap Protocol Client
+bootpc 68/udp dhcpc #Bootstrap Protocol Client
+tftp 69/tcp #Trivial File Transfer
+tftp 69/udp #Trivial File Transfer
+gopher 70/tcp
+gopher 70/udp
+netrjs-1 71/tcp #Remote Job Service
+netrjs-1 71/udp #Remote Job Service
+netrjs-2 72/tcp #Remote Job Service
+netrjs-2 72/udp #Remote Job Service
+netrjs-3 73/tcp #Remote Job Service
+netrjs-3 73/udp #Remote Job Service
+netrjs-4 74/tcp #Remote Job Service
+netrjs-4 74/udp #Remote Job Service
+# 75/tcp any private dial out service
+# 75/udp any private dial out service
+deos 76/tcp #Distributed External Object Store
+deos 76/udp #Distributed External Object Store
+# 77/tcp any private RJE service
+# 77/udp any private RJE service
+vettcp 78/tcp
+vettcp 78/udp
+finger 79/tcp
+finger 79/udp
+http 80/sctp www www-http #World Wide Web HTTP
+http 80/tcp www www-http #World Wide Web HTTP
+http 80/udp www www-http #World Wide Web HTTP
+hosts2-ns 81/tcp #HOSTS2 Name Server
+hosts2-ns 81/udp #HOSTS2 Name Server
+xfer 82/tcp #XFER Utility
+xfer 82/udp #XFER Utility
+mit-ml-dev 83/tcp #MIT ML Device
+mit-ml-dev 83/udp #MIT ML Device
+ctf 84/tcp #Common Trace Facility
+ctf 84/udp #Common Trace Facility
+mit-ml-dev 85/tcp #MIT ML Device
+mit-ml-dev 85/udp #MIT ML Device
+mfcobol 86/tcp #Micro Focus Cobol
+mfcobol 86/udp #Micro Focus Cobol
+# 87/tcp any private terminal link
+# 87/udp any private terminal link
+kerberos-sec 88/tcp kerberos # krb5 # Kerberos (v5)
+kerberos-sec 88/udp kerberos # krb5 # Kerberos (v5)
+su-mit-tg 89/tcp #SU/MIT Telnet Gateway
+su-mit-tg 89/udp #SU/MIT Telnet Gateway
+dnsix 90/tcp #DNSIX Securit Attribute Token Map
+dnsix 90/udp #DNSIX Securit Attribute Token Map
+mit-dov 91/tcp #MIT Dover Spooler
+mit-dov 91/udp #MIT Dover Spooler
+npp 92/tcp #Network Printing Protocol
+npp 92/udp #Network Printing Protocol
+dcp 93/tcp #Device Control Protocol
+dcp 93/udp #Device Control Protocol
+objcall 94/tcp #Tivoli Object Dispatcher
+objcall 94/udp #Tivoli Object Dispatcher
+supdup 95/tcp
+supdup 95/udp
+dixie 96/tcp #DIXIE Protocol Specification
+dixie 96/udp #DIXIE Protocol Specification
+swift-rvf 97/tcp #Swift Remote Virtural File Protocol
+swift-rvf 97/udp #Swift Remote Virtural File Protocol
+tacnews 98/tcp #TAC News, Unofficial: Red Hat linuxconf
+tacnews 98/udp #TAC News, Unofficial: Red Hat linuxconf
+metagram 99/tcp #Metagram Relay
+metagram 99/udp #Metagram Relay
+newacct 100/tcp #[unauthorized use]
+hostname 101/tcp hostnames #NIC Host Name Server
+hostname 101/udp hostnames #NIC Host Name Server
+iso-tsap 102/tcp tsap #ISO-TSAP Class 0
+iso-tsap 102/udp tsap #ISO-TSAP Class 0
+gppitnp 103/tcp #Genesis Point-to-Point Trans Net
+gppitnp 103/udp #Genesis Point-to-Point Trans Net
+acr-nema 104/tcp #ACR-NEMA Digital Imag. & Comm. 300
+acr-nema 104/udp #ACR-NEMA Digital Imag. & Comm. 300
+csnet-ns 105/tcp cso-ns cso #Mailbox Name Nameserver
+csnet-ns 105/udp cso-ns cso #Mailbox Name Nameserver
+pop3pw 106/tcp 3com-tsmux #Eudora compatible PW changer
+3com-tsmux 106/udp
+rtelnet 107/tcp #Remote Telnet Service
+rtelnet 107/udp #Remote Telnet Service
+snagas 108/tcp #SNA Gateway Access Server
+snagas 108/udp #SNA Gateway Access Server
+pop2 109/tcp postoffice #Post Office Protocol - Version 2
+pop2 109/udp postoffice #Post Office Protocol - Version 2
+pop3 110/tcp #Post Office Protocol - Version 3
+pop3 110/udp #Post Office Protocol - Version 3
+sunrpc 111/tcp rpcbind #SUN Remote Procedure Call
+sunrpc 111/udp rpcbind #SUN Remote Procedure Call
+mcidas 112/tcp #McIDAS Data Transmission Protocol
+mcidas 112/udp #McIDAS Data Transmission Protocol
+auth 113/tcp ident tap #Authentication Service
+auth 113/udp ident tap #Authentication Service
+sftp 115/tcp #Simple File Transfer Protocol
+sftp 115/udp #Simple File Transfer Protocol
+ansanotify 116/tcp #ANSA REX Notify
+ansanotify 116/udp #ANSA REX Notify
+uucp-path 117/tcp #UUCP Path Service
+uucp-path 117/udp #UUCP Path Service
+sqlserv 118/tcp #SQL Services
+sqlserv 118/udp #SQL Services
+nntp 119/tcp usenet #Network News Transfer Protocol
+nntp 119/udp usenet #Network News Transfer Protocol
+cfdptkt 120/tcp
+cfdptkt 120/udp
+erpc 121/tcp #Encore Expedited Remote Pro.Call
+erpc 121/udp #Encore Expedited Remote Pro.Call
+smakynet 122/tcp
+smakynet 122/udp
+ntp 123/tcp #Network Time Protocol
+ntp 123/udp #Network Time Protocol
+ansatrader 124/tcp #ANSA REX Trader
+ansatrader 124/udp #ANSA REX Trader
+locus-map 125/tcp #Locus PC-Interface Net Map Ser
+locus-map 125/udp #Locus PC-Interface Net Map Ser
+unitary 126/tcp #Unisys Unitary Login
+unitary 126/udp #Unisys Unitary Login
+locus-con 127/tcp #Locus PC-Interface Conn Server
+locus-con 127/udp #Locus PC-Interface Conn Server
+gss-xlicen 128/tcp #GSS X License Verification
+gss-xlicen 128/udp #GSS X License Verification
+pwdgen 129/tcp #Password Generator Protocol
+pwdgen 129/udp #Password Generator Protocol
+cisco-fna 130/tcp #cisco FNATIVE
+cisco-fna 130/udp #cisco FNATIVE
+cisco-tna 131/tcp #cisco TNATIVE
+cisco-tna 131/udp #cisco TNATIVE
+cisco-sys 132/tcp #cisco SYSMAINT
+cisco-sys 132/udp #cisco SYSMAINT
+statsrv 133/tcp #Statistics Service
+statsrv 133/udp #Statistics Service
+ingres-net 134/tcp #INGRES-NET Service
+ingres-net 134/udp #INGRES-NET Service
+loc-srv 135/tcp epmap #Location Service
+loc-srv 135/udp epmap #Location Service
+profile 136/tcp #PROFILE Naming System
+profile 136/udp #PROFILE Naming System
+netbios-ns 137/tcp #NETBIOS Name Service
+netbios-ns 137/udp #NETBIOS Name Service
+netbios-dgm 138/tcp #NETBIOS Datagram Service
+netbios-dgm 138/udp #NETBIOS Datagram Service
+netbios-ssn 139/tcp #NETBIOS Session Service
+netbios-ssn 139/udp #NETBIOS Session Service
+emfis-data 140/tcp #EMFIS Data Service
+emfis-data 140/udp #EMFIS Data Service
+emfis-cntl 141/tcp #EMFIS Control Service
+emfis-cntl 141/udp #EMFIS Control Service
+bl-idm 142/tcp #Britton-Lee IDM
+bl-idm 142/udp #Britton-Lee IDM
+imap 143/tcp imap2 imap4 #Interim Mail Access Protocol v2
+imap 143/udp imap2 imap4 #Interim Mail Access Protocol v2
+NeWS 144/tcp # Window System
+NeWS 144/udp # Window System
+#PROBLEMS!==============================================================
+#uma 144/tcp #Universal Management Architecture
+#uma 144/udp #Universal Management Architecture
+#PROBLEMS!==============================================================
+uaac 145/tcp #UAAC Protocol
+uaac 145/udp #UAAC Protocol
+iso-tp0 146/tcp
+iso-tp0 146/udp
+iso-ip 147/tcp
+iso-ip 147/udp
+cronus 148/tcp jargon #CRONUS-SUPPORT
+cronus 148/udp jargon #CRONUS-SUPPORT
+aed-512 149/tcp #AED 512 Emulation Service
+aed-512 149/udp #AED 512 Emulation Service
+sql-net 150/tcp
+sql-net 150/udp
+hems 151/tcp
+hems 151/udp
+bftp 152/tcp #Background File Transfer Program
+bftp 152/udp #Background File Transfer Program
+sgmp 153/tcp
+sgmp 153/udp
+netsc-prod 154/tcp
+netsc-prod 154/udp
+netsc-dev 155/tcp
+netsc-dev 155/udp
+sqlsrv 156/tcp #SQL Service
+sqlsrv 156/udp #SQL Service
+knet-cmp 157/tcp #KNET/VM Command/Message Protocol
+knet-cmp 157/udp #KNET/VM Command/Message Protocol
+pcmail-srv 158/tcp #PCMail Server
+pcmail-srv 158/udp #PCMail Server
+nss-routing 159/tcp
+nss-routing 159/udp
+sgmp-traps 160/tcp
+sgmp-traps 160/udp
+snmp 161/tcp
+snmp 161/udp
+snmptrap 162/tcp snmp-trap
+snmptrap 162/udp snmp-trap
+cmip-man 163/tcp #CMIP/TCP Manager
+cmip-man 163/udp #CMIP/TCP Manager
+cmip-agent 164/tcp #CMIP/TCP Agent
+smip-agent 164/udp #CMIP/TCP Agent
+xns-courier 165/tcp #Xerox
+xns-courier 165/udp #Xerox
+s-net 166/tcp #Sirius Systems
+s-net 166/udp #Sirius Systems
+namp 167/tcp
+namp 167/udp
+rsvd 168/tcp
+rsvd 168/udp
+send 169/tcp
+send 169/udp
+print-srv 170/tcp #Network PostScript
+print-srv 170/udp #Network PostScript
+multiplex 171/tcp #Network Innovations Multiplex
+multiplex 171/udp #Network Innovations Multiplex
+cl/1 172/tcp #Network Innovations CL/1
+cl/1 172/udp #Network Innovations CL/1
+xyplex-mux 173/tcp
+xyplex-mux 173/udp
+mailq 174/tcp
+mailq 174/udp
+vmnet 175/tcp
+vmnet 175/udp
+genrad-mux 176/tcp
+genrad-mux 176/udp
+xdmcp 177/tcp #X Display Manager Control Protocol
+xdmcp 177/udp #X Display Manager Control Protocol
+NextStep 178/tcp nextstep NeXTStep #NextStep Window Server
+NextStep 178/udp nextstep NeXTStep #NextStep Window Server
+bgp 179/sctp #Border Gateway Protocol
+bgp 179/tcp #Border Gateway Protocol
+bgp 179/udp #Border Gateway Protocol
+ris 180/tcp #Intergraph
+ris 180/udp #Intergraph
+unify 181/tcp
+unify 181/udp
+audit 182/tcp #Unisys Audit SITP
+audit 182/udp #Unisys Audit SITP
+ocbinder 183/tcp
+ocbinder 183/udp
+ocserver 184/tcp
+ocserver 184/udp
+remote-kis 185/tcp
+remote-kis 185/udp
+kis 186/tcp #KIS Protocol
+kis 186/udp #KIS Protocol
+aci 187/tcp #Application Communication Interface
+aci 187/udp #Application Communication Interface
+mumps 188/tcp #Plus Five's MUMPS
+mumps 188/udp #Plus Five's MUMPS
+qft 189/tcp #Queued File Transport
+qft 189/udp #Queued File Transport
+gacp 190/tcp #Gateway Access Control Protocol
+gacp 190/udp cacp #Gateway Access Control Protocol
+prospero 191/tcp #Prospero Directory Service
+prospero 191/udp #Prospero Directory Service
+osu-nms 192/tcp #OSU Network Monitoring System
+osu-nms 192/udp #OSU Network Monitoring System
+srmp 193/tcp #Spider Remote Monitoring Protocol
+srmp 193/udp #Spider Remote Monitoring Protocol
+irc 194/tcp #Internet Relay Chat Protocol
+irc 194/udp #Internet Relay Chat Protocol
+dn6-nlm-aud 195/tcp #DNSIX Network Level Module Audit
+dn6-nlm-aud 195/udp #DNSIX Network Level Module Audit
+dn6-smm-red 196/tcp #DNSIX Session Mgt Module Audit Redir
+dn6-smm-red 196/udp #DNSIX Session Mgt Module Audit Redir
+dls 197/tcp #Directory Location Service
+dls 197/udp #Directory Location Service
+dls-mon 198/tcp #Directory Location Service Monitor
+dls-mon 198/udp #Directory Location Service Monitor
+smux 199/tcp
+smux 199/udp
+src 200/tcp #IBM System Resource Controller
+src 200/udp #IBM System Resource Controller
+at-rtmp 201/tcp #AppleTalk Routing Maintenance
+at-rtmp 201/udp #AppleTalk Routing Maintenance
+at-nbp 202/tcp #AppleTalk Name Binding
+at-nbp 202/udp #AppleTalk Name Binding
+at-3 203/tcp #AppleTalk Unused
+at-3 203/udp #AppleTalk Unused
+at-echo 204/tcp #AppleTalk Echo
+at-echo 204/udp #AppleTalk Echo
+at-5 205/tcp #AppleTalk Unused
+at-5 205/udp #AppleTalk Unused
+at-zis 206/tcp #AppleTalk Zone Information
+at-zis 206/udp #AppleTalk Zone Information
+at-7 207/tcp #AppleTalk Unused
+at-7 207/udp #AppleTalk Unused
+at-8 208/tcp #AppleTalk Unused
+at-8 208/udp #AppleTalk Unused
+qmtp 209/tcp #The Quick Mail Transfer Protocol
+qmtp 209/udp #The Quick Mail Transfer Protocol
+#PROBLEMS!==============================================================
+#tam 209/tcp #Trivial Authenticated Mail Protocol
+#tam 209/udp #Trivial Authenticated Mail Protocol
+#PROBLEMS!==============================================================
+z39.50 210/tcp wais #ANSI Z39.50
+z39.50 210/udp wais #ANSI Z39.50
+914c/g 211/tcp #Texas Instruments 914C/G Terminal
+914c/g 211/udp #Texas Instruments 914C/G Terminal
+anet 212/tcp #ATEXSSTR
+anet 212/udp #ATEXSSTR
+ipx 213/tcp
+ipx 213/udp
+vmpwscs 214/tcp
+vmpwscs 214/udp
+softpc 215/tcp #Insignia Solutions
+softpc 215/udp #Insignia Solutions
+CAIlic 216/tcp atls #Computer Associates Int'l License Server
+CAIlic 216/udp atls #Computer Associates Int'l License Server
+dbase 217/tcp #dBASE Unix
+dbase 217/udp #dBASE Unix
+mpp 218/tcp #Netix Message Posting Protocol
+mpp 218/udp #Netix Message Posting Protocol
+uarps 219/tcp #Unisys ARPs
+uarps 219/udp #Unisys ARPs
+imap3 220/tcp #Interactive Mail Access Protocol v3
+imap3 220/udp #Interactive Mail Access Protocol v3
+fln-spx 221/tcp #Berkeley rlogind with SPX auth
+fln-spx 221/udp #Berkeley rlogind with SPX auth
+rsh-spx 222/tcp #Berkeley rshd with SPX auth
+rsh-spx 222/udp #Berkeley rshd with SPX auth
+cdc 223/tcp #Certificate Distribution Center
+cdc 223/udp #Certificate Distribution Center
+masqdialer 224/tcp
+masqdialer 224/udp
+direct 242/tcp
+direct 242/udp
+sur-meas 243/tcp #Survey Measurement
+sur-meas 243/udp #Survey Measurement
+dayna 244/tcp
+dayna 244/udp
+link 245/tcp
+link 245/udp
+dsp3270 246/tcp #Display Systems Protocol
+dsp3270 246/udp #Display Systems Protocol
+subntbcst_tftp 247/tcp #subntbcst_tftp
+subntbcst_tftp 247/udp #subntbcst_tftp
+bhfhs 248/tcp
+bhfhs 248/udp
+# 249-255 reserved
+rap 256/tcp
+rap 256/udp
+set 257/tcp #secure electronic transaction
+set 257/udp #secure electronic transaction
+esro-gen 259/tcp #efficient short remote operations
+esro-gen 259/udp #efficient short remote operations
+openport 260/tcp
+openport 260/udp
+nsiiops 261/tcp #iiop name service over tls/ssl
+nsiiops 261/udp #iiop name service over tls/ssl
+arcisdms 262/tcp
+arcisdms 262/udp
+hdap 263/tcp
+hdap 263/udp
+bgmp 264/tcp
+bgmp 264/udp
+x-bone-ctl 265/tcp #X-Bone CTL
+x-bone-ctl 265/udp #X-Bone CTL
+sst 266/tcp #SCSI on ST
+sst 266/udp #SCSI on ST
+td-service 267/tcp #Tobit David Service Layer
+td-service 267/udp #Tobit David Service Layer
+td-replica 268/tcp #Tobit David Replica
+td-replica 268/udp #Tobit David Replica
+# 269-279 unassigned
+http-mgmt 280/tcp
+http-mgmt 280/udp
+personal-link 281/tcp
+personal-link 281/udp
+cableport-ax 282/tcp #cable port a/x
+cableport-ax 282/udp #cable port a/x
+rescap 283/tcp
+rescap 283/udp
+corerjd 284/tcp
+corerjd 284/udp
+# 285 unassigned
+fxp 286/tcp
+fxp 286/udp
+k-block 287/tcp
+k-block 287/udp
+# 288-307 unassigned
+novastorbakcup 308/tcp #novastor backup
+novastorbakcup 308/udp #novastor backup
+entrusttime 309/tcp
+entrusttime 309/udp
+bhmds 310/tcp
+bhmds 310/udp
+asip-webadmin 311/tcp #appleshare ip webadmin
+asip-webadmin 311/udp #appleshare ip webadmin
+vslmp 312/tcp
+vslmp 312/udp
+magenta-logic 313/tcp
+magenta-logic 313/udp
+opalis-robot 314/tcp
+opalis-robot 314/udp
+dpsi 315/tcp
+dpsi 315/udp
+decauth 316/tcp
+decauth 316/udp
+zannet 317/tcp
+zannet 317/udp
+pkix-timestamp 318/tcp #PKIX TimeStamp
+pkix-timestamp 318/udp #PKIX TimeStamp
+ptp-event 319/tcp #PTP Event
+ptp-event 319/udp #PTP Event
+ptp-general 320/tcp #PTP General
+ptp-general 320/udp #PTP General
+pip 321/tcp
+pip 321/udp
+rtsps 322/tcp
+rtsps 322/udp
+# 323-332 #unassigned
+texar 333/tcp #Texar Security Port
+texar 333/udp #Texar Security Port
+# 334-343 #unassigned
+pdap 344/tcp #Prospero Data Access Protocol
+pdap 344/udp #Prospero Data Access Protocol
+pawserv 345/tcp #Perf Analysis Workbench
+pawserv 345/udp #Perf Analysis Workbench
+zserv 346/tcp #Zebra server
+zserv 346/udp #Zebra server
+fatserv 347/tcp #Fatmen Server
+fatserv 347/udp #Fatmen Server
+csi-sgwp 348/tcp #Cabletron Management Protocol
+csi-sgwp 348/udp #Cabletron Management Protocol
+mftp 349/tcp
+mftp 349/udp
+matip-type-a 350/tcp #MATIP Type A
+matip-type-a 350/udp
+matip-type-b 351/tcp #MATIP Type B
+matip-type-b 351/udp
+bhoetty 351/tcp #unassigned but widespread use
+bhoetty 351/udp #unassigned but widespread use
+dtag-ste-sb 352/tcp #DTAG
+dtag-ste-sb 352/udp #DTAG
+bhoedap4 352/tcp #unassigned but widespread use
+bhoedap4 352/udp #unassigned but widespread use
+ndsauth 353/tcp
+ndsauth 353/udp
+bh611 354/tcp
+bh611 354/udp
+datex-asn 355/tcp
+datex-asn 355/udp
+cloanto-net-1 356/tcp #Cloanto Net 1
+cloanto-net-1 356/udp
+bhevent 357/tcp
+bhevent 357/udp
+shrinkwrap 358/tcp
+shrinkwrap 358/udp
+tenebris_nts 359/tcp #Tenebris Network Trace Service
+tenebris_nts 359/udp #Tenebris Network Trace Service
+scoi2odialog 360/tcp
+scoi2odialog 360/udp
+semantix 361/tcp
+semantix 361/udp
+srssend 362/tcp #SRS Send
+srssend 362/udp #SRS Send
+rsvp_tunnel 363/tcp
+rsvp_tunnel 363/udp
+aurora-cmgr 364/tcp
+aurora-cmgr 364/udp
+dtk 365/tcp #Deception Tool Kit - Fred Cohen <fc@all.net>
+dtk 365/udp #Deception Tool Kit - Fred Cohen <fc@all.net>
+odmr 366/tcp
+odmr 366/udp
+mortgageware 367/tcp
+mortgageware 367/udp
+qbikgdp 368/tcp #QbikGDP
+qbikgdp 368/udp
+rpc2portmap 369/tcp
+rpc2portmap 369/udp
+codaauth2 370/tcp
+codaauth2 370/udp
+clearcase 371/tcp
+clearcase 371/udp
+ulistserv 372/tcp ulistproc #Unix Listserv
+ulistserv 372/udp ulistproc #Unix Listserv
+legent-1 373/tcp #Legent Corporation (now Computer Associates Intl.)
+legent-1 373/udp #Legent Corporation (now Computer Associates Intl.)
+legent-2 374/tcp #Legent Corporation (now Computer Associates Intl.)
+legent-2 374/udp #Legent Corporation (now Computer Associates Intl.)
+hassle 375/tcp
+hassle 375/udp
+nip 376/tcp #Amiga Envoy Network Inquiry Proto
+nip 376/udp #Amiga Envoy Network Inquiry Proto
+tnETOS 377/tcp #NEC Corporation
+tnETOS 377/udp #NEC Corporation
+dsETOS 378/tcp #NEC Corporation
+dsETOS 378/udp #NEC Corporation
+is99c 379/tcp #TIA/EIA/IS-99 modem client
+is99c 379/udp #TIA/EIA/IS-99 modem client
+is99s 380/tcp #TIA/EIA/IS-99 modem server
+is99s 380/udp #TIA/EIA/IS-99 modem server
+hp-collector 381/tcp #hp performance data collector
+hp-collector 381/udp #hp performance data collector
+hp-managed-node 382/tcp #hp performance data managed node
+hp-managed-node 382/udp #hp performance data managed node
+hp-alarm-mgr 383/tcp #hp performance data alarm manager
+hp-alarm-mgr 383/udp #hp performance data alarm manager
+arns 384/tcp #A Remote Network Server System
+arns 384/udp #A Remote Network Server System
+ibm-app 385/tcp #IBM Application
+ibm-app 385/udp #IBM Application
+asa 386/tcp #ASA Message Router Object Def.
+asa 386/udp #ASA Message Router Object Def.
+aurp 387/tcp #Appletalk Update-Based Routing Pro.
+aurp 387/udp #Appletalk Update-Based Routing Pro.
+unidata-ldm 388/tcp #Unidata LDM Version 4
+unidata-ldm 388/udp #Unidata LDM Version 4
+ldap 389/tcp #Lightweight Directory Access Protocol
+ldap 389/udp #Lightweight Directory Access Protocol
+uis 390/tcp
+uis 390/udp
+synotics-relay 391/tcp #SynOptics SNMP Relay Port
+synotics-relay 391/udp #SynOptics SNMP Relay Port
+synotics-broker 392/tcp #SynOptics Port Broker Port
+synotics-broker 392/udp #SynOptics Port Broker Port
+dis 393/tcp #Data Interpretation System
+dis 393/udp #Data Interpretation System
+embl-ndt 394/tcp #EMBL Nucleic Data Transfer
+embl-ndt 394/udp #EMBL Nucleic Data Transfer
+netcp 395/tcp #NETscout Control Protocol
+netcp 395/udp #NETscout Control Protocol
+netware-ip 396/tcp #Novell Netware over IP
+netware-ip 396/udp #Novell Netware over IP
+mptn 397/tcp #Multi Protocol Trans. Net.
+mptn 397/udp #Multi Protocol Trans. Net.
+kryptolan 398/tcp
+kryptolan 398/udp
+iso-tsap-c2 399/tcp #ISO-TSAP Class 2
+iso-tsap-c2 399/udp #ISO-TSAP Class 2
+work-sol 400/tcp #Workstation Solutions
+work-sol 400/udp #Workstation Solutions
+ups 401/tcp #Uninterruptible Power Supply
+ups 401/udp #Uninterruptible Power Supply
+genie 402/tcp #Genie Protocol
+genie 402/udp #Genie Protocol
+decap 403/tcp
+decap 403/udp
+nced 404/tcp
+nced 404/udp
+ncld 405/tcp
+ncld 405/udp
+imsp 406/tcp #Interactive Mail Support Protocol
+imsp 406/udp #Interactive Mail Support Protocol
+timbuktu 407/tcp
+timbuktu 407/udp
+prm-sm 408/tcp #Prospero Resource Manager Sys. Man.
+prm-sm 408/udp #Prospero Resource Manager Sys. Man.
+prm-nm 409/tcp #Prospero Resource Manager Node Man.
+prm-nm 409/udp #Prospero Resource Manager Node Man.
+decladebug 410/tcp #DECLadebug Remote Debug Protocol
+decladebug 410/udp #DECLadebug Remote Debug Protocol
+rmt 411/tcp #Remote MT Protocol
+rmt 411/udp #Remote MT Protocol
+synoptics-trap 412/tcp #Trap Convention Port
+synoptics-trap 412/udp #Trap Convention Port
+smsp 413/tcp
+smsp 413/udp
+infoseek 414/tcp
+infoseek 414/udp
+bnet 415/tcp
+bnet 415/udp
+silverplatter 416/tcp
+silverplatter 416/udp
+onmux 417/tcp
+onmux 417/udp
+hyper-g 418/tcp
+hyper-g 418/udp
+ariel1 419/tcp
+ariel1 419/udp
+smpte 420/tcp
+smpte 420/udp
+ariel2 421/tcp
+ariel2 421/udp
+ariel3 422/tcp
+ariel3 422/udp
+opc-job-start 423/tcp #IBM Operations Planning and Control Start
+opc-job-start 423/udp #IBM Operations Planning and Control Start
+opc-job-track 424/tcp #IBM Operations Planning and Control Track
+opc-job-track 424/udp #IBM Operations Planning and Control Track
+icad-el 425/tcp
+icad-el 425/udp
+smartsdp 426/tcp
+smartsdp 426/udp
+svrloc 427/tcp #Server Location
+svrloc 427/udp #Server Location
+ocs_cmu 428/tcp
+ocs_cmu 428/udp
+ocs_amu 429/tcp
+ocs_amu 429/udp
+utmpsd 430/tcp
+utmpsd 430/udp
+utmpcd 431/tcp
+utmpcd 431/udp
+iasd 432/tcp
+iasd 432/udp
+nnsp 433/tcp
+nnsp 433/udp
+mobileip-agent 434/tcp
+mobileip-agent 434/udp
+mobilip-mn 435/tcp
+mobilip-mn 435/udp
+dna-cml 436/tcp
+dna-cml 436/udp
+comscm 437/tcp
+comscm 437/udp
+dsfgw 438/tcp
+dsfgw 438/udp
+dasp 439/tcp
+dasp 439/udp
+sgcp 440/tcp
+sgcp 440/udp
+decvms-sysmgt 441/tcp
+decvms-sysmgt 441/udp
+cvc_hostd 442/tcp
+cvc_hostd 442/udp
+https 443/sctp
+https 443/tcp
+https 443/udp
+snpp 444/tcp #Simple Network Paging Protocol
+snpp 444/udp #Simple Network Paging Protocol
+# [RFC1568]
+microsoft-ds 445/tcp
+microsoft-ds 445/udp
+ddm-rdb 446/tcp
+ddm-rdb 446/udp
+ddm-dfm 447/tcp
+ddm-dfm 447/udp
+ddm-ssl 448/tcp ddm-byte
+ddm-ssl 448/udp ddm-byte
+as-servermap 449/tcp #AS Server Mapper
+as-servermap 449/udp #AS Server Mapper
+tserver 450/tcp
+tserver 450/udp
+sfs-smp-net 451/tcp #Cray Network Semaphore server
+sfs-smp-net 451/udp #Cray Network Semaphore server
+sfs-config 452/tcp #Cray SFS config server
+sfs-config 452/udp #Cray SFS config server
+creativeserver 453/tcp #CreativeServer
+creativeserver 453/udp #CreativeServer
+contentserver 454/tcp #ContentServer
+contentserver 454/udp #ContentServer
+creativepartnr 455/tcp #CreativePartnr
+creativepartnr 455/udp #CreativePartnr
+macon-tcp 456/tcp
+macon-udp 456/udp
+scohelp 457/tcp
+scohelp 457/udp
+appleqtc 458/tcp #apple quick time
+appleqtc 458/udp #apple quick time
+ampr-rcmd 459/tcp
+ampr-rcmd 459/udp
+skronk 460/tcp
+skronk 460/udp
+datasurfsrv 461/tcp
+datasurfsrv 461/udp
+datasurfsrvsec 462/tcp
+datasurfsrvsec 462/udp
+alpes 463/tcp
+alpes 463/udp
+#
+kpasswd5 464/tcp # Kerberos (v5)
+kpasswd5 464/udp # Kerberos (v5)
+#PROBLEMS!==============================================================
+# IANA has offically assigned these two ports as ``kpasswd''
+#kpasswd 464/tcp # Kerberos (v5)
+#kpasswd 464/udp # Kerberos (v5)
+#PROBLEMS!==============================================================
+smtps 465/tcp #smtp protocol over TLS/SSL (was ssmtp)
+smtps 465/udp #smtp protocol over TLS/SSL (was ssmtp)
+digital-vrc 466/tcp
+digital-vrc 466/udp
+mylex-mapd 467/tcp
+mylex-mapd 467/udp
+photuris 468/tcp
+photuris 468/udp
+rcp 469/tcp #Radio Control Protocol
+rcp 469/udp #Radio Control Protocol
+scx-proxy 470/tcp
+scx-proxy 470/udp
+mondex 471/tcp
+mondex 471/udp
+ljk-login 472/tcp
+ljk-login 472/udp
+hybrid-pop 473/tcp
+hybrid-pop 473/udp
+tn-tl-w1 474/tcp
+tn-tl-w2 474/udp
+tcpnethaspsrv 475/tcp
+tcpnethaspsrv 475/udp
+tn-tl-fd1 476/tcp
+tn-tl-fd1 476/udp
+ss7ns 477/tcp
+ss7ns 477/udp
+spsc 478/tcp
+spsc 478/udp
+iafserver 479/tcp
+iafserver 479/udp
+iafdbase 480/tcp
+iafdbase 480/udp
+ph 481/tcp
+ph 481/udp
+bgs-nsi 482/tcp
+bgs-nsi 482/udp
+ulpnet 483/tcp
+ulpnet 483/udp
+integra-sme 484/tcp #Integra Software Management Environment
+integra-sme 484/udp #Integra Software Management Environment
+powerburst 485/tcp #Air Soft Power Burst
+powerburst 485/udp #Air Soft Power Burst
+avian 486/tcp
+avian 486/udp
+saft 487/tcp #saft Simple Asynchronous File Transfer
+saft 487/udp #saft Simple Asynchronous File Transfer
+gss-http 488/tcp
+gss-http 488/udp
+nest-protocol 489/tcp
+nest-protocol 489/udp
+micom-pfs 490/tcp
+micom-pfs 490/udp
+go-login 491/tcp
+go-login 491/udp
+ticf-1 492/tcp #Transport Independent Convergence for FNA
+ticf-1 492/udp #Transport Independent Convergence for FNA
+ticf-2 493/tcp #Transport Independent Convergence for FNA
+ticf-2 493/udp #Transport Independent Convergence for FNA
+pov-ray 494/tcp
+pov-ray 494/udp
+intecourier 495/tcp
+intecourier 495/udp
+pim-rp-disc 496/tcp
+pim-rp-disc 496/udp
+dantz 497/tcp
+dantz 497/udp
+siam 498/tcp
+siam 498/udp
+iso-ill 499/tcp #ISO ILL Protocol
+iso-ill 499/udp #ISO ILL Protocol
+isakmp 500/tcp
+isakmp 500/udp
+stmf 501/tcp
+stmf 501/udp
+asa-appl-proto 502/tcp
+asa-appl-proto 502/udp
+intrinsa 503/tcp
+intrinsa 503/udp
+citadel 504/tcp
+citadel 504/udp
+mailbox-lm 505/tcp
+mailbox-lm 505/udp
+ohimsrv 506/tcp
+ohimsrv 506/udp
+crs 507/tcp
+crs 507/udp
+xvttp 508/tcp
+xvttp 508/udp
+snare 509/tcp
+snare 509/udp
+fcp 510/tcp #FirstClass Protocol
+fcp 510/udp #FirstClass Protocol
+passgo 511/tcp
+passgo 511/udp
+#
+# Berkeley-specific services
+#
+exec 512/tcp #remote process execution;
+# authentication performed using
+# passwords and UNIX login names
+biff 512/udp comsat #used by mail system to notify users
+# of new mail received; currently
+# receives messages only from
+# processes on the same machine
+login 513/tcp #remote login a la telnet;
+# automatic authentication performed
+# based on priviledged port numbers
+# and distributed data bases which
+# identify "authentication domains"
+who 513/udp whod #maintains data bases showing who's
+# logged in to machines on a local
+# net and the load average of the
+# machine
+shell 514/tcp cmd #like exec, but automatic
+# authentication is performed as for
+# login server
+syslog 514/udp
+printer 515/tcp spooler
+printer 515/udp spooler
+videotex 516/tcp
+videotex 516/udp
+talk 517/tcp #like tenex link, but across
+# machine - unfortunately, doesn't
+# use link protocol (this is actually
+# just a rendezvous port from which a
+# tcp connection is established)
+talk 517/udp #like tenex link, but across
+# machine - unfortunately, doesn't
+# use link protocol (this is actually
+# just a rendezvous port from which a
+# tcp connection is established)
+ntalk 518/tcp
+ntalk 518/udp
+utime 519/tcp unixtime
+utime 519/udp unixtime
+efs 520/tcp #extended file name server
+router 520/udp route routed #local routing process (on site);
+# uses variant of Xerox NS routing
+# information protocol
+ripng 521/tcp
+ripng 521/udp
+ulp 522/tcp
+ulp 522/udp
+ibm-db2 523/tcp
+ibm-db2 523/udp
+ncp 524/tcp
+ncp 524/udp
+timed 525/tcp timeserver
+timed 525/udp timeserver
+tempo 526/tcp newdate
+tempo 526/udp newdate
+stx 527/tcp #Stock IXChange
+stx 527/udp #Stock IXChange
+custix 528/tcp #Customer IXChange
+custix 528/udp #Customer IXChange
+irc-serv 529/tcp
+irc-serv 529/udp
+courier 530/tcp rpc
+courier 530/udp rpc
+conference 531/tcp chat
+conference 531/udp chat
+netnews 532/tcp readnews
+netnews 532/udp readnews
+netwall 533/tcp #for emergency broadcasts
+netwall 533/udp #for emergency broadcasts
+mm-admin 534/tcp #MegaMedia Admin
+mm-admin 534/udp #MegaMedia Admin
+iiop 535/tcp
+iiop 535/udp
+opalis-rdv 536/tcp
+opalis-rdv 536/udp
+nmsp 537/tcp #Networked Media Streaming Protocol
+nmsp 537/udp #Networked Media Streaming Protocol
+gdomap 538/tcp
+gdomap 538/udp
+apertus-ldp 539/tcp #Apertus Technologies Load Determination
+apertus-ldp 539/udp #Apertus Technologies Load Determination
+uucp 540/tcp uucpd
+uucp 540/udp uucpd
+uucp-rlogin 541/tcp
+uucp-rlogin 541/udp
+commerce 542/tcp
+commerce 542/udp
+klogin 543/tcp # Kerberos (v4/v5)
+klogin 543/udp # Kerberos (v4/v5)
+kshell 544/tcp krcmd # Kerberos (v4/v5)
+kshell 544/udp krcmd # Kerberos (v4/v5)
+appleqtcsrvr 545/tcp
+appleqtcsrvr 545/udp
+dhcpv6-client 546/tcp #DHCPv6 Client
+dhcpv6-client 546/udp #DHCPv6 Client
+dhcpv6-server 547/tcp #DHCPv6 Server
+dhcpv6-server 547/udp #DHCPv6 Server
+afpovertcp 548/tcp #AFP over TCP
+afpovertcp 548/udp #AFP over TCP
+idfp 549/tcp
+idfp 549/udp
+new-rwho 550/tcp new-who
+new-rwho 550/udp new-who
+cybercash 551/tcp
+cybercash 551/udp
+deviceshare 552/tcp
+deviceshare 552/udp
+pirp 553/tcp
+pirp 553/udp
+rtsp 554/tcp #Real Time Stream Control Protocol
+rtsp 554/udp #Real Time Stream Control Protocol
+dsf 555/tcp
+dsf 555/udp
+remotefs 556/tcp rfs rfs_server # Brunhoff remote filesystem
+remotefs 556/udp rfs rfs_server # Brunhoff remote filesystem
+openvms-sysipc 557/tcp
+openvms-sysipc 557/udp
+sdnskmp 558/tcp
+sdnskmp 558/udp
+teedtap 559/tcp
+teedtap 559/udp
+rmonitor 560/tcp rmonitord
+rmonitor 560/udp rmonitord
+monitor 561/tcp
+monitor 561/udp
+chshell 562/tcp chcmd
+chshell 562/udp chcmd
+nntps 563/tcp snntp #nntp protocol over TLS/SSL
+nntps 563/udp snntp #nntp protocol over TLS/SSL
+9pfs 564/tcp #plan 9 file service
+9pfs 564/udp #plan 9 file service
+whoami 565/tcp
+whoami 565/udp
+streettalk 566/tcp
+streettalk 566/udp
+banyan-rpc 567/tcp
+banyan-rpc 567/udp
+ms-shuttle 568/tcp #Microsoft shuttle
+ms-shuttle 568/udp #Microsoft shuttle
+ms-rome 569/tcp #Microsoft rome
+ms-rome 569/udp #Microsoft rome
+meter 570/tcp #demon
+meter 570/udp #demon
+umeter 571/tcp #udemon
+umeter 571/udp #udemon
+sonar 572/tcp
+sonar 572/udp
+banyan-vip 573/tcp
+banyan-vip 573/udp
+ftp-agent 574/tcp #FTP Software Agent System
+ftp-agent 574/udp #FTP Software Agent System
+vemmi 575/tcp
+vemmi 575/udp
+ipcd 576/tcp
+ipcd 576/udp
+vnas 577/tcp
+vnas 577/udp
+ipdd 578/tcp
+ipdd 578/udp
+decbsrv 579/tcp
+decbsrv 579/udp
+sntp-heartbeat 580/tcp
+sntp-heartbeat 580/udp
+bdp 581/tcp #Bundle Discovery Protocol
+bdp 581/udp #Bundle Discovery Protocol
+scc-security 582/tcp
+scc-security 582/udp
+philips-vc 583/tcp #Philips Video-Conferencing
+philips-vc 583/udp #Philips Video-Conferencing
+keyserver 584/tcp
+keyserver 584/udp
+#imap4-ssl@585 never should have been allocated. See PR 46294.
+#imap4-ssl 585/tcp #IMAP4+SSL (use of 585 is not recommended,
+#imap4-ssl 585/udp # use 993 instead)
+password-chg 586/tcp
+password-chg 586/udp
+submission 587/tcp
+submission 587/udp
+cal 588/tcp
+cal 588/udp
+eyelink 589/tcp
+eyelink 589/udp
+tns-cml 590/tcp
+tns-cml 590/udp
+http-alt 591/tcp #FileMaker, Inc. - HTTP Alternate (see Port 80)
+http-alt 591/udp #FileMaker, Inc. - HTTP Alternate (see Port 80)
+eudora-set 592/tcp
+eudora-set 592/udp
+http-rpc-epmap 593/tcp #HTTP RPC Ep Map
+http-rpc-epmap 593/udp #HTTP RPC Ep Map
+tpip 594/tcp
+tpip 594/udp
+cab-protocol 595/tcp
+cab-protocol 595/udp
+smsd 596/tcp
+smsd 596/udp
+ptcnameservice 597/tcp #PTC Name Service
+ptcnameservice 597/udp #PTC Name Service
+sco-websrvrmg3 598/tcp #SCO Web Server Manager 3
+sco-websrvrmg3 598/udp #SCO Web Server Manager 3
+acp 599/tcp #Aeolon Core Protocol
+acp 599/udp #Aeolon Core Protocol
+ipcserver 600/tcp #Sun IPC server
+ipcserver 600/udp #Sun IPC server
+syslog-conn 601/tcp #Reliable Syslog Service
+syslog-conn 601/udp #Reliable Syslog Service
+xmlrpc-beep 602/tcp #XML-RPC over BEEP
+xmlrpc-beep 602/udp #XML-RPC over BEEP
+idxp 603/tcp
+idxp 603/udp
+tunnel 604/tcp
+tunnel 604/udp
+soap-beep 605/tcp #SOAP over BEEP
+soap-beep 605/udp #SOAP over BEEP
+urm 606/tcp #Cray Unified Resource Manager
+urm 606/udp #Cray Unified Resource Manager
+nqs 607/tcp
+nqs 607/udp
+sift-uft 608/tcp #Sender-Initiated/Unsolicited File Transfer
+sift-uft 608/udp #Sender-Initiated/Unsolicited File Transfer
+npmp-trap 609/tcp
+npmp-trap 609/udp
+npmp-local 610/tcp
+npmp-local 610/udp
+npmp-gui 611/tcp
+npmp-gui 611/udp
+hmmp-ind 612/tcp #HMMP Indication
+hmmp-ind 612/udp #HMMP Indication
+hmmp-op 613/tcp #HMMP Operation
+hmmp-op 613/udp #HMMP Operation
+sshell 614/tcp #SSLshell
+sshell 614/udp
+sco-inetmgr 615/tcp #Internet Configuration Manager
+sco-inetmgr 615/udp #Internet Configuration Manager
+sco-sysmgr 616/tcp #SCO System Administration Server
+sco-sysmgr 616/udp #SCO System Administration Server
+sco-dtmgr 617/tcp #SCO Desktop Administration Server
+sco-dtmgr 617/udp #SCO Desktop Administration Server
+dei-icda 618/tcp
+dei-icda 618/udp
+compaq-evm 619/tcp #Compaq EVM
+compaq-evm 619/udp #Compaq EVM
+sco-websrvrmgr 620/tcp #SCO WebServer Manager
+sco-websrvrmgr 620/udp #SCO WebServer Manager
+escp-ip 621/tcp #ESCP
+escp-ip 621/udp #ESCP
+collaborator 622/tcp
+collaborator 622/udp
+asf-rmcp 623/tcp #ASF Remote Management and Control Protocol
+asf-rmcp 623/udp #ASF Remote Management and Control Protocol
+cryptoadmin 624/tcp #Crypto Admin
+cryptoadmin 624/udp #Crypto Admin
+dec_dlm 625/tcp #DEC DLM
+dec_dlm 625/udp #DEC DLM
+asia 626/tcp
+asia 626/udp
+passgo-tivoli 627/tcp #PassGo Tivoli
+passgo-tivoli 627/udp #PassGo Tivoli
+qmqp 628/tcp
+qmqp 628/udp
+3com-amp3 629/tcp #3Com AMP3
+3com-amp3 629/udp #3Com AMP3
+rda 630/tcp
+rda 630/udp
+ipp 631/tcp #IPP (Internet Printing Protocol)
+ipp 631/udp #IPP (Internet Printing Protocol)
+bmpp 632/tcp
+bmpp 632/udp
+servstat 633/tcp #Service Status update (Sterling Software)
+servstat 633/udp #Service Status update (Sterling Software)
+ginad 634/tcp
+ginad 634/udp
+rlzdbase 635/tcp #RLZ DBase
+rlzdbase 635/udp #RLZ DBase
+ldaps 636/tcp sldap #ldap protocol over TLS/SSL
+ldaps 636/udp sldap
+lanserver 637/tcp
+lanserver 637/udp
+mcns-sec 638/tcp
+mcns-sec 638/udp
+msdp 639/tcp
+msdp 639/udp
+entrust-sps 640/tcp
+entrust-sps 640/udp
+repcmd 641/tcp
+repcmd 641/udp
+esro-emsdp 642/tcp #ESRO-EMSDP V1.3
+esro-emsdp 642/udp #ESRO-EMSDP V1.3
+sanity 643/tcp #SANity
+sanity 643/udp #SANity
+dwr 644/tcp
+dwr 644/udp
+pssc 645/tcp
+pssc 645/udp
+ldp 646/tcp
+ldp 646/udp
+dhcp-failover 647/tcp #DHCP Failover
+dhcp-failover 647/udp #DHCP Failover
+rrp 648/tcp #Registry Registrar Protocol (RRP)
+rrp 648/udp #Registry Registrar Protocol (RRP)
+cadview-3d 649/tcp #Cadview-3d - streaming 3d models over the internet
+cadview-3d 649/udp #Cadview-3d - streaming 3d models over the internet
+obex 650/tcp
+obex 650/udp
+ieee-mms 651/tcp #IEEE MMS
+ieee-mms 651/udp #IEEE MMS
+hello-port 652/tcp
+hello-port 652/udp
+repscmd 653/tcp
+repscmd 653/udp
+aodv 654/tcp #Ad-Hoc On-Demand Distance Vector Routing Protocol
+aodv 654/udp #Ad-Hoc On-Demand Distance Vector Routing Protocol
+tinc 655/tcp
+tinc 655/udp
+spmp 656/tcp
+spmp 656/udp
+rmc 657/tcp
+rmc 657/udp
+tenfold 658/tcp
+tenfold 658/udp
+mac-srvr-admin 660/tcp #MacOS Server Admin
+mac-srvr-admin 660/udp #MacOS Server Admin
+hap 661/tcp
+hap 661/udp
+pftp 662/tcp
+pftp 662/udp
+purenoise 663/tcp #PureNoise
+purenoise 663/udp #PureNoise
+asf-secure-rmcp 664/tcp #ASF Secure Remote Management and Control Protocol
+asf-secure-rmcp 664/udp #ASF Secure Remote Management and Control Protocol
+sun-dr 665/tcp #Sun DR
+sun-dr 665/udp #Sun DR
+mdqs 666/tcp
+mdqs 666/udp
+#PROBLEMS!===============================================
+doom 666/tcp #doom Id Software
+doom 666/udp #doom Id Software
+#PROBLEMS!===============================================
+disclose 667/tcp #campaign contribution disclosures - SDR Technologies
+disclose 667/udp #campaign contribution disclosures - SDR Technologies
+mecomm 668/tcp
+mecomm 668/udp
+meregister 669/tcp
+meregister 669/udp
+vacdsm-sws 670/tcp
+vacdsm-sws 670/udp
+vacdsm-app 671/tcp
+vacdsm-app 671/udp
+vpps-qua 672/tcp
+vpps-qua 672/udp
+cimplex 673/tcp
+cimplex 673/udp
+acap 674/tcp #Application Configuration Access Protocol
+acap 674/udp #Application Configuration Access Protocol
+dctp 675/tcp
+dctp 675/udp
+vpps-via 676/tcp #VPPS Via
+vpps-via 676/udp #VPPS Via
+vpp 677/tcp #Virtual Presence Protocol
+vpp 677/udp #Virtual Presence Protocol
+ggf-ncp 678/tcp #GNU Generation Foundation NCP
+ggf-ncp 678/udp #GNU Generation Foundation NCP
+mrm 679/tcp
+mrm 679/udp
+entrust-aaas 680/tcp
+entrust-aaas 680/udp
+entrust-aams 681/tcp
+entrust-aams 681/udp
+xfr 682/tcp
+xfr 682/udp
+corba-iiop 683/tcp #CORBA IIOP
+corba-iiop 683/udp #CORBA IIOP
+corba-iiop-ssl 684/tcp #CORBA IIOP SSL
+corba-iiop-ssl 684/udp #CORBA IIOP SSL
+mdc-portmapper 685/tcp #MDC Port Mapper
+mdc-portmapper 685/udp #MDC Port Mapper
+hcp-wismar 686/tcp #Hardware Control Protocol Wismar
+hcp-wismar 686/udp #Hardware Control Protocol Wismar
+asipregistry 687/tcp
+asipregistry 687/udp
+realm-rusd 688/tcp #ApplianceWare managment protocol
+realm-rusd 688/udp #ApplianceWare managment protocol
+nmap 689/tcp
+nmap 689/udp
+vatp 690/tcp #Velazquez Application Transfer Protocol
+vatp 690/udp #Velazquez Application Transfer Protocol
+msexch-routing 691/tcp #MS Exchange Routing
+msexch-routing 691/udp #MS Exchange Routing
+hyperwave-isp 692/tcp #Hyperwave-ISP
+hyperwave-isp 692/udp #Hyperwave-ISP
+connendp 693/tcp
+connendp 693/udp
+ha-cluster 694/tcp
+ha-cluster 694/udp
+ieee-mms-ssl 695/tcp
+ieee-mms-ssl 695/udp
+rushd 696/tcp
+rushd 696/udp
+uuidgen 697/tcp
+uuidgen 697/udp
+olsr 698/tcp
+olsr 698/udp
+accessnetwork 699/tcp #Access Network
+accessnetwork 699/udp #Access Network
+epp 700/tcp #Extensible Provisioning Protocol
+epp 700/udp #Extensible Provisioning Protocol
+lmp 701/tcp #Link Management Protocol (LMP)
+lmp 701/udp #Link Management Protocol (LMP)
+iris-beep 702/tcp #IRIS over BEEP
+iris-beep 702/udp #IRIS over BEEP
+elcsd 704/tcp #errlog copy/server daemon
+elcsd 704/udp #errlog copy/server daemon
+agentx 705/tcp #AgentX
+agentx 705/udp #AgentX
+silc 706/tcp
+silc 706/udp
+borland-dsj 707/tcp #Borland DSJ
+borland-dsj 707/udp #Borland DSJ
+entrustmanager 709/tcp #EntrustManager
+entrustmanager 709/udp #EntrustManager
+entrust-ash 710/tcp #Entrust Administration Service Handler
+entrust-ash 710/udp #Entrust Administration Service Handler
+cisco-tdp 711/tcp #Cisco TDP
+cisco-tdp 711/udp #Cisco TDP
+tbrpf 712/tcp
+tbrpf 712/udp
+iris-xpc 713/tcp #IRIS over XPC
+iris-xpc 713/udp #IRIS over XPC
+iris-xpcs 714/tcp #IRIS over XPCS
+iris-xpcs 714/udp #IRIS over XPCS
+iris-lwz 715/tcp
+iris-lwz 715/udp
+netviewdm1 729/tcp #IBM NetView DM/6000 Server/Client
+netviewdm1 729/udp #IBM NetView DM/6000 Server/Client
+netviewdm2 730/tcp #IBM NetView DM/6000 send/tcp
+netviewdm2 730/udp #IBM NetView DM/6000 send/tcp
+netviewdm3 731/tcp #IBM NetView DM/6000 receive/tcp
+netviewdm3 731/udp #IBM NetView DM/6000 receive/tcp
+netgw 741/tcp
+netgw 741/udp
+netrcs 742/tcp #Network based Rev. Cont. Sys.
+netrcs 742/udp #Network based Rev. Cont. Sys.
+flexlm 744/tcp #Flexible License Manager
+flexlm 744/udp #Flexible License Manager
+fujitsu-dev 747/tcp #Fujitsu Device Control
+fujitsu-dev 747/udp #Fujitsu Device Control
+ris-cm 748/tcp #Russell Info Sci Calendar Manager
+ris-cm 748/udp #Russell Info Sci Calendar Manager
+kerberos-adm 749/tcp #Kerberos administration (v5)
+kerberos-adm 749/udp #Kerberos administration (v5)
+kerberos-iv 750/udp kdc # Kerberos (v4)
+kerberos-iv 750/tcp kdc # Kerberos (v4)
+#PROBLEMS!========================================================
+#rfile 750/tcp
+#loadav 750/udp
+#PROBLEMS!========================================================
+kerberos_master 751/tcp # Kerberos `kadmin' (v4)
+kerberos_master 751/udp # Kerberos `kadmin' (v4)
+#PROBLEMS!========================================================
+pump 751/tcp
+pump 751/udp
+#PROBLEMS!========================================================
+qrh 752/tcp
+qrh 752/udp
+rrh 753/tcp
+rrh 753/udp
+krb_prop 754/tcp krb5_prop # kerberos/v5 server propagation
+#PROBLEMS!========================================================
+tell 754/tcp #send
+#PROBLEMS!========================================================
+tell 754/udp #send
+nlogin 758/tcp
+nlogin 758/udp
+con 759/tcp
+con 759/udp
+krbupdate 760/tcp kreg # Kerberos (v4) registration
+#PROBLEMS!========================================================
+ns 760/tcp
+#PROBLEMS!========================================================
+ns 760/udp
+kpasswd 761/tcp kpwd # Kerberos (v4) "passwd"
+#PROBLEMS!========================================================
+rxe 761/tcp
+#PROBLEMS!========================================================
+rxe 761/udp
+quotad 762/tcp
+quotad 762/udp
+cycleserv 763/tcp
+cycleserv 763/udp
+omserv 764/tcp
+omserv 764/udp
+webster 765/tcp
+webster 765/udp
+phonebook 767/tcp #phone
+phonebook 767/udp #phone
+vid 769/tcp
+vid 769/udp
+cadlock 770/tcp
+cadlock 770/udp
+rtip 771/tcp
+rtip 771/udp
+cycleserv2 772/tcp
+cycleserv2 772/udp
+submit 773/tcp
+notify 773/udp
+rpasswd 774/tcp
+acmaint_dbd 774/udp
+entomb 775/tcp
+acmaint_transd 775/udp
+wpages 776/tcp
+wpages 776/udp
+multiling-http 777/tcp #Multiling HTTP
+multiling-http 777/udp #Multiling HTTP
+wpgs 780/tcp
+wpgs 780/udp
+mdbs_daemon 800/tcp
+mdbs_daemon 800/udp
+device 801/tcp
+device 801/udp
+fcp-udp 810/tcp #FCP
+fcp-udp 810/udp #FCP Datagram
+itm-mcell-s 828/tcp
+itm-mcell-s 828/udp
+pkix-3-ca-ra 829/tcp #PKIX-3 CA/RA
+pkix-3-ca-ra 829/udp #PKIX-3 CA/RA
+netconf-ssh 830/tcp #NETCONF over SSH
+netconf-ssh 830/udp #NETCONF over SSH
+netconf-beep 831/tcp #NETCONF over BEEP
+netconf-beep 831/udp #NETCONF over BEEP
+netconfsoaphttp 832/tcp #NETCONF for SOAP over HTTPS
+netconfsoaphttp 832/udp #NETCONF for SOAP over HTTPS
+netconfsoapbeep 833/tcp #NETCONF for SOAP over BEEP
+netconfsoapbeep 833/udp #NETCONF for SOAP over BEEP
+dhcp-failover2 847/tcp #dhcp-failover 2
+dhcp-failover2 847/udp #dhcp-failover 2
+gdoi 848/tcp
+gdoi 848/udp
+iscsi 860/tcp
+iscsi 860/udp
+owamp-control 861/tcp
+owamp-control 861/udp
+supfilesrv 871/tcp # for SUP
+rsync 873/tcp
+rsync 873/udp
+iclcnet-locate 886/tcp #ICL coNETion locate server
+iclcnet-locate 886/udp #ICL coNETion locate server
+iclcnet_svinfo 887/tcp #ICL coNETion server info
+iclcnet_svinfo 887/udp #ICL coNETion server info
+accessbuilder 888/tcp
+accessbuilder 888/udp
+omginitialrefs 900/tcp #OMG Initial Refs
+omginitialrefs 900/udp #OMG Initial Refs
+swat 901/tcp # samba web configuration tool
+smpnameres 901/tcp
+smpnameres 901/udp
+ideafarm-chat 902/tcp
+ideafarm-chat 902/udp
+ideafarm-catch 903/tcp
+ideafarm-catch 903/udp
+kink 910/tcp #Kerberized Internet Negotiation of Keys (KINK)
+kink 910/udp #Kerberized Internet Negotiation of Keys (KINK)
+xact-backup 911/tcp
+xact-backup 911/udp
+apex-mesh 912/tcp #APEX relay-relay service
+apex-mesh 912/udp #APEX relay-relay service
+apex-edge 913/tcp #APEX endpoint-relay service
+apex-edge 913/udp #APEX endpoint-relay service
+rndc 953/tcp # named's rndc control socket
+ftps-data 989/tcp # ftp protocol, data, over TLS/SSL
+ftps-data 989/udp
+ftps 990/tcp # ftp protocol, control, over TLS/SSL
+ftps 990/udp
+nas 991/tcp #Netnews Administration System
+nas 991/udp #Netnews Administration System
+telnets 992/tcp # telnet protocol over TLS/SSL
+telnets 992/udp
+imaps 993/tcp # imap4 protocol over TLS/SSL
+imaps 993/udp
+ircs 994/tcp # irc protocol over TLS/SSL
+ircs 994/udp
+pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL
+pop3s 995/udp spop3
+vsinet 996/tcp
+vsinet 996/udp
+maitrd 997/tcp
+maitrd 997/udp
+busboy 998/tcp
+puparp 998/udp
+garcon 999/tcp
+applix 999/udp #Applix ac
+puprouter 999/tcp
+puprouter 999/udp
+cadlock2 1000/tcp
+cadlock2 1000/udp
+surf 1010/tcp
+surf 1010/udp
+exp1 1021/tcp #RFC3692-style Experiment 1 (*) [RFC4727]
+exp1 1021/udp #RFC3692-style Experiment 1 (*) [RFC4727]
+exp2 1022/tcp #RFC3692-style Experiment 2 (*) [RFC4727]
+exp2 1022/udp #RFC3692-style Experiment 2 (*) [RFC4727]
+#
+# REGISTERED PORT NUMBERS
+#
+blackjack 1025/tcp #network blackjack
+blackjack 1025/udp #network blackjack
+iad1 1030/tcp #BBN IAD
+iad1 1030/udp #BBN IAD
+iad2 1031/tcp #BBN IAD
+iad2 1031/udp #BBN IAD
+iad3 1032/tcp #BBN IAD
+iad3 1032/udp #BBN IAD
+nim 1058/tcp
+nim 1058/udp
+nimreg 1059/tcp
+nimreg 1059/udp
+instl_boots 1067/tcp #Installation Bootstrap Proto. Serv.
+instl_boots 1067/udp #Installation Bootstrap Proto. Serv.
+instl_bootc 1068/tcp #Installation Bootstrap Proto. Cli.
+instl_bootc 1068/udp #Installation Bootstrap Proto. Cli.
+socks 1080/tcp
+socks 1080/udp
+ansoft-lm-1 1083/tcp #Anasoft License Manager
+ansoft-lm-1 1083/udp #Anasoft License Manager
+ansoft-lm-2 1084/tcp #Anasoft License Manager
+ansoft-lm-2 1084/udp #Anasoft License Manager
+webobjects 1085/tcp #Web Objects
+webobjects 1085/udp #Web Objects
+kpop 1109/tcp #Unofficial
+kpop 1109/udp #Unofficial
+nfsd-status 1110/tcp #Cluster status info
+nfsd-keepalive 1110/udp #Client status info
+supfiledbg 1127/tcp # for SUP
+nfa 1155/tcp #Network File Access
+nfa 1155/udp #Network File Access
+cisco-ipsla 1167/sctp #Cisco IP SLAs Control Protocol
+cisco-ipsla 1167/tcp #Cisco IP SLAs Control Protocol
+cisco-ipsla 1167/udp #Cisco IP SLAs Control Protocol
+skkserv 1178/tcp #SKK (kanji input)
+openvpn 1194/tcp #OpenVPN
+openvpn 1194/udp #OpenVPN
+lupa 1212/tcp
+lupa 1212/udp
+nerv 1222/tcp #SNI R&D network
+nerv 1222/udp #SNI R&D network
+hermes 1248/tcp
+hermes 1248/udp
+healthd 1281/tcp #healthd
+healthd 1281/udp #healthd
+alta-ana-lm 1346/tcp #Alta Analytics License Manager
+alta-ana-lm 1346/udp #Alta Analytics License Manager
+bbn-mmc 1347/tcp #multi media conferencing
+bbn-mmc 1347/udp #multi media conferencing
+bbn-mmx 1348/tcp #multi media conferencing
+bbn-mmx 1348/udp #multi media conferencing
+sbook 1349/tcp #Registration Network Protocol
+sbook 1349/udp #Registration Network Protocol
+editbench 1350/tcp #Registration Network Protocol
+editbench 1350/udp #Registration Network Protocol
+equationbuilder 1351/tcp #Digital Tool Works (MIT)
+equationbuilder 1351/udp #Digital Tool Works (MIT)
+lotusnote 1352/tcp #Lotus Note
+lotusnote 1352/udp #Lotus Note
+relief 1353/tcp #Relief Consulting
+relief 1353/udp #Relief Consulting
+rightbrain 1354/tcp #RightBrain Software
+rightbrain 1354/udp #RightBrain Software
+intuitive-edge 1355/tcp #Intuitive Edge
+intuitive-edge 1355/udp #Intuitive Edge
+cuillamartin 1356/tcp #CuillaMartin Company
+cuillamartin 1356/udp #CuillaMartin Company
+pegboard 1357/tcp #Electronic PegBoard
+pegboard 1357/udp #Electronic PegBoard
+connlcli 1358/tcp
+connlcli 1358/udp
+ftsrv 1359/tcp
+ftsrv 1359/udp
+mimer 1360/tcp
+mimer 1360/udp
+linx 1361/tcp
+linx 1361/udp
+timeflies 1362/tcp
+timeflies 1362/udp
+ndm-requester 1363/tcp #Network DataMover Requester
+ndm-requester 1363/udp #Network DataMover Requester
+ndm-server 1364/tcp #Network DataMover Server
+ndm-server 1364/udp #Network DataMover Server
+adapt-sna 1365/tcp #Network Software Associates
+adapt-sna 1365/udp #Network Software Associates
+netware-csp 1366/tcp #Novell NetWare Comm Service Platform
+netware-csp 1366/udp #Novell NetWare Comm Service Platform
+dcs 1367/tcp
+dcs 1367/udp
+screencast 1368/tcp
+screencast 1368/udp
+gv-us 1369/tcp #GlobalView to Unix Shell
+gv-us 1369/udp #GlobalView to Unix Shell
+us-gv 1370/tcp #Unix Shell to GlobalView
+us-gv 1370/udp #Unix Shell to GlobalView
+fc-cli 1371/tcp #Fujitsu Config Protocol
+fc-cli 1371/udp #Fujitsu Config Protocol
+fc-ser 1372/tcp #Fujitsu Config Protocol
+fc-ser 1372/udp #Fujitsu Config Protocol
+chromagrafx 1373/tcp
+chromagrafx 1373/udp
+molly 1374/tcp #EPI Software Systems
+molly 1374/udp #EPI Software Systems
+bytex 1375/tcp
+bytex 1375/udp
+ibm-pps 1376/tcp #IBM Person to Person Software
+ibm-pps 1376/udp #IBM Person to Person Software
+cichlid 1377/tcp #Cichlid License Manager
+cichlid 1377/udp #Cichlid License Manager
+elan 1378/tcp #Elan License Manager
+elan 1378/udp #Elan License Manager
+dbreporter 1379/tcp #Integrity Solutions
+dbreporter 1379/udp #Integrity Solutions
+telesis-licman 1380/tcp #Telesis Network License Manager
+telesis-licman 1380/udp #Telesis Network License Manager
+apple-licman 1381/tcp #Apple Network License Manager
+apple-licman 1381/udp #Apple Network License Manager
+#udt_os 1382/tcp
+#udt_os 1382/udp
+gwha 1383/tcp #GW Hannaway Network License Manager
+gwha 1383/udp #GW Hannaway Network License Manager
+os-licman 1384/tcp #Objective Solutions License Manager
+os-licman 1384/udp #Objective Solutions License Manager
+atex_elmd 1385/tcp #Atex Publishing License Manager
+atex_elmd 1385/udp #Atex Publishing License Manager
+checksum 1386/tcp #CheckSum License Manager
+checksum 1386/udp #CheckSum License Manager
+cadsi-lm 1387/tcp #Computer Aided Design Software Inc LM
+cadsi-lm 1387/udp #Computer Aided Design Software Inc LM
+objective-dbc 1388/tcp #Objective Solutions DataBase Cache
+objective-dbc 1388/udp #Objective Solutions DataBase Cache
+iclpv-dm 1389/tcp #Document Manager
+iclpv-dm 1389/udp #Document Manager
+iclpv-sc 1390/tcp #Storage Controller
+iclpv-sc 1390/udp #Storage Controller
+iclpv-sas 1391/tcp #Storage Access Server
+iclpv-sas 1391/udp #Storage Access Server
+iclpv-pm 1392/tcp #Print Manager
+iclpv-pm 1392/udp #Print Manager
+iclpv-nls 1393/tcp #Network Log Server
+iclpv-nls 1393/udp #Network Log Server
+iclpv-nlc 1394/tcp #Network Log Client
+iclpv-nlc 1394/udp #Network Log Client
+iclpv-wsm 1395/tcp #PC Workstation Manager software
+iclpv-wsm 1395/udp #PC Workstation Manager software
+dvl-activemail 1396/tcp #DVL Active Mail
+dvl-activemail 1396/udp #DVL Active Mail
+audio-activmail 1397/tcp #Audio Active Mail
+audio-activmail 1397/udp #Audio Active Mail
+video-activmail 1398/tcp #Video Active Mail
+video-activmail 1398/udp #Video Active Mail
+cadkey-licman 1399/tcp #Cadkey License Manager
+cadkey-licman 1399/udp #Cadkey License Manager
+cadkey-tablet 1400/tcp #Cadkey Tablet Daemon
+cadkey-tablet 1400/udp #Cadkey Tablet Daemon
+goldleaf-licman 1401/tcp #Goldleaf License Manager
+goldleaf-licman 1401/udp #Goldleaf License Manager
+prm-sm-np 1402/tcp #Prospero Resource Manager
+prm-sm-np 1402/udp #Prospero Resource Manager
+prm-nm-np 1403/tcp #Prospero Resource Manager
+prm-nm-np 1403/udp #Prospero Resource Manager
+igi-lm 1404/tcp #Infinite Graphics License Manager
+igi-lm 1404/udp #Infinite Graphics License Manager
+ibm-res 1405/tcp #IBM Remote Execution Starter
+ibm-res 1405/udp #IBM Remote Execution Starter
+netlabs-lm 1406/tcp #NetLabs License Manager
+netlabs-lm 1406/udp #NetLabs License Manager
+dbsa-lm 1407/tcp #DBSA License Manager
+dbsa-lm 1407/udp #DBSA License Manager
+sophia-lm 1408/tcp #Sophia License Manager
+sophia-lm 1408/udp #Sophia License Manager
+here-lm 1409/tcp #Here License Manager
+here-lm 1409/udp #Here License Manager
+hiq 1410/tcp #HiQ License Manager
+hiq 1410/udp #HiQ License Manager
+af 1411/tcp #AudioFile
+af 1411/udp #AudioFile
+innosys 1412/tcp
+innosys 1412/udp
+innosys-acl 1413/tcp
+innosys-acl 1413/udp
+ibm-mqseries 1414/tcp #IBM MQSeries
+ibm-mqseries 1414/udp #IBM MQSeries
+dbstar 1415/tcp
+dbstar 1415/udp
+novell-lu6.2 1416/tcp #Novell LU6.2
+novell-lu6.2 1416/udp #Novell LU6.2
+timbuktu-srv1 1417/tcp #Timbuktu Service 1 Port
+timbuktu-srv1 1417/udp #Timbuktu Service 1 Port
+timbuktu-srv2 1418/tcp #Timbuktu Service 2 Port
+timbuktu-srv2 1418/udp #Timbuktu Service 2 Port
+timbuktu-srv3 1419/tcp #Timbuktu Service 3 Port
+timbuktu-srv3 1419/udp #Timbuktu Service 3 Port
+timbuktu-srv4 1420/tcp #Timbuktu Service 4 Port
+timbuktu-srv4 1420/udp #Timbuktu Service 4 Port
+gandalf-lm 1421/tcp #Gandalf License Manager
+gandalf-lm 1421/udp #Gandalf License Manager
+autodesk-lm 1422/tcp #Autodesk License Manager
+autodesk-lm 1422/udp #Autodesk License Manager
+essbase 1423/tcp #Essbase Arbor Software
+essbase 1423/udp #Essbase Arbor Software
+hybrid 1424/tcp #Hybrid Encryption Protocol
+hybrid 1424/udp #Hybrid Encryption Protocol
+zion-lm 1425/tcp #Zion Software License Manager
+zion-lm 1425/udp #Zion Software License Manager
+sas-1 1426/tcp #Satellite-data Acquisition System 1
+sas-1 1426/udp #Satellite-data Acquisition System 1
+mloadd 1427/tcp #mloadd monitoring tool
+mloadd 1427/udp #mloadd monitoring tool
+informatik-lm 1428/tcp #Informatik License Manager
+informatik-lm 1428/udp #Informatik License Manager
+nms 1429/tcp #Hypercom NMS
+nms 1429/udp #Hypercom NMS
+tpdu 1430/tcp #Hypercom TPDU
+tpdu 1430/udp #Hypercom TPDU
+rgtp 1431/tcp #Reverse Gossip Transport
+rgtp 1431/udp #Reverse Gossip Transport
+blueberry-lm 1432/tcp #Blueberry Software License Manager
+blueberry-lm 1432/udp #Blueberry Software License Manager
+ms-sql-s 1433/tcp #Microsoft-SQL-Server
+ms-sql-s 1433/udp #Microsoft-SQL-Server
+ms-sql-m 1434/tcp #Microsoft-SQL-Monitor
+ms-sql-m 1434/udp #Microsoft-SQL-Monitor
+ibm-cics 1435/tcp
+ibm-cics 1435/udp
+sas-2 1436/tcp #Satellite-data Acquisition System 2
+sas-2 1436/udp #Satellite-data Acquisition System 2
+tabula 1437/tcp
+tabula 1437/udp
+eicon-server 1438/tcp #Eicon Security Agent/Server
+eicon-server 1438/udp #Eicon Security Agent/Server
+eicon-x25 1439/tcp #Eicon X25/SNA Gateway
+eicon-x25 1439/udp #Eicon X25/SNA Gateway
+eicon-slp 1440/tcp #Eicon Service Location Protocol
+eicon-slp 1440/udp #Eicon Service Location Protocol
+cadis-1 1441/tcp #Cadis License Management
+cadis-1 1441/udp #Cadis License Management
+cadis-2 1442/tcp #Cadis License Management
+cadis-2 1442/udp #Cadis License Management
+ies-lm 1443/tcp #Integrated Engineering Software
+ies-lm 1443/udp #Integrated Engineering Software
+marcam-lm 1444/tcp #Marcam License Management
+marcam-lm 1444/udp #Marcam License Management
+proxima-lm 1445/tcp #Proxima License Manager
+proxima-lm 1445/udp #Proxima License Manager
+ora-lm 1446/tcp #Optical Research Associates License Manager
+ora-lm 1446/udp #Optical Research Associates License Manager
+apri-lm 1447/tcp #Applied Parallel Research LM
+apri-lm 1447/udp #Applied Parallel Research LM
+oc-lm 1448/tcp #OpenConnect License Manager
+oc-lm 1448/udp #OpenConnect License Manager
+peport 1449/tcp
+peport 1449/udp
+dwf 1450/tcp #Tandem Distributed Workbench Facility
+dwf 1450/udp #Tandem Distributed Workbench Facility
+infoman 1451/tcp #IBM Information Management
+infoman 1451/udp #IBM Information Management
+gtegsc-lm 1452/tcp #GTE Government Systems License Man
+gtegsc-lm 1452/udp #GTE Government Systems License Man
+genie-lm 1453/tcp #Genie License Manager
+genie-lm 1453/udp #Genie License Manager
+interhdl_elmd 1454/tcp #interHDL License Manager
+interhdl_elmd 1454/udp #interHDL License Manager
+esl-lm 1455/tcp #ESL License Manager
+esl-lm 1455/udp #ESL License Manager
+dca 1456/tcp
+dca 1456/udp
+valisys-lm 1457/tcp #Valisys License Manager
+valisys-lm 1457/udp #Valisys License Manager
+nrcabq-lm 1458/tcp #Nichols Research Corp.
+nrcabq-lm 1458/udp #Nichols Research Corp.
+proshare1 1459/tcp #Proshare Notebook Application
+proshare1 1459/udp #Proshare Notebook Application
+proshare2 1460/tcp #Proshare Notebook Application
+proshare2 1460/udp #Proshare Notebook Application
+ibm_wrless_lan 1461/tcp #IBM Wireless LAN
+ibm_wrless_lan 1461/udp #IBM Wireless LAN
+world-lm 1462/tcp #World License Manager
+world-lm 1462/udp #World License Manager
+nucleus 1463/tcp
+nucleus 1463/udp
+msl_lmd 1464/tcp #MSL License Manager
+msl_lmd 1464/udp #MSL License Manager
+pipes 1465/tcp #Pipes Platform
+pipes 1465/udp #Pipes Platform mfarlin@peerlogic.com
+oceansoft-lm 1466/tcp #Ocean Software License Manager
+oceansoft-lm 1466/udp #Ocean Software License Manager
+csdmbase 1467/tcp
+csdmbase 1467/udp
+csdm 1468/tcp
+csdm 1468/udp
+aal-lm 1469/tcp #Active Analysis Limited License Manager
+aal-lm 1469/udp #Active Analysis Limited License Manager
+uaiact 1470/tcp #Universal Analytics
+uaiact 1470/udp #Universal Analytics
+csdmbase 1471/tcp
+csdmbase 1471/udp
+csdm 1472/tcp
+csdm 1472/udp
+openmath 1473/tcp
+openmath 1473/udp
+telefinder 1474/tcp
+telefinder 1474/udp
+taligent-lm 1475/tcp #Taligent License Manager
+taligent-lm 1475/udp #Taligent License Manager
+clvm-cfg 1476/tcp
+clvm-cfg 1476/udp
+ms-sna-server 1477/tcp
+ms-sna-server 1477/udp
+ms-sna-base 1478/tcp
+ms-sna-base 1478/udp
+dberegister 1479/tcp
+dberegister 1479/udp
+pacerforum 1480/tcp
+pacerforum 1480/udp
+airs 1481/tcp
+airs 1481/udp
+miteksys-lm 1482/tcp #Miteksys License Manager
+miteksys-lm 1482/udp #Miteksys License Manager
+afs 1483/tcp #AFS License Manager
+afs 1483/udp #AFS License Manager
+confluent 1484/tcp #Confluent License Manager
+confluent 1484/udp #Confluent License Manager
+lansource 1485/tcp
+lansource 1485/udp
+nms_topo_serv 1486/tcp
+nms_topo_serv 1486/udp
+localinfosrvr 1487/tcp
+localinfosrvr 1487/udp
+docstor 1488/tcp
+docstor 1488/udp
+dmdocbroker 1489/tcp
+dmdocbroker 1489/udp
+insitu-conf 1490/tcp
+insitu-conf 1490/udp
+anynetgateway 1491/tcp
+anynetgateway 1491/udp
+stone-design-1 1492/tcp
+stone-design-1 1492/udp
+netmap_lm 1493/tcp
+netmap_lm 1493/udp
+ica 1494/tcp
+ica 1494/udp
+cvc 1495/tcp
+cvc 1495/udp
+liberty-lm 1496/tcp
+liberty-lm 1496/udp
+rfx-lm 1497/tcp
+rfx-lm 1497/udp
+watcom-sql 1498/tcp
+watcom-sql 1498/udp
+fhc 1499/tcp #Federico Heinz Consultora
+fhc 1499/udp #Federico Heinz Consultora
+vlsi-lm 1500/tcp #VLSI License Manager
+vlsi-lm 1500/udp #VLSI License Manager
+sas-3 1501/tcp #Satellite-data Acquisition System 3
+sas-3 1501/udp #Satellite-data Acquisition System 3
+shivadiscovery 1502/tcp #Shiva
+shivadiscovery 1502/udp #Shiva
+imtc-mcs 1503/tcp #Databeam
+imtc-mcs 1503/udp #Databeam
+evb-elm 1504/tcp #EVB Software Engineering License Manager
+evb-elm 1504/udp #EVB Software Engineering License Manager
+funkproxy 1505/tcp #Funk Software, Inc.
+funkproxy 1505/udp #Funk Software, Inc.
+utcd 1506/tcp #Universal Time daemon (utcd)
+utcd 1506/udp #Universal Time daemon (utcd)
+symplex 1507/tcp
+symplex 1507/udp
+diagmond 1508/tcp
+diagmond 1508/udp
+robcad-lm 1509/tcp #Robcad, Ltd. License Manager
+robcad-lm 1509/udp #Robcad, Ltd. License Manager
+mvx-lm 1510/tcp #Midland Valley Exploration Ltd. Lic. Man.
+mvx-lm 1510/udp #Midland Valley Exploration Ltd. Lic. Man.
+3l-l1 1511/tcp
+3l-l1 1511/udp
+wins 1512/tcp #Microsoft's Windows Internet Name Service
+wins 1512/udp #Microsoft's Windows Internet Name Service
+fujitsu-dtc 1513/tcp #Fujitsu Systems Business of America, Inc
+fujitsu-dtc 1513/udp #Fujitsu Systems Business of America, Inc
+fujitsu-dtcns 1514/tcp #Fujitsu Systems Business of America, Inc
+fujitsu-dtcns 1514/udp #Fujitsu Systems Business of America, Inc
+ifor-protocol 1515/tcp
+ifor-protocol 1515/udp
+vpad 1516/tcp #Virtual Places Audio data
+vpad 1516/udp #Virtual Places Audio data
+vpac 1517/tcp #Virtual Places Audio control
+vpac 1517/udp #Virtual Places Audio control
+vpvd 1518/tcp #Virtual Places Video data
+vpvd 1518/udp #Virtual Places Video data
+vpvc 1519/tcp #Virtual Places Video control
+vpvc 1519/udp #Virtual Places Video control
+atm-zip-office 1520/tcp #atm zip office
+atm-zip-office 1520/udp #atm zip office
+ncube-lm 1521/tcp #nCube License Manager
+ncube-lm 1521/udp #nCube License Manager
+rna-lm 1522/tcp #Ricardo North America License Manager
+rna-lm 1522/udp #Ricardo North America License Manager
+cichild-lm 1523/tcp
+cichild-lm 1523/udp
+ingreslock 1524/tcp #ingres
+ingreslock 1524/udp #ingres
+prospero-np 1525/tcp #Prospero Directory Service non-priv
+prospero-np 1525/udp #Prospero Directory Service non-priv
+#PROBLEMS!========================================================
+orasrv 1525/tcp #oracle
+orasrv 1525/udp #oracle
+#PROBLEMS!========================================================
+pdap-np 1526/tcp #Prospero Data Access Prot non-priv
+pdap-np 1526/udp #Prospero Data Access Prot non-priv
+tlisrv 1527/tcp #oracle
+tlisrv 1527/udp #oracle
+mciautoreg 1528/tcp
+mciautoreg 1528/udp
+support 1529/tcp prmsd gnatsd # cygnus bug tracker
+coauthor 1529/tcp #oracle
+coauthor 1529/udp #oracle
+rap-service 1530/tcp
+rap-service 1530/udp
+rap-listen 1531/tcp
+rap-listen 1531/udp
+miroconnect 1532/tcp
+miroconnect 1532/udp
+virtual-places 1533/tcp #Virtual Places Software
+virtual-places 1533/udp #Virtual Places Software
+micromuse-lm 1534/tcp
+micromuse-lm 1534/udp
+ampr-info 1535/tcp
+ampr-info 1535/udp
+ampr-inter 1536/tcp
+ampr-inter 1536/udp
+sdsc-lm 1537/tcp
+sdsc-lm 1537/udp
+3ds-lm 1538/tcp
+3ds-lm 1538/udp
+intellistor-lm 1539/tcp #Intellistor License Manager
+intellistor-lm 1539/udp #Intellistor License Manager
+rds 1540/tcp
+rds 1540/udp
+rds2 1541/tcp
+rds2 1541/udp
+gridgen-elmd 1542/tcp
+gridgen-elmd 1542/udp
+simba-cs 1543/tcp
+simba-cs 1543/udp
+aspeclmd 1544/tcp
+aspeclmd 1544/udp
+vistium-share 1545/tcp
+vistium-share 1545/udp
+abbaccuray 1546/tcp
+abbaccuray 1546/udp
+laplink 1547/tcp
+laplink 1547/udp
+axon-lm 1548/tcp #Axon License Manager
+axon-lm 1548/udp #Axon License Manager
+shivahose 1549/tcp #Shiva Hose
+shivasound 1549/udp #Shiva Sound
+3m-image-lm 1550/tcp #Image Storage license manager 3M Company
+3m-image-lm 1550/udp #Image Storage license manager 3M Company
+hecmtl-db 1551/tcp
+hecmtl-db 1551/udp
+pciarray 1552/tcp
+pciarray 1552/udp
+issd 1600/tcp
+issd 1600/udp
+# IMPORTANT NOTE: Ports 1645/1646 are the traditional radius ports used by
+# many vendors without obtaining official IANA assignment. The official
+# assignment is now ports 1812/1813 and users are encouraged to migrate
+# when possible to these new ports.
+#radius 1645/udp #RADIUS authentication protocol (old)
+#radacct 1646/udp #RADIUS accounting protocol (old)
+nkd 1650/tcp
+nkd 1650/udp
+shiva_confsrvr 1651/tcp
+shiva_confsrvr 1651/udp
+xnmp 1652/tcp
+xnmp 1652/udp
+netview-aix-1 1661/tcp
+netview-aix-1 1661/udp
+netview-aix-2 1662/tcp
+netview-aix-2 1662/udp
+netview-aix-3 1663/tcp
+netview-aix-3 1663/udp
+netview-aix-4 1664/tcp
+netview-aix-4 1664/udp
+netview-aix-5 1665/tcp
+netview-aix-5 1665/udp
+netview-aix-6 1666/tcp
+netview-aix-6 1666/udp
+netview-aix-7 1667/tcp
+netview-aix-7 1667/udp
+netview-aix-8 1668/tcp
+netview-aix-8 1668/udp
+netview-aix-9 1669/tcp
+netview-aix-9 1669/udp
+netview-aix-10 1670/tcp
+netview-aix-10 1670/udp
+netview-aix-11 1671/tcp
+netview-aix-11 1671/udp
+netview-aix-12 1672/tcp
+netview-aix-12 1672/udp
+l2f 1701/tcp #l2f
+l2f 1701/udp #l2f
+l2tp 1701/tcp #Layer 2 Tunnelling Protocol
+l2tp 1701/udp #Layer 2 Tunnelling Protocol
+pptp 1723/tcp #Point-to-point tunnelling protocol
+# IMPORTANT NOTE: See comments for ports 1645/1646 when using older equipment
+radius 1812/udp #RADIUS authentication protocol (IANA sanctioned)
+radacct 1813/udp #RADIUS accounting protocol (IANA sanctioned)
+licensedaemon 1986/tcp #cisco license management
+licensedaemon 1986/udp #cisco license management
+tr-rsrb-p1 1987/tcp #cisco RSRB Priority 1 port
+tr-rsrb-p1 1987/udp #cisco RSRB Priority 1 port
+tr-rsrb-p2 1988/tcp #cisco RSRB Priority 2 port
+tr-rsrb-p2 1988/udp #cisco RSRB Priority 2 port
+tr-rsrb-p3 1989/tcp #cisco RSRB Priority 3 port
+tr-rsrb-p3 1989/udp #cisco RSRB Priority 3 port
+#PROBLEMS!===================================================
+mshnet 1989/tcp #MHSnet system
+mshnet 1989/udp #MHSnet system
+#PROBLEMS!===================================================
+stun-p1 1990/tcp #cisco STUN Priority 1 port
+stun-p1 1990/udp #cisco STUN Priority 1 port
+stun-p2 1991/tcp #cisco STUN Priority 2 port
+stun-p2 1991/udp #cisco STUN Priority 2 port
+stun-p3 1992/tcp #cisco STUN Priority 3 port
+stun-p3 1992/udp #cisco STUN Priority 3 port
+#PROBLEMS!===================================================
+ipsendmsg 1992/tcp
+ipsendmsg 1992/udp
+#PROBLEMS!===================================================
+snmp-tcp-port 1993/tcp #cisco SNMP TCP port
+snmp-tcp-port 1993/udp #cisco SNMP TCP port
+stun-port 1994/tcp #cisco serial tunnel port
+stun-port 1994/udp #cisco serial tunnel port
+perf-port 1995/tcp #cisco perf port
+perf-port 1995/udp #cisco perf port
+tr-rsrb-port 1996/tcp #cisco Remote SRB port
+tr-rsrb-port 1996/udp #cisco Remote SRB port
+gdp-port 1997/tcp #cisco Gateway Discovery Protocol
+gdp-port 1997/udp #cisco Gateway Discovery Protocol
+x25-svc-port 1998/tcp #cisco X.25 service (XOT)
+x25-svc-port 1998/udp #cisco X.25 service (XOT)
+tcp-id-port 1999/tcp #cisco identification port
+tcp-id-port 1999/udp #cisco identification port
+callbook 2000/tcp
+callbook 2000/udp
+dc 2001/tcp
+wizard 2001/udp #curry
+globe 2002/tcp
+globe 2002/udp
+cfingerd 2003/tcp #GNU finger
+mailbox 2004/tcp
+emce 2004/udp #CCWS mm conf
+berknet 2005/tcp
+oracle 2005/udp
+invokator 2006/tcp
+raid-cc 2006/udp #raid
+dectalk 2007/tcp
+raid-am 2007/udp
+conf 2008/tcp
+terminaldb 2008/udp
+news 2009/tcp
+whosockami 2009/udp
+search 2010/tcp
+pipe_server 2010/udp
+raid-cc 2011/tcp #raid
+servserv 2011/udp
+ttyinfo 2012/tcp
+raid-ac 2012/udp
+raid-am 2013/tcp
+raid-cd 2013/udp
+troff 2014/tcp
+raid-sf 2014/udp
+cypress 2015/tcp
+raid-cs 2015/udp
+bootserver 2016/tcp
+bootserver 2016/udp
+cypress-stat 2017/tcp
+bootclient 2017/udp
+terminaldb 2018/tcp
+rellpack 2018/udp
+whosockami 2019/tcp
+about 2019/udp
+xinupageserver 2020/tcp
+xinupageserver 2020/udp
+servexec 2021/tcp
+xinuexpansion1 2021/udp
+down 2022/tcp
+xinuexpansion2 2022/udp
+xinuexpansion3 2023/tcp
+xinuexpansion3 2023/udp
+xinuexpansion4 2024/tcp
+xinuexpansion4 2024/udp
+ellpack 2025/tcp
+xribs 2025/udp
+scrabble 2026/tcp
+scrabble 2026/udp
+shadowserver 2027/tcp
+shadowserver 2027/udp
+submitserver 2028/tcp
+submitserver 2028/udp
+device2 2030/tcp
+device2 2030/udp
+blackboard 2032/tcp
+blackboard 2032/udp
+glogger 2033/tcp
+glogger 2033/udp
+scoremgr 2034/tcp
+scoremgr 2034/udp
+imsldoc 2035/tcp
+imsldoc 2035/udp
+objectmanager 2038/tcp
+objectmanager 2038/udp
+lam 2040/tcp
+lam 2040/udp
+interbase 2041/tcp
+interbase 2041/udp
+isis 2042/tcp
+isis 2042/udp
+isis-bcast 2043/tcp
+isis-bcast 2043/udp
+rimsl 2044/tcp
+rimsl 2044/udp
+cdfunc 2045/tcp
+cdfunc 2045/udp
+sdfunc 2046/tcp
+sdfunc 2046/udp
+#dls 2047/tcp
+#dls 2047/udp
+dls-monitor 2048/tcp
+dls-monitor 2048/udp
+nfsd 2049/sctp nfs # NFS server daemon
+nfsd 2049/tcp nfs # NFS server daemon
+nfsd 2049/udp nfs # NFS server daemon
+#PROBLEMS!=============================================================
+#shilp 2049/tcp
+#shilp 2049/udp
+#PROBLEMS!=============================================================
+dlsrpn 2065/tcp #Data Link Switch Read Port Number
+dlsrpn 2065/udp #Data Link Switch Read Port Number
+dlswpn 2067/tcp #Data Link Switch Write Port Number
+dlswpn 2067/udp #Data Link Switch Write Port Number
+zephyr-clt 2103/udp #Zephyr serv-hm connection
+zephyr-hm 2104/udp #Zephyr hostmanager
+#PROBLEMS!=============================================================
+#zephyr-hm-srv 2105/udp #Zephyr hm-serv connection
+#PROBLEMS!=============================================================
+eklogin 2105/tcp #Kerberos (v4) encrypted rlogin
+eklogin 2105/udp #Kerberos (v4) encrypted rlogin
+ekshell 2106/tcp #Kerberos (v4) encrypted rshell
+ekshell 2106/udp #Kerberos (v4) encrypted rshell
+rkinit 2108/tcp #Kerberos (v4) remote initialization
+rkinit 2108/udp #Kerberos (v4) remote initialization
+ats 2201/tcp #Advanced Training System Program
+ats 2201/udp #Advanced Training System Program
+hpssd 2207/tcp #HP Status and Services
+hpssd 2207/udp #HP Status and Services
+hpiod 2208/tcp #HP I/O Backend
+hpiod 2208/udp #HP I/O Backend
+rcip-itu 2225/sctp #Resource Connection Initiation Protocol
+rcip-itu 2225/tcp #Resource Connection Initiation Protocol
+ivs-video 2232/tcp #IVS Video default
+ivs-video 2232/udp #IVS Video default
+ivsd 2241/tcp #IVS Daemon
+ivsd 2241/udp #IVS Daemon
+pehelp 2307/tcp
+pehelp 2307/udp
+cvspserver 2401/tcp #CVS network server
+cvspserver 2401/udp #CVS network server
+venus 2430/tcp #venus
+venus 2430/udp #venus
+venus-se 2431/tcp #venus-se
+venus-se 2431/udp #venus-se
+codasrv 2432/tcp #codasrv
+codasrv 2432/udp #codasrv
+codasrv-se 2433/tcp #codasrv-se
+codasrv-se 2433/udp #codasrv-se
+rtsserv 2500/tcp #Resource Tracking system server
+rtsserv 2500/udp #Resource Tracking system server
+rtsclient 2501/tcp #Resource Tracking system client
+rtsclient 2501/udp #Resource Tracking system client
+hp-3000-telnet 2564/tcp #HP 3000 NS/VT block mode telnet
+zebrasrv 2600/tcp #zebra service
+zebra 2601/tcp #zebra vty
+ripd 2602/tcp #RIPd vty
+ripngd 2603/tcp #RIPngd vty
+ospfd 2604/tcp #OSPFd vty
+bgpd 2605/tcp #BGPd vty
+ospf6d 2606/tcp #OSPF6d vty
+dict 2628/tcp #RFC 2229
+dict 2628/udp #RFC 2229
+listen 2766/tcp #System V listener port
+www-dev 2784/tcp #world wide web - development
+www-dev 2784/udp #world wide web - development
+m2ua 2904/sctp #M2UA
+m2ua 2904/tcp #M2UA
+m2ua 2904/udp #M2UA
+m3ua 2905/sctp #M3UA
+m3ua 2905/tcp #M3UA
+megaco-h248 2944/sctp #Megaco-H.248 text
+megaco-h248 2944/tcp #Megaco H-248
+megaco-h248 2944/udp #Megaco H-248
+h248-binary 2945/sctp #Megaco/H.248 binary
+h248-binary 2945/tcp #H248 Binary
+h248-binary 2945/udp #H248 Binary
+eppc 3031/tcp #Remote AppleEvents/PPC Toolbox
+eppc 3031/udp #Remote AppleEvents/PPC Toolbox
+NSWS 3049/tcp
+NSWS 3049/udp
+gds_db 3050/tcp #InterBase Database Remote Protocol
+gds_db 3050/udp #InterBase Database Remote Protocol
+sj3 3086/tcp #SJ3 (kanji input)
+itu-bicc-stc 3097/sctp #ITU-T Q.1902.1/Q.2150.3
+vmodem 3141/tcp
+vmodem 3141/udp
+iscsi-target 3260/tcp # iSCSI port
+iscsi-target 3260/udp # iSCSI port
+ccmail 3264/tcp #cc:mail/lotus
+ccmail 3264/udp #cc:mail/lotus
+dec-notes 3333/tcp #DEC Notes
+dec-notes 3333/udp #DEC Notes
+rdp 3389/tcp #Microsoft Remote Desktop Protocol
+bmap 3421/tcp #Bull Apprise portmapper
+bmap 3421/udp #Bull Apprise portmapper
+prsvp 3455/tcp #RSVP Port
+prsvp 3455/udp rsvp-encap #RSVP Port
+vat 3456/tcp #VAT default data
+vat 3456/udp #VAT default data
+vat-control 3457/tcp #VAT default control
+vat-control 3457/udp #VAT default control
+nut 3493/tcp #Network UPS Tools
+nut 3493/udp #Network UPS Tools
+m2pa 3565/sctp #M2PA
+m2pa 3565/tcp #M2PA
+tsp 3653/tcp #Tunnel Setup Protocol
+tsp 3653/udp #Tunnel Setup Protocol
+svn 3690/tcp #Subversion
+svn 3690/udp #Subversion
+asap 3863/sctp #asap sctp
+asap 3863/tcp #asap tcp port
+asap 3863/udp #asap udp port
+asap-tls 3864/sctp #asap-sctp/tls
+asap-tls 3864/tcp #asap/tls tcp port
+diameter 3868/tcp #DIAMETER
+diameter 3868/sctp #DIAMETER
+udt_os 3900/tcp #Unidata UDT OS
+udt_os 3900/udp #Unidata UDT OS
+mapper-nodemgr 3984/tcp #MAPPER network node manager
+mapper-nodemgr 3984/udp #MAPPER network node manager
+mapper-mapethd 3985/tcp #MAPPER TCP/IP server
+mapper-mapethd 3985/udp #MAPPER TCP/IP server
+mapper-ws_ethd 3986/tcp #MAPPER workstation server
+mapper-ws_ethd 3986/udp #MAPPER workstation server
+netcheque 4008/tcp #NetCheque accounting
+netcheque 4008/udp #NetCheque accounting
+lockd 4045/udp # NFS lock daemon/manager
+lockd 4045/tcp
+nuts_dem 4132/tcp #NUTS Daemon
+nuts_dem 4132/udp #NUTS Daemon
+nuts_bootp 4133/tcp #NUTS Bootp Server
+nuts_bootp 4133/udp #NUTS Bootp Server
+sieve 4190/tcp #ManageSieve Protocol
+sieve 4190/udp #ManageSieve Protocol
+rwhois 4321/tcp #Remote Who Is
+rwhois 4321/udp #Remote Who Is
+unicall 4343/tcp
+unicall 4343/udp
+epmd 4369/tcp #Erlang Port Mapper Daemon
+epmd 4369/udp #Erlang Port Mapper Daemon
+krb524 4444/tcp
+krb524 4444/udp
+# PROBLEM krb524 assigned the port,
+# PROBLEM nv used it without an assignment
+nv-video 4444/tcp #NV Video default
+nv-video 4444/udp #NV Video default
+sae-urn 4500/tcp
+sae-urn 4500/udp
+fax 4557/tcp #FAX transmission service
+hylafax 4559/tcp #HylaFAX client-server protocol
+rfa 4672/tcp #remote file access server
+rfa 4672/udp #remote file access server
+ipfix 4739/sctp #IP Flow Info Export
+ipfix 4739/tcp #IP Flow Info Export
+ipfix 4739/udp #IP Flow Info Export
+ipfixs 4740/sctp #ipfix protocol over DTLS
+ipfixs 4740/tcp #ipfix protocol over TLS
+ipfixs 4740/udp #ipfix protocol over DTLS
+commplex-main 5000/tcp
+commplex-main 5000/udp
+commplex-link 5001/tcp
+commplex-link 5001/udp
+rfe 5002/tcp #radio free ethernet
+rfe 5002/udp #radio free ethernet
+telelpathstart 5010/tcp
+telelpathstart 5010/udp
+telelpathattack 5011/tcp
+telelpathattack 5011/udp
+mmcc 5050/tcp #multimedia conference control tool
+mmcc 5050/udp #multimedia conference control tool
+sds 5059/tcp #SIP Directory Services
+sds 5059/udp #SIP Directory Services
+sip 5060/tcp #Session Initialization Protocol (VoIP)
+sip 5060/udp #Session Initialization Protocol (VoIP)
+sip-tls 5061/tcp #SIP over TLS
+sip-tls 5061/udp #SIP over TLS
+car 5090/sctp #Candidate AR
+cxtp 5091/sctp #Context Transfer Protocol
+rmonitor_secure 5145/tcp
+rmonitor_secure 5145/udp
+aol 5190/tcp #America-Online
+aol 5190/udp #America-Online
+aol-1 5191/tcp #AmericaOnline1
+aol-1 5191/udp #AmericaOnline1
+aol-2 5192/tcp #AmericaOnline2
+aol-2 5192/udp #AmericaOnline2
+aol-3 5193/tcp #AmericaOnline3
+aol-3 5193/udp #AmericaOnline3
+xmpp-client 5222/tcp #XMPP Client Connection
+xmpp-client 5222/udp #XMPP Client Connection
+padl2sim 5236/tcp
+padl2sim 5236/udp
+xmpp-server 5269/tcp #XMPP Server Connection
+xmpp-server 5269/udp #XMPP Server Connection
+hacl-hb 5300/tcp # HA cluster heartbeat
+hacl-hb 5300/udp # HA cluster heartbeat
+hacl-gs 5301/tcp # HA cluster general services
+hacl-gs 5301/udp # HA cluster general services
+hacl-cfg 5302/tcp # HA cluster configuration
+hacl-cfg 5302/udp # HA cluster configuration
+hacl-probe 5303/tcp # HA cluster probing
+hacl-probe 5303/udp # HA cluster probing
+hacl-local 5304/tcp
+hacl-local 5304/udp
+hacl-test 5305/tcp
+hacl-test 5305/udp
+cfengine 5308/tcp
+cfengine 5308/udp
+mdns 5353/tcp #Multicast DNS
+mdns 5353/udp #Multicast DNS
+postgresql 5432/tcp #PostgreSQL Database
+postgresql 5432/udp #PostgreSQL Database
+rplay 5555/udp
+amqp 5672/sctp #AMQP
+amqp 5672/tcp #AMQP
+amqp 5672/udp #AMQP
+v5ua 5675/sctp #V5UA application port
+v5ua 5675/tcp #V5UA application port
+v5ua 5675/udp #V5UA application port
+canna 5680/tcp #Canna (Japanese Input)
+proshareaudio 5713/tcp #proshare conf audio
+proshareaudio 5713/udp #proshare conf audio
+prosharevideo 5714/tcp #proshare conf video
+prosharevideo 5714/udp #proshare conf video
+prosharedata 5715/tcp #proshare conf data
+prosharedata 5715/udp #proshare conf data
+prosharerequest 5716/tcp #proshare conf request
+prosharerequest 5716/udp #proshare conf request
+prosharenotify 5717/tcp #proshare conf notify
+prosharenotify 5717/udp #proshare conf notify
+cvsup 5999/tcp #CVSup file transfer/John Polstra/FreeBSD
+x11 6000/tcp #6000-6063 are assigned to X Window System
+x11 6000/udp
+x11-ssh 6010/tcp #Unofficial name, for convenience
+x11-ssh 6010/udp
+softcm 6110/tcp #HP SoftBench CM
+softcm 6110/udp #HP SoftBench CM
+spc 6111/tcp #HP SoftBench Sub-Process Control
+spc 6111/udp #HP SoftBench Sub-Process Control
+meta-corp 6141/tcp #Meta Corporation License Manager
+meta-corp 6141/udp #Meta Corporation License Manager
+aspentec-lm 6142/tcp #Aspen Technology License Manager
+aspentec-lm 6142/udp #Aspen Technology License Manager
+watershed-lm 6143/tcp #Watershed License Manager
+watershed-lm 6143/udp #Watershed License Manager
+statsci1-lm 6144/tcp #StatSci License Manager - 1
+statsci1-lm 6144/udp #StatSci License Manager - 1
+statsci2-lm 6145/tcp #StatSci License Manager - 2
+statsci2-lm 6145/udp #StatSci License Manager - 2
+lonewolf-lm 6146/tcp #Lone Wolf Systems License Manager
+lonewolf-lm 6146/udp #Lone Wolf Systems License Manager
+montage-lm 6147/tcp #Montage License Manager
+montage-lm 6147/udp #Montage License Manager
+ricardo-lm 6148/tcp #Ricardo North America License Manager
+ricardo-lm 6148/udp #Ricardo North America License Manager
+sge_qmaster 6444/tcp #Grid Engine Qmaster Service
+sge_qmaster 6444/udp #Grid Engine Qmaster Service
+sge_execd 6445/tcp #Grid Engine Execution Service
+sge_execd 6445/udp #Grid Engine Execution Service
+xdsxdm 6558/tcp
+xdsxdm 6558/udp
+sane-port 6566/tcp #Scanner Access Now Easy (SANE) Control Port
+sane-port 6566/udp #Scanner Access Now Easy (SANE) Control Port
+ircd 6667/tcp #Internet Relay Chat (unoffical)
+frc-hp 6704/sctp #ForCES HP (High Priority) channel
+frc-mp 6705/sctp #ForCES MP (Medium Priority) channel
+frc-lp 6706/sctp #ForCES LP (Low priority) channel
+acmsoda 6969/tcp
+acmsoda 6969/udp
+afs3-fileserver 7000/tcp #file server itself
+afs3-fileserver 7000/udp #file server itself
+afs3-callback 7001/tcp #callbacks to cache managers
+afs3-callback 7001/udp #callbacks to cache managers
+afs3-prserver 7002/tcp #users & groups database
+afs3-prserver 7002/udp #users & groups database
+afs3-vlserver 7003/tcp #volume location database
+afs3-vlserver 7003/udp #volume location database
+afs3-kaserver 7004/tcp #AFS/Kerberos authentication service
+afs3-kaserver 7004/udp #AFS/Kerberos authentication service
+afs3-volser 7005/tcp #volume management server
+afs3-volser 7005/udp #volume management server
+afs3-errors 7006/tcp #error interpretation service
+afs3-errors 7006/udp #error interpretation service
+afs3-bos 7007/tcp #basic overseer process
+afs3-bos 7007/udp #basic overseer process
+afs3-update 7008/tcp #server-to-server updater
+afs3-update 7008/udp #server-to-server updater
+afs3-rmtsys 7009/tcp #remote cache manager service
+afs3-rmtsys 7009/udp #remote cache manager service
+afs3-resserver 7010/tcp #MR-AFS residence server
+afs3-resserver 7010/udp #MR-AFS residence server
+ups-onlinet 7010/tcp #onlinet uninterruptable power supplies
+ups-onlinet 7010/udp #onlinet uninterruptable power supplies
+afs3-remio 7011/tcp #MR-AFS remote IO server
+afs3-remio 7011/udp #MR-AFS remote IO server
+font-service 7100/tcp #X Font Service
+font-service 7100/udp #X Font Service
+fodms 7200/tcp #FODMS FLIP
+fodms 7200/udp #FODMS FLIP
+dlip 7201/tcp
+dlip 7201/udp
+simco 7626/sctp #SImple Middlebox COnfiguration (SIMCO)
+simco 7626/tcp #SImple Middlebox COnfiguration (SIMCO) Server
+ftp-proxy 8021/tcp # FTP proxy
+pim 8471/sctp #PIM over Reliable Transport
+pim 8471/tcp #PIM over Reliable Transport
+natd 8668/divert # Network Address Translation
+lcs-ap 9082/sctp #LCS Application Protocol
+aurora 9084/sctp #IBM AURORA Performance Visualizer
+aurora 9084/tcp #IBM AURORA Performance Visualizer
+aurora 9084/udp #IBM AURORA Performance Visualizer
+jetdirect 9100/tcp #HP JetDirect card
+git 9418/tcp #git pack transfer service
+git 9418/udp #git pack transfer service
+man 9535/tcp
+man 9535/udp
+sd 9876/tcp #Session Director
+sd 9876/udp #Session Director
+iua 9900/sctp #IUA
+iua 9900/tcp #IUA
+iua 9900/udp #IUA
+enrp 9901/sctp #enrp server channel
+enrp 9901/udp #enrp server channel
+enrp-tls 9902/sctp #enrp/tls server channel
+amanda 10080/tcp #Dump server control
+amanda 10080/udp #Dump server control
+amandaidx 10082/tcp #Amanda indexing
+amidxtape 10083/tcp #Amanda tape indexing
+wmereceiving 11997/sctp #WorldMailExpress
+wmedistribution 11998/sctp #WorldMailExpress
+wmereporting 11999/sctp #WorldMailExpress
+sua 14001/sctp #SUA
+sua 14001/tcp #SUA
+isode-dua 17007/tcp
+isode-dua 17007/udp
+biimenu 18000/tcp #Beckman Instruments, Inc.
+biimenu 18000/udp #Beckman Instruments, Inc.
+nfsrdma 20049/sctp #Network File System (NFS) over RDMA
+nfsrdma 20049/tcp #Network File System (NFS) over RDMA
+nfsrdma 20049/udp #Network File System (NFS) over RDMA
+wnn4 22273/tcp wnn6 #Wnn4 (Japanese input)
+wnn4_Cn 22289/tcp wnn6_Cn #Wnn4 (Chinese input)
+wnn4_Kr 22305/tcp wnn6_Kr #Wnn4 (Korean input)
+wnn4_Tw 22321/tcp wnn6_Tw #Wnn4 (Taiwanse input)
+wnn6_DS 26208/tcp #Wnn6 (Dserver)
+sgsap 29118/sctp #SGsAP in 3GPP
+sbcap 29168/sctp #SBcAP in 3GPP
+iuhsctpassoc 29169/sctp #HNBAP and RUA Common Association
+s1-control 36412/sctp #S1-Control Plane (3GPP)
+x2-control 36422/sctp #X2-Control Plane (3GPP)
+dbbrowse 47557/tcp #Databeam Corporation
+dbbrowse 47557/udp #Databeam Corporation
diff --git a/etc/shells b/etc/shells
new file mode 100644
index 0000000..fe1e029
--- /dev/null
+++ b/etc/shells
@@ -0,0 +1,9 @@
+# $FreeBSD$
+#
+# List of acceptable shells for chpass(1).
+# Ftpd will not allow users to connect who are not using
+# one of these shells.
+
+/bin/sh
+/bin/csh
+/bin/tcsh
diff --git a/etc/snmpd.config b/etc/snmpd.config
new file mode 100644
index 0000000..86b0989
--- /dev/null
+++ b/etc/snmpd.config
@@ -0,0 +1,302 @@
+# $FreeBSD$
+#
+# Example configuration file for bsnmpd(1).
+#
+
+#
+# Set some common variables
+#
+location := "Room 200"
+contact := "sysmeister@example.com"
+system := 1 # FreeBSD
+traphost := localhost
+trapport := 162
+
+#
+# Set the SNMP engine ID.
+#
+# The snmpEngineID object required from the SNMPv3 Framework. If not explicitly set via
+# this configuration file, an ID is assigned based on the value of the
+# kern.hostid variable
+# engine := 0x80:0x10:0x08:0x10:0x80:0x25
+# snmpEngineID = $(engine)
+
+# Change this!
+read := "public"
+# Uncomment begemotSnmpdCommunityString.0.2 below that sets the community
+# string to enable write access.
+write := "geheim"
+trap := "mytrap"
+
+#
+# Declarations for SNMP-USER-BASED-SM-MIB authentication and privacy options
+#
+
+NoAuthProtocol := 1.3.6.1.6.3.10.1.1.1
+HMACMD5AuthProtocol := 1.3.6.1.6.3.10.1.1.2
+HMACSHAAuthProtocol := 1.3.6.1.6.3.10.1.1.3
+NoPrivProtocol := 1.3.6.1.6.3.10.1.2.1
+DESPrivProtocol := 1.3.6.1.6.3.10.1.2.2
+AesCfb128Protocol := 1.3.6.1.6.3.10.1.2.4
+
+#
+# Enumerations from SNMP-FRAMEWORK-MIB
+#
+
+# Security models
+securityModelAny := 0
+securityModelSNMPv1 := 1
+securityModelSNMPv2c := 2
+securityModelUSM := 3
+
+# Message Processing models
+MPmodelSNMPv1 := 0
+MPmodelSNMPv2c := 1
+MPmodelSNMPv3 := 3
+
+# Security levels
+noAuthNoPriv := 1
+authNoPriv := 2
+authPriv := 3
+
+
+# SNMPv3 USM User definition
+#
+# The localized hex password for a user may be obtained by setting SNMPUSER, SNMPPASSWD,
+# SNMPAUTH and SNMPPRIV environment variables to the desired parameters and invoking
+# 'bsnmpget -v 3 -D -K -o verbose' against the running bsnmpd(1). For other
+# usages refer to the bsnmpget(1) manual page. The following lines define a user "bsnmp"
+# with a private password "bsnmptest", localized for the above engine ID.
+#
+#user1 := "bsnmp"
+#user1passwd := 0x22:0x98:0x1a:0x6e:0x39:0x93:0x16:0x5e:0x6a:0x21:0x1b:0xd8:0xa9:0x81:0x31:0x05:0x16:0x33:0x38:0x60
+
+#
+# Configuration
+#
+%snmpd
+begemotSnmpdDebugDumpPdus = 2
+begemotSnmpdDebugSyslogPri = 7
+
+#
+# Set the read and write communities.
+#
+# The default value of the community strings is NULL (note, that this is
+# different from the empty string). This disables both read and write access.
+# To enable read access only the read community string must be set. Setting
+# the write community string enables both read and write access with that
+# string.
+#
+# Be sure to understand the security implications of SNMPv2 - the community
+# strings are readable on the wire!
+#
+begemotSnmpdCommunityString.0.1 = $(read)
+# begemotSnmpdCommunityString.0.2 = $(write)
+begemotSnmpdCommunityDisable = 1
+
+# open standard SNMP ports
+begemotSnmpdPortStatus.0.0.0.0.161 = 1
+
+# open a unix domain socket
+begemotSnmpdLocalPortStatus."/var/run/snmpd.sock" = 1
+begemotSnmpdLocalPortType."/var/run/snmpd.sock" = 4
+
+# send traps to the traphost
+begemotTrapSinkStatus.[$(traphost)].$(trapport) = 4
+begemotTrapSinkVersion.[$(traphost)].$(trapport) = 2
+begemotTrapSinkComm.[$(traphost)].$(trapport) = $(trap)
+
+sysContact = $(contact)
+sysLocation = $(location)
+sysObjectId = 1.3.6.1.4.1.12325.1.1.2.1.$(system)
+
+snmpEnableAuthenTraps = 2
+
+#
+# SNMPv3 User-based security module - must be loaded for SNMPv3 USM
+#
+#begemotSnmpdModulePath."usm" = "/usr/lib/snmp_usm.so"
+
+#
+# SNMPv3 USM User definition.
+#
+
+#%usm
+
+#
+# The following block creates a user with name "bsnmp" and sets privacy
+# and encryption options to SHA256 message digests and AES encryption
+# for this user.
+#
+# usmUserStatus.$(engine).$(user1) = 5
+# usmUserAuthProtocol.$(engine).$(user1) = $(HMACSHAAuthProtocol)
+# usmUserAuthKeyChange.$(engine).$(user1) = $(user1passwd)
+# usmUserPrivProtocol.$(engine).$(user1) = $(AesCfb128Protocol)
+# usmUserPrivKeyChange.$(engine).$(user1) = $(user1passwd)
+# usmUserStatus.$(engine).$(user1) = 1
+#
+
+#
+# The following block creates a user with name "public" with no authentication
+# or encryption options.
+#
+# usmUserStatus.$(engine).$(read) = 5
+# usmUserAuthProtocol.$(engine).$(read) = $(NoAuthProtocol)
+# usmUserPrivProtocol.$(engine).$(read) = $(NoPrivProtocol)
+# usmUserStatus.$(engine).$(read) = 1
+#
+
+#
+# SNMPv3 View-based Access Control module
+#
+#begemotSnmpdModulePath."vacm" = "/usr/lib/snmp_vacm.so"
+
+#
+# Definition of view-based access control entries.
+#
+#%vacm
+
+# Definition of a SNMPv1 group
+# vacmSecurityToGroupStatus.$(securityModelSNMPv1).$(read) = 4
+# vacmGroupName.$(securityModelSNMPv1).$(read) = $(read)
+
+# Definition of SNMPv2 group
+# vacmSecurityToGroupStatus.$(securityModelSNMPv2c).$(write) = 4
+# vacmGroupName.$(securityModelSNMPv2c).$(write) = $(write)
+
+# Definition of SNMPv3 group with users "bsnmp" and "public"
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(user1) = 4
+# vacmGroupName.$(securityModelUSM).$(user1) = $(write)
+# vacmSecurityToGroupStatus.$(securityModelUSM).$(read) = 4
+# vacmGroupName.$(securityModelUSM).$(read) = $(write)
+
+#
+# The OID of the .iso.org.dod.internet subtree
+#
+# internetoid := 1.3.6.1
+# internetoidlen := 4
+
+#
+# Definitions of two views
+#
+# vacmViewTreeFamilyStatus."internet".$(internetoidlen).$(internetoid) = 4
+# vacmViewTreeFamilyStatus."restricted".$(internetoidlen).$(internetoid) = 4
+
+#
+# Access control
+#
+
+#
+# Read-only access for SNMPv1 users
+#
+# vacmAccessStatus.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(read)."".$(securityModelSNMPv1).$(noAuthNoPriv) = "internet"
+
+#
+# Read-write access for SNMPv2 users
+#
+# vacmAccessStatus.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelSNMPv2c).$(noAuthNoPriv) = "internet"
+
+#
+# Read-write-notify access for SNMPv3 USM users with noAuthNoPriv
+#
+# vacmAccessStatus.$(write)."".3.$(noAuthNoPriv) = 4
+# vacmAccessReadViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessWriteViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+# vacmAccessNotifyViewName.$(write)."".$(securityModelUSM).$(noAuthNoPriv) = "internet"
+
+#
+#Read-write-notify access to restricted for SNMPv3 USM users with authPriv
+#
+# vacmAccessStatus.$(write)."".3.$(authPriv) = 4
+# vacmAccessReadViewName.$(write)."".3.$(authPriv) = "restricted"
+# vacmAccessWriteViewName.$(write)."".3.$(authPriv) = "restricted"
+# vacmAccessNotifyViewName.$(write)."".3.$(authPriv) = "restricted"
+
+#
+# SNMPv3 Notification Targets
+#
+# begemotSnmpdModulePath."target" = "/usr/lib/snmp_target.so"
+
+#%target
+# Send notifications to target tag "test"
+# tag := "test"
+# snmpNotifyRowStatus.$(tag) = 4
+# snmpNotifyTag.$(tag) = $(tag)
+
+# tagremote := "testremote"
+# snmpNotifyRowStatus.$(tagremote) = 4
+# snmpNotifyTag.$(tagremote) = $(tagremote)
+
+#
+# Specify the target parameters for the notifications - send with the credentials
+# of user "bsnmp"
+#
+# snmpTargetParamsRowStatus.$(tag) = 5
+# snmpTargetParamsMPModel.$(tag) = $(MPmodelSNMPv3)
+# snmpTargetParamsSecurityModel.$(tag) = $(securityModelUSM)
+# snmpTargetParamsSecurityName.$(tag) = $(user1)
+# snmpTargetParamsSecurityLevel.$(tag) = $(authPriv)
+# snmpTargetParamsRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on localhost
+#
+# snmpTargetAddrRowStatus.$(tag) = 5
+# snmpTargetAddrTAddress.$(tag) = 0x7f:0x0:0x0:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tag) = "test notification"
+# snmpTargetAddrParams.$(tag) = $(tag)
+# snmpTargetAddrRowStatus.$(tag) = 1
+
+#
+# Define the notifications' target address - port 162 on 10.0.0.1
+#
+# snmpTargetAddrRowStatus.$(tagremote) = 5
+# snmpTargetAddrTAddress.$(tagremote) = 0x0a:0x00:0x00:0x1:0x0:0xa2
+# snmpTargetAddrTagList.$(tagremote) = $(tagremote)
+# snmpTargetAddrParams.$(tagremote) = $(tag)
+# snmpTargetAddrRowStatus.$(tagremote) = 1
+
+#
+# Load MIB-2 module
+#
+begemotSnmpdModulePath."mibII" = "/usr/lib/snmp_mibII.so"
+
+# Force a polling rate for the 64-bit interface counters in case
+# the automatic computation is wrong (which may be the case if an interface
+# announces the wrong bit rate via its MIB).
+#%mibII
+#begemotIfForcePoll = 2000
+
+
+# Netgraph module
+#
+#begemotSnmpdModulePath."netgraph" = "/usr/lib/snmp_netgraph.so"
+#
+#%netgraph
+#begemotNgControlNodeName = "snmpd"
+
+#
+# pf(4) module
+#
+#begemotSnmpdModulePath."pf" = "/usr/lib/snmp_pf.so"
+
+#
+# Host resources module
+# This requires the mibII module.
+#
+#begemotSnmpdModulePath."hostres" = "/usr/lib/snmp_hostres.so"
+
+#
+# Bridge module
+# This requires the mibII module.
+#
+#begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so"
+
+#
+# Wireless module
+# This requires the mibII module.
+#
+#begemotSnmpdModulePath."wlan" = "/usr/lib/snmp_wlan.so"
diff --git a/etc/sysctl.conf b/etc/sysctl.conf
new file mode 100644
index 0000000..0c9e796
--- /dev/null
+++ b/etc/sysctl.conf
@@ -0,0 +1,9 @@
+# $FreeBSD$
+#
+# This file is read when going to multi-user and its contents piped thru
+# ``sysctl'' to adjust kernel values. ``man 5 sysctl.conf'' for details.
+#
+
+# Uncomment this to prevent users from seeing information about processes that
+# are being run under another UID.
+#security.bsd.see_other_uids=0
diff --git a/etc/syslog.conf b/etc/syslog.conf
new file mode 100644
index 0000000..be96831
--- /dev/null
+++ b/etc/syslog.conf
@@ -0,0 +1,31 @@
+# $FreeBSD$
+#
+# Spaces ARE valid field separators in this file. However,
+# other *nix-like systems still insist on using tabs as field
+# separators. If you are sharing this file between systems, you
+# may want to use only tabs as field separators here.
+# Consult the syslog.conf(5) manpage.
+*.err;kern.warning;auth.notice;mail.crit /dev/console
+*.notice;authpriv.none;kern.debug;lpr.info;mail.crit;news.err /var/log/messages
+security.* /var/log/security
+auth.info;authpriv.info /var/log/auth.log
+mail.info /var/log/maillog
+lpr.info /var/log/lpd-errs
+ftp.info /var/log/xferlog
+cron.* /var/log/cron
+*.=debug /var/log/debug.log
+*.emerg *
+# uncomment this to log all writes to /dev/console to /var/log/console.log
+#console.info /var/log/console.log
+# uncomment this to enable logging of all log messages to /var/log/all.log
+# touch /var/log/all.log and chmod it to mode 600 before it will work
+#*.* /var/log/all.log
+# uncomment this to enable logging to a remote loghost named loghost
+#*.* @loghost
+# uncomment these if you're running inn
+# news.crit /var/log/news/news.crit
+# news.err /var/log/news/news.err
+# news.notice /var/log/news/news.notice
+!ppp
+*.* /var/log/ppp.log
+!*
diff --git a/etc/termcap.small b/etc/termcap.small
new file mode 100644
index 0000000..7c30837
--- /dev/null
+++ b/etc/termcap.small
@@ -0,0 +1,315 @@
+# Copyright (c) 1980, 1985, 1989 The Regents of the University of California.
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product includes software developed by the University of
+# California, Berkeley and its contributors.
+# 4. Neither the name of the University nor the names of its contributors
+# may be used to endorse or promote products derived from this software
+# without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+# SUCH DAMAGE.
+#
+# @(#)termcap.src 5.88 (Berkeley) 4/30/91
+# $FreeBSD$
+#
+# for syscons
+# common entry without semigraphics
+cons25w|ansiw|ansi80x25-raw:\
+ :am:bs:NP:ms:pt:AX:eo:bw:ut:km:\
+ :co#80:li#25:pa#64:Co#8:it#8:\
+ :al=\E[L:cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:\
+ :dc=\E[P:dl=\E[M:do=\E[B:bt=\E[Z:ho=\E[H:ic=\E[@:cb=\E[1K:\
+ :nd=\E[C:rs=\Ec:so=\E[7m:se=\E[27m:up=\E[A:cr=^M:ta=^I:\
+ :AF=\E[3%dm:AB=\E[4%dm:op=\E[39;49m:sc=\E7:rc=\E8:\
+ :k1=\E[M:k2=\E[N:k3=\E[O:k4=\E[P:k5=\E[Q:k6=\E[R:k7=\E[S:k8=\E[T:\
+ :k9=\E[U:k;=\E[V:F1=\E[W:F2=\E[X:K2=\E[E:nw=\E[E:ec=\E[%dX:\
+ :kb=^H:kh=\E[H:ku=\E[A:kd=\E[B:kl=\E[D:kr=\E[C:le=^H:sf=\E[S:sr=\E[T:\
+ :kN=\E[G:kP=\E[I:@7=\E[F:kI=\E[L:kD=\177:kB=\E[Z:\
+ :IC=\E[%d@:DC=\E[%dP:SF=\E[%dS:SR=\E[%dT:AL=\E[%dL:DL=\E[%dM:\
+ :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:cv=\E[%i%dd:ch=\E[%i%d`:\
+ :mb=\E[5m:md=\E[1m:mr=\E[7m:me=\E[m:bl=^G:\
+ :ve=\E[=S:vi=\E[=1S:vs=\E[=2S:
+# CP437 FreeBSD console with ACS support
+cons25|ansis|ansi80x25:\
+ :ac=l\332m\300k\277j\331u\264t\303v\301w\302q\304x\263n\305`^Da\260f\370g\361~\371.^Y-^Xh\261i^U0\333y\363z\362:\
+ :tc=cons25w:
+cons25-m|ansis-mono|ansi80x25-mono:\
+ :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25:
+cons30|ansi80x30:\
+ :li#30:tc=cons25:
+cons30-m|ansi80x30-mono:\
+ :li#30:tc=cons25-m:
+cons43|ansi80x43:\
+ :li#43:tc=cons25:
+cons43-m|ansi80x43-mono:\
+ :li#43:tc=cons25-m:
+cons50|ansil|ansi80x50:\
+ :li#50:tc=cons25:
+cons50-m|ansil-mono|ansi80x50-mono:\
+ :li#50:tc=cons25-m:
+cons60|ansi80x60:\
+ :li#60:tc=cons25:
+cons60-m|ansi80x60-mono:\
+ :li#60:tc=cons25-m:
+# Syscons console with 132 characters (VESA modes)
+cons25-w|ansi132x25:\
+ :co#132:tc=cons25:
+cons30-w|ansi132x30:\
+ :co#132:tc=cons30:
+cons43-w|ansi132x43:\
+ :co#132:tc=cons43:
+cons50-w|ansil-w|ansi132x50:\
+ :co#132:tc=cons50:
+cons60-w|ansi132x60:\
+ :co#132:tc=cons60:
+# KOI8-R/KOI8-U FreeBSD console with ACS support
+cons25r|cons25u|pc3r|ibmpc3r|cons25-koi8:\
+ :ac=q\200x\201m\204v\211j\205t\206n\212u\207l\202w\210k\203y\230z\231f\234~\225a\220h\2210\215:\
+ :tc=cons25w:
+cons25r-m|cons25u-m|pc3r-m|ibmpc3r-mono|cons25-koi8-mono:\
+ :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25r:
+cons30r|cons30u|cons30-koi8:\
+ :li#30:tc=cons25r:
+cons30r-m|cons30u-m|cons30-koi8-mono:\
+ :li#30:tc=cons25r-m:
+cons43r|cons43u|cons43-koi8:\
+ :li#43:tc=cons25r:
+cons43r-m|cons43u-m|cons43-koi8-mono:\
+ :li#43:tc=cons25r-m:
+cons50r|cons50u|cons50-koi8:\
+ :li#50:tc=cons25r:
+cons50r-m|cons50u-m|cons50-koi8-mono:\
+ :li#50:tc=cons25r-m:
+cons60r|cons60u|cons60-koi8:\
+ :li#60:tc=cons25r:
+cons60r-m|cons60u-m|cons60-koi8-mono:\
+ :li#60:tc=cons25r-m:
+# Syscons console with 90 characters (VGA modes)
+# KOI8-R/KOI8-U FreeBSD console with ACS support.
+cons25r-v|cons25u-v|pc3r-v|ibmpc3r-vga|cons25-koi8-vga:\
+ :co#90:tc=cons25r:
+cons25r-mv|cons25u-mv|pc3r-mv|ibmpc3r-monovga|cons25-koi8-monovga:\
+ :co#90:tc=cons25r-m:
+cons30r-v|cons30u-v|cons30-koi8-vga:\
+ :co#90:tc=cons30r:
+cons30r-mv|cons30u-mv|cons30-koi8-monovga:\
+ :co#90:tc=cons30r-m:
+cons43r-v|cons43u-v|cons43-koi8-vga:\
+ :co#90:tc=cons43r:
+cons43r-mv|cons43u-mv|cons43-koi8-monovga:\
+ :co#90:tc=cons43r-m:
+cons50r-v|cons50u-v|cons50-koi8-vga:\
+ :co#90:tc=cons50r:
+cons50r-mv|cons50u-mv|cons50-koi8-monovga:\
+ :co#90:tc=cons50r-m:
+cons60r-v|cons60u-v|cons60-koi8-vga:\
+ :co#90:tc=cons60r:
+cons60r-mv|cons60u-mv|cons60-koi8-monovga:\
+ :co#90:tc=cons60r-m:
+# ISO 8859-2 FreeBSD console with ACS support
+cons25l2|cons25-iso8859-2:\
+ :ac=f\260i\247:\
+ :tc=cons25w:
+cons25l2-m|cons25-iso8859-2-mono:\
+ :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l2:
+cons30l2|cons30-iso8859-2:\
+ :li#30:tc=cons25l2:
+cons30l2-m|cons30-iso8859-2-mono:\
+ :li#30:tc=cons25l2-m:
+cons43l2|cons43-iso8859-2:\
+ :li#43:tc=cons25l2:
+cons43l2-m|cons43-iso8859-2-mono:\
+ :li#43:tc=cons25l2-m:
+cons50l2|cons50-iso8859-2:\
+ :li#50:tc=cons25l2:
+cons50l2-m|cons50-iso8859-2-mono:\
+ :li#50:tc=cons25l2-m:
+cons60l2|cons60-iso8859-2:\
+ :li#60:tc=cons25l2:
+cons60l2-m|cons60-iso8859-2-mono:\
+ :li#60:tc=cons25l2-m:
+# ISO 8859-1 FreeBSD console with ACS support
+cons25l1|cons25-iso8859-1:\
+ :ac=f\260g\261}\243+\253,\273i\247:\
+ :tc=cons25w:
+cons25l1-m|cons25-iso8859-1-mono:\
+ :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l1:
+cons30l1|cons30-iso8859-1:\
+ :li#30:tc=cons25l1:
+cons30l1-m|cons30-iso8859-1-mono:\
+ :li#30:tc=cons25l1-m:
+cons43l1|cons43-iso8859-1:\
+ :li#43:tc=cons25l1:
+cons43l1-m|cons43-iso8859-1-mono:\
+ :li#43:tc=cons25l1-m:
+cons50l1|cons50-iso8859-1:\
+ :li#50:tc=cons25l1:
+cons50l1-m|cons50-iso8859-1-mono:\
+ :li#50:tc=cons25l1-m:
+cons60l1|cons60-iso8859-1:\
+ :li#60:tc=cons25l1:
+cons60l1-m|cons60-iso8859-1-mono:\
+ :li#60:tc=cons25l1-m:
+# 132x25 ISO 8859-1 FreeBSD console
+cons25l1-w|cons25w-iso8859-1:\
+ :co#132:tc=cons25l1:
+cons30l1-w|cons30w-iso8859-1:\
+ :co#132:tc=cons30l1:
+cons43l1-w|cons43w-iso8859-1:\
+ :co#132:tc=cons43l1:
+cons50l1-w|cons50w-iso8859-1:\
+ :co#132:tc=cons50l1:
+cons60l1-w|cons60w-iso8859-1:\
+ :co#132:tc=cons60l1:
+# ISO 8859-7 FreeBSD console with ACS support
+cons25l7|cons25-iso8859-7:\
+ :ac=f\260g\261{\360}\243+\253,\273i\247:\
+ :tc=cons25w:
+cons25l7-m|cons25-iso8859-7-mono:\
+ :pa@:Co@:AF@:AB@:AX@:op@:us=\E[4m:ue=\E[24m:tc=cons25l7:
+cons30l7|cons30-iso8859-7:\
+ :li#30:tc=cons25l7:
+cons30l7-m|cons30-iso8859-7-mono:\
+ :li#30:tc=cons25l7-m:
+cons43l7|cons43-iso8859-7:\
+ :li#43:tc=cons25l7:
+cons43l7-m|cons43-iso8859-7-mono:\
+ :li#43:tc=cons25l7-m:
+cons50l7|cons50-iso8859-7:\
+ :li#50:tc=cons25l7:
+cons50l7-m|cons50-iso8859-7-mono:\
+ :li#50:tc=cons25l7-m:
+cons60l7|cons60-iso8859-7:\
+ :li#60:tc=cons25l7:
+cons60l7-m|cons60-iso8859-7-mono:\
+ :li#60:tc=cons25l7-m:
+
+SC|screen|VT 100/ANSI X3.64 virtual terminal:\
+ :am:xn:ms:mi:G0:km:\
+ :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:bs:bt=\E[Z:\
+ :cb=\E[1K:cd=\E[J:ce=\E[K:cl=\E[H\E[J:cm=\E[%i%d;%dH:ct=\E[3g:\
+ :do=^J:nd=\E[C:pt:rc=\E8:rs=\Ec:sc=\E7:st=\EH:up=\EM:\
+ :le=^H:bl=^G:cr=^M:it#8:ho=\E[H:nw=\EE:ta=^I:is=\E)0:\
+ :li#24:co#80:us=\E[4m:ue=\E[24m:so=\E[3m:se=\E[23m:\
+ :mb=\E[5m:md=\E[1m:mr=\E[7m:me=\E[m:sr=\EM:al=\E[L:\
+ :AL=\E[%dL:dl=\E[M:DL=\E[%dM:cs=\E[%i%d;%dr:dc=\E[P:\
+ :DC=\E[%dP:im=\E[4h:ei=\E[4l:IC=\E[%d@:\
+ :ks=\E[?1h\E=:ke=\E[?1l\E>:vb=\Eg:\
+ :ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=^H:\
+ :k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:\
+ :k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:F1=\E[23~:F2=\E[24~:\
+ :F3=\E[25~:F4=\E[26~:F5=\E[28~:F6=\E[29~:\
+ :F7=\E[31~:F8=\E[32~:F9=\E[33~:FA=\E[34~:\
+ :kh=\E[1~:kI=\E[2~:kD=\E[3~:@7=\E[4~:kP=\E[5~:\
+ :kN=\E[6~:eA=\E(B\E)0:as=^N:ae=^O:ti=\E[?1049h:te=\E[?1049l:\
+ :vi=\E[?25l:ve=\E[34h\E[?25h:vs=\E[34l:\
+ :Co#8:pa#64:AF=\E[3%dm:AB=\E[4%dm:op=\E[39;49m:AX:\
+ :ac=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..--++,,hhII00:
+
+vt100|dec-vt100|vt100-am|vt100am|dec vt100:\
+ :do=2\E[B:co#80:li#24:cl=50\E[H\E[J:sf=2*\ED:\
+ :le=^H:bs:am:cm=5\E[%i%d;%dH:nd=2\E[C:up=2\E[A:\
+ :ce=3\E[K:cd=50\E[J:so=2\E[7m:se=2\E[m:us=2\E[4m:ue=2\E[m:\
+ :md=2\E[1m:mr=2\E[7m:mb=2\E[5m:me=2\E[m:\
+ :is=\E>\E[?1;3;4;5l\E[?7;8h\E[1;24r\E[24;1H:\
+ :if=/usr/share/tabset/vt100:nw=2\EE:ho=\E[H:\
+ :as=2\E(0:ae=2\E(B:\
+ :ac=``aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||:\
+ :rs=\E>\E[?1;3;4;5l\E[?7;8h:ks=\E[?1h\E=:ke=\E[?1l\E>:\
+ :ku=\EOA:kd=\EOB:kr=\EOC:kl=\EOD:kb=\177:\
+ :k0=\EOy:k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\EOt:\
+ :k6=\EOu:k7=\EOv:k8=\EOl:k9=\EOw:k;=\EOx:@8=\EOM:\
+ :K1=\EOq:K2=\EOr:K3=\EOs:K4=\EOp:K5=\EOn:pt:sr=2*\EM:xn:\
+ :sc=2\E7:rc=2\E8:cs=5\E[%i%d;%dr:UP=2\E[%dA:DO=2\E[%dB:RI=2\E[%dC:\
+ :LE=2\E[%dD:ct=2\E[3g:st=2\EH:ta=^I:ms:bl=^G:cr=^M:eo:it#8:\
+ :RA=\E[?7l:SA=\E[?7h:po=\E[5i:pf=\E[4i:
+
+# $XTermId: termcap,v 1.78 2009/11/09 00:24:26 tom Exp $
+#
+xterm-new|modern xterm:\
+ :@7=\EOF:@8=\EOM:F1=\E[23~:F2=\E[24~:K2=\EOE:Km=\E[M:\
+ :k1=\EOP:k2=\EOQ:k3=\EOR:k4=\EOS:k5=\E[15~:k6=\E[17~:\
+ :k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:kI=\E[2~:\
+ :kN=\E[6~:kP=\E[5~:kd=\EOB:kh=\EOH:kl=\EOD:kr=\EOC:ku=\EOA:\
+ :tc=xterm-basic:
+#
+# This chunk is used for building the VT220/Sun/PC keyboard variants.
+xterm-basic|modern xterm common:\
+ :am:bs:km:mi:ms:ut:xn:AX:\
+ :Co#8:co#80:kn#12:li#24:pa#64:\
+ :AB=\E[4%dm:AF=\E[3%dm:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:\
+ :DO=\E[%dB:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:ae=\E(B:al=\E[L:\
+ :as=\E(0:bl=^G:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:\
+ :cm=\E[%i%d;%dH:cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:\
+ :ei=\E[4l:ho=\E[H:im=\E[4h:is=\E[!p\E[?3;4l\E[4l\E>:\
+ :kD=\E[3~:kb=^H:ke=\E[?1l\E>:ks=\E[?1h\E=:le=^H:md=\E[1m:\
+ :me=\E[m:ml=\El:mr=\E[7m:mu=\Em:nd=\E[C:op=\E[39;49m:\
+ :rc=\E8:rs=\E[!p\E[?3;4l\E[4l\E>:sc=\E7:se=\E[27m:sf=^J:\
+ :so=\E[7m:sr=\EM:st=\EH:\
+ :ue=\E[24m:up=\E[A:us=\E[4m:ve=\E[?12l\E[?25h:vi=\E[?25l:vs=\E[?12;25h:
+#
+# This is the only entry which you should have to customize, since "xterm"
+# is widely used for a variety of incompatible terminal emulations including
+# color_xterm and rxvt.
+xterm|X11 terminal emulator:\
+ :tc=xterm-new:
+#
+# Add the capability to "clear the screen" after exiting vi, more/less, etc.
+xterm-clear:\
+ :te=\E[?1049l:ti=\E[?1049h:\
+ :tc=xterm-new:
+#
+# This should work for the commonly used "color xterm" variations (XFree86
+# xterm, color_xterm, nxterm, rxvt). Note that it does not set 'bce', so for
+# XFree86 and rxvt, some applications that use colors will be less efficient,
+# and in a few special cases (with "smart" optimization) the wrong color will
+# be painted in spots.
+xterm-color|generic "ANSI" color xterm:\
+ :Co#8:NC@:pa#64:\
+ :AB=\E[4%dm:AF=\E[3%dm:ac=:op=\E[m:tc=xterm-r6:
+#
+# Compatible with the X11R6.3 xterm
+xterm-r6|xterm-old|X11R6 xterm:\
+ :am:bs:km:mi:ms:pt:xn:\
+ :co#80:kn#20:li#24:\
+ :*6=\E[4~:@0=\E[1~:@7=\E[4~:AL=\E[%dL:DC=\E[%dP:DL=\E[%dM:\
+ :DO=\E[%dB:F1=\E[23~:F2=\E[24~:F3=\E[25~:F4=\E[26~:\
+ :F5=\E[28~:F6=\E[29~:F7=\E[31~:F8=\E[32~:F9=\E[33~:\
+ :FA=\E[34~:LE=\E[%dD:RI=\E[%dC:UP=\E[%dA:ae=^O:al=\E[L:\
+ :as=^N:bl=^G:cd=\E[J:ce=\E[K:cl=\E[H\E[2J:cm=\E[%i%d;%dH:\
+ :cs=\E[%i%d;%dr:ct=\E[3g:dc=\E[P:dl=\E[M:eA=\E)0:ei=\E[4l:\
+ :ho=\E[H:im=\E[4h:\
+ :is=\E[m\E[?7h\E[4l\E>\E7\E[r\E[?1;3;4;6l\E8:\
+ :k1=\E[11~:k2=\E[12~:k3=\E[13~:k4=\E[14~:k5=\E[15~:\
+ :k6=\E[17~:k7=\E[18~:k8=\E[19~:k9=\E[20~:k;=\E[21~:\
+ :kD=\E[3~:kI=\E[2~:kN=\E[6~:kP=\E[5~:kb=^H:kd=\EOB:\
+ :ke=\E[?1l\E>:kh=\E[1~:kl=\EOD:kr=\EOC:ks=\E[?1h\E=:\
+ :ku=\EOA:md=\E[1m:me=\E[m:ml=\El:mr=\E[7m:mu=\Em:nd=\E[C:\
+ :rc=\E8:rs=\E[m\E[?7h\E[4l\E>\E7\E[r\E[?1;3;4;6l\E8:\
+ :sc=\E7:se=\E[m:sf=^J:so=\E[7m:sr=\EM:\
+ :ue=\E[m:up=\E[A:us=\E[4m:
+#
+# Add the capability to "clear the screen" after exiting vi, more/less, etc.
+xterm-r6-clear:\
+ :te=\E[2J\E[?47l\E8:ti=\E7\E[?47h:ue=\E[m:\
+ :tc=xterm-r6:
OpenPOWER on IntegriCloud