| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
available (the kernel module is loaded or compiled into the kernel).
Approved by: glebius (mentor)
Approved by: re (blanket)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
assignments to the literal values it would have returned.
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
|
| |
|
|
| |
Submitted by: wxs
|
| |
|
|
|
| |
already does. This eliminates a logical inconsistency, and a small
window where the system is open after the network comes up.
|
| |
|
|
|
| |
with theirs, so this information doesn't need to be in the live file.
Having it in our CVS history is enough.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
and takes over mountcritlocal's role as the early / late divider. This
makes it far easier to add rc scripts which need to run early, such as a
startup script for zfs, which is right around the corner.
This change should be a no-op; I have verified that the only change in
rcorder's output is the insertion of FILESYSTEMS immediately after
mountcritlocal.
MFC after: 3 weeks
|
| |
|
|
| |
cases. So we get rid of quite a few lines of duplicated code.
|
| |
|
|
|
|
|
|
|
|
| |
loading them into the live one too.
PR: conf/97311
Submitted by: David Bushong
Reviewed by: silence on rc@
Approved by: ru (mentor)
MFC after: 10 days
|
| |
|
|
|
|
| |
recent ipfilter import.
Approved by: re (scottl), anholt (mentor)
|
| |
|
|
|
|
|
|
|
|
| |
for kldstat to ever print "IP Filter" (the module is called "ipfilter"
and modules don't have anything like a description), so this function
would always return false. That would cause prestart to attempt to
load the module even if it's already loaded, which would fail and
prevent the rules from being loaded.
Approved by: re (dwhite)
|
| |
|
|
|
|
|
| |
makes any sense.
Discussed with: dougb, brooks
MFC after: 3 days
|
| |
|
|
|
|
| |
PR: misc/56715
Submitted by: grant@NetBSD.org
Reviewed by: darrenr
|
| |
|
|
| |
Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>
|
| |
|
|
| |
hold-overs from the initial NetBSD import.
|
| |
|
|
| |
into its own function to avoid a small duplication of code.
|
| |
|
|
|
|
|
|
|
| |
in keeping the scripts under rc.d in sync with us. So, remove
NetBSD specific stuff (which made our scripts more complicated
than necessary).
The NetBSD ident string will be left intact, both for history and
also incase we wish to pull in future versions.
|
| |
|
|
|
|
| |
in keeping the scripts under rc.d in sync with us. So, begin removal
of NetBSD specific stuff (which made our scripts more complicated
than necessary), starting with the NetBSD KEYWORD.
|
| | |
|
| |
|
|
| |
Spotted by: Gennady Proskurin <gpr@nvnpp.vrn.ru>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use a more robust check to determine if we need to load ipl.ko.
- Don't try to run ipf -E if ipfilter is already enabled. Look at
the net.inet.ipf.fr_running sysctl to figure this out. This fixes
a warning message about ipfilter being already initialized.
- Only one ipf -E command is needed. We don't need an extra one for
the -6 case which would only print a warning message about ipfilter
being already initialized.
- Fix one occurence where we were running /sbin/ipf directly without
using the ${ipfilter_program} variable if set.
- In ipfilter_stop(), don't try to save the firewall state tables if
ipfilter is disabled. Similarly, don't try to disable it if it's
already disabled. This fixes some more error messages.
|
| |
|
|
|
|
| |
required commands are not on a mounted file system.
Noticed by: bde
|
| |
|
|
|
|
|
| |
o Make 'No ipnat rules' a warning
o Remove unecessary ' ..'
Approved by: markm (implicit)
|
| |
|
|
|
|
|
|
|
| |
it doesn't work because the start_cmd doesn't enable ipfilter if
it is currently disabled.
Approved by: markm (mentor) (implicit)
Submitted by: Michael Lyngbøl <lyngbol@bifrost.lyngbol.dk>
PR: conf/46103
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
o group them together so they run one right after another
o use the NetBSD supplied ipfs script instead of tacking
it on to the end of ipnat
o Load the ipl module in ipnat and ipfilter, if it's not already
loaded
o In ipmon and ipnat show a warning if neither ipfilter nor
ipnat is enabled or the ipl module is not loaded, and exit
Approved by: markm (mentor) (implicit)
Tested by: leafy <leafy@leafy.idv.tw>
|
| |
|
|
| |
Submitted by: Mark Huizer <xaa+freebsd@timewasters.nl>
|
| |
|
|
| |
from IPv4.
|
| |
|
|
|
|
|
|
|
| |
to specify rules definition file for ipfilter. The default is
/etc/ipf6.rules. If there is a file which is specified by
'ipv6_ipfilter_rules', IPv6 rule is installed.
Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org>
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.
Approved by: silence from gordon
|
| |
|
|
| |
OS-dependent case switches.
|
| |
|
|
|
|
|
|
| |
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
|
|
|
Note that `rc' and `rc.shutdown' could not be imported because we already
have files with those names.
|
