summaryrefslogtreecommitdiffstats
path: root/etc/rc.d/netoptions
Commit message (Collapse)AuthorAgeFilesLines
* Fix style bugs:schweikh2002-10-121-3/+3
| | | | | | | | | | * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line. Approved by: silence from gordon
* Merge in all the changes that Mike Makonnen has been maintaining for agordon2002-07-181-965/+31
| | | | | | | | while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
* Cosmetic changes to the previous commit, bringing it closer to what Ides2002-04-111-7/+7
| | | | already had in my tree but didn't want to commit.
* Since sshd expects /etc/ssh/ssh_host_rsa_key to exist, we had betterpeter2002-04-101-4/+9
| | | | | create it. Also specify protocol v1/v2 in case people wonder why we generate two RSA keys.
* The good news is that my initial PR was correct... the bad news is that Idougb2002-04-011-1/+5
| | | | | | | | | was apparently smoking something when I committed the last fix, because as ume was kindly enough to set me straight on, amd *will* start with no arguments at all, as long as there is an /etc/amd.conf file for it to read. What it won't do is start with *just* -p. In any case, now it's fixed.
* Don't try to generate ssh keys if ssh isn't installed.des2002-03-191-7/+11
|
* IPFilter may need to be re-sync'ed even if we are not filtering, butcjc2002-03-191-1/+3
| | | | | | | | only doing ipnat(8). Go back to using $ipfilter_active, but turn off $ipfilter_active when loading ipl.ko has failed. Submitted by: devet@devet.org (Arjan de Vet) MFC after: 3 days
* Answer the question posed in 1.126. amd won't start without either adougb2002-03-171-2/+11
| | | | | | | | conf file, or command line options. I brought this up in PR 12432, which (ironically) obrien assigned to me after I became a committer. :) PR: conf/12432 Submitted by: Me
* The reload of ipf(8) rules should depend on $ipfilter_enable, notcjc2002-03-121-2/+1
| | | | | | | $ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to load, and $ipfilter_active can be "YES" when we are not using ipf(8). MFC after: 3 days
* Background the startup of `Amd', it often blocks on startup.obrien2002-03-121-2/+2
|
* Why shouldn't amd always write its PID to a file?obrien2002-03-121-6/+2
| | | | Since I cannot answer that question, make it.
* Redirect stdout of `ipf -y' to /dev/null. This removes a straydd2002-03-041-1/+1
| | | | | "filter sync'd" in the middle of the boot output if IPFilter is enabled, but does not hide any potential errors, which go to stderr.
* There is no reason to demand the administrator set 'natd_interface'cjc2002-02-201-5/+4
| | | | | | | | | | | | | when running natd(8) out of the rc-files. It is perfectly valid for the interface or alias address to be set in a natd(8) configuration file, not on the command line. Also, loosen up the restrictions on identifying an IP address argument in 'natd_interface.' Fix the documentation, rc.conf(5), to reflect this change. Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf. MFC after: 3 days
* peter points out that we probably should not mess with the sysctl(8)cjc2002-02-081-4/+5
| | | | | | | | | values at all if they are not purposefully set. What if the administrator messed with them in /etc/sysctl.conf? We don't want to overwrite them. If 'log_in_vain' is zero, do not force the issue. If it is non-zero, set it.
* Register amd's dependency on NFS.sheldonh2002-01-281-36/+51
| | | | | | | | This change was submitted to the freebsd-audit mailing list for review but received no feedback. Hindsight-enabled reviews are welcome. PR: conf/31358 Submitted: Thomas Quinot <thomas@cuivre.fr.eu.org>
* Make the rc.conf(5) 'log_in_vain' knob an integer.cjc2002-01-261-3/+12
| | | | | | | | | | Try this out in -CURRENT, MFC, and then consider dropping the 'log_in_vain' knob all together. It really is something for sysctl.conf(5). PR: bin/32953 Reviewed by: -bugs discussion MFC after: 1 week
* rpc.lockd needs rpc.statd to be running for it to start up properly.alfred2001-12-131-4/+15
| | | | | | | | | so swap the order. Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is enabled. They are needed to provide client side locking support. PR: conf/27811
* s/sysctl -w/sysctl/ru2001-12-111-19/+19
|
* o Update rc.network to reflect the recent change of default in therwatson2001-12-071-3/+3
| | | | | | | | | | | kernel TCP timer code: rather than checking for tcp_keepalive being set to "YES", check for "NO" and turn off keepalives if the variable is set in that manner. o Note: eventually, it would make sense to remove this variable from rc.conf management, and instead rely on sysctl.conf. In fact, this is probably true of a number of rc.conf variables whose sole aim is to drive the setting of sysctls at boot time.
* Protect the '*' in pppoed_provider (the default) from metacharactercjc2001-12-061-0/+2
| | | | | | | | | | expansion in the rc-scripts. PR: 32552 Submitted by: Gleb Smirnoff <glebius@rinet.ru> Approved by: ru Obtained from: ru MFC after: 1 day
* Spelling police: sucessful -> successful.dd2001-11-241-1/+1
|
* Resolve all the ipfilter startup issues in rc.network with one big patchdarrenr2001-11-241-59/+71
| | | | | | | | | to get it all right, allowing ipnat to be enabled independantly of ipfilter in rc.conf (among other things). PR: multiple Submitted by: Arjan de Vet <devet@devet.org> Reviewed by: Giorgos Keramidas <keramida@FreeBSD.org>
* Avoid unnecessary calls to expr(1) by using standard shell arithmeticsheldonh2001-11-141-1/+1
| | | | expansion instead.
* Update the nsswitch.conf -> host.conf generator to handle criteria,fenner2001-11-071-10/+16
| | | | | | | | continuation lines, extra whitespace, and to use the last matching line in the file. This syncs the host.conf generation with how the nsswitch.conf is parsed. Only print " host.conf" instead of a multi-line message, since this happens on every boot.
* Modify the way host.conf and nsswitch.conf are treated at boot time:des2001-11-011-7/+34
| | | | | | | | - if nsswitch.conf exists, host.conf is auto-generated for compatibility with legacy applications and libraries. - if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto- generated as usual.
* Do an ipf -y after bringing up ppp to ensure rules which mention ppp getdarrenr2001-10-201-0/+14
| | | | | | | matched. Moification on PR to handle ipnat not being dependant on ipfilter_enable PR: 22859
* Allow ipnat_enable to be set to "yes" without requiring ipfiltre_enable todarrenr2001-10-201-11/+16
| | | | | | be set to "yes" PR: 25223
* Put in place for using ipfs use on shutdown and startup.darrenr2001-10-201-0/+9
| | | | PR: 27070
* Handle the lack of nfs server or client support in the kernel bydougb2001-10-191-1/+12
| | | | kldload'ing the appropriate modules before enabling the service.
* Remove references to nfsiod and nfs_client_flags now that they arejhb2001-10-101-1/+0
| | | | | | obsolete. Submitted by: Gordon Tetlow <gordont@gnf.org>
* Add a new rc.conf variable, cloned_interfaces, to create clonedbrooks2001-09-191-1/+10
| | | | interfaces at boot.
* The vfs.nfs.bufpackets sysctl is in the client, not the server. Move itpeter2001-09-191-9/+8
| | | | | to the client section. Turn off nfsiod, it no longer exists (now just kthreads). I need revisit nfsiod so that we have an argument passthrough.
* Merge in patch to automagically decide whether or not a kldload of ipfilterdarrenr2001-07-301-0/+13
| | | | | | | | | | is required into rc.network. Person failed to use a real name so both email addresses from PR included (Sent was different to From). PR: 22998 Submitted by: dl@leo.org/spock@empire.trek.org
* Upgraded launchpad for kerberos. Noe kerberos IV OR kerberos 5markm2001-07-281-9/+26
| | | | may be started at boot for kerberos servers.
* Create gif devices in the "gifconfig" stage while configuring them.brooks2001-07-021-1/+1
| | | | | | Reviewed by: ru, ume Obtained from: NetBSD MFC after: 1 week
* Fix misindented esac.schweikh2001-06-161-1/+1
| | | | MFC after: 1 week
* Sync with recent KAME.ume2001-06-111-1/+1
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* Add a missing \nbrian2001-06-101-1/+1
| | | | | | Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> PR: 28014 MFC after: 1 week
* Move gif_interfaces from an IP6 option to a regular IP option.brian2001-06-031-0/+23
| | | | | | PR: 26543 Submitted by: Brooks Davis <brooks@one-eyed-alien.net> MFC after: 3 weeks
* Restore the RSA host key to /etc/ssh/ssh_host_key.obrien2001-05-181-8/+3
| | | | Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
* Link /etc/ssh/ssh_host_key to /etc/ssh/ssh_host_rsa_key to deal withjesper2001-05-161-2/+7
| | | | | | | gratutious changes in the latest SSH Reviewed by: obrien Approved by: obrien
* s/ssh_host_key/ssh_host_rsa_key/ since that is what openssh uses nowpeter2001-05-091-2/+2
| | | | after a mergemaster.
* Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a fewdes2001-03-191-7/+0
| | | | | | | very specific scenarios, and now that we have had net.inet.tcp.blackhole for quite some time there is really no reason to use it any more. (second of three commits)
* Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) andalfred2001-03-191-112/+118
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | associated changes that had to happen to make this possible as well as bugs fixed along the way. Bring in required TLI library routines to support this. Since we don't support TLI we've essentially copied what NetBSD has done, adding a thin layer to emulate direct the TLI calls into BSD socket calls. This is mostly from Sun's tirpc release that was made in 1994, however some fixes were backported from the 1999 release (supposedly only made available after this porting effort was underway). The submitter has agreed to continue on and bring us up to the 1999 release. Several key features are introduced with this update: Client calls are thread safe. (1999 code has server side thread safe) Updated, a more modern interface. Many userland updates were done to bring the code up to par with the recent RPC API. There is an update to the pthreads library, a function pthread_main_np() was added to emulate a function of Sun's threads library. While we're at it, bring in NetBSD's lockd, it's been far too long of a wait. New rpcbind(8) replaces portmap(8) (supporting communication over an authenticated Unix-domain socket, and by default only allowing set and unset requests over that channel). It's much more secure than the old portmapper. Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded to support TI-RPC and to support IPV6. Umount(8) is also fixed to unmount pathnames longer than 80 chars, which are currently truncated by the Kernel statfs structure. Submitted by: Martin Blapp <mb@imp.ch> Manpage review: ru Secure RPC implemented by: wpaul
* * Add an eval so that ipnat_flags=">/dev/null" works, per the PRdougb2000-12-171-3/+5
| | | | | | | * Do some line length and specify full path cleanups while I'm here PR: conf/22937 Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
* Apply a more consistent style to the echo statements in /etc/ scripts.dougb2000-12-171-10/+10
| | | | | | | | | | * Put quotes around each line * Single quotes for lines with no variable interpolation * Double quotes if there is * Capitalize each word that begins a line * Make echo -n 'Doing foo:' ... echo '.' more of a standard No functionality changes
* Fixed the reporting of ip_portrange_{first|last}.ru2000-10-121-2/+2
|
* Add copyright notices. Other systems have been barrowing our /etc filesobrien2000-10-081-0/+25
| | | | w/o giving any credit.
* This brings support for IP Filter into rc.network and rc.conf withdarrenr2000-10-061-0/+31
| | | | | | | | | | | | the appropriate documentation added to rc.conf(5). If all goes well with this over the next few weeks, the PR will be closed with the pullup of patches back to 4-STABLE. PR: 20202 Submitted by: Gerhard Sittig <Gerhard.Sittig@gmx.net> Reviewed by: Darren Reed <darrenr@freebsd.org> Approved by: Darren Reed <darrenr@freebsd.org> Obtained from: Gerhard Sittig <Gerhard.Sittig@gmx.net>
* Use su -m instead of just su to avoid reading the users login profilebrian2000-09-281-1/+1
|
OpenPOWER on IntegriCloud