| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
from IPv4.
|
| |
|
|
|
|
|
|
|
| |
o use ifn rather than interface in rc.network
o merge into rc.d/network1
Approved by: (re blanket)
|
|
|
|
|
|
| |
o Only delay in pccard_ether when we're doing dhcp and starting the interface.
Approved: (re blanket for devd)
|
|
|
|
|
|
|
|
|
| |
to specify rules definition file for ipfilter. The default is
/etc/ipf6.rules. If there is a file which is specified by
'ipv6_ipfilter_rules', IPv6 rule is installed.
Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org>
MFC after: 1 week
|
| |
|
|
|
|
| |
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
xntpd_* -> ntpd_*
portmap_* -> rpcbind_*
Also change single_mountd_enable -> mountd_enable
Changing the mountd flags brings us closer to NetBSD.
All of the old variable names are shimmed so you can continue to use the
old variable name.
Finally make /etc/rc.d/mountd no longer dependent on nfs as there are
(apparently) other consumers of mountd.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
|
|
|
|
| |
already had in my tree but didn't want to commit.
|
|
|
|
|
| |
create it. Also specify protocol v1/v2 in case people wonder why we
generate two RSA keys.
|
|
|
|
|
|
|
|
|
| |
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.
In any case, now it's fixed.
|
| |
|
|
|
|
|
|
|
|
| |
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.
Submitted by: devet@devet.org (Arjan de Vet)
MFC after: 3 days
|
|
|
|
|
|
|
|
| |
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)
PR: conf/12432
Submitted by: Me
|
|
|
|
|
|
|
| |
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).
MFC after: 3 days
|
| |
|
|
|
|
| |
Since I cannot answer that question, make it.
|
|
|
|
|
| |
"filter sync'd" in the middle of the boot output if IPFilter is
enabled, but does not hide any potential errors, which go to stderr.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'
Fix the documentation, rc.conf(5), to reflect this change.
Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.
MFC after: 3 days
|
|
|
|
|
|
|
|
|
| |
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.
If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
|
|
|
|
|
|
|
|
| |
This change was submitted to the freebsd-audit mailing list for review
but received no feedback. Hindsight-enabled reviews are welcome.
PR: conf/31358
Submitted: Thomas Quinot <thomas@cuivre.fr.eu.org>
|
|
|
|
|
|
|
|
|
|
| |
Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).
PR: bin/32953
Reviewed by: -bugs discussion
MFC after: 1 week
|
|
|
|
|
|
|
|
|
| |
so swap the order.
Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is
enabled. They are needed to provide client side locking support.
PR: conf/27811
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernel TCP timer code: rather than checking for tcp_keepalive being
set to "YES", check for "NO" and turn off keepalives if the variable
is set in that manner.
o Note: eventually, it would make sense to remove this variable from
rc.conf management, and instead rely on sysctl.conf. In fact, this
is probably true of a number of rc.conf variables whose sole aim
is to drive the setting of sysctls at boot time.
|
|
|
|
|
|
|
|
|
|
| |
expansion in the rc-scripts.
PR: 32552
Submitted by: Gleb Smirnoff <glebius@rinet.ru>
Approved by: ru
Obtained from: ru
MFC after: 1 day
|
| |
|
|
|
|
|
|
|
|
|
| |
to get it all right, allowing ipnat to be enabled independantly of ipfilter
in rc.conf (among other things).
PR: multiple
Submitted by: Arjan de Vet <devet@devet.org>
Reviewed by: Giorgos Keramidas <keramida@FreeBSD.org>
|
|
|
|
| |
expansion instead.
|
|
|
|
|
|
|
|
| |
continuation lines, extra whitespace, and to use the last matching
line in the file. This syncs the host.conf generation with how
the nsswitch.conf is parsed.
Only print " host.conf" instead of a multi-line message, since this
happens on every boot.
|
|
|
|
|
|
|
|
| |
- if nsswitch.conf exists, host.conf is auto-generated for compatibility
with legacy applications and libraries.
- if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
generated as usual.
|
|
|
|
|
|
|
| |
matched. Moification on PR to handle ipnat not being dependant on
ipfilter_enable
PR: 22859
|
|
|
|
|
|
| |
be set to "yes"
PR: 25223
|
|
|
|
| |
PR: 27070
|
|
|
|
| |
kldload'ing the appropriate modules before enabling the service.
|
|
|
|
|
|
| |
obsolete.
Submitted by: Gordon Tetlow <gordont@gnf.org>
|
|
|
|
| |
interfaces at boot.
|
|
|
|
|
| |
to the client section. Turn off nfsiod, it no longer exists (now just
kthreads). I need revisit nfsiod so that we have an argument passthrough.
|
|
|
|
|
|
|
|
|
|
| |
is required into rc.network.
Person failed to use a real name so both email addresses from PR included
(Sent was different to From).
PR: 22998
Submitted by: dl@leo.org/spock@empire.trek.org
|
|
|
|
| |
may be started at boot for kerberos servers.
|
|
|
|
|
|
| |
Reviewed by: ru, ume
Obtained from: NetBSD
MFC after: 1 week
|
|
|
|
| |
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
|
|
|
|
|
|
| |
Submitted by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
PR: 28014
MFC after: 1 week
|
|
|
|
|
|
| |
PR: 26543
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
MFC after: 3 weeks
|
|
|
|
| |
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
|
|
|
|
|
|
|
| |
gratutious changes in the latest SSH
Reviewed by: obrien
Approved by: obrien
|
|
|
|
| |
after a mergemaster.
|
|
|
|
|
|
|
| |
very specific scenarios, and now that we have had net.inet.tcp.blackhole for
quite some time there is really no reason to use it any more.
(second of three commits)
|