| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
MFC after: 1 day
|
| |
|
|
|
|
|
|
| |
features. Both the presence of a NOAUTO keyword and an interface being
up can be ignored is the forcestart option is used. Additionally, a
restart option has been added.
Reviewed by: ume
|
| |
|
|
|
|
| |
glue.
Submitted by: David Boggs
|
| |
|
|
|
| |
Reduce code duplication.
Follow the current style of rc.d scripting.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)
Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.
Discussed with: mlaier on -pf
MFC after: 5 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
Discussed with: mlaier on -pf
MFC after: 5 days
|
| |
|
|
|
|
|
|
| |
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
(pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
decorate them sufficiently.
|
| |
|
|
|
|
| |
bsdextended_script from rc.conf(5):
Not objected by: trhodes
|
| |
|
|
|
|
| |
a list of possible keywords, not all them in a single argument.
This also fixes the issue of extra delimiter characters appearing
on the help line from rc.d scripts not setting $extra_commands.
|
| | |
|
| |
|
|
|
| |
configured, check if the UP flag is set instead of checking for the
netmask keyword.
|
| | |
|
| |
|
|
|
|
|
| |
does this).
Submitted by: Andre Albsmeier <Andre dot Albsmeier at siemens dot com>
PR: conf/86606
|
| |
|
|
| |
No objections from: mlaier
|
| | |
|
| |
|
|
|
| |
file either. This clears the way for third-party SSH ports to install
an RCng startup script.
|
| |
|
|
|
|
|
| |
administrator to specify additional start-up flags to the Kerberos
5 Authentication Server.
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
override the value of mountd_args. This fixes the problem
where mountd_args was not properly being set if
weak_mountd_authentifcation="YES" was set in rc.conf.
PR: conf/86260
Submitted by: Thierry Herbelot <thierry at herbelot dot com>
MFC after: 3 days
|
| |
|
|
|
|
| |
printing boot-time errors that don't reflect true error conditions.
MFC after: 1 week
|
| |
|
|
|
|
|
| |
spamming the console in the event that a loader tunable 'dumpdev'
isn't defined, which is not a relevant failure to report.
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
until we realize if ipfw(4) ever used.
PR: bin/85970
Submitted by: Andre Albsmeier
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
The OpenFirmware console isn't used on real systems anymore and
I never get to multi-user mode in psim. There are problems with
zs that need to be resolved before these lines can be enabled.
This eliminates disconcerting warnings on boot.
MFC after: 2 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
of the form "REFUSE foo" in portsnap.conf will result in parts of the
tree matching "^foo" being (a) not extracted by "portsnap extract", (b)
not updated by "portsnap update", and (c) not having any patches or new
ports downloaded by "portsnap fetch" or "portsnap cron". The example
shown in portsnap.conf demonstrates ignoring all the language categories.
As mentioned in portsnap.conf.5, the use of an imcomplete ports tree is
not officially supported; but this is something which many users have
requested, so I'm adding it anyway.
PR: bin/85619 (but not the patch provided therein)
MFC after: 1 month
|
| |
|
|
|
|
| |
on -arch, and RFC 4159 (http://www.rfc-editor.org/rfc/rfc4159.txt)
which officially deprecates all usage of IP6.INT, remove the
reference to that zone from the example named.conf file.
|
| | |
|
| |
|
|
|
| |
Reported by: sam
Pointy hat to: brooks
|
| |
|
|
|
|
|
|
| |
- If an interface's ifconfig_<ifn> is set, but empty, don't set it to
ifconfig_DEFAULT. This way interfaces can be disabled even in the
presence of ifconfig_DEFAULT.
- When listing interfaces and network_interfaces=auto, place lo0 first
if it's around.
|
| |
|
|
|
|
| |
dhclient's to be killed without stopping all boot progress.
Minor cleanup of the interface list generation code.
|
| |
|
|
|
|
|
| |
value of capability databases, since it's not really obvious how a colon
can be escaped, and a pointer to the getcap(3) manpage for more details.
Triggered by: a question by Ceri on -questions
|
| | |
|
| |
|
|
|
|
|
|
| |
rebuild the aliases file if necessary.
PR: conf/72910
Submitted by: matteo@
MFC after: 3 days
|
| | |
|
| |
|
|
|
|
|
|
| |
can be useful for when you know that you are doing something that
won't work with the standard settings and different settings are more
appropriate.
This allows 5.3 tools to build a 6.x userland when these
values are set to null.
|
| |
|
|
|
|
|
|
| |
in them by wrapping the ifconfig command with eval "...".
For example, this allows:
ifconfig_iwi0="DHCP ssid 'foo bar baz'"
|
| |
|
|
|
|
|
|
|
|
|
| |
Now this flag can be set, or not set, for memory-backed
file systems on individual basis, as illustrated by the
rc.conf(5) variables tmpmfs_flags and varmfs_flags. The
flag is set for those FS'en by default, in /etc/defaults/rc.conf,
in order to stay compatible with the old rc.subr behaviour.
Submitted by: marck
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
| |
now run on any interface.
- Add a new ifconfig_<ifn> keyword, NOAUTO which prevents configuration
of an interface at boot or via /etc/pccard_ether. This allows
/etc/rc.d/netif to be used to start and stop an interface on a purely
manual basis. The decision to affect pccard_ether may be revisited at
a later date.
Requested by: imp, gallatin (removable_interfaces)
Discussed with: sam, Randy Bush (NOAUTO)
|
| |
|
|
|
|
|
| |
'^>', in order to catch both normal and unified diffs.
Problem reported by: volker at vwsoft dot com via -stable
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
rule itself, not in verbose_limit sysctl. [1]
- Do check rules, even if verbose_limit is set 0. Rules may have
their own log limits.
PR: conf/77929
Submitted by: Andriy Gapon [1]
Reviewed by: matteo
|
| |
|
|
|
|
|
| |
These allow large installations to keep their /conf directory down to a
managable number of entries.
Clean up the handling of dhcp_cookie.
|
| |
|
|
|
|
| |
simplify checking for g_eli module.
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
| |
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
Sponsored by: Wheel Sp. z o.o.
http://www.wheel.pl
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
fast, lightweight, and generally good way for users to keep their
ports trees up to date.
This is version 0.9.4 from the ports tree (sysutils/portsnap) with
the following changes:
1. The experimental pipelined http code is enabled. No seatbelts
in -CURRENT. (^_^)
2. The working directory has moved from /usr/local/portsnap to
/var/db/portsnap (as discussed on -arch two days ago).
3. Portsnap now fetches a list of mirrors (distributed as DNS SRV
records) and selects one randomly. This should help to avoid the
uneven loading which plagues the cvsup mirror network.
4. The license is now 2-clause BSD instead of 3-clause BSD.
5. Various incidental changes to make portsnap fit into the base
system's build mechanics.
X-MFC-After: 6.0-RELEASE
X-MFC-Before: 5.5-RELEASE
X-MFC-To: RELENG_6, RELENG_5, ports
discussed on: -arch and several other places
"yes please" from: simon, remko, flz, Diane Bruce
thinks this is a great idea: bsdimp
Hopes he didn't forget any files: cperciva
|
| |
|
|
|
|
|
|
| |
jail and external syslogd is listening in jail's chroot.
Pointed out by: csjp
While here, skip also "logpriv" socket.
|
| |
|
|
|
|
|
|
|
|
|
| |
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.
It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).
MFC after: 1 week
|
| |
|
|
|
| |
after rc.d/cleanvar. And if we wanted to skip /var/run/log we still needed
to skip /var/run/logpriv, which wasn't implemented.
|
| |
|
|
|
|
| |
# /etc/rc.d/jail start www mail
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
| |
Repo-copy made by: markm
|
