tron
6e40068171
Automatically create and destroy cloning interfaces and sync IP Filter
...
immediately afterwards before bringing the interface up. This avoids
a small security gap existing in the previous scheme where IP Filter
was synced after all cloning interfaces were created and brought up.
2002-10-05 05:24:40 +00:00
tron
a3ed40ee7c
Sync ipf(4) after starting or stopping. This is necesarry to make filter
...
rules for dynamically created interfaces like pppoe(4) effective.
2002-05-04 13:53:02 +00:00
lukem
25bdefc720
don't bother warning or supporting obsolete $ip6forwarding;
...
postinstall now checks for this
2002-04-29 12:13:14 +00:00
lukem
88eb34e804
clean up warning
2002-03-27 07:37:56 +00:00
sommerfeld
626f81690e
Improve information density of output -- add the dozen -reject routes
...
with "route -q" since they are always the same and convey no useful
information.
While we're here, use sysctl -qw instead of sysctl -w >/dev/null
2002-03-24 17:58:21 +00:00
thorpej
96776149fc
Correct the "direction" of the barrier dependencies (DAEMON, LOGIN,
...
NETWORKING, and SERVERS) by specifying that certain things should
come BEFORE a given barrier, rather than having the barrier REQUIRE
a service. This allows scripts to be removed without having to
edit the barrier dependencies.
As discussed on tech-userlevel, and approved by Luke.
2002-03-22 04:33:57 +00:00
wiz
a9356936b4
seperate -> separate
2001-07-22 13:33:58 +00:00
lukem
458d1a2516
After itojun's recent RTF_CLONED and other changes, it's not necessary to
...
add a route from an alias address to 127.0.0.1, so remove that code.
It's still necessary to configure lo0 -> 127.0.0.1 though, so emphasize that.
2001-07-08 07:16:00 +00:00
itojun
5c34a310c2
comment correction: 127/8 must not leave the node (RFC1122)
2001-03-02 03:07:29 +00:00
itojun
7de2724c3a
move IPv6 mode/route configuration upwards, so that !rtsol in
...
/etc/ifconfig.* is meaningful.
2001-01-13 13:26:36 +00:00
itojun
3711020b5c
extend /etc/ifconfig.xxN, for comment lines (#) and shell script
...
fragment (!). inspired by openbsd /etc/hostname.xxN.
2001-01-11 17:56:16 +00:00
itojun
6c348b2e2e
add $ip6sitelocal, to control installation of reject route for fec0::/10.
2001-01-03 17:54:04 +00:00
nisimura
46d6b5a7cd
More cautious about undefined hostname check in terms of what hostname(1)
...
returns.
2000-11-26 06:46:42 +00:00
nisimura
7fecedd930
I believe in that the facy nested quotes was intended to skip blank
...
lines, but am not sure it is allowed as a standard practice of the
/etc/ifconfig.xxN file.
2000-11-22 04:20:04 +00:00
wiz
f457c2158d
un-break.
2000-11-21 16:12:48 +00:00
lukem
f8ea339f55
minor typo in previous
2000-11-21 09:59:02 +00:00
nisimura
fa16d69a56
Shell programming police for sophistication; take #2 . Handle the
...
case when the filename expansion results in no match more gracefully.
Far less costy than invoking a new process.
2000-11-21 09:38:06 +00:00
nisimura
f412f76212
Shell programming police for sophistication. It's not necessary
...
to enclose `prog` backquote command substitution with double quotes
as it produces a quoted string. Other changes are pending this time.
2000-11-21 08:39:50 +00:00
lukem
616bd9bad1
- replace IFS='.'; set -- $int; echo $2
with ${int##*.}
...
- can't use $configured_interfaces in network_stop(), so use `ifconfig -lu`
instead
2000-11-17 04:19:06 +00:00
nisimura
e4d2a57704
- avoid -a or -o logical operator of test command as possible. They would
...
introduce syntaxical ambiguousity, and having concatenation with && or
|| costs nothing because our sh(1) has test(1) builtin.
- use elif construct to avoid dungling else-ifs.
- while-read construct does not need enclosed by a sub-shell.
- variable detection could be done in eval args=\$ifconfig_$int
- smart variable substitution occationally saves lines and extra command
invocations.
2000-10-09 05:02:14 +00:00
lukem
3f5134ff22
REQUIRE ipfilter and ipsec
2000-08-21 23:35:20 +00:00
itojun
e9b5e5d87c
fix comment on DAD wait
2000-08-02 13:59:11 +00:00
itojun
8451f00774
we need to sleep for IPv6 DAD period, before and after rtsol.
...
(they are for stability in boot-time configuration)
comment from perry.
2000-08-01 20:49:11 +00:00
jdolecek
1bf05ae3b1
the format without netmask is supported for compatibility only and not
...
specifying it is discouradged, actually
also add comments about this fact to etc/rc.d/network, for people who
don't read manpages :)
2000-07-25 18:47:28 +00:00
thorpej
f5e99478c8
Build a list of cloning network interfaces to configure, as well
...
as normal interfaces.
2000-07-20 19:43:10 +00:00
lukem
47a3878257
reenable stop_cmd now that network doesn't get run at shutdown
2000-07-17 15:25:42 +00:00
itojun
c60ddc2403
remove ip6defaultif configuration. because:
...
- ndp is in /usr/sbin, chokes on NFS-mounted /usr installation
- the option is just for IPv6 specification geek, not for normal users
2000-06-20 16:48:14 +00:00
enami
295358cfe1
Don't warn that $hostname isn't set if the hostname is already set.
2000-06-20 08:34:33 +00:00
lukem
5c1b0ec207
Use load_rc_config() (from rc.subr) instead of sourcing /etc/rc.conf.
...
This allows us or a user to change the configuration file method in
one place - rc.subr - without having to edit all of the rc.d/* files.
2000-05-13 08:45:06 +00:00
itojun
4bc21c2fb4
do not let 127.0.0.0/8 leave the node. based on RFC1122.
2000-05-09 10:49:26 +00:00
veego
63f94fabf2
Fix the last change so it doesn't fail due too a missing '; then'.
2000-04-29 06:01:08 +00:00
thorpej
7a38ab7c44
Don't warn about $hostname not being set if $dhclient == YES; it's quite
...
likely that we'll be getting the hostname via DHCP when it runs.
2000-04-28 00:13:39 +00:00
itojun
3fff16ff47
rtsol is not a daemon. rtsol.d should have been killed by rc.d/rtsold.
...
(correct me if i'm wrong)
2000-04-20 02:12:04 +00:00
lukem
2665e61925
make `stop' a no-op, so that the network doesn't disappear at an
...
inconvenient time during boot.
this may be fixed a different way in the long term... (not that the old
rc.shutdown supported stopping the network, or could i really see a
practical use for allowing it at this stage, but in the future someone
might want the functionality i've just disabled).
2000-04-11 05:03:24 +00:00
tsarna
163510ecf4
The file /etc/sysctl.conf is now run with sysctl -f at boot time.
...
This replaces the previous /etc/rc.d/sysctl. Also, the variables are now
set earlier, between ipf/ipnat and the network coming up.
The rc.conf defcorename and securelevel variables are no more. You can
set them directly in sysctl.conf now.
2000-04-08 23:02:53 +00:00
itojun
0a94c72b0f
correct reject route installations for IPv6. improve comments.
2000-03-17 17:41:01 +00:00
itojun
deaf45edc1
disallow packets to malicious 6to4 prefix, based on
...
http://playground.iijlab.net/i-d/draft-itojun-ipv6-transition-abuse-00.txt
2000-03-12 04:21:26 +00:00
veego
bfa0f14ea6
Fix the network_stop function so it doesn't fails due to missing ]['s.
2000-03-11 20:13:42 +00:00
lukem
c53094a738
rc.d scripts derived from /etc/rc
2000-03-10 11:53:23 +00:00