Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
139,433 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

3473 Commits

Author SHA1 Message Date
peter 9c1da17e90 pf needs to be started after the network is up, because some pf rules 
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
 2005-08-23 12:12:56 +00:00
perry 15e3f0cc19 Small ugly hack -- sed "Mounted on" to "Mount" so that the df line 
fits in <80 columns.

We should probably do this better -- I'm going to look into importing
der mouse's halign program to make a cleaner job of this.
 2005-08-22 14:24:45 +00:00
perry 9e84da172c Make max_loginlen and max_grouplen 16. 
We've handled 16 character logins for quite some time, and we even
have packages that create >8 character accounts. There is no point in
pretending the limit is 8 any more by default.

Discussed (very lightly -- there was little comment) on tech-userlevel
 2005-08-22 14:09:23 +00:00
rpaulo 82bdaacb4f Adapted to the changes of grfinfo(1) MANSUBDIR (hp300). (thanks Klaus Klein) 2005-08-20 17:23:53 +00:00
drochner 35a754577f add SIP 
(not going to import everything from IANA, but this is an increasingly
popular one)
 2005-08-16 19:41:01 +00:00
peter ad9c34ce5c Changes suggested by lukem: 
1. Order pf to start before the network is configured.

2. If the pf_rules cannot be found at boot time, abort the boot (from the
   ipfilter script).
 2005-08-10 13:52:05 +00:00
peter c9c458f33c Add command_args="-D" to the ftpd rc.d script. This flag is always needed 
when running ftpd as daemon and it will now automatically be appended to the
command line, even if ftpd_flags doesn't have it.

Suggested by Alan Barrett and Luke Mewburn, thanks.
 2005-08-09 14:59:33 +00:00
peter c100ff5b4d Add "-ll" to ftpd_flags to be consistent with the entry in inetd.conf. 
Suggested by lukem@.
 2005-08-08 00:20:46 +00:00
peter 9cfba4bb75 Add a note telling that ftpd_flags should always contain "-D". 
Suggested by lukem@.
 2005-08-08 00:19:37 +00:00
peter d0b18db569 Allow to change the location of the pf ruleset with the variable $pf_rules. 2005-08-07 01:03:39 +00:00
chris 3d4b482c1f As requested in PR port-cats/30460 add support for GENERIC.ABLE kernel to 
sysinst, and also add the ABLE install kernel to the generated release
kernels.
 2005-08-07 00:21:38 +00:00
peter f74a86ef4f Add the new ftpd rc.d script. 2005-08-04 22:32:44 +00:00
peter cbc0c4b837 Add defaults for ftpd. 2005-08-04 22:29:01 +00:00
peter 7eb092e6c3 Add rc.d support for standalone ftpd, suggested by perry@. 2005-08-04 22:28:17 +00:00
shige 9bc1bf15c8 Add md-kernel for installation: INSTALL_OPENBLOCKS266. 2005-08-03 14:55:37 +00:00
nakayama 69b6d49897 Add man page for teliosio(4). 2005-07-31 00:12:16 +00:00
skrll acd7c4c5ca Add a driver for Cypress microcontroller based USB serial adapters. 
XXX hw flow control is not supported.
 2005-07-30 06:14:49 +00:00
christos 0e7146df89 Improve on the migration bit. Check if files are different, and if not, 
remove the source and leave a symlink behind. Otherwise, let the user know.
 2005-07-17 21:28:45 +00:00
christos a2663103c5 Copy and link files to allow a chrooted named to start-up automatically. 2005-07-17 16:30:57 +00:00
kiyohara c1a84a4d12 ieee1394 import from FreeBSD. 2005-07-11 15:29:05 +00:00
lukem fccd5bd47c Update permissions of /var/log/wtmp{,x} to match those installed by 
etc/Makefile.
Fixes PR 30717 from Jukka Salmi.
 2005-07-11 08:41:40 +00:00
macallan 478cf01748 added ttyC00 and ttyC01 fopr the SPARCbook's internal modem and PCMCIA 
modems
 2005-07-03 18:08:53 +00:00
rpaulo aafff09728 Add ptyfs to the file-system types ignored by the find_core check. 
Ok'ed by Christos Zoulas and Hubert Feyrer.
 2005-06-30 18:23:26 +00:00
perry 03c94431fb add /usr/libexec/ching 2005-06-30 12:40:22 +00:00
symka 87283c876e PR/29317: ifconfig.if does not allow parameters with spaces 
OKeyd by christos@
 2005-06-28 13:36:40 +00:00
peter df0caa2637 Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it 
appeared and whether it's really part of pf or not is still unclear. Looking
at the other *BSDs it seems that they have left out spamd when importing pf,
and now we do that too. Also, the name conflicted with another more popular
used tool, after the rename to pfspamd it was left with completely unusable
documentation which apparently no-one wanted to fix.

A port of the latest spamd will be imported into pkgsrc soon.

Suggested by several people, no objections on last proposal on tech-userlevel.
 2005-06-27 20:32:39 +00:00
jdc 92c2871701 Make fb a link to fb0. 
Add an entry for fb1.
 2005-06-24 06:43:40 +00:00
jdc 7a2ed0814d Add an entry for fb1. 2005-06-24 06:43:06 +00:00
elad 68988657cd Don't allow unprivileged users to access the veriexec device. 2005-06-16 15:31:21 +00:00
elad faffb35d60 Run veriexec before securelevel and sysctl scripts. Suggested by Nino Dehne. 2005-06-15 18:49:40 +00:00
christos 3ccdf9a0d7 default swapoff to yes, and explain why. 2005-06-15 03:34:45 +00:00
he c4f693fe6b Make a simple fix for inculsion of disklabel.h. Since this script 
doesn't do CPP conditionals, just avoid trying to "include" files
in the newly established nbinclude area, the in-tree version in the
normal place should work fine.

Fixes build problem for (among several others) cats.
 2005-06-14 20:47:46 +00:00
tron abba7e56c8 Enable RAIDframe support in the NetBSD-macppc installation media. 
Based on patches submitted by Ian Spray in PR port-macppc/30465.
 2005-06-09 13:29:57 +00:00
he 82e01bc59d Now that /var/log/wtmp and /var/log/wtmp should have group=utmp, 
instruct newsyslog to follow up this when rotating these logs.
 2005-06-05 07:33:17 +00:00
bouyer 44d1677f84 Remove support for build.sh -m xen, this has been merged in the i386 
build. Pointed out by Chuck Silvers.
 2005-05-29 10:54:40 +00:00
blymn c1a5be3d85 Fix naming of the verified exec character device placeholder. 2005-05-28 14:54:06 +00:00
tsutsui d4c33e9952 Ecoff kernels are no longer needed. 2005-05-23 13:05:04 +00:00
macallan d2d9cb8374 added wd* 2005-05-23 00:43:13 +00:00
lukem 1bd2839e9a Consistently use 0664 root:utmp for /var/log/{lastlog,wtmp}{,x}. 
Rest of PR 18670.
 2005-05-22 14:34:20 +00:00
chs 1c2ca83340 add a ramdisk and LIF image for sysinst-based installation. 2005-05-18 14:04:26 +00:00
chs 408467d27a allow rsh if the user's password is null. from christos. 2005-05-14 15:17:47 +00:00
lukem e03970d626 correct line for "password" 2005-05-13 02:56:34 +00:00
christos 4aafff6cc5 it makes no sense to check ptyfs for new and gone devices. From Rui Paulo, 
many thanks.
 2005-05-12 14:02:05 +00:00
peter 7147ba1184 PR/30177: Rui Paulo: /var/chroot/pflogd isn't created by default 2005-05-11 10:41:51 +00:00
martin 7a5b2dfb39 Tweak the iso-image support: avoid arbitrary hardcoded sizes - use awk to 
estimate the real size and round up a bit instead. Doesn't matter much, but
produces a "better" sgi volume header.
While there, simplify a few bits and avoid grep|awk pipes.
 2005-05-10 21:58:03 +00:00
martin 5f3107ece4 Add wscons virtual consoles 2005-05-02 13:39:54 +00:00
lukem b26a3203a3 Add /etc/pam.conf and /etc/pam.d/* 2005-05-02 03:23:43 +00:00
lukem 188cee5c01 Fix previous, caused by premature optimization... 
Noted by Kirk Russell.
 2005-05-02 02:51:04 +00:00
lukem 710a7ff6e8 Use zeropad() and hexprint() instead of printf(1). 2005-05-02 00:47:58 +00:00
lukem 117d01fe78 Add hexprint(); display the given number as hex. 
Add a comment to document zeropad()'s purpose.
 2005-05-02 00:46:46 +00:00