Commit Graph

372 Commits

Author SHA1 Message Date
rpaulo
9637f337f2 s/mountall/mountcritremote/
Noticed by Jukka Salmi.
2006-06-02 01:06:16 +00:00
christos
ace25de76c Remove sendmail (approved by core) 2006-05-30 00:40:22 +00:00
simonb
c1cf826a2c In the rc.d file list, start a new line for each first letter of
the rc.d scripts.  Indent by an extra tab to match indentation of
usr.sbin/postinstall/postinstall
2006-05-14 15:43:54 +00:00
rpaulo
b70b378d36 add missing files 2006-04-30 19:57:07 +00:00
rpaulo
80cb906203 Add a script to start irdaattach on boot. 2006-04-30 15:18:19 +00:00
rpaulo
32cb3ed274 Remove wrong comment. 2006-04-30 13:00:04 +00:00
rpaulo
6971718ee3 rc script to control hostapd. 2006-04-30 12:54:26 +00:00
blymn
f79b447e34 Fix rtc offset calculation for timezones that are not integral hours. 2006-04-26 09:57:01 +00:00
hubertf
831546110a When switching the /etc/etc.current symlink, make it relative to /etc,
not absolute.

This affects an update with sysinst, which will try to look at
/targetroot/etc/fstab, which points to /etc/etc.whatever, which is
not there during the upgrade, and results in all (/targetroot)/etc
files getting nuked!
2006-04-23 23:26:26 +00:00
agc
2235f2dadf Add distribution entries and supporting files for the iSCSI target. 2006-02-08 19:02:58 +00:00
peter
3c194e239e Add an extra argument to "setvar" to indicate whether a keyboard,
display or mouse variable should be changed. This is backwards compatible
with the old setvar style: if the argument is not specified, it defaults
to `keyboard'.
2005-12-13 21:46:47 +00:00
christos
6491f15ca3 fix migration problems:
1. missing slash created namedb127 files in the dest dir.
2. /etc/named.conf was not getting migrated.
2005-11-29 21:07:25 +00:00
rpaulo
7acb962baa RFC 3879 deprecated the IPv6 site-local prefix (fec0::/10):
* remove all references to $ip6sitelocal and output a warning
    message if the variable is defined.
    * introduce $ip6uniquelocal (defaults to 'NO') that will control the
    behaviour of the system when $ip6mode is ``router'' (i.e. fc00::/7
    will not be routed if the variable is ``NO'') as per RFC 4193.

Thanks to Jonathan A. Kollasch for pointing this out in PR 32152.
2005-11-24 17:28:45 +00:00
elad
07a01daf00 Load Veriexec signatures after mountall. Use veriexec_strict and
veriexec_verbose to set strict level and verbose level in rc.conf.
Defaults are 0.
2005-10-15 23:26:30 +00:00
elad
78df0b1930 Revert previous commit; I'll find a better solution. 2005-10-11 21:36:11 +00:00
elad
d8980923a4 We need mountall here. 2005-10-11 21:24:09 +00:00
peter
9c1da17e90 pf needs to be started after the network is up, because some pf rules
derive IP address(es) from the interface (e.g "... from any to fxp0").
This however, creates window for possible attacks from the network.

Implement the solution proposed by YAMAMOTO Takashi:
Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot
script before starting the network. People who don't like the default
rules can override it with their own /etc/pf.boot.conf.
The default rules have been obtained from OpenBSD.

No objections on: tech-security
2005-08-23 12:12:56 +00:00
peter
ad9c34ce5c Changes suggested by lukem:
1. Order pf to start before the network is configured.

2. If the pf_rules cannot be found at boot time, abort the boot (from the
   ipfilter script).
2005-08-10 13:52:05 +00:00
peter
c9c458f33c Add command_args="-D" to the ftpd rc.d script. This flag is always needed
when running ftpd as daemon and it will now automatically be appended to the
command line, even if ftpd_flags doesn't have it.

Suggested by Alan Barrett and Luke Mewburn, thanks.
2005-08-09 14:59:33 +00:00
peter
9cfba4bb75 Add a note telling that ftpd_flags should always contain "-D".
Suggested by lukem@.
2005-08-08 00:19:37 +00:00
peter
d0b18db569 Allow to change the location of the pf ruleset with the variable $pf_rules. 2005-08-07 01:03:39 +00:00
peter
f74a86ef4f Add the new ftpd rc.d script. 2005-08-04 22:32:44 +00:00
peter
7eb092e6c3 Add rc.d support for standalone ftpd, suggested by perry@. 2005-08-04 22:28:17 +00:00
christos
0e7146df89 Improve on the migration bit. Check if files are different, and if not,
remove the source and leave a symlink behind. Otherwise, let the user know.
2005-07-17 21:28:45 +00:00
christos
a2663103c5 Copy and link files to allow a chrooted named to start-up automatically. 2005-07-17 16:30:57 +00:00
symka
87283c876e PR/29317: ifconfig.if does not allow parameters with spaces
OKeyd by christos@
2005-06-28 13:36:40 +00:00
elad
faffb35d60 Run veriexec before securelevel and sysctl scripts. Suggested by Nino Dehne. 2005-06-15 18:49:40 +00:00
cjs
2dc0814b72 Make ifaliases_lo0 in rc.conf work just like other interfaces (instead of
being ignored). Also, when configuring aliases set as ifaliases_xxN,
print out the interface name and the alias address.
2005-04-26 10:28:29 +00:00
blymn
8387760ed1 Rototill of the verified exec functionality.
* We now use hash tables instead of a list to store the in kernel
    fingerprints.
  * Fingerprint methods handling has been made more flexible, it is now
    even simpler to add new methods.
  * the loader no longer passes in magic numbers representing the
    fingerprint method so veriexecctl is not longer kernel specific.
  * fingerprint methods can be tailored out using options in the kernel
    config file.
  * more fingerprint methods added - rmd160, sha256/384/512
  * veriexecctl can now report the fingerprint methods supported by the
    running kernel.
  * regularised the naming of some portions of veriexec.
2005-04-20 13:44:45 +00:00
lukem
8232ca0162 Tweaks for the move of postinstall from /etc to /usr/sbin 2005-04-17 23:12:40 +00:00
lukem
c0372ca1ef ypserv(8) doesn't need the domainname(1) set -- it will serve any maps
present under /var/yp/<somedomain>/<map> -- so don't require it.
Thanks to Chuck Cranor for the suggestion.
2005-04-01 23:25:29 +00:00
tron
878fa2f707 Replace hardcoded "/var/run/named.pid" with ${pidfile}. 2005-03-17 18:44:09 +00:00
peter
80f533ce07 Do a "flush all" when disabling pf. This also changes the restart case
to do a "flush all", while the reload case will only reload the rules without
flushing anything.

Suggested by Miles Nordin.
2005-03-15 18:22:03 +00:00
lukem
f198807ca5 Explicitly REQUIRE mountcritremote, since this uses awk. 2005-03-15 12:06:12 +00:00
tv
0a66272c73 Revert previous, for now. We don't umount filesystems in the shutdown
process (we're -- probably inappropriately -- waiting for the kernel to do
that at the end), so cgdconfig -U won't do much until that situation changes.
2005-03-02 19:09:22 +00:00
tv
e32d4e2d39 Unconfigure cgd devices on shutdown, so that underlying layers (i.e.,
RAIDframe) are happier.
2005-03-02 12:14:47 +00:00
dsainty
7e7f191f7d Add a missing space in a comment 2004-12-30 09:32:13 +00:00
lukem
eca6f3c39f * Conditionalize flushing of IPv4 vs IPv6 rules based on the existance
of the appropriate configuration file.
  Based on PR 28757 from Jason White.

* Add comments explaining why we flush separately from the reload
  (backwards compat with older ipf(8) binaries).
2004-12-23 03:31:54 +00:00
kleink
c17d5db72f Add the `shutdown' keyword, giving racoon a chance to flush the SAD
upon termination.
2004-12-07 17:37:15 +00:00
christos
573e338f96 Don't try to chmod ptys if we have none. 2004-11-10 05:04:51 +00:00
lukem
4ffd3a5be3 Redo previous (rev 1.12) in a manner that allows this rc.d script to operate
correctly on ipf(8) from prior to 4.1.3 (where -Fa flushes both protocols)
and 4.1.3 (where -Fa only flushes the current protocol).
Fix from Kimmo Suominen, per private discussion.
2004-11-08 02:09:01 +00:00
lukem
1ecb0d140f Use 'load_rc_config_var CMD VAR' to set VAR for "foreign" rc.conf(5)
variables that may be set in /etc/rc.conf.d/CMD instead of /etc/rc.conf.
Fixes PR 20768 from Pavel Cahyna.
2004-10-12 14:51:03 +00:00
lukem
573992ef57 Implement reload, using "amq -f".
Suggested by Hauke Fath in PR 26589.
2004-10-12 13:44:45 +00:00
lukem
d65dca170c Fix for /bin/ksh, from Jukka Salmi in PR 27232. 2004-10-12 13:23:44 +00:00
christos
6e9a790e1f Use new style command substitution. 2004-10-11 15:00:51 +00:00
lukem
c73be7a88d Explicitly REQUIRE: rpcbind since these services directly use RPC... 2004-10-11 14:11:43 +00:00
lukem
6ede50a341 Use load_rc_config basename chrootdirscript in a subshell to determine
the rc.conf(5) setting for chrootdirscript, incase the configuration
for that is in /etc/rc.conf.d/chrootdirscript.
Fixes PR 26478 from Jukka Salmi.
2004-10-11 13:29:52 +00:00
lukem
ac418f52f5 Explicitly flush (-Fa) rules when loading or reloading IPv4 and IPv6 rules,
rather than relying upon running "ipf -Fa" beforehand (which only flushes IPv4)
Should fix PR 26885 and PR 26857.
2004-09-09 00:33:03 +00:00
atatat
c41b76304f Quieten stat(1) with the -q flag.
Addresses PR bin/26711.
2004-08-19 04:44:10 +00:00
mycroft
7d2e1537c5 Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr
2004-08-13 18:08:03 +00:00