apply to most jails but do apply to vnet jails. This includes adding
a new sysctl "security.jail.vnet" to identify vnet jails.
PR: conf/149050
Submitted by: mdodd
MFC after: 3 days
specify list of executables and/or rc scripts that should be executed
after firewall starts/stops.
Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru>
Reviewed by: rhodes, rc@
MFC after: 1 week
allow them to start after netif. There were too many problems reported
with this change in the short period of time that it lived in HEAD, and
we are too late in the release cycle to properly shake it out.
IMO the issue of having the firewalls up before the network is still a
valid concern, particularly for pf whose default state is wide open.
However properly solving this issue is going to take some investment
on the part of the people who actually use those tools.
This is not a strict reversion of all the changes for r193198 since it
also included some simplification of the BEFORE/REQUIRE logic which is
still valid for ipfilter and ip6fw.
is set and "natd_enable" is NOT set;
- Accept and pass firewall type to the external firewall script.
Submitted by: Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru >
MFC after: 3 days
No response from: freebsd-rc
If the firewall script is sourced directly from the script, then any
exit statements in it will also terminate the rc.d script prematurely.
PR: conf/78762
MFC-After: 2 weeks
The rcorder(8) condition PROVIDE'd by the script
and REQUIRE'd by the others becomes "ppp".
The ultimate goal of the transformation is to reduce
confusion resulting from the fact that $name has been
"ppp" already.
Discussed with: pjd, -rc
(when new natd is started before old natd died) and allows to manage natd
without touching ipfw.
natd should probably be killed with SIGKILL when stopping natd.
stop ipfw, but not enable it again.
Aesthetic changes
o Use positve logic (instead of negative)
o create a 'stop' function, rather than putting the
commands in the stop_cmd variable.
Submitted by: des
Approved by: markm (mentor) (implicit)
withough the $natd_interface having to be explicitly specified on the
command line.
Approved by: markm (mentor)
Submitted by: Aaron D. Gifford <agifford@infowest.com>
PR: conf/47024
MFC: upon re approval
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.
Approved by: silence from gordon
while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net>
Reviewed by: silence on -current and -hackers
Prodded by: rwatson
