packet counts by pf(4).
This adds a ``daily_status_security_pfdenied_enable'' variable to
periodic.conf, which defaults to ``YES'' as the matching IPF(W) versions.
The output will look like this (line wrapped):
pf denied packets:
> block drop log on rl0 proto tcp all [ Evaluations: 504986 Packets: 0
Bytes: 0 States: 0 ]
> block drop log on rl0 all [ Evaluations: 18559 Packets: 427 Bytes: 140578
States: 0 ]
Submitted by: clive (thanks a lot!)
MFC after: 2 weeks
These can be used to pass extra options to the mdmfs(8) utility,
to customize the finer details of the md file system creation
(i.e. to turn on/off softupdates, to specify a default owner for md
filesystem, etc).
Use these two new flags to mount tmpmfs and varmfs without
softupdates, since it doesn't make much sense to use SU on
malloc-backed file systems.
Reviewed by: mtm
Inspired by: J. D. Bronson, jbronson at wixb dot com
on the system.
To start/stop/check on a specific device give the device name as
the second argument to the script:
# /etc/rc.d/moused start ums0
To use different rc.conf(5) knobs with different mice use the device
name as part of the knob. For example, if the mouse device is ums0, then:
moused_ums0_enable=yes
moused_ums0_flags="-z 4"
moused_ums0_port="/dev/ums0"
Starting rc.d/moused without the device argument will use the standard
moused_* flags. So, this commit should not disrupt or change current usage.
To preserve current behaviour with respect to usb mice, which appear
automatically when inserted, there is a new knob, moused_nondefault_enable,
which will treat any devices without rc.conf knobs as enabled.
To minimize knobs in /etc/rc.conf, the device file and pid file are
auto-computed, so that in the typical case for a usb mouse you don't
need to add anything extra in /etc/rc.conf to get it working.
Additionally, this updates /etc/usbd.conf to use the rc.d/moused script so
people don't have to modify it to configure their usb mouse anymore.
MFC after: 1 month
unbreak /etc/rc.d/root for diskless systems that get their root
filesystem from a read-only NFS mount.
PR: conf/72927
Submitted by: Ralf Wenk <RZ-FreeBSD1004@fh-karlsruhe.de>
Reviewed by: brooks
/etc/namedb symlink is created.
2. Incorporate Brian's suggestion to make the link relative. This
is necessary to handle situations (such as mergemaster) where the
user is building a tree in a seperate environment. This will also
fix the problem with the way DESTDIR is set in 'make release'.
3. Add a new knob, NO_BIND_MTREE, as suggested by the folks who
already have stuff in /var/named that they don't want me to mess with.
4. Update make.conf(5) with the new stuff, and correct a few paths
that have changed since I last updated it.
NO_BIND_DNSSEC, NO_BIND_ETC, NO_BIND_NAMED, and NO_BIND_UTILS.
2. Make creation of directories in /usr/include that are only needed
in the WITH_BIND_LIBS case conditional.
Reviewed by: ru, des
to match how similar syntax is used in the ports system. Thanks to kris
for pointing out my mistake here.
Install the lwres library unless the user defines NO_BIND, or the new
knob, NO_BIND_LIBS_LWRES. There is at least one potential customer
for this library in the wings. Thanks to nectar for the reminder.
- Ask the user up to X times (3 by default) for the pass-phrase, if
it is incorrect the first time.
- Add support for storing the lockfiles in another other directory
than /etc.
- Document that it is possible to override the location of each single
lockfile.
Approved by: pjd
good idea, as they appear in the whatis(1) output. So
replace them with the lowercase version of the document
title. While here, do some tiny markup fixes.
eg:
[foo]
...
matches any executable 'foo'
[/usr/bin/foo/]
...
matches any executable under the directory /usr/bin/foo/
Exact matches continue to function as before.
PR: bin/66769
Submitted-by: Dan Nelson
hostname, resolve, tmp, and var scripts. The latter three are new and
were repo copied. These scripts no longer depend on being booted with
and NFS root instead attempt to automaticly create mfs /tmp and /var
volumes if the they are not writable. This behavior can be overridden
in /etc/rc.conf.
Reviewed by: luigi, pjd
thing, but we're ready to move on.
2. Remove the -g default argument in named_flags. It doesn't actually do
what most users think it does, and what most users want it to do is already
accomplished with a proper default group for the bind user, which we have.
Also, the -g knob does something entirely different in BIND 9, which leads
to a lot of needless confusion/aggravation.
3. In the rc.d script, don't bogusly override $command, or $rc_flags. Both
are adequately handled in rc.conf[.local].
4. DO properly override $rc_flags if user has named_chrootdir set.
This may need to be revisited, but should be ok for now.
5. Protect all chrootdir-related bits under that variable, instead of
named_rcng.
There is more work to be done here, especially in the area of BIND 9
compatibility, but this is a start at least.
Prompted in part by (legitmate) grousing from: kuriyama, Randy Bush
which have configuration files. This is just a cut-paste from newsyslog.8
with the following changes:
o Kill hard sentence breaks.
o Markup fixes.
o Wordsmithing.
From the PR:
Certain MTA configurations mean that the notifications from
virecover keep bouncing; so here's a patch to allow administrators
to turn them off.
PR: conf/54910
Reminded by: ru
that the keys are currently generated by computing the MD5 checksum of 512
bytes read from /dev/random, and are passed to gbde on the command line.
Sponsored by: Teleplan AS
- Sort MAN and MLINKS in "dictionary" order ignoring case.
- For multi-value MAN and multi-pair MLINKS, put each value/pair
on its own line, for easier sorting and so that further diffs
are easier to see.
rate is how fast modems exchange symbols. Bit rate is how many bits
per second the serial port nominally communicates at. Try to use bit
rate consistently where that's what is ment. The default data rate is
now 9600 baud. 300 baud being default pre-dates 4.4-LITE1. Document
that tip doesn't respect the system default rate for a given channel.
Sorry guys, but no ucbvax, kremvax or kgbvax added to the example.
Noted by: bde
what the entry does for people that are not used to reading
/etc/remote files every day. Keep arpavax, because it is a cool name,
but remove the phone number listed. arpavax hasn't been answering
that number for a while :-)
and use it in src/etc/sendmail/Makefile in case the user wants to use
a different path to the sendmail m4 sources (e.g., sendmail port users).
Submitted by: dinoex
MFC after: 21 days
X-MFC after: RELENG_4 code freeze ends
be hardwired into makefiles, including those under /usr/share/mk.
The reporter submitted a patch, but I've watered it down.
Reported by: Ian Freislich <ianf@za.uu.net>
MFC after: 3 weeks
buildworld targets by default, but allow it to be done for all user
targets by introducing a boolean option, named ALWAYS_CHECK_MAKE.
This change is by no means perfect and I don't even want to claim
this to be a solution. It does however address the fact that not
everybody likes to see make(1) rebuilt simply because the regression
test failed for some reason or other, including pilot error. It
therefore serves the purpose of keeping the crowd happy until we
have something better or simply reached a compromise.
The reasons for changing the default behaviour are:
o It avoids a negative, possibly non-intuitive option,
o It's according to POLA and fond of feet,
o Only buildworld is documented to do its best to be
successful at reasonably cost.
Reviewed by: gad, imp, obrien, peter
use the atmconfig(8) utility instead of route(8) to install those routes.
For this we need a new rc.conf variable natm_static_routes that works
just like static_routes except that the referenced routes use the syntax
of atmconfig(8).
Okay'ed by: mtm
for the harp(4) pseudo driver and for loadable native HARP drivers
(like hfa_pci).
To use harp(4) the rc variable natm_interfaces must be set to the
list of NATM interfaces to be used for HARP. These interfaces
will be brought up with ifconfig and the harp(4) will be loaded.
To use loadable native HARP drivers atm_load must be set to
the list of drivers to load.
Reviewed by: mtm, gordon (partly)
is common in British English, while "toward" is the preferred form in
American English. Use the American form for consistency.
Correct the date on the manual page.
Submitted by: Tom Rhodes <trhodes@freebsd.org>,
underway@comcast.net (Gary W. Swearingen)
(though probably not a good idea in general) to set the various
SENDMAIL_*_MC variables to /etc/mail/sendmail.mc or /etc/mail/submit.mc.
MFC after: 5 days
take advantage of the rc.subr(8) glue. They are renamed dhclient_program
and dhclient_flags.
o Rename them in rc.conf(5)
o Rename them in /etc/defaults/rc.conf
o Add the deprecated variables to /etc/rc.subr
o Isolate the use of the 'command' variable to the
NetBSD specific parts in /etc/rc.d/dhclient.
o Now that dhcp_flags has also been renamed it will
be applied properly by rc.subr(8) glue code.
Reported by: John Nielsen <john@jnielsen.net>
displays the 'hostname' of the jail, or a hyphen '-' to indicate
that the process is not jailed.
PR: docs/37470
Submitted by: Adrian Filipi-Martin <adrian@ubergeeks.com>
Approved and Reviewed by: des (mentor), re (bmah)
- Add a description of b0 / b1 fields.
- Do not use 'entry' to refer to both 'entry' and 'field'.
- Do not confuse people with heading 'Name' and entry 'Name'.
PR: 48104
Submitted by: Gary W. Swearingen <swear@attbi.com> (original version)
Approved by: re (blanket)
This is an optional feature, disabled by default.
This will be useful to people testing the various POSIX threading
libraries under -CURRENT but can easily serve other needs.
Both "product" and "build" ordering are rampant in /usr/src. This document
is not indented to be as strict as style(9) as historically BSD hasn't been
as consistent about Makefile as C code. Also there are too many variations,
exceptions and allowances in out existing Makefile style to be strict.
However there is a general level of consensus on what the general BSD style
of our Makefiles is. This manpage documents that "smell".
o Give the proper spelling for WARNS.
o Clarify using NO_WERROR.
o Embelish -D after -I verbage.
o Document preference of ${.ALLSRC} & ${.TARGET} vs. $< & $@.
Based on: brucification
background fsck. The delay defaults to sixty seconds to allow
large applications such as the X server to start before disk I/O
bandwidth is monopolized by fsck.
Submitted by: Brooks Davis <brooks@one-eyed-alien.net>
Sponsored by: DARPA & NAI Labs.
The /usr/bin/perl wrapper isn't solving many of the problems it was
imported to deal with. There are limitations to it that don't have a
clear "fix".
Reviewed by: markm, kris
Extorted approval from: re(jhb)
Fix device hints entry for disabling acpi(4).
This also should fix the arbitration with apm(4) when both drivers
are enabled.
Note that your /boot/device.hints needs to be updated if you want to
stop auto-loading acpi.ko or disable acpi(4).
now needs to set COPY=-C as -C is no longer compatible with the -d
option. It is also likely to be renamed to INSTALL_COPY soon.
Update documentation to reflect this change.
PR: bin/40724
permissions to use for alias and map database files built by
/etc/mail/Makefile. The default is 0640 to assist users in avoiding
a file locking local denial of service.
MFC after: 1 day
pending RE approval