Commit Graph

4987 Commits

Author SHA1 Message Date
John Baldwin
7b0b86a726 For the firewall_* variables that are specific to the "workstation"
firewall type, note that property in their description.

MFC after:	1 week
2008-08-15 18:48:29 +00:00
Antoine Brodin
86e82d6ef7 Improve periodic/security/550.ipfwlimit a bit:
- don't run it if net.inet.ip.fw.verbose = 0 as it is pointless
- handle rules without logging limit correctly [1]
(those rules show up without logamount in "ipfw -a list")

PR:		conf/126060 [1]
MFC after:	1 month
2008-08-10 18:11:24 +00:00
David E. O'Brien
01faf7789b Only symlink booted kernel directory to /boot/kernel if user has explicitly
requested it.  This is too dangerous to just do behind the admin's back.
2008-08-09 01:19:00 +00:00
Colin Percival
9c4ca95bf7 Add /usr/share/man/whatis, /var/db/locate.database, and /var/log to the
list of paths which `freebsd-update IDS` should ignore by default.
2008-08-08 10:36:16 +00:00
Daniel Gerzo
1f696cd2bc - back out my last commit as it seems to be wrong.
Spotted by: das
2008-08-03 19:01:07 +00:00
Colin Percival
a7fbbdf0a4 Make freebsd-update IDS not complain about /usr/share/man/cat* by
default.
2008-08-02 00:11:43 +00:00
Doug Barton
c1f84335c4 When using SRV records the protocols and services files need to be in the
chroot /etc directory.

PR:		conf/121101
Submitted by:	Stefan `Sec` Zehl <sec@42.org>
2008-08-01 06:11:33 +00:00
Doug Barton
d25761ca5b Add the -c option for named_flags (still commented out) that is
relevant for ports users, and change the comment to match.

While I'm here fix the capitalization of the named_program comment.
2008-08-01 05:15:54 +00:00
John Baldwin
4746c560a4 Oops, restore the recent changes to make startup messages quieter. 2008-07-31 22:13:14 +00:00
John Baldwin
4ceda705b7 Parse sysctl settings from /etc/sysctl.conf.local after /etc/sysctl.conf
if it exists.  This mirrors similar behavior for /boot/loader.conf and
/etc/rc.conf.

Obtained from:	Yahoo!
MFC after:	1 week
2008-07-31 21:57:35 +00:00
Antoine Brodin
c9853f4659 Remove an empty directory that is already in ObsoleteFiles.inc from
mtree/BSD.usr.dist
2008-07-28 17:42:37 +00:00
Andrew Thompson
c7971a92ea Change the module example to kldload since this is the resume side. 2008-07-21 22:55:40 +00:00
Marcel Moolenaar
8941d4ae1d Remove sioX as an alias for uartX. It is believed to be
more confusing than helpful.

Suggested by: jhb
2008-07-21 22:38:00 +00:00
Marcel Moolenaar
ba5e45704b With uart(4) default, change sio# to uart# so that
out-of-the-box FreeBSD is consistent.
2008-07-19 20:12:33 +00:00
Marcel Moolenaar
9005d65e46 With uart(4) default, change /dev/cuad# to /dev/cuau# and
sio# to uart# so that out-of-the-box FreeBSD is consistent.
2008-07-19 20:12:02 +00:00
Marcel Moolenaar
7fc2c2bc83 With uart(4) default, change /dev/cuad# to /dev/cuau# and
sio# to uart# so that out-of-the-box FreeBSD is consistent.
2008-07-19 20:11:33 +00:00
Marcel Moolenaar
abc45eb8f5 With uart(4) default, change /dev/cuad# to /dev/cuau# so that
out-of-the-box FreeBSD is consistent.
2008-07-19 20:00:18 +00:00
Marcel Moolenaar
9e859260ff With uart(4) default, change /dev/cuad# to /dev/cuau# so that
out-of-the-box FreeBSD is consistent.  Add uart[0-7] as a
fingerfriendly shortcut alongside sio[0-7] and com[1-8].
2008-07-19 19:08:22 +00:00
Daniel Gerzo
f8c76347e1 - dns queries might go also over TCP, so allow it.
Approved by:	rink
MFC after:	1 week
2008-07-17 20:00:18 +00:00
Doug Barton
04f0f225dd Add the shutdown KEYWORD to those scripts that start persistent services
to allow them to do a "clean" shutdown.

I purposely avoided making changes to network-related stuff since the
system shutting down is pretty conclusive, and there may be complicated
dependencies on the network that I would rather not try to unravel.

I also skipped kerberos-related stuff for the reasons above, and
because I have no way to test it.
2008-07-16 19:50:29 +00:00
Doug Barton
2b9851690c As previously discussed, add the svn:executable property to all scripts 2008-07-16 19:22:48 +00:00
Ed Schouten
f4d811f0b2 Make uart(4) the default serial port driver on i386 and amd64.
The uart(4) driver has the advantage of supporting a wider variety of
hardware on a greater amount of platforms. This driver has already been
the standard on platforms such as ia64, powerpc and sparc64.

I've decided not to change anything on pc98. I'd rather let people from
the pc98 team look at this.

Approved by:	philip (mentor), marcel
2008-07-13 07:20:14 +00:00
Doug Barton
919dbc2969 Strongly discourage the use of the query-source option, and explain why.
Give a better example if a user absolutely must use this option, and
suggest they pick something from the ephemeral port range rather than
port 53. This means that the example will not work if it is merely
uncommented, but this will hopefully encourage users to read the comment.
2008-07-12 10:00:36 +00:00
Mike Makonnen
5692c36098 The pfctl(8) program is already pretty verbose, so don't print extra
information in quiet mode.
2008-07-11 08:11:49 +00:00
Mike Makonnen
9300b74ce4 Remove the $DUMPDIR variable. It's redundant and the rest of the
script uses $dumpdir directly.
2008-07-06 08:31:29 +00:00
Mike Makonnen
f562910214 Make checking for the availability of core dumps work in the case
that $dumpdev is not set to "AUTO".

Reported by: Paul B. Mahol <onemda@gmail.com>
2008-07-06 07:51:29 +00:00
Mike Makonnen
7a711eb359 No need to display the result of enabling the ipfw sysctl if it's
successfull. Issue a warning if it fails, however.
2008-07-05 15:27:39 +00:00
Mike Makonnen
8144c9ac9b There's no need to announce that we're mounting local filesystems when
running in quiet mode since if we fail to mount any of them the boot
process gets interrupted.
2008-07-05 15:19:58 +00:00
Mike Makonnen
c5a80a7a3b Quiet down rc.d/nfsclient by not printing anything in 'quiet' mode. Instead
issue a warning of it fails to set the sysctls.
2008-07-05 15:13:21 +00:00
Mike Makonnen
10df26f936 Rev. 1.8 broke matching on lines where the failure mode is at the head
of the message, such as:
  Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1

PR: conf/124569
Submitted by:	Taku <taku@tekipaki.jp>
2008-06-30 08:01:47 +00:00
Mike Makonnen
cca7688f37 Backout r179941. The nfsclient knob always confuses me. I should have
double-checked my setup before commiting.

Noticed by: Florian Smeets
Pointy hat to: mtm
2008-06-27 15:45:17 +00:00
Rui Paulo
aea6188719 Add the missing support for Asus Eee PC in acpi_asus(4).
This includes hotkeys support and sysctl variables to control camera
and card reader. These new sysctls don't have CTFLAG_ANYBODY set.

While there add entries to devd.conf related to the Eee volume keys.

Reviewed by:	phillip
MFC after:	1 week
Also tested by:	lme (previous version)
2008-06-27 12:04:36 +00:00
Mike Makonnen
522b9831bd Quiet rc.d/syscons unless it has something to say. 2008-06-24 21:01:56 +00:00
Mike Makonnen
45a5dc937d Add a -q flag to swapon(8) to suppress informational messages. Use it in
rc.d.
Note: errors are not affected by this flag.
2008-06-23 22:17:08 +00:00
Mike Makonnen
d9fcd86c3a The sysctl(8) program exits on some errors and only emits warnings on
others. In the case where it displayed warnings it would still return
succesfully. Modify it so that it returns the number of sysctls that
it was not able to set.

Make use of this in rc.d to display only *unsuccessfull* attempts to
set sysctls.
2008-06-23 22:06:28 +00:00
Mike Makonnen
2794059010 Run savecore(8) only if there is a core dump to save. If there is
no core dump hide the message to that effect behind $rc_quiet.
2008-06-23 20:54:32 +00:00
Mike Makonnen
b064049801 Implement a "quiet" mode for rc.d/netif, which only outputs
the interface name of interfaces that were configured.

This change has the added benefit that ifn_start() and
ifn_stop() in network.subr no longer write to standard output.
Whether to output and what to output is now handled entirely
in rc.d/netif.
2008-06-23 20:50:11 +00:00
Mike Makonnen
e2a76fa732 Set the sysctl(8) value in the same shell, not a subshell. This was
causing calls to netoptions_init() to not properly set a global variable,
which ended up being in the parent shell.
2008-06-23 12:06:35 +00:00
Mike Makonnen
d7c5bf81cb Move the diagnostic output when the rc.subr(8) glue automatically starts a
service behind $rc_quiet. Instead, output a warning if the pre-command
routine or the command itself failed. Arguably, it's more useful to know when
a command failed to start than it is to have an endless list of
"Starting ...." lines[1].

[1] - This change actually helped me to discover a bug in rc.d/{lockd,statd}
      (fixed in r179941) that used to fail silently before.
2008-06-23 05:09:09 +00:00
Mike Makonnen
94789e5ca4 Move a lot of diagnostic output behind $rc_quiet in scripts that
implement their own start command.
2008-06-23 04:46:54 +00:00
Mike Makonnen
252c018f5f Align the script more with rc.d/cleanvar (which doesn't output any
diagnostics). Instead, move output behind $rc_quiet.
2008-06-23 04:42:58 +00:00
Mike Makonnen
4af728134c Remove the -v flag from the command line to dumpon(8), and instead print
diagnostic ouput only if the command fails.
2008-06-23 04:39:36 +00:00
Mike Makonnen
40c3350ab9 Remove pointless informational message. 2008-06-23 04:18:22 +00:00
Mike Makonnen
3e9cc7692f Argh! s/nfs_client_enable/nfsclient_enable/g 2008-06-23 04:05:39 +00:00
Mike Makonnen
8b5adf2fab Do not print anything unless one of the net/routing options is set. 2008-06-23 04:00:45 +00:00
Mike Makonnen
b16a98ec6f s/daemon processes/local packages/ for consisitency. 2008-06-23 03:49:30 +00:00
Mike Makonnen
f27ca6ea2f Output information only if /etc/rc.local exists. 2008-06-22 16:23:39 +00:00
Mike Makonnen
3c81343da6 Do not print anything unless at least one of the abi emulators is
enabled.
2008-06-22 16:19:50 +00:00
Mike Makonnen
3dce702718 Simplify this script with the added bonus that the bit about i386
initialization doesn't get printed unless ibcs2_enable is set.
2008-06-22 15:57:50 +00:00
Mike Makonnen
69ad4d6960 Don't say we're going to mount filesystems of a certain type unless
there actually are filesystems of that type to mount.
2008-06-22 15:40:19 +00:00
Mike Makonnen
3773d8c3cf Don't say we're going to [start|stop] local packages unless there actually
are local (pre rc.d) scripts to run.
2008-06-22 15:34:40 +00:00
Mike Makonnen
7d28174b91 Make quota knob conform to other rc(8) knobs. Keep older knob for
compatibility.

Requested by: Volker <volker@vwsoft.com>
2008-06-19 07:06:11 +00:00
Mike Makonnen
8717ddefb6 Move the check for enabled knobs further down in run_rc_command() so
that bogus commands cause usage information to be printed instead of
diagnostics about enabling the knob.
2008-06-19 06:11:34 +00:00
Kip Macy
04d2afedf1 remove incorrect comment that I missed in my last change 2008-06-15 13:26:25 +00:00
Kip Macy
3edb14e94b Stop moused on a detach event. Remove incorrect comment.
This fixes frequent problems with usb mice and kvm switches caused by moused hanging around.

Suggested by: Matthew Dodd

MFC after:	2 weeks
2008-06-15 13:25:23 +00:00
Giorgos Keramidas
02ca51529e Tweak rc.firewall to allow incoming limited broadcast traffic,
when configured to run in 'client' mode.

PR:		conf/15010
Submitted by:	Bill Trost, trost at cloud.rain.com
Reviewed by:	bz
MFC after:	2 weeks
2008-06-06 07:17:04 +00:00
Brooks Davis
06118b48d0 Fix the wait for default route change I made a few weeks ago by creating
a new defaultroute script that just does the wait.  The previous attempt
created a circular dependency through network_ipv6.

Pointy hat to:	brooks
2008-06-05 17:26:47 +00:00
Maksim Yevmenkin
00e41a48c2 Bluetooth SIG is being difficult and keep moving specification
documents away from being public accessible. Replace link to
the Bluetooth specification document with the document name.

Pointed out by:	SoftLover < slserg at uic dot tula dot ru >
MFC after:	3 days
2008-05-27 17:46:32 +00:00
Bjoern A. Zeeb
2e598474fa Remove ISDN4BSD (I4B) from HEAD as it is not MPSAFE and
parts relied on the now removed NET_NEEDS_GIANT.
Most of I4B has been disconnected from the build
since July 2007 in HEAD/RELENG_7.

This is what was removed:
- configuration in /etc/isdn
- examples
- man pages
- kernel configuration
- sys/i4b (drivers, layers, include files)
- user space tools
- i4b support from ppp
- further documentation

Discussed with: rwatson, re
2008-05-26 10:40:09 +00:00
Doug Barton
5071594969 Add a missing space between a variable and the ] for a test 2008-05-26 10:10:11 +00:00
Robert Watson
e4372ceba0 Remove netatm from HEAD as it is not MPSAFE and relies on the now removed
NET_NEEDS_GIANT.  netatm has been disconnected from the build for ten
months in HEAD/RELENG_7.  Specifics:

- netatm include files
- netatm command line management tools
- libatm
- ATM parts in rescue and sysinstall
- sample configuration files and documents
- kernel support as a module or in NOTES
- netgraph wrapper nodes for netatm
- ctags data for netatm.
- netatm-specific device drivers.

MFC after:	3 weeks
Reviewed by:	bz
Discussed with:	bms, bz, harti
2008-05-25 22:11:40 +00:00
Brooks Davis
ec200b32cd Move the wait for a default route to rc.d/routing. Once we test for
non-dhcp interfaces to negotiate/associate this will make more sense.

This also correctly gets run after both devd and netif are run so it has
a chance of working.
2008-05-18 02:57:54 +00:00
Colin Percival
bdd9aff946 Add support for specifying which INDEX files to build via portsnap.conf.
Requested by:	brooks
Reminded by:	brooks, about halfway through his BSDCan talk
2008-05-17 16:26:27 +00:00
Bruce M Simpson
7e54279b42 Add support for /conf/T/M/remount_optional.
The rc.initdiskless functionality is used by NanoBSD to allow configuration
files to live on a separate configuration slice, which acts as NVRAM, whilst
the system image is mounted read-only.

Normally, if the remount command fails during boot, this is regarded as
a fatal error. If /conf/T/M/remount_optional is present, this error is
non-fatal. If the file is not present, the default behaviour is unchanged.

This is very useful for people building live CD images using FreeBSD,
where the NVRAM lives somewhere completely differently from the system image,
and may be present on removable media which is not present during the
initial boot.
2008-05-15 11:00:23 +00:00
Brooks Davis
ace19032cf Change the default value of synchronous_dhclient to NO.
To preserve the existing behavior of etc/rc.d/netif, add code to wait
up to if_up_delay seconds (30 seconds by default) for a default route to
be configured if there are any dhcp interfaces.  This should be extended
to test that the interface is actually up.

X-MFC after:
2008-05-15 01:06:10 +00:00
Brooks Davis
d0c63cd27f Fix last commit and call childif_destroy() correctly. 2008-05-15 00:08:02 +00:00
Brooks Davis
106049d9ab Don't print the interface status if we only create child or destroy
interfaces.

Correctly return status from childif_create().
2008-05-14 23:53:39 +00:00
Florent Thoumie
404b160361 Don't require a configuration file. Ntpd will be perfectly happy if there's
none or if the file doesn't exist (there's no ntp.conf in the base install).

PR:		conf/119592
Submitted by:	Renaud Waldura <renaud+freebsd@waldura.org>
MFC after:	1 week
2008-05-12 11:49:16 +00:00
Doug Rabson
33f1219925 Fix conflicts after heimdal-1.1 import and add build infrastructure. Import
all non-style changes made by heimdal to our own libgssapi.
2008-05-07 13:53:12 +00:00
John Baldwin
c16e21016f Install the mpilib headers from mpt(4) into /usr/include/dev/mpt/mpilib.
This allows <sys/mpt_ioctl.h> to be used from userland.

Prodded by:	scottl
2008-05-07 04:11:21 +00:00
Mike Makonnen
68abe9bdf2 Specify the full path to the md5(1) binary so the script will
still work even if it's not in the shell's path.

PR: conf/122215
MFC after: 1 week
2008-05-06 10:40:20 +00:00
Maxim Konovalov
97752dfdc7 o Convert whitespaces to tabs. 2008-05-05 15:52:54 +00:00
Maxim Konovalov
2b30cf49b5 o Terminate "case" with "esac" not "fi".
Reported by:	Randy Bush
2008-05-05 15:50:20 +00:00
Mike Makonnen
432d4f0bce Fix improper use of checkyesno routine.
Noticed by: oliver
MFC after: 1 week
2008-05-05 07:43:48 +00:00
Warner Losh
967b36e864 Mips ttys file. Copied from i386 version with removal of the vga
entries.
2008-05-05 05:35:47 +00:00
Brooks Davis
5ed11a24b1 Replace a couple mentions of the soon to be removed vaps_<ifn>
variable form with wlans_<ifn>.
2008-05-03 07:06:48 +00:00
Brooks Davis
a54149a9ed Emit a warning when the network_interfaces variable is not set to AUTO.
MFC after:	3 days
2008-04-30 16:29:15 +00:00
Brooks Davis
89b5b33da2 Replace the prototype vaps_<ifn> and vap_create_<ifn> variables with
more wlans_<ifn> and create_args_<ifn>

Add documentation for these variants and generally update the wireless
device example.

There is are very short lived shim from vaps_<ifn> which produces
a warning and vap_create_<ifn> which does not.  Misuse the MFC
notification service to remind me to remove them.

MFC after:	3 weeks
2008-04-25 23:50:49 +00:00
Brooks Davis
ac426faa44 Revert rev 1.332 and keep ddb scripts off by default for now. Minidumps
are more flexable and much text-dump like output can be produced from
them so there's a good argument they are a better default.
2008-04-23 22:40:59 +00:00
Ruslan Ermilov
6e595c6fe0 Make it possible to disable sources of entropy harvesting.
Noticed by:	Igor Sysoev
MFC after:	3 days
2008-04-22 15:18:47 +00:00
Brooks Davis
5e347d66d7 Change the default of ddb_enable to YES so we default to generating textdumps
on panic.  This means you get a potentially useful dump even if your system
is running X when you panic.

X-MFC after:	never
2008-04-21 18:17:48 +00:00
Sam Leffler
5bd720a7c2 rc support for vaps 2008-04-20 20:37:21 +00:00
Sam Leffler
67591c284e 802.11 regulatory definitions used by ifconfig
Support by:	Hobnob
2008-04-20 20:37:02 +00:00
Brooks Davis
688e303c19 Add very limited support for the isc-dhclient. It will almostly certaintly
only work if there's just one interface doing dhcp.  This version implements
the same logic as the version in the PR, but uses pgrep to be less verbose.

PR:		conf/95905
MFC after:	1 week
2008-04-15 23:03:35 +00:00
Brooks Davis
30b6f51afe Declare _ppp_profile_cleaned, _punct, and _punct_c local in
ppp_start_profile().

Reported by:	yar
MFC after:	1 week
2008-04-10 01:32:49 +00:00
Maksim Yevmenkin
5bfd54b1ea Set defaults for the rfcomm_pppd_server rc script
MFC after:	1 week
2008-04-08 23:50:03 +00:00
Maksim Yevmenkin
97078e0796 Add rfcomm_pppd_server rc script to allow start rfcomm_pppd(8) in server
mode at boot time. Multiple profiles can be started at the same time.
The whole idea is very similar to the ppp rc script.

Document Bluetooth knobs in rc.conf(5)

MFC after:	1 week
2008-04-08 23:34:12 +00:00
Sam Leffler
2a54bb549f o add rc.conf knobs to set the wpa_supplicant program, logging flags,
and config file
o change default logging options from -q to -s (log to syslog); this
  is currently broken for boot-time startup as syslogd is started too
  late but that'll be dealt with separately

MFC after:	2 weeks
2008-04-08 23:12:15 +00:00
Sam Leffler
49658ca926 add support wired interfaces
MFC after:	2 weeks
2008-04-08 23:00:04 +00:00
Sam Leffler
823687d052 spell pidfile correctly so multiple wpa_supplicant processes can be run
MFC after:	1 week
2008-04-08 18:54:42 +00:00
Brooks Davis
ef09860eca Fix a stupid typo.
Reviewed by:	bz
2008-04-06 20:39:33 +00:00
Doug Barton
53eb99795c Back out revision 1.6, the addition of "BEFORE: mountcritremote".
mountcritremote REQUIREs FILESYSTEMS, and that script REQUIREs zfs,
so this change is a noop. By removing it we make life a little easier
both for rcorder(8) and for debugging down the road.

Approved by:	2 weeks of silence from pjd
2008-04-02 19:29:16 +00:00
Brooks Davis
14b0729b93 Add support for hardwiring ppp sessions to particular devices with new
per-profile variables of the form ppp_<profile>_unit.  No ppp_unit
variable is supported since tying the same unit to more than one profile
won't work.

PR:		conf/122127
MFC after:	1 week
2008-03-28 07:57:52 +00:00
Brooks Davis
b31eb9bec0 Support gif_interface values that don't follow the pattern gif###.
Remove ancient compatablity support for gif_interface="NO".
2008-03-28 06:50:06 +00:00
Brooks Davis
d4df47caab Remove the C flag from slip.log. The current slip userbase does not
justify the presence of a (usually empty) /var/log/slip.log on every
FreeBSD box.
2008-03-27 03:30:14 +00:00
Brooks Davis
6ea3dc3746 Allow the characters .-+/ to appear in ppp profile names by folding them
to _ when evaluating ppp_<profile>_nat and ppp_<profile>_mode.  Document
the per-profile variables.

PR:		conf/121452, conf/122127 (partial)
MFC after:	1 week
2008-03-26 21:54:48 +00:00
Remko Lodder
1fa09c8b65 Add a missing ;.
PR:		misc/122069
Submitted by:	taku@tekipaki.jp
MFC after:	3 days
Approved by:	imp (mentor, implicit trivial change).
2008-03-25 15:16:19 +00:00
Colin Percival
a3a76c6897 Add /boot/device.hints to the list of files which will have local
modifications merged.  I had initially expected that people would
put any local changes into /boot/loader.conf, but it turns out that
editing /boot/device.hints is something many people do.

Suggested by:	Jaakko Heinonen
MFC after:	1 week
2008-03-25 12:13:12 +00:00
Pawel Jakub Dawidek
2c5f8ef256 Be sure to run rc.d/zfs before mountcritremote. This way we can for example
configure devfs rules in /etc/devfs.conf for ZVOLs.

Submitted by:	Yarema <yds@CoolRat.org>
2008-03-19 14:44:55 +00:00
Xin LI
127d91856d Do nextboot -D twice during boot. The first time in rc.d/root which ensures that
we can remove the file as early as possible, but shut up nextboot at this moment
if the operation is failed, because /boot is not necessarily a part of /; the
newly added second run is placed in rc.d/mountlate after all filesystems were
mounted.

Discussed at:		-rc@
Suggestions from:	brooks, mtm
MFC after:		1 month
2008-03-11 17:21:14 +00:00
Xin LI
510a00dc93 root 2008-03-11 17:20:34 +00:00
Mike Makonnen
f2e7477d21 The check for errors from the mount command did not work as intended
because another command (echo) is executed between the mount command
and the check.

Reported by: Sergey Baturov <sergey@toor.org.ru>
MFC after: 2 weeks
2008-03-06 14:39:33 +00:00
Mike Makonnen
0ffc99e80d The rarpd(8) daemon must be instructed to start on all interfaces or a
specific one. Instruct it to listen on all interfaces so that enabling
it in rc.conf(5) works "out of the box."

PR:	conf/121406
Submited by: trasz
MFC after: 1 week
2008-03-06 14:01:10 +00:00
Brooks Davis
ae2edb2af1 Use the new command file feature of ddb(8) to support setting ddb(4)
scripts at boot.  This is currently disabled by default. /etc/ddb.conf
contains some potentially reasonable default scripts.

PR:		conf/119995
Submitted by:	Scot Hetzel <swhetzel at gmail dot com> (Earlier version)
X-MFC after:	textdumps
2008-03-05 18:32:58 +00:00
Gregory Neil Shapiro
1bb3032058 Fix quoting for the dnsbl example -- m4 misparses quoted strings with
commas due to our deconstruction of the line in cf/feature/dnsbl.m4.

PR:		120038
Submitted by:	mattijs vreeling
MFC after:	1 week
2008-02-17 05:38:29 +00:00
Gregory Neil Shapiro
2c8f5e0c3e Use better examples (and comment them out for safety).
PR:             118837
Submitted by:   Matthew Seaman
MFC after:      1 week
2008-02-17 05:22:08 +00:00
Doug Barton
4a4e965247 From the 4 February 2008 update:
IPv6 addresses for 6 of the root name servers!
2008-02-07 06:28:02 +00:00
Dag-Erling Smørgrav
43085e37e4 Eliminate xargs in favor of find -exec {} + 2008-02-03 00:33:05 +00:00
Dag-Erling Smørgrav
a4afe9200c Rewrite to consume significantly less memory, by using find -s instead of
find | sort.  As a bonus, this simplifies the logic considerably.  Also
remove the bogus "overruning the args to ls" comment and the corresponding
"-n 20" argument to xargs; the whole point with xargs is precisely that it
knows how large the argument list can safely get.

Note that the first run of the updated script may hypotheticall produce
false positives due to differences between find's and sort's sorting
algorithm.  I haven't seen this during testing, but others might.

MFC after:	2 weeks
2008-02-02 12:27:37 +00:00
Brooks Davis
983daa047f When the state of the interface changes rapidly enough (usually due to
rapid wireless association changes in my experience), there is a race
where dhclient is in the process of exiting due to the link going down
when the link coming up causes devd to try and start a new one.  This
results is the link being up, but no dhclient running.

Work around this race by checking a second time after a one second delay
before refusing to start a dhclient instance due to one already being
running.

MFC after:	1 week
2008-02-01 23:43:58 +00:00
Mike Makonnen
82e9dc59ce Add a dummynet_enable knob to go with firewall_enable. If this knob
is enabled dummynet(4) is added to the list of required modules.

Discussed on:	#freebsd-bugbusters (rwatson, trhodes)
PR:		conf/79196
MFC after:	1 week
2008-01-27 15:15:12 +00:00
Mike Makonnen
73981c381a Clarify that devfs_system_ruleset should contain a name, not a number.
Prompted by PR conf/85363

MFC after: 3 days
2008-01-27 13:45:20 +00:00
Mike Makonnen
ae4d6ea88f Generally, anything that runs rc.d scripts internally should
start using the quiet prefix (i.e. quietstart, quietstop, etc...).
2008-01-26 14:02:19 +00:00
Mike Makonnen
8511b3cb47 Generally, anything that runs rc.d scripts internally should
start using the quiet prefix (i.e. quietstart, quietstop, etc...).
2008-01-26 13:50:38 +00:00
Mike Makonnen
016cb0ba87 Use 'quietstart' so as not to get spammed with informational diagnostics. 2008-01-26 13:37:48 +00:00
Mike Makonnen
a850398f3b Re-implement: do not silently fail when a command is not carried
out because the rc.conf(5) variable was not enabled. Display a
message that the command wasn't run and offer suggestions on
what the user can do.

Implement a quiet prefix, which will disable some diagnostics. The
fast prefix also implies quiet. During boot we use either fast or
quiet. For shutdown we already use 'faststop'. So, this informational
message should only appear during interactive use.

An additional benefit of having a quiet prefix is that we can start
putting some of our diagnostic messages behind this knob and start
"de-cluttering" the console during boot and shutdown.
2008-01-26 11:22:12 +00:00
Mike Makonnen
581487018d Backout previous commit. It's going to clutter the console
during boot and shutdown. I think I'll hide it behind autoboot or
maybe take brooks@ suggestion and implement a different command
prefix for booting/shutdown purposes, but in any case it needs more
thought and attention.

Noticed by: ceri
Pointyhat to: mtm
2008-01-25 16:44:34 +00:00
Mike Makonnen
0908cccf90 If the rc.conf(5) variable for a script is not enabled do not fail
silently. Display a message that the command wasn't run and make
possible suggestions for what to do.

PR:	   conf/118770
MFC after: 1 week
2008-01-25 15:06:26 +00:00
Mike Makonnen
c3ff913134 Rev. 1.6 made it impossible to use rc.d/kerberos with the krb5 port.
Re-implement the change so that the script once again works with
the krb5 port.

Submitted by: kensmith (slightly modified)
MFC after: 3 days
2008-01-25 05:23:01 +00:00
Ruslan Ermilov
e57918352b Shorter equivalent of the command. 2008-01-24 07:04:12 +00:00
Rong-En Fan
8602063e3c Improve kernel NAT support in rc.firewall
- Allow IP in firewall_nat_interface, just like natd_interface
- Allow additional configuration parameters passed to ipfw via
  firewall_nat_flags
- Document firewall_nat_* in defaults/rc.conf

Tested by:	Albert B. Wang <abwang at gmail.com>
MFC after:	1 month
2008-01-21 04:41:18 +00:00
Simon L. B. Nielsen
ce4c63c52a Add warning about this script dealing with untrusted data.
MFC after:	1 week
2008-01-13 14:27:53 +00:00
Maxim Konovalov
2123fbe6cd o From the Problem Report: the TCP_DROP_SYNFIN kernel option is now
included in the kernel by default.  Remove reference to this option
from defaults/rc.conf and rc.conf(5).

PR:		conf/119098
Submitted by:	Beat Gaetzi
MFC after:	1 week
2008-01-12 20:52:30 +00:00
Maxim Konovalov
991eaf3af4 o Correct an info about "Firewalls and Internet Security" book: name,
authors list, ISBN, URLs.

PR:		conf/119590
MFC after:	1 week
2008-01-12 19:02:09 +00:00
Doug Barton
d207e3a35c Remove from the default empty zone list zones that, unlike the others,
could theoretically be allocated one day.
2008-01-11 22:41:21 +00:00
Diomidis Spinellis
f029c53a5c A new configuration variable, daily_status_mail_rejects_shorten, allows
the rejected mail reports to tally the rejects per blacklist without
providing details about individual sender hosts.  The default configuration
keeps the reports in their original form.

MFC after:	1 week
2008-01-08 07:22:43 +00:00
Doug Barton
0079ea2086 Update pkg_version_index to INDEX-8 2007-12-20 20:37:22 +00:00
John Baldwin
af14f69c40 Only pass paths to directories or config files that exist for ldconfig for
32-bit binaries.

MFC after:	3 days
2007-12-13 00:51:01 +00:00
Doug Barton
d6128b96d7 Add an empty stop_cmd to the remaining scripts that don't start
daemons and don't already have one.
2007-12-08 23:00:28 +00:00
Doug Barton
716df058ef Remove a meaningless KEYWORD 2007-12-08 22:40:31 +00:00
Doug Barton
b9070edf0f Remove the bootconf.sh script. It was never used on FreeBSD, and was
removed from the Makefile in version 1.5 (2002/09/02) but never GC'ed.
2007-12-08 22:33:11 +00:00
Doug Barton
9aaedf216b Remove spurious # marks to be more consistent with existing style. 2007-12-08 22:27:18 +00:00
Doug Barton
da1c1367ff Remove empty REQUIRE line 2007-12-08 22:26:30 +00:00
Doug Barton
e3c46a3332 Remove $NetBSD$ CVS tags. We no longer attempt to synch our rc.d files
with theirs, so this information doesn't need to be in the live file.
Having it in our CVS history is enough.
2007-12-08 07:20:23 +00:00
Colin Percival
095daa921a Add /root/, /.cshrc, and /.profile to the default UpdateIfUnmodified
directive.  Users get irritated if FreeBSD Update steps on these while
upgrading to a new release.

MFC after:	3 days
2007-11-28 22:45:09 +00:00
John Baldwin
cb2482de6b Don't delete files in the X11 socket directories under /tmp (.X11-unix,
.ICE-unix, .font-unix, .XIM-unix) when purging files from /tmp via the
daily 100.clean-tmps job.  If you are logged into an X session longer
than the timeout period (default of 3 days), then this job can delete
the X11 sockets out from under the session without this fix.

MFC after:	3 days
2007-11-28 17:31:11 +00:00
John Baldwin
9f0c02d425 Update the shlib version for libgssapi_krb5. This file needs to be updated
anytime that library version is bumped.

XXX: I wonder if this breaks any 6.x binaries using Kerberos5 via GSSAPI.
2007-11-27 21:47:56 +00:00
Ruslan Ermilov
5f3a6945d4 Also check setuid executables on ZFS. 2007-11-23 13:00:31 +00:00
John Baldwin
790c2471b9 Bump up the number of ttys supported by pty(4) to 512 by making use of
[pt]ty[lmnoLMNO][0-9a-v].

MFC after:	3 days
Reviewed by:	rwatson
2007-11-19 20:49:42 +00:00
Robert Watson
dc08061ccd Add ttys lines for pts/0-pts/255.
MFC after:	3 days
2007-11-15 16:22:59 +00:00
Henrik Brix Andersen
4ec59b0317 Add reload functionality.
PR:		conf/116659
Approved by:	sam, erwin (mentor)
2007-11-14 21:19:15 +00:00
Colin Percival
db6b0a619f Add support for "freebsd-update -r newrelease upgrade" -- binary
upgrading to new releases.  Important parts of this code include
 * automatically determining which optional components (e.g., src,
info, proflibs) are installed.
 * merging changes in files which are modified locally and have
changed between the currently running and new release.
 * prompting the user to rebuild all 3rd party software before
deleting old shared libraries.

Yes, this is compatible with "freebsd-update rollback" -- you can
test a new -BETA and roll back to the old release if you don't
like it.

Subject to re@ approval, this will be MFCed before 7.0-BETA3 and
6.3-RC1.

MFC after:	2 days
2007-11-12 04:47:57 +00:00
Max Laier
42a227f8ba Update pf examples from OpenBSD to catch up with new stateful defaults and
other syntax changes.  Move pf.conf from /etc to examples, too.
2007-11-11 01:16:51 +00:00
Sam Leffler
dd85d6d345 spaces are preferred to tabs
Noted by:	simon
2007-11-10 22:47:46 +00:00
Sam Leffler
e57bb31acd add wpa_supplicant + hostapd directories to examples
MFC after:	1 week
2007-11-10 20:23:07 +00:00
Benjamin Close
037347714a Link wpi(4) into the build.
This includes:
    o mtree (for legal/intel_wpi)
    o manpage for i386/amd64 archs
    o module for i386/amd64 archs
    o NOTES for i386/amd64 archs

Approved by: mlaier (comentor)
2007-11-08 22:09:37 +00:00
Warner Losh
7cd2389835 Another vestige of OLDCARD that needs to be retired.
Prodded by: jhb@
2007-11-08 17:41:35 +00:00
Andrew Thompson
5090437236 Change wpa_supplicant to down the interface at the start of the init routine.
wpa_supplicant expects that it has exclusive access to the net80211 state so
when its starts poking in the WEP/WPA settings and the card is already
scanning it can cause net80211 to try and associate incorrectly with a
protected AP.

This is an inconvenience for firmware based cards such as iwi where it can be
sent an auth instruction with incomplete security info and cause a firmware
error.

Remove the 'ifconfig up' from network.subr since wpa_supplicant will
immediately down the interface again.

Reported by:	Guy Helmer (and others)
Reviewed by:	sam, brooks, avatar
MFC after:	3 days
2007-11-05 06:13:07 +00:00
Doug Barton
8003dd03de Update to the 1 November 2007 version of this file. The change
is to the address of l.root-servers.net, which is moving to a
new /24 in order to enable anycast routing down the road.
2007-11-02 22:37:15 +00:00
Yaroslav Tykhiy
e0cb3d9c5c Add support for `make -nn' dry runs to this makefile. Basically,
it's just a matter of adding a `${_+_}' prefix before each submake
invokation.  This allows a dry run to proceed down to, but not
including, leaf commands.  (See <sys.mk> for how ${_+_} is set
depending on the number of -n flags.)
2007-10-29 07:37:08 +00:00