allow them to start after netif. There were too many problems reported
with this change in the short period of time that it lived in HEAD, and
we are too late in the release cycle to properly shake it out.
IMO the issue of having the firewalls up before the network is still a
valid concern, particularly for pf whose default state is wide open.
However properly solving this issue is going to take some investment
on the part of the people who actually use those tools.
This is not a strict reversion of all the changes for r193198 since it
also included some simplification of the BEFORE/REQUIRE logic which is
still valid for ipfilter and ip6fw.
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.
In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)
vt220 will not work better. Even though it probably will remove warnings
about unknown terminal types, a cons25 emulator is not compatible with
vt220 at all.
There is a minor typo in the cons25l7 (':' instead of '|') entry
in src/etc/termcap.small that causes syscons to complain about
bogus characters in /etc/termcap.db.
PR: conf/132777
Submitted by: Nikos Ntarmos <ntarmos@cs.uoi.gr>
MFC after: 1 week
This allows to append custom rules at the end of the file without
risk of confusion that can result when one misses default !ppp line
and doesn't add another program specification and thus subsequent
selector(s) would belong to ppp program block.
Requested by: marck
Submitted by: marck
Approved by: jhb (mentor)
- Remove redundant debugging of consolelog.
- Use `while :', instead of `while [ true ]'. This is done in other
places as well.
Submitted by: Jille Timmermans <jille quis cx> (not jilles)
Reviewed by: jilles
Catalan language is not only spoken in Spain (ca_ES), but also
in Andorra, France and Italy. In Andorra it is the official
language.
(see http://en.wikipedia.org/wiki/Catalan_language#Geographic_distribution)
Add a bunch of symlinks to between ca_ES and ca_AD, ca_FR and ca_IT.
PR: conf/92541
Submitted by: <rmh@io.debian.net>
MFC after: 1 week
This NTP configuration file points to the [012].pool.ntp.org servers,
which will return a list of geographical local NTP servers.
It uses the best-practice options of "iburst" and "maxpoll 9".
It gives examples on how to use the "restrict" commands, which are
unfortunately not working when you use the pool.ntp.org servers.
It sets up a fudge server so any clients syncing against this server
will always be synced even if we lose the master.
The idea of this file was briefly discussed on -net.
PR: conf/58595
Submitted by: Chris Stenton <jacs@gnome.co.uk>
MFC after: 1 week
/etc/rc.d. They use the following new rc variables:
nfsv4_server_enable - set to "YES" to run the experimental server
nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
server
nfsuserd_flags - command line flags for nfsuserd
nfscbd_enable - set to "YES" to run the experimental nfs client's
NFSv4 callback daemon
nfscbd_flags - command line flags for nfscbd
Reviewed by: dougb
Approved by: kib (mentor)
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.
This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.
PR: 122811
MFC after: 3 weeks
AUTO are deprecated.' There is no good reason to deprecate them, and
setting this to different values can be useful for custom solutions
and/or one-off configuration problems.
happen right after ypbind, and before anything that uses NIS. The only
change in rcorder accomplished by this patch is make that happen.
PR: conf/117555
Submitted by: John Marshall <john@rwsrv05.mby.riverwillow.net.au>
differently. The output now shows the ruleset and shortens to
slightly different text (using $daily_status_mail_rejects_shorten),
but it should be more descriptive.
PR: 35018
Inspired by: Mikhail Teterin - mi at aldan dot algebra dot com
MFC after: 3 weeks
so that the .h files in src/sys/fs/nfs will be installed under
/usr/include/fs/nfs. This will allow the following utilities to
build, once additions and changes for the experimental nfs subsystem
are committed:
usr.sbin/mountd - Once modified to add support for the
experimental nfs subsystem.
ur.sbin/nfsstat - Once modified to add support for the
experimental nfs subsystem.
usr.sbin/nfscbd - The client side callback daemon for NFSv4.
usr.sbin/nfsuserd - The NFSv4 user/group name<->uid/gid mapping daemon.
usr.sbin/nfsdumpstate - The NFSv4 utility for dumping open/lock state.
usr.sbin/nfsrevoke - The sysadmin command for revoking NFSv4 state.
Approved by: kib (mentor)
(localhost by default) can be successfully looked up. Off by default.
2. New feature: option to create a forwarder configuration file based on
the contents of /etc/resolv.conf. This allows you to utilize a local
resolver for better performance, less network traffic, custom zones, etc.
while still relying on the benefits of your local network resolver.
Off by default.
3. Add named-checkconf into the startup routine. This will prevent named
from trying to start in a situation where it would not be possible to do
so.
During bootup, if /etc/rc.d/savecore detects a core dump file
on the dump device, the core file will be saved, and the crashinfo
script will be run to generate a human-readable report.
This will make it easier for end-users to provide feedback to
developers about kernel crashes.
Reviewed by: jhb
arbitrary commands (outside the jail) associated with said events,
e.g. to bring up/down CARP interfaces representing services run in
jails.
Reviewed by: simon
is set and "natd_enable" is NOT set;
- Accept and pass firewall type to the external firewall script.
Submitted by: Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru >
MFC after: 3 days
No response from: freebsd-rc
sendmail / postfix etc. may fail to start because DNS is unavailable and /
or the server is unreachable. In the worst case, the machine may become
unusable.
Debugging this issue was far more difficult than it should have been, due
to earlier changes to the rc framework to hide almost all useful information
about the boot process.
Approved by: silence
Even though I increased the amount of pts(4) entries in /etc/ttys some
time ago, I didn't realize back then those entries shouldn't have been
there in the first place.
I just looked at the getttyent() source code and it turns out when you
call setttyent(), it walks through /dev/pts and looks for the device
with the highest number. After you receive EOF's from getttyent(), it
makes up entries for pts(4) devices.
This means that adding entries for pts(4) is somewhat harmful, because
if you now traverse the list, you get redundant entries, so just remove
them.
the jail case specifically. In case we find a proper pre-seeded
devfs in the chroot path (mounted from the base system) permit
starting chrooted else give proper warn/error messages.
PR: conf/103489
Reviewed by: dougb
MFC after: 5 days
time to boot an unplugged system 30 sec. longer for no good reason. Therefore,
add a check to make sure that any DHCP interfaces are plugged in before
waiting.