Commit Graph

83 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
e726be510b - ipv6_prefix_* and ipv6_ifconfig_* work for end node
- rtsol should be work for only one interface
- new variable ipv6_defaultrouter is added
- option name of rtadvd in comment are corrected
- ipv6_firewall_enable, ipv6_firewall_type, ipv6_firewall_script,
  ipv6_firewall_logging are added to introduce rc.firewall6.

IPv6 firewall rule is just starting point and should be brushed up.
This commit includes PR18621, PR21694, PR22051.

PR:		conf/18621, conf/21694, conf/22051
Reviewed by:	asmodai
2000-10-29 19:59:05 +00:00
MIHIRA Sanpei Yoshiro
33eb563d67 add PC-Card melody beep(PC Card bus, kludge version)
Original idea from:	PAO3
2000-10-28 13:35:34 +00:00
John W. De Boskey
3fc79ca179 Set new default: entropy_file="/entropy"
with /var/db/entropy being a hardcoded backup.

Submitted by:	Doug Barton <DougB@gorean.org>
Approved by:	markm
2000-10-16 04:45:47 +00:00
Darren Reed
7a76642f3c This brings support for IP Filter into rc.network and rc.conf with
the appropriate documentation added to rc.conf(5).  If all goes well
with this over the next few weeks, the PR will be closed with the
pullup of patches back to 4-STABLE.

PR:		20202
Submitted by:	Gerhard Sittig <Gerhard.Sittig@gmx.net>
Reviewed by:	Darren Reed <darrenr@freebsd.org>
Approved by:	Darren Reed <darrenr@freebsd.org>
Obtained from:	Gerhard Sittig <Gerhard.Sittig@gmx.net>
2000-10-06 12:24:45 +00:00
Brian Somers
944fae23f3 Add a unaligned_print option (alpha only)
Document osf1_enable

Submitted by:	Eric D. Futch <efutch@nyct.net>
PR:		21649
2000-10-04 18:58:46 +00:00
David E. O'Brien
7d2e5717e7 Remove our override on the default time that a looked up name remains
cached when not in use.  This changes the FreeBSD default from 30 minutes
to 5 minutes.  JKH was the one that added the override to amd_flags, but
there was no reason given other to serve as an example of what could be
done.
2000-09-01 01:08:52 +00:00
Sheldon Hearn
26007eb801 Document ibcs2_loaders and provide a default for it in
etc/defaults/rc.conf .
2000-08-18 09:37:50 +00:00
John Baldwin
70726c89b3 Mention that basic network options now include firewall/security options as
well.
2000-08-17 06:04:13 +00:00
Sheldon Hearn
e0dd773443 Add a sample ifconfig entry for an IPX address family address, to give
IPX folks a fighting chance of figuring this out themselves.  I can't
work out how to document this carefully in rc.conf(5), but this ought
to close the PR.

PR:		17904
Reported by:	John Gelnaw <jeg@hawk.circa.ufl.edu>
2000-08-15 15:09:34 +00:00
John Polstra
e9edb38551 Add an rc.conf knob "ldconfig_insecure" to disable ldconfig's
security checks.  Set the default to NO, i.e., secure.

Submitted by:	Maxime Henrion <mhenrion@cybercable.fr>
2000-08-11 03:26:30 +00:00
Bill Fumerola
70d25dfbce make sshd follow the pattern of enable, program, flags like every
other entry does.
2000-08-10 19:52:06 +00:00
Brian Somers
e2323071e6 Allow a ppp_user specification to run ppp at startup
PR:		20258
2000-08-10 00:13:02 +00:00
Eivind Eklund
8e4a14a9fa Change the defaults for portmap, sendmail and inetd to be not running them.
Make sysinstall override this on install, so the effective behavioural
change for a newly installed system is null.  Overall, this makes a system
with an empty /etc/rc.conf not run any network services, and makes the
FreeBSD-provided network services that are running visible in /etc/rc.conf
(instead of making people look through /etc/defaults/rc.conf to find the
things they need to disable to secure the system.)

Reviewed by:	jhb
Discussed with:	The usual cabal
2000-07-28 22:45:36 +00:00
Jeroen Ruigrok van der Werven
4c27efd514 Add weak_mountd_authentication, which is examined in /etc/rc.network.
Setting this to YES instead of its default NO, causes mountd to be
passed the -n flag, which allow non-root users mount requests to be served.
2000-07-23 11:31:09 +00:00
Mark Murray
b74aa5644c Add entropy caching. With this, some entropy is cached at shutdown
time, and this is used to reseed the random number generator at
boot time.

NOTE - this has no hope of working if you halt(); you need to
execute rc.shutdown to get the entropy stash.
2000-07-17 12:28:58 +00:00
Mark Murray
2c00ff8434 Clean up all the old setup code for the old /dev/random. This will be
revisited when the new /dev/random is done.
2000-06-25 10:55:23 +00:00
Brian Somers
f3e285ba7d Introduce /etc/defaults/periodic.conf, similar in concept to rc.conf.
The only change in the default functionality should be that
the output reports are slightly more verbose WRT files deleted.

Not objected to by: freebsd-arch
2000-06-23 01:18:31 +00:00
Matthew Dillon
55f087be8e Add ip_portrange_first and ip_portrange_last rc.conf/rc.network
options.  This allows you to set the standard dynamic port
    assignment range prior to any network daemons (like named) starting
    up, necessary if you are also using a firewall to restrict lower ports.
    will be MFC'd in a few days
2000-06-22 17:40:53 +00:00
Brian Somers
62c967e130 Don't include /compat/linux/tmp in $clean_daily_dirs as it's usually
a link to /tmp

Pointed out by: des
2000-06-20 14:58:48 +00:00
Brian Somers
59f32c3a6a Add clear_daily_* variables 2000-06-09 17:07:15 +00:00
Wilko Bulte
ac8c5ad22d Add suggested comment for TCP_DROP_SYNFIN and TCP_RESTRICT_RST
PR:		conf/18124
Submitted by:	Matt Heckaman <matt@arpa.mail.net>
2000-05-27 18:03:15 +00:00
Garrett Wollman
1940c51aac Fix misleading comment. 2000-05-18 19:02:47 +00:00
Matthew Dillon
ba3ed2268c Add ipsec_enable and ipsec_file options to run IPSEC's setkey program
with the specified configuration file at the appropriate time.
2000-05-16 06:52:11 +00:00
Andrey A. Chernov
be08c4bfc8 Add firewall_logging knob to enable/disablle events logging, disabled
by default. Needed mainly for ipfw kernel module to enable logging
disabled there.
2000-05-06 17:18:19 +00:00
Sheldon Hearn
f66e7afa28 Add to defaults/rc.conf a new function source_rc_confs which rc
scripts may use to source safely overrides in ${rc_conf_files}
files.

This protects users who insist on the bad practice of copying
/etc/defaults/rc.conf to /etc/rc.conf from a recursive loop
that exhausts available file descriptors.

Several people have expressed interest in breaking this function
out into its own shell script.  Anyone who wants to embark on
such an undertaking would do well to study the attributed PR.

PR:		17595
Reported by:	adrian
Submitted by:	Doug Barton <Doug@gorean.org>
2000-04-27 08:43:49 +00:00
Mitsuru IWASAKI
ece27d97a4 Enable etc/defaults/pccard.conf which is default configuration file
for pccardd.
Please install /etc/defaults/pccard.conf and update /etc/defaults/rc.conf
as well.
Note that old pccard.conf.sample still remains for while but
no longer to be maintained.

Reviewed by:	imp, -mobile ML and nomads ML in Japan.
2000-04-03 19:24:25 +00:00
Yoshinobu Inoue
7e757977d9 Fix english.
Specified by: sheldonh
2000-03-29 15:03:28 +00:00
Yoshinobu Inoue
39257a7c67 Add a configuration options which enable/disable IPv4 mapped IPv6 addr
support.

Suggested and Reviewed by: ume
2000-03-28 17:39:53 +00:00
Matthew Dillon
8d1b3828fa Add a sysctl to specify the amount of UDP receive space NFS should
reserve, in maximal NFS packets.  Originally only 2 packets worth of
    space was reserved.  The default is now 4, which appears to greatly
    improve performance for slow to mid-speed machines on gigabit networks.

    Add documentation and correct some prior documentation.

Problem Researched by: Andrew Gallatin <gallatin@cs.duke.edu>
Approved by: jkh
2000-03-27 21:38:35 +00:00
Bill Fumerola
508d5dad20 Make syslogd boot -s by default, which prevents Bad People from filling up
your diskspace.

PR:		conf/15737
Submitted by:	Kevin Day <toasty@dragondata.com> (PR)
		Nick Johnson <freebsd@spatula.net> (on -current)
2000-03-20 19:53:56 +00:00
Yoshinobu Inoue
03172c2b49 IPv6 related configuration updates.
- 6to4(stf) interface configuration.
  - Static route configuration.
  - Comment additions.
  - Replaced a still existed '@' to '%' in IPv6 scoped addr format.
    (This became necessary as previous IPv6 scoped addr format change.)

Much thanks to ume, who helped me reviewing, testing, and finding problems
with these changes.

Approved by: jkh

Reviewed by: ume
2000-03-12 20:35:54 +00:00
Yoshinobu Inoue
c384bccfe2 Change default of rtadvd to "YES".
Also add IPv6 example for "ifconfig_ifname_alias".

Suggested by: bmah@CA.Sandia.GOV
2000-03-09 15:19:58 +00:00
Mark Murray
0d854656e9 Add userland tweakables for OpenSSH and OpenSSL. 2000-02-24 23:08:19 +00:00
Yoshinobu Inoue
0908c83946 Add IPv6 configuration scripts.
Initial version created by, and kindly much tested by:
	bmah@CA.Sandia.GOV (Bruce A. Mah)

Approved by: jkh

Reviewed by: bmah@CA.Sandia.GOV (Bruce A. Mah),
	Ollivier Robert <roberto@keltia.freenix.fr>
Obtained from: KAME project
2000-02-23 18:05:58 +00:00
Jordan K. Hubbard
956ef11d64 PS/2 mice are a lot more common than serial mice now; use /dev/psm0
as default rather than /dev/cuaa0
2000-02-19 13:07:21 +00:00
Paul Richards
f49c61a73a Add a firewall_flags option that is used when ipfw processes a file. It allows
you to run a preprocessor, such as m4, so that you can use macros in your
rules file.

Approved by:	jkh
2000-02-06 19:25:00 +00:00
Sheldon Hearn
722636354c Add an explicit warning against copying this file into /etc/, since
work-arounds for the ".: Out of file descriptors" problem (see
PR 13724) are taking longer than expected to come to fruition.
1999-12-21 10:46:41 +00:00
Ollivier Robert
35703ff899 Bye bye xntpd, enter ntp.
The variable names haven't changed for compapatibility reasons.
1999-12-16 12:45:40 +00:00
Andrew Gallatin
86298776d2 Add an enable_osf1 knob to the alpha startup code 1999-12-15 14:27:59 +00:00
Warner Losh
b11b638301 Now that pccardc beep actually works, add knob for it in rc.conf/rc.pccard
Submitted by: sanpei@sanpei.org (MIHIRA-san Yoshiro)
1999-12-02 19:48:16 +00:00
Alfred Perlstein
f41581f80f we all like to 'Use' ppp, but this should be 'User'
Pointed out by: dcs
1999-11-24 10:44:47 +00:00
Andrey A. Chernov
0a0be98ce3 Remove man_locales - goes to manpath.config 1999-11-23 03:24:20 +00:00
Brian Somers
6c62fd3e55 Add pppoed startup options 1999-11-23 00:22:25 +00:00
Andrey A. Chernov
319f15a262 Add single_mountd_enable hook to run mountd but not NFS server
Needed for machine with CFS but without real NFS
1999-11-14 21:28:13 +00:00
David E. O'Brien
29abbacb90 Remove "-k" (kernel-arch) as "i386" is not appropriate on the Alpha.
Also remove the "-d" domain option, as if someone is savey enough to want
this, they are savey enought to make a custom amd_flags in /etc/rc.conf.
1999-10-16 05:42:50 +00:00
Bill Fumerola
f967923cf8 If dumpdev exists, it's automatically enabled. Change comment to reflect. 1999-10-01 00:13:44 +00:00
Joseph Koshy
8e814a064f Remove the "vinum_drives" rc.conf knob. According to Greg <grog@lemis.com>
this is no longer the right way to start Vinum unless you are doing some
kind of maintenance, and that's not the sort of thing that would go into
rc.conf.
1999-09-22 06:31:32 +00:00
David E. O'Brien
24002cc8bc /emulation/binary compatibility/ 1999-09-15 02:25:13 +00:00
Dag-Erling Smørgrav
8dc47ef606 Fix disordering introduced in my previous commit.
Pointed out by:	bde
1999-09-13 09:45:07 +00:00
Dag-Erling Smørgrav
e46cd3d4d2 Add the net.inet.tcp.restrict_rst and net.inet.tcp.drop_synfin sysctl
variables, conditional on the TCP_RESTRICT_RST and TCP_DROP_SYNFIN kernel
options, respectively. See the comments in LINT for details.
1999-09-12 17:22:08 +00:00