Commit Graph

137 Commits

Author SHA1 Message Date
pjd
798e9a1d99 Mark scripts as not usable inside a jail by adding keyword 'nojail'.
Some suggestions from:	rwatson, Ruben de Groot <mail25@bzerk.org>
2004-03-08 12:25:05 +00:00
mtm
8af048e8de Rename localdaemons to localpkg.
The original name was really a mistake since
/usr/local/etc/rc.d scripts can (and usually do) start
more than just daemons. Even the output in the script
uses 'local packages.' Also, the term 'local daemons' is
used by rc.d/local, which was etc/rc.local of rcOG fame.
No repo-copy because there isn't much history to save.
I will remove localdaemons shortly with all the other
files that don't belong in rc.d anymore.

Discussed with:	dougb, freebsd-rc@yahoogroups.com
2003-08-06 00:35:13 +00:00
mtm
7fd6742f8d o Repocopied routing and netoptions from network2 and network3, respectively.
o Change the provider names.
o Separate routing into two parts: static routing and routing options. The
  start command will run both parts, but they can be run separately using
  the static and options command, respectively:
  (/etc/rc.d/routing static; /etc/rc.d/routing options)
2003-06-29 05:09:48 +00:00
mtm
600f4813f8 Move securelevel further back in the boot order.
Approved by:	markm (mentor)(implicit)
Reviewed by:	dougb
2003-05-05 15:38:41 +00:00
schweikh
b7d8725365 Fix style bugs:
* Space -> tabs conversion.
* Removed blanks before semicolon in "if ... ; then".
* Proper indentation of misindented lines.
* Put a full stop after some comments.
* Removed whitespace at end of line.

Approved by:	silence from gordon
2002-10-12 10:31:31 +00:00
gordon
259601fa05 Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:   Mike Makonnen <makonnen@pacbell.net>
Reviewed by:    silence on -current and -hackers
Prodded by:     rwatson
2002-07-18 05:00:17 +00:00
des
1a399fc73c Cosmetic changes to the previous commit, bringing it closer to what I
already had in my tree but didn't want to commit.
2002-04-11 22:06:27 +00:00
peter
32ba147180 Since sshd expects /etc/ssh/ssh_host_rsa_key to exist, we had better
create it.  Also specify protocol v1/v2 in case people wonder why we
generate two RSA keys.
2002-04-10 22:30:54 +00:00
dougb
3b51c999a4 The good news is that my initial PR was correct... the bad news is that I
was apparently smoking something when I committed the last fix, because as
ume was kindly enough to set me straight on, amd *will* start with no
arguments at all, as long as there is an /etc/amd.conf file for it to
read. What it won't do is start with *just* -p.

In any case, now it's fixed.
2002-04-01 18:33:45 +00:00
des
918221515e Don't try to generate ssh keys if ssh isn't installed. 2002-03-19 03:45:02 +00:00
cjc
505f3e0be8 IPFilter may need to be re-sync'ed even if we are not filtering, but
only doing ipnat(8). Go back to using $ipfilter_active, but turn off
$ipfilter_active when loading ipl.ko has failed.

Submitted by:	devet@devet.org (Arjan de Vet)
MFC after:	3 days
2002-03-19 01:56:04 +00:00
dougb
0589708b9d Answer the question posed in 1.126. amd won't start without either a
conf file, or command line options. I brought this up in PR 12432,
which (ironically) obrien assigned to me after I became a committer. :)

PR:		conf/12432
Submitted by:	Me
2002-03-17 07:35:51 +00:00
cjc
bde27f5c3c The reload of ipf(8) rules should depend on $ipfilter_enable, not
$ipfilter_active. $ipfilter_enable is set to "NO" if modules fail to
load, and $ipfilter_active can be "YES" when we are not using ipf(8).

MFC after:	3 days
2002-03-12 20:25:25 +00:00
obrien
0f0107f79e Background the startup of `Amd', it often blocks on startup. 2002-03-12 01:04:35 +00:00
obrien
eff3c6b824 Why shouldn't amd always write its PID to a file?
Since I cannot answer that question, make it.
2002-03-12 01:01:53 +00:00
dd
0b2f9cb783 Redirect stdout of `ipf -y' to /dev/null. This removes a stray
"filter sync'd" in the middle of the boot output if IPFilter is
enabled, but does not hide any potential errors, which go to stderr.
2002-03-04 10:30:24 +00:00
cjc
5eebfcea9b There is no reason to demand the administrator set 'natd_interface'
when running natd(8) out of the rc-files. It is perfectly valid for
the interface or alias address to be set in a natd(8) configuration
file, not on the command line. Also, loosen up the restrictions on
identifying an IP address argument in 'natd_interface.'

Fix the documentation, rc.conf(5), to reflect this change.

Take the bogus default for 'natd_interface' out of /etc/defaults/rc.conf.

MFC after:	3 days
2002-02-20 10:31:01 +00:00
cjc
27ee79e565 peter points out that we probably should not mess with the sysctl(8)
values at all if they are not purposefully set. What if the
administrator messed with them in /etc/sysctl.conf? We don't want to
overwrite them.

If 'log_in_vain' is zero, do not force the issue. If it is non-zero,
set it.
2002-02-08 13:25:33 +00:00
sheldonh
c8bf94da48 Register amd's dependency on NFS.
This change was submitted to the freebsd-audit mailing list for review
but received no feedback.  Hindsight-enabled reviews are welcome.

PR:		conf/31358
Submitted:	Thomas Quinot <thomas@cuivre.fr.eu.org>
2002-01-28 11:05:01 +00:00
cjc
f07bfdc654 Make the rc.conf(5) 'log_in_vain' knob an integer.
Try this out in -CURRENT, MFC, and then consider dropping the
'log_in_vain' knob all together. It really is something for
sysctl.conf(5).

PR:		bin/32953
Reviewed by:	-bugs discussion
MFC after:	1 week
2002-01-26 09:05:13 +00:00
alfred
2eaaa91f6f rpc.lockd needs rpc.statd to be running for it to start up properly.
so swap the order.

Also allow rpc.lockd and rpc.statd to be turned on if nfsclient is
enabled.  They are needed to provide client side locking support.

PR: conf/27811
2001-12-13 04:21:18 +00:00
ru
1104babdad s/sysctl -w/sysctl/ 2001-12-11 08:21:46 +00:00
rwatson
892dcf7c92 o Update rc.network to reflect the recent change of default in the
kernel TCP timer code: rather than checking for tcp_keepalive being
  set to "YES", check for "NO" and turn off keepalives if the variable
  is set in that manner.

o Note: eventually, it would make sense to remove this variable from
  rc.conf management, and instead rely on sysctl.conf.  In fact, this
  is probably true of a number of rc.conf variables whose sole aim
  is to drive the setting of sysctls at boot time.
2001-12-07 17:03:14 +00:00
cjc
a57107b602 Protect the '*' in pppoed_provider (the default) from metacharacter
expansion in the rc-scripts.

PR:		32552
Submitted by:	Gleb Smirnoff <glebius@rinet.ru>
Approved by:	ru
Obtained from:	ru
MFC after:	1 day
2001-12-06 09:34:44 +00:00
dd
5dd8a71701 Spelling police: sucessful -> successful. 2001-11-24 23:41:32 +00:00
darrenr
6524b81033 Resolve all the ipfilter startup issues in rc.network with one big patch
to get it all right, allowing ipnat to be enabled independantly of ipfilter
in rc.conf (among other things).

PR:		multiple
Submitted by:	Arjan de Vet <devet@devet.org>
Reviewed by:	Giorgos Keramidas <keramida@FreeBSD.org>
2001-11-24 13:48:30 +00:00
sheldonh
fa34986a65 Avoid unnecessary calls to expr(1) by using standard shell arithmetic
expansion instead.
2001-11-14 06:35:43 +00:00
fenner
178d6888d6 Update the nsswitch.conf -> host.conf generator to handle criteria,
continuation lines, extra whitespace, and to use the last matching
 line in the file.  This syncs the host.conf generation with how
 the nsswitch.conf is parsed.
Only print " host.conf" instead of a multi-line message, since this
 happens on every boot.
2001-11-07 00:33:56 +00:00
des
5f5f051f7e Modify the way host.conf and nsswitch.conf are treated at boot time:
- if nsswitch.conf exists, host.conf is auto-generated for compatibility
   with legacy applications and libraries.

 - if host.conf exists but nsswitch.conf does not, nsswitch.conf is auto-
   generated as usual.
2001-11-01 12:39:01 +00:00
darrenr
ea76382201 Do an ipf -y after bringing up ppp to ensure rules which mention ppp get
matched.  Moification on PR to handle ipnat not being dependant on
ipfilter_enable

PR:	22859
2001-10-20 04:46:32 +00:00
darrenr
c34948e321 Allow ipnat_enable to be set to "yes" without requiring ipfiltre_enable to
be set to "yes"

PR:		25223
2001-10-20 04:41:47 +00:00
darrenr
06070b833f Put in place for using ipfs use on shutdown and startup.
PR:		27070
2001-10-20 04:33:02 +00:00
dougb
2d4b0d066d Handle the lack of nfs server or client support in the kernel by
kldload'ing the appropriate modules before enabling the service.
2001-10-19 06:50:52 +00:00
jhb
33c3770bff Remove references to nfsiod and nfs_client_flags now that they are
obsolete.

Submitted by:	Gordon Tetlow <gordont@gnf.org>
2001-10-10 20:36:51 +00:00
brooks
dcf7dde145 Add a new rc.conf variable, cloned_interfaces, to create cloned
interfaces at boot.
2001-09-19 21:27:27 +00:00
peter
efbced43f3 The vfs.nfs.bufpackets sysctl is in the client, not the server. Move it
to the client section.  Turn off nfsiod, it no longer exists (now just
kthreads).  I need revisit nfsiod so that we have an argument passthrough.
2001-09-19 00:22:26 +00:00
darrenr
a1ee75086a Merge in patch to automagically decide whether or not a kldload of ipfilter
is required into rc.network.

Person failed to use a real name so both email addresses from PR included
(Sent was different to From).

PR:		22998
Submitted by:	dl@leo.org/spock@empire.trek.org
2001-07-30 23:12:02 +00:00
markm
22aa258b31 Upgraded launchpad for kerberos. Noe kerberos IV OR kerberos 5
may be started at boot for kerberos servers.
2001-07-28 19:57:57 +00:00
brooks
b1b663d05b Create gif devices in the "gifconfig" stage while configuring them.
Reviewed by:	ru, ume
Obtained from:	NetBSD
MFC after:	1 week
2001-07-02 21:08:48 +00:00
schweikh
0ecfad7b16 Fix misindented esac.
MFC after:	1 week
2001-06-16 15:48:43 +00:00
ume
832f8d2249 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
brian
8633e3d6ad Add a missing \n
Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
PR:		28014
MFC after:	1 week
2001-06-10 16:21:56 +00:00
brian
fd81208991 Move gif_interfaces from an IP6 option to a regular IP option.
PR:		26543
Submitted by:	Brooks Davis <brooks@one-eyed-alien.net>
MFC after:	3 weeks
2001-06-03 12:26:56 +00:00
obrien
bac609c202 Restore the RSA host key to /etc/ssh/ssh_host_key.
Also fix $FreeBSD$ spamage in crypto/openssh/sshd_config rev. 1.16.
2001-05-18 18:10:02 +00:00
jesper
d10919aae8 Link /etc/ssh/ssh_host_key to /etc/ssh/ssh_host_rsa_key to deal with
gratutious changes in the latest SSH

Reviewed by:	obrien
Approved by:	obrien
2001-05-16 19:23:54 +00:00
peter
8b207d03b6 s/ssh_host_key/ssh_host_rsa_key/ since that is what openssh uses now
after a mergemaster.
2001-05-09 07:46:44 +00:00
des
097a9d6bae Axe TCP_RESTRICT_RST. It was never a particularly good idea except for a few
very specific scenarios, and now that we have had net.inet.tcp.blackhole for
quite some time there is really no reason to use it any more.

(second of three commits)
2001-03-19 22:07:32 +00:00
alfred
f67e4a8fc7 Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.

  Bring in required TLI library routines to support this.

  Since we don't support TLI we've essentially copied what NetBSD
  has done, adding a thin layer to emulate direct the TLI calls
  into BSD socket calls.

  This is mostly from Sun's tirpc release that was made in 1994,
  however some fixes were backported from the 1999 release (supposedly
  only made available after this porting effort was underway).

  The submitter has agreed to continue on and bring us up to the
  1999 release.

  Several key features are introduced with this update:
    Client calls are thread safe. (1999 code has server side thread
    safe)
    Updated, a more modern interface.

  Many userland updates were done to bring the code up to par with
  the recent RPC API.

  There is an update to the pthreads library, a function
  pthread_main_np() was added to emulate a function of Sun's threads
  library.

  While we're at it, bring in NetBSD's lockd, it's been far too
  long of a wait.

  New rpcbind(8) replaces portmap(8) (supporting communication over
  an authenticated Unix-domain socket, and by default only allowing
  set and unset requests over that channel). It's much more secure
  than the old portmapper.

  Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
  to support TI-RPC and to support IPV6.

  Umount(8) is also fixed to unmount pathnames longer than 80 chars,
  which are currently truncated by the Kernel statfs structure.

Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
dougb
ccc9a8e876 * Add an eval so that ipnat_flags=">/dev/null" works, per the PR
* Do some line length and specify full path cleanups while I'm here

PR:				conf/22937
Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
2000-12-17 22:14:49 +00:00
dougb
1e8ecc617b Apply a more consistent style to the echo statements in /etc/ scripts.
* Put quotes around each line
* Single quotes for lines with no variable interpolation
* Double quotes if there is
* Capitalize each word that begins a line
* Make echo -n 'Doing foo:' ... echo '.' more of a standard

No functionality changes
2000-12-17 08:16:06 +00:00