for example:
fwd tablearg ip from any to table(1)
where table 1 has entries of the form:
1.1.1.0/24 10.2.3.4
208.23.2.0/24 router2
This allows trivial implementation of a secondary routing table implemented
in the firewall layer.
I expect more work (under discussion with Glebius) to follow this to clean
up some of the messy parts of ipfw related to tables.
Reviewed by: Glebius
MFC after: 1 month
despite the interface link status.
Add dhclient_flags_iface and background_dhclient_iface rc.conf options.
(where iface is a specific interface). These can be used to give
interface specific flags to dhclient.
Reviewed by: brooks@
buildworld breakage.
Exclude loglevel.c from the build. It does not appear to be used by
anything in the tree and buildworld succeeds just fine without it.
unlinked as soon as the dump starts (and removed when the dump is
completed, and the dump process exits). Previous wording was confusing
because users might expect the snapshot to be visible in the .snap
subdirectory while dump is running.
MFC after: 1 week
output to setproctitle(3) in order to get rid of the ugly two-character
escape sequence "\n" in the ps(1) output of a dump(8) process:
<< [...] finished in 0:00 at Sat Aug 5 14:44:39 2006\n (dump)
>> [...] finished in 0:00 at Sat Aug 5 14:44:39 2006 (dump)
init(8), to avoid losing a race to them and dying before being able
to call reboot(2).
PR: bin/64664
Submitted by: maxim
Obtained from: NetBSD
MFC after: 30 days
code independent of the macro. This utility is just omitted
from the build as a whole by ../Makefile if MK_INET6 is set to false.
Pointed out by: ume
Tested with: cmp(1)
not be mounted unless the -l flag was specified.
Add an rc script, mountlate, which basically runs 'mount -a -l'. It runs
after DAEMON but before LOGIN.
This is useful for things like loopback mounts, because mountcritremote
runs before mountd / nfsd (since /usr might be a remote file system), so
an attempt to mount a loopback network file system in mountcritremote will
fail.
Also add a progress message to mountcritlocal, for the sake of symmetry
with similar messages in mountcritremote and mountlate.
Reviewed by: freebsd-rc
MFC after: 3 weeks
mechanism
o change vlan cloning to use callback and pass all vlan parameters
on create using the new SIOCREATE2 ioctl
o update vlan set logic to match existing practice
with NACK if I don't set it. Setting 'option dhcp-client-identifier' is
alternative but it is inconvenient because I have to keep the list of
all MAC addresses. As bin/94743 pointed out, it is always sent from
Windows clients and I found Mac OS X does the same.
OK'd by: brooks
order to - for example - apply firewall rules to a whole group of
interfaces. This is required for importing pf from OpenBSD 3.9
Obtained from: OpenBSD (with changes)
Discussed on: -net (back in April)
sector size, instead of later failing with an error about /boot/mbr
not being a multiple of the sector size (since we end up with an
assumed sector size of MAX_SEC_SIZE * 2).
- We query the sector size via an IOCTL anyway, so if that succeeds
use that instead of probing for it via read(2) calls. This fixes
the problem with fdisk failing to operate on at least graid3 and
md(4) devices on kernels with src/sys/geom/geom_dev.c before
rev. 1.90, due to fdisk failing to detect the sector size.
- When detecting the root device allow "/" characters in it, which
happens with e.g. gmirror devices.
Reviewed by: cperciva
MFC after: 1 week
- 'tag' & 'untag' action parameters.
- 'tagged' & 'limit' rule options.
Rule examples:
pipe 1 tag tablearg ip from table(1) to any
allow ip from any to table(2) tagged tablearg
allow tcp from table(3) to any 25 setup limit src-addr tablearg
sbin/ipfw/ipfw2.c:
1) new macros
GET_UINT_ARG - support of 'tablearg' keyword, argument range checking.
PRINT_UINT_ARG - support of 'tablearg' keyword.
2) strtoport(): do not silently truncate/accept invalid port list expressions
like: '1,2-abc' or '1,2-3-4' or '1,2-3x4'. style(9) cleanup.
Approved by: glebius (mentor)
MFC after: 1 month