diff options
-rw-r--r-- | etc/Makefile | 5 | ||||
-rw-r--r-- | etc/changelist | 3 | ||||
-rw-r--r-- | etc/ftpusers | 3 | ||||
-rw-r--r-- | etc/group | 1 | ||||
-rw-r--r-- | etc/hoststated.conf | 39 | ||||
-rw-r--r-- | etc/mail/aliases | 3 | ||||
-rw-r--r-- | etc/master.passwd | 1 | ||||
-rw-r--r-- | etc/rc | 6 | ||||
-rw-r--r-- | etc/rc.conf | 3 | ||||
-rw-r--r-- | etc/relayd.conf | 39 | ||||
-rw-r--r-- | usr.sbin/Makefile | 5 |
11 files changed, 99 insertions, 9 deletions
diff --git a/etc/Makefile b/etc/Makefile index 43d284a01cf..03c99a8d25b 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.245 2006/12/14 18:49:44 kettenis Exp $ +# $OpenBSD: Makefile,v 1.246 2007/01/31 08:32:16 pyr Exp $ TZDIR= /usr/share/zoneinfo LOCALTIME= Canada/Mountain @@ -81,6 +81,7 @@ distribution-etc-root-var: distrib-dirs ${INSTALL} -c -o root -g wheel -m 600 pf.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 chio.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 hostapd.conf ${DESTDIR}/etc + ${INSTALL} -c -o root -g wheel -m 600 hoststated.conf ${DESTDIR}/etc ${INSTALL} -c -o root -g wheel -m 600 ipsec.conf ${DESTDIR}/etc ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 555 \ etc.${MACHINE}/MAKEDEV ${DESTDIR}/dev @@ -339,7 +340,7 @@ distrib: DHSIZE=1024 1536 2048 3072 4096 update-moduli: ( \ - echo '# $$OpenBSD: Makefile,v 1.245 2006/12/14 18:49:44 kettenis Exp $$'; \ + echo '# $$OpenBSD: Makefile,v 1.246 2007/01/31 08:32:16 pyr Exp $$'; \ echo '# Time Type Tests Tries Size Generator Modulus'; \ ( for i in ${DHSIZE}; do \ ssh-keygen -b $$i -G /dev/stdout; \ diff --git a/etc/changelist b/etc/changelist index 7a3f3562f86..bbb67ccbc32 100644 --- a/etc/changelist +++ b/etc/changelist @@ -1,4 +1,4 @@ -# $OpenBSD: changelist,v 1.49 2006/12/27 23:32:49 msf Exp $ +# $OpenBSD: changelist,v 1.50 2007/01/31 08:32:16 pyr Exp $ # # List of files which the security script backs up and checks # for modifications. @@ -39,6 +39,7 @@ /etc/gettytab /etc/group /etc/hostapd.conf +/etc/hoststated.conf /etc/hosts /etc/hosts.allow /etc/hosts.deny diff --git a/etc/ftpusers b/etc/ftpusers index c069a263279..3fe61a9a575 100644 --- a/etc/ftpusers +++ b/etc/ftpusers @@ -1,4 +1,4 @@ -# $OpenBSD: ftpusers,v 1.29 2006/10/29 18:58:57 norby Exp $ +# $OpenBSD: ftpusers,v 1.30 2007/01/31 08:32:16 pyr Exp $ # # list of users disallowed any ftp access. # read by ftpd(8). @@ -40,3 +40,4 @@ _ospfd _hostapd _dvmrpd _ripd +_hoststated diff --git a/etc/group b/etc/group index 7ff0d796fae..7a640eadb69 100644 --- a/etc/group +++ b/etc/group @@ -53,6 +53,7 @@ _ospfd:*:85: _hostapd:*:86: _dvmrpd:*:87: _ripd:*:88: +_hoststated:*:89: dialer:*:117: nogroup:*:32766: nobody:*:32767: diff --git a/etc/hoststated.conf b/etc/hoststated.conf new file mode 100644 index 00000000000..800ce69e4ea --- /dev/null +++ b/etc/hoststated.conf @@ -0,0 +1,39 @@ +# $OpenBSD: hoststated.conf,v 1.1 2007/01/31 08:32:16 pyr Exp $ +# +# Macros +# +webhost1="10.0.0.1" +webhost2="10.0.0.2" + +# +# Global Options +# +# interval 10 +# timeout 200 + +# +# Each table will be mapped to a pf table. +# +table webhosts { + check http "/" code 200 + host webhost1 + host webhost2 +} + +table fallback { + check icmp + host 127.0.0.1 +} + +# +# Services will be mapped to a rdr rule. +# +service www { + virtual ip www.example.com port http interface trunk0 + + # tag every packet that goes thru the rdr rule with HOSTSTATED + tag HOSTSTATED + + table webhosts + backup table fallback +} diff --git a/etc/mail/aliases b/etc/mail/aliases index 14bf547fff8..864101c5787 100644 --- a/etc/mail/aliases +++ b/etc/mail/aliases @@ -1,5 +1,5 @@ # -# $OpenBSD: aliases,v 1.20 2006/10/29 18:58:57 norby Exp $ +# $OpenBSD: aliases,v 1.21 2007/01/31 08:32:16 pyr Exp $ # # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /usr/libexec/mail.local. @@ -28,6 +28,7 @@ _dvmrpd: /dev/null _fingerd: /dev/null _ftp: /dev/null _hostapd: /dev/null +_hoststated: /dev/null _identd: /dev/null _isakmpd: /dev/null _kadmin: /dev/null diff --git a/etc/master.passwd b/etc/master.passwd index 9baa7dbbce4..89afebd5658 100644 --- a/etc/master.passwd +++ b/etc/master.passwd @@ -35,4 +35,5 @@ _ospfd:*:85:85::0:0:OSPF Daemon:/var/empty:/sbin/nologin _hostapd:*:86:86::0:0:HostAP Daemon:/var/empty:/sbin/nologin _dvmrpd:*:87:87::0:0:DVMRP Daemon:/var/empty:/sbin/nologin _ripd:*:88:88::0:0:RIP Daemon:/var/empty:/sbin/nologin +_hoststated:*:89:89::0:0:HostState Daemon:/var/empty:/sbin/nologin nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin @@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.296 2007/01/06 12:00:06 matthieu Exp $ +# $OpenBSD: rc,v 1.297 2007/01/31 08:32:16 pyr Exp $ # System startup script run by init on autoboot # or after single-user. @@ -583,6 +583,10 @@ if [ X"${ifstated_flags}" != X"NO" ]; then echo -n ' ifstated'; ifstated $ifstated_flags fi +if [ X"${hoststated_flags}" != X"NO" ]; then + echo -n ' hoststated'; /usr/sbin/hoststated $hoststated_flags +fi + if [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then touch /var/db/dhcpd.leases if [ -f /etc/dhcpd.interfaces ]; then diff --git a/etc/rc.conf b/etc/rc.conf index ef6f715641f..a07a34a6f56 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -1,6 +1,6 @@ #!/bin/sh - # -# $OpenBSD: rc.conf,v 1.119 2007/01/06 12:00:06 matthieu Exp $ +# $OpenBSD: rc.conf,v 1.120 2007/01/31 08:32:16 pyr Exp $ # set these to "NO" to turn them off. otherwise, they're used as flags routed_flags=NO # for normal use: "-q" @@ -38,6 +38,7 @@ watchdogd_flags=NO # for normal use: "" ftpproxy_flags=NO # for normal use: "" hostapd_flags=NO # for normal use: "" ifstated_flags=NO # for normal use: "" +hoststated_flags=NO # for normal use: "" # use -u to disable chroot, see httpd(8) httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8)) diff --git a/etc/relayd.conf b/etc/relayd.conf new file mode 100644 index 00000000000..99193237233 --- /dev/null +++ b/etc/relayd.conf @@ -0,0 +1,39 @@ +# $OpenBSD: relayd.conf,v 1.1 2007/01/31 08:32:16 pyr Exp $ +# +# Macros +# +webhost1="10.0.0.1" +webhost2="10.0.0.2" + +# +# Global Options +# +# interval 10 +# timeout 200 + +# +# Each table will be mapped to a pf table. +# +table webhosts { + check http "/" code 200 + host webhost1 + host webhost2 +} + +table fallback { + check icmp + host 127.0.0.1 +} + +# +# Services will be mapped to a rdr rule. +# +service www { + virtual ip www.example.com port http interface trunk0 + + # tag every packet that goes thru the rdr rule with HOSTSTATED + tag HOSTSTATED + + table webhosts + backup table fallback +} diff --git a/usr.sbin/Makefile b/usr.sbin/Makefile index e5f46ae5f6c..2ca865d5a2b 100644 --- a/usr.sbin/Makefile +++ b/usr.sbin/Makefile @@ -1,11 +1,12 @@ -# $OpenBSD: Makefile,v 1.132 2006/12/18 19:07:44 deraadt Exp $ +# $OpenBSD: Makefile,v 1.133 2007/01/31 08:32:16 pyr Exp $ .include <bsd.own.mk> SUBDIR= ac accton acpidump adduser amd apm apmd arp authpf \ bgpctl bgpd bind chroot config cron dev_mkdb dhcpd dhcrelay \ dvmrpctl dvmrpd \ - edquota eeprom fdformat ftp-proxy gpioctl hostapd hotplugd httpd \ + edquota eeprom fdformat ftp-proxy gpioctl hostapd \ + hoststatectl hoststated hotplugd httpd \ ifstated inetd iostat kgmon kvm_mkdb lpr mailwrapper map-mbone \ memconfig mopd mrinfo mrouted mtrace mtree netgroup_mkdb ntpd \ openssl ospfctl ospfd pkg_add popa3d portmap ppp pppd pppoe procmap \ |