summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--etc/Makefile4
-rw-r--r--etc/changelist4
-rw-r--r--etc/ftpusers4
-rw-r--r--etc/group2
-rw-r--r--etc/hoststated.conf119
-rw-r--r--etc/master.passwd2
-rw-r--r--etc/rc6
-rw-r--r--etc/rc.conf4
8 files changed, 13 insertions, 132 deletions
diff --git a/etc/Makefile b/etc/Makefile
index b51103aec5d..ac1a1161fba 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.255 2007/11/05 23:46:12 merdely Exp $
+# $OpenBSD: Makefile,v 1.256 2007/12/07 17:13:35 deraadt Exp $
TZDIR= /usr/share/zoneinfo
LOCALTIME= Canada/Mountain
@@ -82,7 +82,7 @@ distribution-etc-root-var: distrib-dirs
${INSTALL} -c -o root -g wheel -m 600 pf.conf ${DESTDIR}/etc
${INSTALL} -c -o root -g operator -m 644 chio.conf ${DESTDIR}/etc
${INSTALL} -c -o root -g wheel -m 600 hostapd.conf ${DESTDIR}/etc
- ${INSTALL} -c -o root -g wheel -m 600 hoststated.conf ${DESTDIR}/etc
+ ${INSTALL} -c -o root -g wheel -m 600 relayd.conf ${DESTDIR}/etc
${INSTALL} -c -o root -g wheel -m 600 ipsec.conf ${DESTDIR}/etc
${INSTALL} -c -o root -g wheel -m 600 sasyncd.conf ${DESTDIR}/etc
${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 555 \
diff --git a/etc/changelist b/etc/changelist
index 3da154c552d..6e6c8647a85 100644
--- a/etc/changelist
+++ b/etc/changelist
@@ -1,4 +1,4 @@
-# $OpenBSD: changelist,v 1.54 2007/10/08 12:16:35 norby Exp $
+# $OpenBSD: changelist,v 1.55 2007/12/07 17:13:35 deraadt Exp $
#
# List of files which the security script backs up and checks
# for modifications.
@@ -39,7 +39,7 @@
/etc/gettytab
/etc/group
/etc/hostapd.conf
-/etc/hoststated.conf
+/etc/relayd.conf
/etc/hosts
/etc/hosts.allow
/etc/hosts.deny
diff --git a/etc/ftpusers b/etc/ftpusers
index d719371b16d..1117ecff3f2 100644
--- a/etc/ftpusers
+++ b/etc/ftpusers
@@ -1,4 +1,4 @@
-# $OpenBSD: ftpusers,v 1.31 2007/10/08 11:29:58 norby Exp $
+# $OpenBSD: ftpusers,v 1.32 2007/12/07 17:13:35 deraadt Exp $
#
# list of users disallowed any ftp access.
# read by ftpd(8).
@@ -40,5 +40,5 @@ _ospfd
_hostapd
_dvmrpd
_ripd
-_hoststated
+_relayd
_ospf6d
diff --git a/etc/group b/etc/group
index 0c8b4233058..619fc6639a9 100644
--- a/etc/group
+++ b/etc/group
@@ -53,7 +53,7 @@ _ospfd:*:85:
_hostapd:*:86:
_dvmrpd:*:87:
_ripd:*:88:
-_hoststated:*:89:
+_relayd:*:89:
_ospf6d:*:90:
dialer:*:117:
nogroup:*:32766:
diff --git a/etc/hoststated.conf b/etc/hoststated.conf
deleted file mode 100644
index 679a992c972..00000000000
--- a/etc/hoststated.conf
+++ /dev/null
@@ -1,119 +0,0 @@
-# $OpenBSD: hoststated.conf,v 1.9 2007/11/28 15:16:18 reyk Exp $
-#
-# Macros
-#
-ext_addr="192.168.1.1"
-webhost1="10.0.0.1"
-webhost2="10.0.0.2"
-sshhost1="10.0.0.3"
-
-#
-# Global Options
-#
-# interval 10
-# timeout 200
-# prefork 5
-
-#
-# Each table will be mapped to a pf table.
-#
-table webhosts {
- real port http
- check http "/" code 200
- host $webhost1
- host $webhost2
-}
-
-table fallback {
- real port http
- check icmp
- host 127.0.0.1
-}
-
-#
-# Services will be mapped to a rdr rule.
-#
-service www {
- virtual host $ext_addr port http interface trunk0
-
- # tag every packet that goes thru the rdr rule with HOSTSTATED
- tag HOSTSTATED
-
- table webhosts
- backup table fallback
-}
-
-#
-# Relay and protocol for HTTP layer 7 loadbalancing and SSL acceleration
-#
-protocol httpssl {
- protocol http
- header append "$REMOTE_ADDR" to "X-Forwarded-For"
- header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
- header change "Connection" to "close"
-
- # Various TCP performance options
- tcp { nodelay, sack, socket buffer 65536, backlog 128 }
-
-# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
-# ssl session cache disable
-}
-
-relay wwwssl {
- # Run as a SSL accelerator
- listen on $ext_addr port 443 ssl
- protocol httpssl
-
- # Forward to hosts in the webhosts table using a src/dst hash
- table webhosts loadbalance
-}
-
-#
-# Relay and protocol for simple TCP forwarding on layer 7
-#
-protocol sshtcp {
- protocol tcp
-
- # The TCP_NODELAY option is required for "smooth" terminal sessions
- tcp nodelay
-}
-
-relay sshgw {
- # Run as a simple TCP relay
- listen on $ext_addr port 2222
- protocol sshtcp
-
- # Forward to the shared carp(4) address of an internal gateway
- forward to $sshhost1 port 22
-}
-
-#
-# Relay and protocol for a transparent HTTP proxy
-#
-protocol httpfilter {
- protocol http
-
- # Return HTTP/HTML error pages to the client
- return error
-
- # Block disallowed browsers
- label "Please try a <em>different Browser</em>"
- header filter "Mozilla/4.0 (compatible; MSIE *" from "User-Agent"
-
- # Block some well-known Instant Messengers
- label "Instant messenger disallowed!"
- response header filter "application/x-msn-messenger" from "Content-Type"
- response header filter "app/x-hotbar-xip20" from "Content-Type"
- response header filter "application/x-icq" from "Content-Type"
- response header filter "AIM/HTTP" from "Content-Type"
- response header filter "application/x-comet-log" from "Content-Type"
-}
-
-relay httpproxy {
- # Listen on localhost, accept redirected connections from pf(4)
- listen on 127.0.0.1 port 8080
- protocol httpfilter
-
- # Forward to the original target host
- nat lookup
-}
diff --git a/etc/master.passwd b/etc/master.passwd
index 7be8d5b4358..0e6ba59893e 100644
--- a/etc/master.passwd
+++ b/etc/master.passwd
@@ -35,6 +35,6 @@ _ospfd:*:85:85::0:0:OSPF Daemon:/var/empty:/sbin/nologin
_hostapd:*:86:86::0:0:HostAP Daemon:/var/empty:/sbin/nologin
_dvmrpd:*:87:87::0:0:DVMRP Daemon:/var/empty:/sbin/nologin
_ripd:*:88:88::0:0:RIP Daemon:/var/empty:/sbin/nologin
-_hoststated:*:89:89::0:0:HostState Daemon:/var/empty:/sbin/nologin
+_relay:*:89:89::0:0:Relay Daemon:/var/empty:/sbin/nologin
_ospf6d:*:90:90::0:0:OSPF6 Daemon:/var/empty:/sbin/nologin
nobody:*:32767:32767::0:0:Unprivileged user:/nonexistent:/sbin/nologin
diff --git a/etc/rc b/etc/rc
index e6ef2a4a0ed..6e26e72767a 100644
--- a/etc/rc
+++ b/etc/rc
@@ -1,4 +1,4 @@
-# $OpenBSD: rc,v 1.307 2007/11/11 16:12:11 jmc Exp $
+# $OpenBSD: rc,v 1.308 2007/12/07 17:13:35 deraadt Exp $
# System startup script run by init on autoboot
# or after single-user.
@@ -588,8 +588,8 @@ if [ X"${ifstated_flags}" != X"NO" ]; then
echo -n ' ifstated'; ifstated $ifstated_flags
fi
-if [ X"${hoststated_flags}" != X"NO" ]; then
- echo -n ' hoststated'; /usr/sbin/hoststated $hoststated_flags
+if [ X"${relayd_flags}" != X"NO" ]; then
+ echo -n ' relayd'; /usr/sbin/relayd $relayd_flags
fi
if [ X"${dhcpd_flags}" != X"NO" -a -f /etc/dhcpd.conf ]; then
diff --git a/etc/rc.conf b/etc/rc.conf
index 1dabbb1041f..2a2bf5a22ef 100644
--- a/etc/rc.conf
+++ b/etc/rc.conf
@@ -1,6 +1,6 @@
#!/bin/sh -
#
-# $OpenBSD: rc.conf,v 1.126 2007/11/20 06:13:17 jmc Exp $
+# $OpenBSD: rc.conf,v 1.127 2007/12/07 17:13:35 deraadt Exp $
# set these to "NO" to turn them off. otherwise, they're used as flags
routed_flags=NO # for normal use: "-q"
@@ -40,7 +40,7 @@ watchdogd_flags=NO # for normal use: ""
ftpproxy_flags=NO # for normal use: ""
hostapd_flags=NO # for normal use: ""
ifstated_flags=NO # for normal use: ""
-hoststated_flags=NO # for normal use: ""
+relayd_flags=NO # for normal use: ""
# use -u to disable chroot, see httpd(8)
httpd_flags=NO # for normal use: "" (or "-DSSL" after reading ssl(8))