Age | Commit message (Collapse) | Author |
|
SSH2-RSA size; ok hshoexer@, no objection from miod@
|
|
|
|
spamd-setup hanging if there are various (network?) issues and the system
not proceeding to multiuser so that this can be debugged. We do not use
& for startup in /etc/rc because this makes the spamd-setup a child of the
rc scripts after bootup (that is gross)
Problem reported in PR 5864, change discussed with beck, ok millert
|
|
contents of /etc/services so as to avoid randomly allocating
source ports that correspond to well-known services. Auto-filling
of the baddynamic tables is performed before reading sysctl.conf,
so it is still possible to add or subtract ports, or override the
autofilling entirely there.
Note that this requires a new kernel and /sbin/sysctl.
feedback markus@ ok markus@ deraadt@ millert@
|
|
"just get it in" deraadt
|
|
|
|
ok deraadt@ beck@ reyk@ phessler@
|
|
ok deraadt@ dlg@
|
|
|
|
randomisations (among other things) benefit from it. We still try again
after /var has been definitely mounted in case it is on NFS;
ok deraadt@
|
|
approved by deraadt@, ok thib@
|
|
fixes spamlogd with pflogd disabled.
ok henning
|
|
has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@
|
|
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying
|
|
|
|
|
|
start.
ok dlg@
|
|
/etc/*.if files.
okay reyk@, deraadt@, krw@...
|
|
in /etc/fstab instead of using some weird homegrown scripts.
No support for boot time mounting yet, so "noauto" is still needed.
original idea from david@
help and discussion todd@ bluhm@ beck@, manpage help jmc@
ok simon@ tedu@ bluhm@ todd@, "looks good" thib@
|
|
receivers can cold start in the time it takes the boot process to get
close to starting ntpd. Even if the gps is not ready or the fix is not
valid, at least the sensor has been created; ntpd won't have to wait
a few minutes before scanning for the sensor. This makes using GPS as
the sole source of time a bit easier.
ok deraadt
|
|
|
|
as disscussed with jmc and millert.
ok millert@
|
|
1) config files move to /etc/mail
2) -g option goes away in spamd-setup and spamd - greylisting is now the default
3) option change to spamd, -b addr becomes -l addr.
4) -b option in spamd-setup and spamd to turn on old blacklisting mode.
Man page shortly to be flensed to make this easier to explain
ok deraadt@ millert@
|
|
(if the file /var/account/acct does not exist it will be created)
ok mk@
|
|
ok miod@, henning@
|
|
|
|
This makes it readable by unprivileged uses, simplifying configuration,
and there is no reason for it to be secret.
ok msf deraadt hshoexer
|
|
rc checks pflog0 existance before starting pflogd0, pbly to not print an
error message on pflog-less kernels... ugh. ok mcbride
|
|
|
|
ok claudio@
|
|
OK deraadt@, henning@, mcbride@
|
|
If a user is running sasyncd, start isakmpd with -S.
In this mode isakmpd starts off passsive and doesn't
delete SA's on shutdown.
OK ho@, hshoexer@, deraadt@
|
|
you do not want a machine that is in the middle of rc and does not have
all network daemons (that possibly increase the carp demotion counter
further) to become master just because the other one lost 2 bgp sessions
or similar for other daemons (esp sasyncd) and as such has a demotion
count of >1.
ok mcbride mpf deraadt
|
|
|
|
ok deraadt@ cloder@
|
|
booted, allowing for daemons to sync with peers before we take over.
ok deraadt@ mpf@ moritz@
|
|
ok henning@
|
|
ok derradt@
|
|
requested by deraadt@
|
|
- new sysctl vfs.nfs.privport to require NFS mount requests to be on
reserved ports when set to 1 (the default).
- mountd now automatically sets the sysctl depending on the -n flag.
- add mountd_flags to rc.conf to enable the -n flag at boot.
deraadt@ ok
|
|
suggested and ok by kettenis@
|
|
ok naddy@ todd@
|
|
to (for instance) interrupt dhclient with a ^C instead of a 'CAPS-LOCK C'
from e@molioner.dk checked by matthieu
|
|
doubly mounted mfs partitions. Also, at the end of the mount dance,
try mount all partitions, not just nfs partitions. Handles a case
where local paritition mounted inside a nfs partition where not
mounted by rc (/usr on nfs with a local /usr/obj, for example).
ok deraadt@ henning@
|
|
|
|
also start ntpd at this time.
discussed with jmc@; ok deraadt@
|
|
ok henning beck
|
|
but I put it at a different place, watchdogd is really not a network daemon
|
|
client; from amh@POBOX.COM
|
|
|