| Age | Commit message (Collapse) | Author |
|---|
|
have to pass those options. this makes amd much easier to restart by
hand (though it still remains a nasty daemon do that with)
ok millert
|
|
attempts to "ifconfig carp down" noticed by david@.
- use non-descriptive variables names rather than $if/$junk to encourage
people reading the code to think what it's doing; many of the output lines
are not interface names.
ok david@
|
|
|
|
Spotted by deraadt@. These were used to bring down carp ifaces
cleanly; replace with shell features.
ok deraadt@, henning@. "Much mo' better" blambert@.
|
|
|
|
to make logging to syslog work with php for example.
ok deraadt@, henning@
|
|
arches. ok todd@ beck@
|
|
ok deraadt@
|
|
behaviour here replace by an explicit set reassemble yes no-df.
noticed by Valery Masiutsin <val.masutin at gmail dot com>
|
|
|
|
on each host and end up conflicting, so they never sync anyways.
ok dlg henning
|
|
SSH2-RSA size; ok hshoexer@, no objection from miod@
|
|
|
|
spamd-setup hanging if there are various (network?) issues and the system
not proceeding to multiuser so that this can be debugged. We do not use
& for startup in /etc/rc because this makes the spamd-setup a child of the
rc scripts after bootup (that is gross)
Problem reported in PR 5864, change discussed with beck, ok millert
|
|
contents of /etc/services so as to avoid randomly allocating
source ports that correspond to well-known services. Auto-filling
of the baddynamic tables is performed before reading sysctl.conf,
so it is still possible to add or subtract ports, or override the
autofilling entirely there.
Note that this requires a new kernel and /sbin/sysctl.
feedback markus@ ok markus@ deraadt@ millert@
|
|
"just get it in" deraadt
|
|
|
|
ok deraadt@ beck@ reyk@ phessler@
|
|
ok deraadt@ dlg@
|
|
|
|
randomisations (among other things) benefit from it. We still try again
after /var has been definitely mounted in case it is on NFS;
ok deraadt@
|
|
approved by deraadt@, ok thib@
|
|
fixes spamlogd with pflogd disabled.
ok henning
|
|
has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@
|
|
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying
|
|
|
|
|
|
start.
ok dlg@
|
|
/etc/*.if files.
okay reyk@, deraadt@, krw@...
|
|
in /etc/fstab instead of using some weird homegrown scripts.
No support for boot time mounting yet, so "noauto" is still needed.
original idea from david@
help and discussion todd@ bluhm@ beck@, manpage help jmc@
ok simon@ tedu@ bluhm@ todd@, "looks good" thib@
|
|
receivers can cold start in the time it takes the boot process to get
close to starting ntpd. Even if the gps is not ready or the fix is not
valid, at least the sensor has been created; ntpd won't have to wait
a few minutes before scanning for the sensor. This makes using GPS as
the sole source of time a bit easier.
ok deraadt
|
|
|
|
as disscussed with jmc and millert.
ok millert@
|
|
1) config files move to /etc/mail
2) -g option goes away in spamd-setup and spamd - greylisting is now the default
3) option change to spamd, -b addr becomes -l addr.
4) -b option in spamd-setup and spamd to turn on old blacklisting mode.
Man page shortly to be flensed to make this easier to explain
ok deraadt@ millert@
|
|
(if the file /var/account/acct does not exist it will be created)
ok mk@
|
|
ok miod@, henning@
|
|
|
|
This makes it readable by unprivileged uses, simplifying configuration,
and there is no reason for it to be secret.
ok msf deraadt hshoexer
|
|
rc checks pflog0 existance before starting pflogd0, pbly to not print an
error message on pflog-less kernels... ugh. ok mcbride
|
|
|
|
ok claudio@
|
|
OK deraadt@, henning@, mcbride@
|
|
If a user is running sasyncd, start isakmpd with -S.
In this mode isakmpd starts off passsive and doesn't
delete SA's on shutdown.
OK ho@, hshoexer@, deraadt@
|
|
you do not want a machine that is in the middle of rc and does not have
all network daemons (that possibly increase the carp demotion counter
further) to become master just because the other one lost 2 bgp sessions
or similar for other daemons (esp sasyncd) and as such has a demotion
count of >1.
ok mcbride mpf deraadt
|
|
|
|
ok deraadt@ cloder@
|
|
booted, allowing for daemons to sync with peers before we take over.
ok deraadt@ mpf@ moritz@
|
|
ok henning@
|
|
ok derradt@
|
|
requested by deraadt@
|
