summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
2018-07-03list the ports for gre in udp, as per rfc8086 and iana assignments.David Gwynne
ok benno@ deraadt@
2018-06-27a mirror URLs -> a mirror URLTheo Buehler
From Raf Czlonka
2018-06-21Add 6to4 anycast prefixes to bogon filterjob
Globally anycasted 6to4 has outlived its usefulness. Operational discussion: http://seclists.org/nanog/2018/Jun/268 OK deraadt@
2018-06-13Rename httpd.conf "root strip" option to "request strip".Reyk Floeter
"root strip" was semantically incorrect and did cause some confusion as it never stripped the root but the client's request path. Discussed with many. Heads up: this is a grammar change that also affects acme-client(1) configurations (see current.html). OK claudio@
2018-06-13Adjust example after the announce (all|self|...) change.Claudio Jeker
Adjust filters and comment them to explain the basic operation. Use large-community and a prefix-set to ensure no bad prefixes are leaked to eBGP speakers. With and OK job@
2018-06-07prepare for dri3protoMatthieu Herrb
2018-06-04remove "from local" (the default) from one of the match rules: the lineJason McIntyre
immediately above also uses this notation, it's shorter, and it keeps two examples in the man page which claim to be the same as the default config (but with exceptions) in sync; ok gilles
2018-05-24update default config to new grammarGilles Chehade
ok eric@
2018-05-18Put commented minimal-reponses and refuse-any defaults into nsd.confFlorian Obser
so that the changed default will be pointed out to the admin by sysmerge. Idea & OK sthen
2018-05-16Remove default ls -C alias.Marco Pfatschbacher
OK millert@, kn@, ian@, sthen@
2018-05-06don't put options in here that should not be needed in the majority ofSebastian Benoit
cases and will just be copied by users without thinking. ok claudio@
2018-05-02Add std.1500000 entry, mostly because of firmware constraints on variousMark Kettenis
Rockchip ARM SoCs. ok millert@, deraadt@
2018-04-29stop installing /etc/networks, it is now unused; OK deraadt@ tb@Ingo Schwarze
2018-04-28Add a proper usage() function.Robert Peichaer
Suggested by and OK jmc. OK tb
2018-04-13spaces->tabAntoine Jacoutot
ok kettenis@+florian@'s OCD
2018-04-11"listen on * port 80" means all v4 and v6 addresses these days.Florian Obser
OK benno
2018-04-04adapt armv7 manual pages for arm64Jonathan Gray
2018-04-03Import regenerated moduli file.Darren Tucker
2018-03-29Add aggressive-nsec example block.Florian Obser
While here, qname minimisation is an RFC since some time. tweak & OK sthen
2018-03-23probably the correct dateTheo de Raadt
2018-03-23Provide an example httpd.conf that's actually useful.Florian Obser
With & OK deraadt input sthen looks better to beck OK benno
2018-03-23Since a while relayd switched from the TLS session cache to using only TLSClaudio Jeker
session tickets instead. Adjust example relayd.conf file. From Matt Schwartz, reminded by jmc@ OK deraadt@
2018-03-15add syspatch public keys for 6.3 and 6.4Robert Nagy
2018-03-14remove 6.0 keysT.J. Townsend
2018-03-04when -n is used, no need to spit out "Missing parameters." beforeJason McIntyre
displaying usage(); ok tb
2018-03-03Lowercase 'usage' and group -n with interface in it.Landry Breuil
From jmc@, ok tb@
2018-03-01OpenBSD 6.4 packages keyChristian Weisgerber
2018-03-01openbsd 6.4 base keyTheo de Raadt
2018-03-01add 6.4 firmware keyStuart Henderson
2018-02-28move to 6.3-betaTheo de Raadt
2018-02-21Tweak comments.Robert Peichaer
OK tb
2018-02-21add bsd.mpJonathan Gray
2018-02-20Call "vmctl stop" on each VM at shutdown, for OpenBSD guests this means theyStuart Henderson
are signalled to shutdown cleanly. Wait for each to finish to avoid too much busy work at once; this may need revising if it turns out to be too slow with a larger number of VMs (e.g. signal/delay/signal/delay/... then wait for shutdowns), but let's avoid making it more complex unless we know it's needed. Based on a diff from abieber@, discussed with mlarkin@ aja@ rpe@, ok rpe
2018-02-19Write warning/error messages to stderr and end them with a fullstop.Robert Peichaer
OK tb
2018-02-19- use specific patterns when looping over /etc/hostname.if filesRobert Peichaer
to skip backup or temp files. - test if the patterns matched actual files - warn if ifcreate() fails on an interface and continue with the subsequent interfaces in the list instead of return'ing OK dlg sthen tb
2018-02-18zap *_path() functionskn
These PATH helpers failed to quote their input properly leading to shell code execution. Noone noticed since import (over 21 years ago), so wipe it. OK tb rpe
2018-02-18Remove unecessary line continuation markers after || and &&Robert Peichaer
2018-02-17- Add descriptions for the new functions ifcreate() and vifscreate()Robert Peichaer
- In ifcreate() use the exit code of the {} block directly - In vifscreate(), use the ifconfig -C output directly in the for _vif loop - Remove superfluous and somewhat confusing comment OK dlg kn sthen
2018-02-14create virtual interfaces before starting all interface config.David Gwynne
this resolves an ordering problem when adding pseudo interfaces to bridges tweaks from kn@ ok mpi@ sthen@
2018-02-10Remove some special IPv4 in IPv6 mapped prefixes that are already rejectedClaudio Jeker
by the ::0.0.0.0/96 reject route added to deny all IPv4 mapped addresses. Makes the inet6 routing table almost fit in one screen. OK benno@
2018-02-10Load RFC 7217 key material and generate if it does not already exist.Florian Obser
Add soii.key to changelist (pointed out by semarie) and mtree/special (suggest by Craig Skinner). OK naddy, sthen, rpe, tb
2018-02-06Print an explicit error if the backup volume is not present inTheo Buehler
hw.disknames. This can only happen due to a failure or user error. In either case, silent failure makes it hard to discover and debug. Now it will be easy to spot in the daily mail. ok rob, schwarze
2018-02-06If -n is given, the netstart script should not (try to) set the defaultTheo Buehler
route(s). Simply print the command(s) to be issued instead. tweak & ok rpe
2018-02-02Remove . from $PATH since it seems there is no strong reason to keepYASUOKA Masahiko
it and many people prefer to remove it. Pointed out by m-asou at soum.co.jp. ok millert espie bluhm
2018-01-20Provide a simpler example ifstated.conf.Marco Pfatschbacher
The existing example was written over a decade ago, when carp(4) was not supporting carpdemote and did not track it's interfaces link state itself. OK jmc@, rob@
2018-01-19/etc/snmpd.conf may contain passwords or other sensitiveGleydson Soares
data. diff provided by alf <a.schlichting at lemarit.com> ok millert
2018-01-11CommentsRobert Peichaer
2018-01-11- change [] tests to [[]]Robert Peichaer
- change -a, -o to &&, || inside [[]] - remove unecessary quoting inside [[]] - remove X"" constructs inside [[]] - remove \ (line continuation) in case of &&, || and pipes - replace backticks with $() discussed with and OK aja@ OK tb
2018-01-11Change the shebang line from /bin/sh to /bin/ksh in all base rc.dRobert Peichaer
daemon scripts. discussed with and OK aja@ OK tb
2017-12-03Disallow the _pbuild user from making TCP/UDP connections in the defaultStuart Henderson
PF ruleset. This is not a complete block on _pbuild being able to communicate (e.g. non-TCP/UDP protocols don't have a PCB with userid, so PF can't restrict in those cases) but avoids some cases, and in particular makes it more obvious when a port does things like download extra distfiles or dependencies as part of the build process. Slight tweak from a diff by espie@.