Age | Commit message (Collapse) | Author |
|
ok jmc@, no objections espie@
|
|
|
|
An increasing number of types of these files (e.g. ppp, carp and
wlan adapters) may contain secrets.
ok deraadt oga johan
|
|
first version from todd, ok millert
|
|
inputs from jmc@
"looks ok" beck@ (similar older diff), "fine by me" jmc@
|
|
|
|
ok deraadt@
|
|
bsd.rd does not overlap the boot code... this problem is starting to
feel familiar.. tested by myself and claudio
|
|
|
|
bootblocks have been moved, but we want 4.2 to be upgradeable. So
reduce the footprint of the bsd.rd by shrinking the ramdisk filesystem
because it is way too large. tested by sthen and kettenis
|
|
also adjust the documentation a little bit to decrease confusion about
the check timeout.
From pyr@
ok deraadt@
|
|
- rdr-anchor "relayd/*": the anchor used by relayd to load
redirections into pf.
- pass in on $ext_if proto icmp to ($ext_if): it is a bad habit to
block icmp, this example proposes to allow it by default.
ok henning@
|
|
randomisations (among other things) benefit from it. We still try again
after /var has been definitely mounted in case it is on NFS;
ok deraadt@
|
|
|
|
|
|
ok espie@, henning@
|
|
pubkey authentication users with the correct file permissions a bit easier.
ok djm krw henning miod and many others
|
|
http://www.iana.org/reports/root-aaaa-announcement.html
|
|
|
|
approved by deraadt@, ok thib@
|
|
|
|
|
|
taken into consideration for rtsol.
ok reyk@ dlg@
|
|
fixes spamlogd with pflogd disabled.
ok henning
|
|
has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@
|
|
make the installation media's life easier:
- stop using ``Pc'' as a getty terminal type, use std.9600 instead.
- on platforms with multiple virtual consoles (alpha, amd64, i386,
zaurus), console is disabled, various ttyC* are enabled.
- on other platforms, console is enabled, all other devices are
disabled. This only changes armish, mac68k, sgi.
- default terminal for console is unknown on serial-only machines, vt220
on glass-capable machines (questionable, but done for consistency).
- minor whitespace changes.
- glass console forgotten on a couple platforms (luna88k, sparc64, vax).
eyeballed by deraadt@, ok krw@
|
|
|
|
|
|
timeout, either set auto retriggering or start watchdogd(8)...
From Mitja Muzenic. ok deraadt.
|
|
|
|
|
|
we've found a better solution for chrooted applications.
|
|
|
|
|
|
|
|
ok jsing@ miod@
|
|
replace IPv4 and IPv6 loopback zones with BIND's autogenerated empty zones.
move root.hint to /var/named/etc
remove empty directory /var/named/standard
|
|
and graphical console based on the selection made in the ARCBIOS.
Early attachment of gbe(4) is still required, otherwise we have a working
graphical console.
ok miod@
|
|
|
|
|
|
|
|
From Daniel Ouellet (daniel at presscom dot net)
|
|
to use "protocol foo" without defining a type).
|
|
the tables will look more like pf tables, it is easier to re-use
tables with different options, "services" will become "redirections"
(they refer to rdr pf rules), sync configuration directives of
redirect (l3, ex-service) relay (l7) sections (for example "virtual
host" will become "listen on"), all target definitions will start with
"forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf)
discussed with pyr and deraadt
ok pyr@
|
|
|
|
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying
|
|
what the daemon does - it is a relayer that pays attention to the status
of pools of hosts; not a status checkers that happens to do some relaying
|
|
|
|
|
|
- internal intel graphics semi-agp chipsets need special handling in pchb.c
- re-add the i965GM device
- use the correct major device id for /dev/agp0 on amd64 (not the i386 one)
ok deraadt@
|