| Age | Commit message (Collapse) | Author |
|---|
|
divert-to has many advantages over rdr-to for proxies. For example,
it is much easier to use, requires less code, does not depend on
/dev/pf, works in-band without the asynchronous lookup (DIOCNATLOOK
ioctl), saves us from additional port allocations by the rdr/NAT code,
and even avoids potential collisions and race conditions that could
theoretically happen with the lookup.
Heads up: users will have to update their spamd PF rules from rdr-to
to divert-to. spamd now also listens to 127.0.0.1 instead of "any"
(0.0.0.0) by default which should be fine with most setups but has to
be considered for some special configurations.
Based on a diff is almost two years old but got delayed several times
... beck@: "now is the time to get it in" :)
Tested by many
With help from okan@
OK okan@ beck@ millert@
|
|
discussed by deraadt@
|
|
constraint to keep them in check. in the worst case of being on a
dark net, nothing changes.
this is being enabled by default to allow gathering of more operational
information from users. and if the operational heuristics in ntpd can be
suitable refined, this may stay the default into the future. if not, ntpd
will become even more awesome along the way.
with reyk rpe
|
|
ok henning@, reyk@
|
|
ok dlg@
|
|
that aren't are redundant because they can be found in the rc.d(8)
scripts themselves, and they risk getting out of sync.
While here, sort the daemons alphabetically.
No functional change.
Triggered by a much smaller nameserver-only patch from stephan@.
OK ajacoutot@ rpe@ stephan@ and looks good to sthen@.
|
|
|
|
tweakable: there's no real point and these files support the 'include' option so
one can always get its config from whatever path... especially useful when
testing a new ruleset.
man page inputs from schwarze@
ok halex@ schwarze@ rpe@ deraadt@
|
|
ok henning@ gilles@ deraadt@
|
|
reported by jasper@
While here: _rc_is_supported() -> _rc_not_supported()
- saves a fork
- reduces triple negation to double negation in _rc_not_supported()
- simplifie condition for rc_restart=NO
from schwarze@
ok jasper@ schwarze@
|
|
worth noting
"go ahead" schwarze@
|
|
some tweaks from sobrado@, ok deraadt@
|
|
|
|
|
|
subdirectories (/var/nsd/zones/{master,slave}) and create these in mtree.
Nearly everybody that uses NSD for slave zones that I talked to already has
this layout. Bikesh^Wdiscussed with ajacoutot florian millert and others.
ok ajacoutot@ florian@ phessler@ claudio@ jung@
|
|
|
|
(-N is always implied and -p isn't available.)
ok guenther@, sthen@
|
|
Remove an exit() statement that could never be reached.
|
|
Additional functionality, yet minus 45 lines of code.
|
|
Discussed with many and OK ajacoutot@.
|
|
|
|
|
|
|
|
ok miod
|
|
Diff from Navan Carson via tech@
|
|
and zone xfers. OK florian@ deraadt@
|
|
use case.
sthen@ noticed a problem with missing records on shutdown.
OK sthen@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
ok deraadt@
|
|
- comments relevant to other brands of UNIX
- the no-op KSH_VERSION case-block, we only have pdksh
- the case-block for setting aliases based on UNIX brand
together with a comment that falsely encourages to modify this
file instead of putting stuff in $HOME/.kshrc
OK krw@ halex@
|
|
than the daemon class' default of 128. Reminded by/ok ajacoutot@
|
|
to initialize the unprivileged user, so the usual rc.d mechanism to set the
class isn't used. Problem reported by otto, ok otto@ ajacoutout@
|
|
time from HTTPS servers, by parsing the Date: header, and use the
median constraint time as a boundary to verify NTP responses. This
adds some level of authentication and protection against MITM attacks
while preserving the accuracy of the NTP protocol; without relying on
authentication options for NTP that are basically unavailable at
present. This is an initial implementation and the semantics will be
improved once it is in the tree.
Discussed with deraadt@ and henning@
OK henning@
|
|
From Michael (lesniewskister AT gmail), thanks!
|
|
in the image is for Cubieboard1. Discussed with bmercer@
While here switch from using the separate spl and u-boot images
to the combined spl and u-boot 'u-boot-sunxi-with-spl.bin'.
|
|
did). This allows any local changes to /etc/services to be effective
if all you have is the default.
Issue pointed out by Brian S. Vangsgaard on bugs@. Thanks!
ok phessler@ deraadt@
|
|
directory is not contained in OpenBSD base, and because even people
having the directory often don't understand that they need to run
makewhatis(8) - and instead complain about the resulting warnings.
This commit reverts revisions 1.17 and 1.21.
Requested by deraadt@ millert@ kettenis@ who argue that people
using /usr/ports/infrastructure/bin/ already need to set PATH,
so editing man.conf (or, though more fragile, setting MANPATH)
should not be a big deal for them.
|
|
|
|
inverted.
|
|
inverted.
|
|
floppy. A few drivers are missing, but the world has moved on (the drivers
included are always a work in progress)
Speeds up make release substantially, of course.
|
|
|
|
|
|
|
|
|
|
ok robert@
|
|
|
|
discussed with schwarze@
|
|
|
