summaryrefslogtreecommitdiff
path: root/etc
AgeCommit message (Collapse)Author
2009-11-23Move ipsec key creation before isakmpd, and sshd to become the firstTheo de Raadt
of the network daemons so that it can be used if another daemon stops in its tracks. ok claudio markus sthen
2009-11-22Stop supporting bridgename.bridge* files, and move to hostname.bridge*Theo de Raadt
files. To cope with this change, read about the mv command. ok claudio todd
2009-11-20The deny all and allow from any inet prefixlen 8 - 24 will block the defaultClaudio Jeker
route already so don't add an additional rule for that. Instead add a commented allow rule. Idea from Mitja Muzenic (mitja at muzenic dot net)
2009-11-13Add hw.sensors to dmesg request, 'go for it' deraadt@Ian Darwin
2009-11-06Remove Speedo dir from mtree at we do not install these fonts anymore.Antoine Jacoutot
ok matthieu@
2009-11-03to resolve aliases, a rule must now provide the alias parameter with theGilles Chehade
name of the map to use for resolution
2009-11-03Get rid of pflogd.pid because the privsep child cannot delete the pidfile;Theo de Raadt
use pkill(1) in /etc/newsyslog.conf instead together with otto and suggestions from tedu
2009-11-02fix reverse zone for ::1 (PR#6243)Jakob Schlyter
2009-10-27update moduli file; ok deraadtDarren Tucker
2009-10-25fix syntax error in 'make update-moduli'; ok deraadtDarren Tucker
2009-10-17amd_dir is no longer used by rc so no need for it in rc.conf.Nicholas Marriott
ok deraadt
2009-10-06Be nice if we have bootblocks available, tooTheo de Raadt
2009-10-04Add (again) support for divert sockets. They allow you to:Michele Marchetto
- queue packets from pf(4) to a userspace application - reinject packets from the application into the kernel stack. The divert socket can be bound to a special "divert port" and will receive every packet diverted to that port by pf(4). The pf syntax is pretty simple, e.g.: pass on em0 inet proto tcp from any to any port 80 divert-packet port 1 A lot of discussion have happened since my last commit that resulted in many changes and improvements. I would *really* like to thank everyone who took part in the discussion especially canacar@ who spotted out which are the limitations of this approach. OpenBSD divert(4) is meant to be compatible with software running on top of FreeBSD's divert sockets even though they are pretty different and will become even more with time. discusses with many, but mainly reyk@ canacar@ deraadt@ dlg@ claudio@ beck@ tested by reyk@ and myself ok reyk@ claudio@ beck@ manpage help and ok by jmc@
2009-10-01Bring BSD.x11.dist back here. It's needed by the ports subsystem.Matthieu Herrb
Update the BSD.x11.dist version to the one in xenocara.
2009-09-24regenMiod Vallat
2009-09-24Reach palm MAKEDEV bits.Miod Vallat
2009-09-23remove unused and outdated BSD.x11.dist file. ok miod@, krw@.Matthieu Herrb
2009-09-23regenMiod Vallat
2009-09-23Stricter patterns for numbered wsmouse and wskbd devices, so thatMiod Vallat
`wsmouse' and `wskbd' without suffixes match the wsmux rule. Reported by Vadim Zhukov (persgray on gmail)
2009-09-17change variable i to $i in an expression of ifstart() for consistencySimon Bertrang
with the rest of the file. no functional change. feedback from sthen@, ok krw@
2009-09-17sync the spamd example to that used in spamd(8); ok beckJason McIntyre
2009-09-11This sample ruleset does not use require-order to mix NAT/rdrStuart Henderson
and filter rules, because we no longer have translation rules. Pointed out by Mitja Muzenic, ok henning@
2009-09-07example spamd rules should be "pass in";Jason McIntyre
2009-09-06add framework for palmTheo de Raadt
2009-09-05Palm: initial commit of etc/etc.palmMarek Vasut
OK deraadt@
2009-09-01add back sample spamd(8) rules, converted appropriately; ok henning@Todd T. Fries
2009-09-01todd reminded me we need to adjust this tooHenning Brauer
2009-08-18Add entry for ypldap.conf (may contain a password).Antoine Jacoutot
ok pyr@
2009-08-13syncTheo de Raadt
2009-08-13Add nodes for vscsi0; ok dlgTheo de Raadt
2009-08-12dlg wants iscsi in here; ok dlgTheo de Raadt
2009-08-12change some defaults inside amd itself, so that the rc scripts no longerTheo de Raadt
have to pass those options. this makes amd much easier to restart by hand (though it still remains a nasty daemon do that with) ok millert
2009-08-10gpio for amd64.Jonathan Gray
ok deraadt@
2009-08-10advise to update /etc/rc.conf.local instead of /etc/rc.conf; from RemcoOkan Demirmen
ok todd@
2009-08-08typo in comment; frantisekTheo de Raadt
2009-08-07- specifically match carp+([0-9]):, not just carp*:. avoids spuriousStuart Henderson
attempts to "ifconfig carp down" noticed by david@. - use non-descriptive variables names rather than $if/$junk to encourage people reading the code to think what it's doing; many of the output lines are not interface names. ok david@
2009-08-07fix ksh ftp wrapper so argvs aren't split before passing; makingMartynas Venckus
urls with spaces work. ok sthen@
2009-08-05correct indentTheo de Raadt
2009-08-04zap the rather useless machdep.apmwarn entries (see apm(4));Jason McIntyre
ok deraadt
2009-08-04Don't use grep/cut during shutdown, /usr might not be mounted.Stuart Henderson
Spotted by deraadt@. These were used to bring down carp ifaces cleanly; replace with shell features. ok deraadt@, henning@. "Much mo' better" blambert@.
2009-07-28Add bsd.mp to MDEXTMiod Vallat
2009-07-22syncAlexandre Ratchov
2009-07-22add missing /dev/{rmidi,sequencer,music} bits in MAKEDEV forAlexandre Ratchov
armish, landisk and zaurus. Also fix corresponding .Xr in MAKEDEV.8 ok miod@, todd@
2009-07-10Delay creation of tun(4) interfaces until the underlying interface andJason Dixon
routes are available. This fixes usage for some OpenVPN users that start it from hostname.tun*. Tested by Johan Huldtgren. ok sthen@, johan@.
2009-06-30extra spaces found during inspection of other gooTheo de Raadt
2009-06-30Make syslogd create a socket in /var/www/dev when httpd is enabled in orderRobert Nagy
to make logging to syslog work with php for example. ok deraadt@, henning@
2009-06-26the correct *.ipk file has ${OSrev} in itTheo de Raadt
2009-06-24Fix a typogiovanni
"sure" sthen@
2009-06-204.6-BETAMiod Vallat
2009-06-10pf should block the port range allocated by net.inet.tcp.baddynamicIgor Sobrado
for the X protocol instead of port 6000 only; this way pf provides the same protection level to all X servers. ok sthen@; "I am convinced that 6000-6010 is acceptable for blocking in pf" deraadt@, "i'd thought of something similar" oga@