| #
cc1e4aae |
| 10-Dec-2025 |
Cy Schubert <cy@FreeBSD.org> |
rc.d/ipfilter: ipfilter must be enabled for options to take
ipfilter options are erased and reset to default when ipfilter is
disabled. This results in nullifying options from rc.conf that were
prev
rc.d/ipfilter: ipfilter must be enabled for options to take
ipfilter options are erased and reset to default when ipfilter is
disabled. This results in nullifying options from rc.conf that were
previously set.
8d6feaaaa26f, which added this code, was incorrect as it was for a bug in
ipfilter 4.2.28 and no longer applies to ipfilter 5.1.2.
Fixes: 8d6feaaaa26f
MFC after: 1 day
show more ...
|
| #
f04b23ce |
| 09-Dec-2025 |
Cy Schubert <cy@FreeBSD.org> |
rc.d/{ipfilter,ippool}: Fix typo in variable name
MFC after: 1 day
|
|
Revision tags: release/15.0.0, release/14.3.0-p6, release/13.5.0-p7, release/13.5.0-p6, release/14.3.0-p5, release/13.5.0-p5, release/14.2.0-p7, release/14.3.0-p4, release/14.3.0-p3, release/14.2.0-p6, release/13.5.0-p4, release/13.5.0-p3, release/14.2.0-p5, release/14.3.0-p2, release/14.3.0-p1, release/14.2.0-p4, release/13.5.0-p2, release/14.3.0, release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3, release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0 |
|
| #
8d6feaaa |
| 30-Oct-2024 |
Cy Schubert <cy@FreeBSD.org> |
ipfilter: Set ipf -T optionlist at boot
There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
PR: 130555
Reviewed by: jlduran
MFC
ipfilter: Set ipf -T optionlist at boot
There is no easy way to set ipfilter optionlist variables during boot.
Add plumbing to the rc script to support this.
PR: 130555
Reviewed by: jlduran
MFC 1 week
Differential Revision: https://reviews.freebsd.org/D47346
show more ...
|
|
Revision tags: release/13.4.0, release/14.1.0 |
|
| #
f99f0ee1 |
| 22-May-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
show more ...
|
|
Revision tags: release/13.3.0, release/14.0.0 |
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0 |
|
| #
e2ad10e8 |
| 12-Feb-2021 |
Cy Schubert <cy@FreeBSD.org> |
Remove the redundant ipfilter IPv6 rc rules load.
As of ipfilter 5.1.2 the IPv4 and IPv6 rules tables have been merged.
The ipf(8) -6 option has been a NOP since then. Currently the additional
ipf -
Remove the redundant ipfilter IPv6 rc rules load.
As of ipfilter 5.1.2 the IPv4 and IPv6 rules tables have been merged.
The ipf(8) -6 option has been a NOP since then. Currently the additional
ipf -6 load statement in rc.d/ipfilter simply added the second ipfilter
rules file to the table already populated by the previous ipf command.
Plenty of time has passed since ipfilter 5.1.2 was imported. It is time to
remove the option from rc.conf and the rc script.
Differential Revision: https://reviews.freebsd.org/D28615
show more ...
|
|
Revision tags: release/12.2.0 |
|
| #
de6fc2e3 |
| 15-Aug-2020 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r364082 through r364250.
|
| #
440cec3f |
| 12-Aug-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
51da4b19 |
| 12-Aug-2020 |
Cy Schubert <cy@FreeBSD.org> |
When booting a system with WITHOUT_IPFILTER the following errors
are encountered at boot time:
rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
rcorder: requirement `ipfilter'
When booting a system with WITHOUT_IPFILTER the following errors
are encountered at boot time:
rcorder: requirement `ipfs' in file `/etc/rc.d/netif' has no providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netif' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/netwait' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/net_watchdog' has no
providers.
rcorder: requirement `ipfilter' in file `/etc/rc.d/securelevel' has no
providers.
Listing its own requrements in BEFORE rather than use REQUIRE of
non-optional scripts resolves this issue.
The issue was discovered and patched by glebius at Netflix.
Submitted by: glebius
Reported by: glebius
MFC after: 1 week
show more ...
|
| #
c7aa572c |
| 31-Jul-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
795be686 |
| 23-Jul-2020 |
Cy Schubert <cy@FreeBSD.org> |
Load ipfilter, ipnat, and ippool rules, and start ipmon in a vnet jail.
PR: 248109
Reported by: joeb1@a1poweruser.com
MFC after: 2 weeks
|
|
Revision tags: release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0 |
|
| #
c6879c6c |
| 23-Oct-2018 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r339015 through r339669.
|
| #
0696600c |
| 17-Oct-2018 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update bec
Move the rc framework out of sbin/init into libexec/rc.
The reasons for this are forward looking to pkgbase:
* /sbin/init is a special binary; try not to replace it with
every package update because an rc script was touched.
(a follow-up commit will make init its own package)
* having rc in its own place will allow more easy replacement
of the rc framework with alternatives, such as openrc.
Discussed with: brd (during BSDCam), kmoore
Requested by: cem, bz
PR: 231522
Approved by: re (gjb)
show more ...
|