| #
f04b23ce |
| 09-Dec-2025 |
Cy Schubert <cy@FreeBSD.org> |
rc.d/{ipfilter,ippool}: Fix typo in variable name
MFC after: 1 day
|
|
Revision tags: release/15.0.0 |
|
| #
d5d005e9 |
| 26-Nov-2025 |
Cy Schubert <cy@FreeBSD.org> |
ipfilter: Load optionlist prior to ippool invocation
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_
ipfilter: Load optionlist prior to ippool invocation
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.
Fixes: df381bec2d2b
MFC after: 3 days
show more ...
|
|
Revision tags: release/14.3.0-p6, release/13.5.0-p7, release/13.5.0-p6, release/14.3.0-p5, release/13.5.0-p5, release/14.2.0-p7, release/14.3.0-p4, release/14.3.0-p3, release/14.2.0-p6, release/13.5.0-p4, release/13.5.0-p3, release/14.2.0-p5, release/14.3.0-p2, release/14.3.0-p1, release/14.2.0-p4, release/13.5.0-p2, release/14.3.0, release/13.4.0-p5, release/13.5.0-p1, release/14.2.0-p3, release/13.5.0, release/14.2.0-p2, release/14.1.0-p8, release/13.4.0-p4, release/14.1.0-p7, release/14.2.0-p1, release/13.4.0-p3, release/14.2.0, release/13.4.0, release/14.1.0 |
|
| #
f99f0ee1 |
| 22-May-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
servic
rc.d: add a service jails config to all base system services
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.
The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.
The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.
Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision: https://reviews.freebsd.org/D40371
show more ...
|
|
Revision tags: release/13.3.0, release/14.0.0 |
|
| #
d0b2dbfa |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0 |
|
| #
c7aa572c |
| 31-Jul-2020 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: Rubicon Communications, LLC (netgate.com)
|
| #
795be686 |
| 23-Jul-2020 |
Cy Schubert <cy@FreeBSD.org> |
Load ipfilter, ipnat, and ippool rules, and start ipmon in a vnet jail.
PR: 248109
Reported by: joeb1@a1poweruser.com
MFC after: 2 weeks
|
|
Revision tags: release/11.4.0, release/12.1.0, release/11.3.0 |
|
| #
415e34c4 |
| 29-Mar-2019 |
Alan Somers <asomers@FreeBSD.org> |
MFHead@r345677
|
| #
817c58e3 |
| 23-Mar-2019 |
Cy Schubert <cy@FreeBSD.org> |
The check for $ippool_rules in start_cmd is tautological.
Reported by: hrs@
MFC after: 13 days
X-MFC with: r345400
|
| #
29917358 |
| 22-Mar-2019 |
Cy Schubert <cy@FreeBSD.org> |
Use internal command variables for consistent style.
Reported by: rgrimes@
MFC after: 13 days
X-MFC with: r345400
|
| #
d8f93710 |
| 22-Mar-2019 |
Cy Schubert <cy@FreeBSD.org> |
Add rc.d support for ippool(8).
I've been using ippool at my site for approximately two years. It's
about time this was committed.
PR: 218433
MFC after: 2 weeks
|