| History log of /src/etc/rc.d/ipfilter |
| Revision | | Date | Author | Comments |
| 1.21 |
| 08-Sep-2020 |
martin | Rename MOUNTCRITLOCAL to CRITLOCALMOUNTED to avoid a name collision
on case insensitive file systems
|
| 1.20 |
| 22-Jul-2020 |
martin | Split the local disk availability step into two phases to allow scripts
that pre-populate parts of the system (e.g. a tmpfs based /var) an
easy place to plug in like:
# REQUIRE: mountcritlocal
# BEFORE: MOUNTCRITLOCAL
This also cleans up the existing special handling a bit by separating it
into new scripts. All later scripts now depend on MOUNTCRITLOCAL.
Discussed on tech-userlevel some time ago.
|
| 1.19 |
| 04-Jul-2020 |
skrll | Trailing whitespace
|
| 1.18 |
| 23-Mar-2009 |
hannken | Add flags to rc.d/ipfilter. Use it from rc.conf like
ipfilter=YES ipfilter_flags="-T fr_statemax=18963,fr_statesize=27091"
Ok: Christos Zoulas <christos@netbsd.org>
|
| 1.17 |
| 22-Nov-2008 |
tsutsui | branches: 1.17.2;
Add "bootconf" to REQUIRE: lines which had beforenetlkm
since removed beforenetlkm required bootconf.
|
| 1.16 |
| 12-Nov-2008 |
ad | Remove LKMs and switch to the module framework, pass 1.
Proposed on tech-kern@.
|
| 1.15 |
| 06-Apr-2007 |
apb | branches: 1.15.12; 1.15.20;
* Add a stop_boot() function in rc.subr, to terminate a multi-user boot
by killing the parent process. The parent's PID is saved in $RC_PID.
* In all rc.d/* scripts that previously tried to stop the boot,
replace in-line code with "stop_boot".
* Document this.
This should fix PR 29822.
|
| 1.14 |
| 23-Dec-2004 |
lukem | * Conditionalize flushing of IPv4 vs IPv6 rules based on the existance
of the appropriate configuration file.
Based on PR 28757 from Jason White.
* Add comments explaining why we flush separately from the reload
(backwards compat with older ipf(8) binaries).
|
| 1.13 |
| 08-Nov-2004 |
lukem | Redo previous (rev 1.12) in a manner that allows this rc.d script to operate
correctly on ipf(8) from prior to 4.1.3 (where -Fa flushes both protocols)
and 4.1.3 (where -Fa only flushes the current protocol).
Fix from Kimmo Suominen, per private discussion.
|
| 1.12 |
| 09-Sep-2004 |
lukem | Explicitly flush (-Fa) rules when loading or reloading IPv4 and IPv6 rules,
rather than relying upon running "ipf -Fa" beforehand (which only flushes IPv4)
Should fix PR 26885 and PR 26857.
|
| 1.11 |
| 13-Aug-2004 |
mycroft | Add an _rc_subr_loaded variable, set to ":" by rc.subr. Scripts can use this
for a speedup by doing:
$_rc_subr_loaded . /etc/rc.subr
|
| 1.10 |
| 28-Feb-2001 |
lukem | branches: 1.10.4;
support `resync' (ipf -y).
suggested by Johnny C. Lam in [misc/12300]
|
| 1.9 |
| 09-Oct-2000 |
nisimura | Use && and || for logical concatenations instead of -a/-o test operators.
|
| 1.8 |
| 01-Oct-2000 |
lukem | support loading ipf6.conf as well as ipf.conf.
inspired by [misc/11033] by Gregory McGarry <g.mcgarry@ieee.org>
|
| 1.7 |
| 19-Sep-2000 |
lukem | - only perform the checkyesno on the variable named in $rcvar (rather than
implicitly using $name if $rcvar isn't set), and always perform this check,
even when using start_cmd (et al).
this check is performed before the pidcmd
is run, speeding up scripts that weren't going to be run anyway.
this should speed up booting slow systems.
- take advantage of the above and remove
start_precmd="checkyesno foo"
in scripts that use start_cmd.
- explicitly set rcvar=foo in the rc.d/foo scripts which have an equivalent
rc.conf entry
- fix `rcvar' and `restart' when $rcvar isn't set.
these above changes fix PR [bin/11027].
- when doing `force*', ignore the return value of *_precmd.
this fixes PR [bin/10781].
- rename what sysdb provides from `databases' to `sysdb', to reflect
the name of the script.
- improve the comments in rc.subr
|
| 1.6 |
| 21-Jul-2000 |
lukem | if ipf.conf isn't readable and the system is booting directly to multiuser,
send SIGTERM to the parent (/etc/rc) so that init(8) aborts the boot.
|
| 1.5 |
| 17-Jul-2000 |
lukem | * add support for `status'
* remove bogus comment about aborting the boot if ipf fails; this hasn't
been supported since the rc.d migration and is too messy to resolve...
|
| 1.4 |
| 13-May-2000 |
lukem | branches: 1.4.4;
Use load_rc_config() (from rc.subr) instead of sourcing /etc/rc.conf.
This allows us or a user to change the configuration file method in
one place - rc.subr - without having to edit all of the rc.d/* files.
|
| 1.3 |
| 30-Apr-2000 |
lukem | use extra_commands= instead of using 2nd argument to run_rc_command
|
| 1.2 |
| 11-Mar-2000 |
veego | Add missing checkyesno's.
|
| 1.1 |
| 10-Mar-2000 |
lukem | branches: 1.1.1;
Initial revision
|
| 1.1.1.1 |
| 10-Mar-2000 |
lukem | rc.d scripts derived from /etc/rc
|
| 1.4.4.3 |
| 27-Dec-2001 |
he | Pull up revisions 1.9-1.10 (requested by jlam):
Use && and || for logical concatenations instead of -a/-o operators,
and support ``resync'' (ipf -y).
|
| 1.4.4.2 |
| 02-Oct-2000 |
lukem | pull up rev 1.7-1.8 (approved by thorpej):
- support loading ipf6.conf as well as ipf.conf
- always use $rcvar to determine the name of the var to checkyesno
- fix force*
|
| 1.4.4.1 |
| 09-Aug-2000 |
lukem | pull up revs 1.5-1.6
approved by: thorpej
* add support for `status'
* if ipf.conf isn't readable and the system is booting directly to multiuser,
send SIGTERM to the parent (/etc/rc) so that init(8) aborts the boot.
|
| 1.10.4.2 |
| 12-Nov-2004 |
jmc | Pullup rev 1.13 (requested by lukem in ticket #963)
Redo previous (rev 1.12) in a manner that allows this rc.d script to operate
correctly on ipf(8) from prior to 4.1.3 (where -Fa flushes both protocols)
and 4.1.3 (where -Fa only flushes the current protocol).
|
| 1.10.4.1 |
| 21-Sep-2004 |
tron | Pull up revision 1.12 (requested by martti in ticket #866):
Explicitly flush (-Fa) rules when loading or reloading IPv4 and IPv6 rules,
rather than relying upon running "ipf -Fa" beforehand (which only flushes IPv4)
Should fix PR 26885 and PR 26857.
|
| 1.15.20.1 |
| 26-Mar-2009 |
snj | Pull up following revision(s) (requested by hannken in ticket #606):
etc/defaults/rc.conf: revision 1.101
etc/rc.d/ipfilter: revision 1.18
Add flags to rc.d/ipfilter. Use it from rc.conf like
ipfilter=YES ipfilter_flags="-T fr_statemax=18963,fr_statesize=27091"
Ok: Christos Zoulas <christos@netbsd.org>
|
| 1.15.12.1 |
| 17-Jan-2009 |
mjf | Sync with HEAD.
|
| 1.17.2.1 |
| 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
