* All variables are now embraced: ${foo}
* All comparisons against some value now take the form:
[ "${foo}" ? "value" ]
where ? is a comparison operator
* All empty string tests now take the form:
[ -z "${foo}" ]
* All non-empty string tests now take the form:
[ -n "${foo}" ]
Submitted by: jkh
should be used from now on for anything security but not auth-related.
Included are updates for all relevant manpages and also to /etc files,
creating a new /var/log/security. Nothing in the system logs to
/var/log/security yet as of the time of this commit.
Reviewed by: rgrimes, imp, chris
respectively logging and dropping ICMP REDIRECT packets.
Note that there is no rate limiting on the log messages, so log_redirect
should be used with caution (preferrably only for debugging purposes).
Prompted by docs/12343, in which people seemed to get a little confused.
The original text in the file said:
[...]
# By default we use COM1 as our serial console port *if* we're going to use
# a serial port as our console at all. (0x3E8 = COM2)
#
#BOOT_COMCONSOLE_PORT= 0x3F8
[...]
From what I can make out, some people have assumed that means that if
they just uncomment the BOOT_COMCONSOLE_PORT then it will use COM2:
These same people then assume that "0x3F8" on that line is a typo for
"0x3E8".
What it actually means is that if you uncomment the line then the default
stays as "Ox3F8" (COM1:), and that you have to uncomment the line, *and*
change the value of the variable in order to use COM2:.
So I've made that a little bit clearer. I've also listed the hex values
for COM1: thru COM4:, snarfed from sys/isa/isareg.h.
PR: docs/12343
Submitted by: Bill Grunfelder <wjgrun@dippy.cyberwar.com>
Originally submitted by: Wayne Self <wself@cdrom.com>
Allow a ppp startup option in rc.conf.
Adjust sysinstall so that it appends to the end of ppp.conf
and uses the generated profile to start ppp in auto mode on
boot.
Submitted by: Josef L. Karthauser <joe@uk.FreeBSD.org>
example of their usage in the sample config. Merge the two examples
for the green internal auth service.
This commit failed the first time around because Brian beat me to the
punch on inetd.8 . I like my descriptions better and I'm pretty sure
Brian won't mind.
at least for now. I relegated the getcred sysctls to only root, but if
they're deemed to be "allowable" to export to users, I'll do so and
revert this change.
get a list of interfaces, and then automatically configure them if
${ifconfig_${ifn}} or /etc/start_if.${ifn} exists.
This makes it a lot easier to deal with machines that constantly change
their network configuration as you can leave ifconfig settings for all
the possible cards - just the ones that are present will be configured.
and set it to "/etc/pccard.conf.sample" in /etc/defaults/rc.conf.
Perhaps this default value can be inappropriate,
but I set to this value for the convenience of PC-card boot.flp users.
Please correct it if there are better solutions.
commentary. :) 3rd and final frob of this. Leave enough comments
behind that anyone running into trouble at least has some cited clues
on dealing with it and jump into the brave new world with uncommented
IANA port assignments.
twice to enable wrapping for internal wrapping as well. If the option is
not specified wrapping is turned off so that inetd will behave exactly
as it used to before TCP Wrappers was imported.
Change etc/defaults/rc.conf so as to encourage wrapping on new systems.
Clarify the use of TCP Wrappers in the IMPLEMENTATION NOTES of the
manual page.
Approved by: jkh
the old STREAM protocol has been obsoleted by "ST2" (RFC 1819)
Detected by: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Suggested by: Matt Crawford <crawdad@fnal.gov>
after demand of two people and no objections:
- included all registered protocols, so it's now a useful reference as well
- renamed title to reflect new content
(deleted word "IP", since all registered internet protocols are included now)
- corrected URL (file isn't hosted by iana.org anymore)
Do discard standard output from the sysctl for approxy_all, and echo
what this sysctl is doing in the usual way. This fix is probably
backwards. We should probably just use the standard sysctl output
in all cases (it needs to have a newline filtered out).
Echo what the sysctls for nfs_reserved_port_only and nfs_access_cache
are doing.
default.
Despite their name it doesn't keep TCP sessions alive, it kills
them if the other end has gone AWOL. This happens a lot with
clients which use NAT, dynamic IP assignment or which has a 2^32
* 10^-3 seconds upper bound on their uptime.
There is no detectable increase in network trafic because of this:
two minimal TCP packets every two hours for a live TCP connection.
Many servers already enable keepalives themselves.
The host requirements RFC is 10 years old, and doesn't know about
the loosing clients of todays InterNet.
