#
369817 |
|
17-May-2021 |
git2svn |
service/ipfw: Silence warning on restart
Once the ipfw0 interface has been created, ifconfig(8) create will throw a warning: "ifconfig: create: bad value" when trying to create it again.
PR: 241013 Submitted by: Jose Luis Duran Approved by: kp Differential Revision: https://reviews.freebsd.org/D30083
(cherry picked from commit 5c4fe2ac81a5e05062266d684fb53b9faefd0d38)
Git Hash: 370c8a1f784c62d0cf28aa1202a0575add1b3559 Git Author: donner@FreeBSD.org
|
#
359703 |
|
07-Apr-2020 |
eugen |
Style fix for /etc/rc.d/ipfw: correct bad identation after r359701.
|
#
359701 |
|
07-Apr-2020 |
eugen |
MFC r356943,356944: Correct "service ipfw status" for INET6-only systems.
|
#
346181 |
|
13-Apr-2019 |
ae |
MFC r345450: Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod
modules by declaring corresponding variables in rc.conf. Also document them in rc.conf(5).
Submitted by: Dries Michiels Differential Revision: https://reviews.freebsd.org/D19673
MFC r345985: Add firewall_[nat64|nptv6|pmod]_enable variables to /etc/defaults/rc.conf
|
#
331728 |
|
29-Mar-2018 |
araujo |
MFC r329817:
The firewall_type is ignored if not set in rc.conf or rc.conf.local, after r190575 there is an option to call rc.firewall with the firewall_type passed in as an argument.
Submitted by: David P. Discher <dpd@dpdtech.com> Sponsored by: iXsystems Inc. Differential Revision: https://reviews.freebsd.org/D14286
|
#
330280 |
|
02-Mar-2018 |
manu |
MFC r320943-r320944, r321008, r321072, r321128
r320943: Add ipfw_status command to etc/rc.d/ipfw
This is helpful when using service/conf management tools.
Sonsored-By: Gandi.net
r320944: Add an rc.d script to setup a netflow export via ng_netflow The default is to export netflow data on localhost on the netflow port. ngtee is used to have the lowest overhead possible. The ipfw ng hook is the netflow port (it can only be numeric) Default is netflow version 5.
Sponsored-By: Gandi.net Reviewed by: bapt (earlier version), olivier (earlier version)
r321008: etc/rc.d: Only install ipfw_netflow is MK_IPFW and MK_NETGRAPH is defined
While here only install ipfw rc script if MK_IPFW is defined.
Reported by: ngie
r321072: ipfw_netflow: add +ipfw_netflow_enable="NO" to defaults/rc.conf and document usage in rc.conf(5)
Reported by: markj Sponsored by: Gandi.net
r321128: ipfw_netflow: Add support for FIB
If ipfw_netflow_fib, the ipfw rule will only match packets in that FIB.
While here correct some value in rc.conf(5) to be int and not str.
Sponsored by: Gandi.net
|
#
318965 |
|
26-May-2017 |
n_hibma |
MFC 317729:
Silence sysctl in startup scripts.
This makes 'stop' behave consistently with 'start' in the script. Also use $SYSCTL instead of sysctl for consistency within that script.
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
298514 |
|
23-Apr-2016 |
lme |
- Add descriptions to most of the rc scripts. Those are mostly taken from their daemon's manpage and probably improved. - Consistently use "filesystem" not "file system".
Approved by: bapt, brueffer Differential Revision: D452
|
#
250804 |
|
19-May-2013 |
jamie |
Refine the "nojail" rc keyword, adding "nojailvnet" for files that don't apply to most jails but do apply to vnet jails. This includes adding a new sysctl "security.jail.vnet" to identify vnet jails.
PR: conf/149050 Submitted by: mdodd MFC after: 3 days
|
#
242301 |
|
29-Oct-2012 |
hrs |
Load ipdivert.ko when natd_enable=YES.
PR: conf/167566
|
#
238277 |
|
09-Jul-2012 |
hrs |
Make ipfw0 logging pseudo-interface clonable. It can be created automatically by $firewall_logif rc.conf(5) variable at boot time or manually by ifconfig(8) after a boot.
Discussed on: freebsd-ipfw@
|
#
220153 |
|
29-Mar-2011 |
emaste |
Replace ${SYSCTL_W} with ${SYSCTL} in rc.d scripts, as they are identical. This is a further clean up after r202988.
SYSCTL_W is still initialized in rc.subr as some ports may still use it.
|
#
208060 |
|
14-May-2010 |
dougb |
Remove trailing white space. No functional changes.
|
#
203676 |
|
08-Feb-2010 |
emax |
Introduce new rc.conf variable firewall_coscripts. It can be used to specify list of executables and/or rc scripts that should be executed after firewall starts/stops.
Submitted by: Yuri Kurenkov <y dot kurenkov at init dot ru> Reviewed by: rhodes, rc@ MFC after: 1 week
|
#
200028 |
|
02-Dec-2009 |
ume |
Unify rc.firewall and rc.firewall6, and obsolete rc.firewall6 and rc.d/ip6fw.
Reviewed by: dougb, jhb MFC after: 1 month
|
#
195026 |
|
25-Jun-2009 |
dougb |
Reverse the effect of r193198 for pf and ipfw which will once again allow them to start after netif. There were too many problems reported with this change in the short period of time that it lived in HEAD, and we are too late in the release cycle to properly shake it out.
IMO the issue of having the firewalls up before the network is still a valid concern, particularly for pf whose default state is wide open. However properly solving this issue is going to take some investment on the part of the people who actually use those tools.
This is not a strict reversion of all the changes for r193198 since it also included some simplification of the BEFORE/REQUIRE logic which is still valid for ipfilter and ip6fw.
|
#
193198 |
|
01-Jun-2009 |
dougb |
Make the pf and ipfw firewalls start before netif, just like ipfilter already does. This eliminates a logical inconsistency, and a small window where the system is open after the network comes up.
|
#
190575 |
|
30-Mar-2009 |
emax |
- Add ipfw_nat to the list of required modules if "firewall_nat_enable" is set and "natd_enable" is NOT set;
- Accept and pass firewall type to the external firewall script.
Submitted by: Yuri Kurenkov < y -dot- kurenkov -at- init -dot- ru > MFC after: 3 days No response from: freebsd-rc
|
#
180563 |
|
16-Jul-2008 |
dougb |
As previously discussed, add the svn:executable property to all scripts
|
#
180296 |
|
05-Jul-2008 |
mtm |
No need to display the result of enabling the ipfw sysctl if it's successfull. Issue a warning if it fails, however.
|
#
175722 |
|
27-Jan-2008 |
mtm |
Add a dummynet_enable knob to go with firewall_enable. If this knob is enabled dummynet(4) is added to the list of required modules.
Discussed on: #freebsd-bugbusters (rwatson, trhodes) PR: conf/79196 MFC after: 1 week
|
#
175686 |
|
26-Jan-2008 |
mtm |
Generally, anything that runs rc.d scripts internally should start using the quiet prefix (i.e. quietstart, quietstop, etc...).
|
#
168272 |
|
02-Apr-2007 |
mtm |
Instead of directly sourcing the firewall script, run it in a separate shell. If the firewall script is sourced directly from the script, then any exit statements in it will also terminate the rc.d script prematurely.
PR: conf/78762 MFC-After: 2 weeks
|
#
165683 |
|
31-Dec-2006 |
yar |
Use $required_modules wherever suitable. Use load_kld() in special cases. So we get rid of quite a few lines of duplicated code.
|
#
160672 |
|
25-Jul-2006 |
yar |
De-uglify messages from the ipfw script.
|
#
156030 |
|
26-Feb-2006 |
wkoszek |
Use 'ipfw list' instead of 'ipfw l', since it's deprecated (and warning is printed on system startup).
Approved by: cognet (mentor) MFC after: 3 days
|
#
151806 |
|
28-Oct-2005 |
yar |
Transforming "ppp-user" into just "ppp", step 1: The rcorder(8) condition PROVIDE'd by the script and REQUIRE'd by the others becomes "ppp".
The ultimate goal of the transformation is to reduce confusion resulting from the fact that $name has been "ppp" already.
Discussed with: pjd, -rc
|
#
143688 |
|
16-Mar-2005 |
ru |
Start natd(8) before loading firewall rules, to give the ipdivert.ko module a chance to load.
|
#
136224 |
|
07-Oct-2004 |
mtm |
Remove the requirement for the FreeBSD keyword as it no longer makes any sense.
Discussed with: dougb, brooks MFC after: 3 days
|
#
128714 |
|
28-Apr-2004 |
phk |
Protect som cross-script invocations by checks to see that the target script exists. This allows pruning of rc.d scripts without getting too many ugly boottime error message
|
#
127897 |
|
05-Apr-2004 |
fjoe |
Add separate script for natd. This fixes race condition with "ipfw restart" (when new natd is started before old natd died) and allows to manage natd without touching ipfw.
natd should probably be killed with SIGKILL when stopping natd.
|
#
126744 |
|
08-Mar-2004 |
pjd |
Mark scripts as not usable inside a jail by adding keyword 'nojail'.
Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>
|
#
118099 |
|
27-Jul-2003 |
mbr |
Add -dynamic to natd if dhcp is used for the natd interface. Kill natd in stop().
Reviewed by: mtm
|
#
112849 |
|
30-Mar-2003 |
mtm |
Make the 'restart' command work. Otherwise, it would successfully stop ipfw, but not enable it again.
Aesthetic changes o Use positve logic (instead of negative) o create a 'stop' function, rather than putting the commands in the stop_cmd variable.
Submitted by: des Approved by: markm (mentor) (implicit)
|
#
109232 |
|
14-Jan-2003 |
mtm |
Finish merging in rev. 1.124 of rc.network, so that natd can be used withough the $natd_interface having to be explicitly specified on the command line.
Approved by: markm (mentor) Submitted by: Aaron D. Gifford <agifford@infowest.com> PR: conf/47024
MFC: upon re approval
|
#
104980 |
|
12-Oct-2002 |
schweikh |
Fix style bugs: * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line.
Approved by: silence from gordon
|
#
98184 |
|
13-Jun-2002 |
gordon |
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next.
Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
|