#
f99f0ee1 |
|
22-May-2024 |
Alexander Leidinger <netchild@FreeBSD.org> |
rc.d: add a service jails config to all base system services This gives more permissions to services (e.g. network access to services which require this) when they are started as an automatic service jail. The sshd patch is important for the sshd-related functionality as described in the man-page in the service jails part. The location of the added env vars is supposed to allow overriding them in rc.conf, and to hard-disable the use of svcj for some parts where it doesn't make sense or will not work. Only a subset of all of the services are fully tested (I'm running this since more than a year with various services started as service jails). The untested parts should be most of the time ok, in some edge-cases more permissions are needed inside the service jail. Differential Revision: https://reviews.freebsd.org/D40371
|
#
d0b2dbfa |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line sh pattern Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
|
#
f5b5de1a |
|
17-May-2021 |
Eugene Grosbein <eugen@FreeBSD.org> |
ipfw: reload sysctl.conf variables if needed Currently ipfw has multiple components that are not parts of GENERIC kernel like dummynet etc. They can bring in important sysctls if enabled with rc.conf(5) and loaded with ipfw startup script by means of "required_modules" after initial consult with /etc/sysctl.conf at boot time. Here is an example of one increasing limit for dummynet hold queues that defaults to 100: net.inet.ip.dummynet.pipe_slot_limit=1000 This makes it possible to use ipfw/dummynet rules such as: ipfw pipe 1 config bw 50Mbit/s queue 1000 Such rule is rejected unless above sysctl is applied. Another example is a group of net.inet.ip.alias.* sysctls created after libalias.ko loaded as dependency of ipfw_nat. This is not a problem if corresponding code compiled in custom kernel so sysctls exist when sysctl.conf is read early or kernel modules loaded with a loader. This change makes it work also for GENERIC and modules loaded by means of rc.conf(5) settings. MFC after: 1 month
|
#
5c4fe2ac |
|
02-May-2021 |
Lutz Donnerhacke <donner@FreeBSD.org> |
service/ipfw: Silence warning on restart Once the ipfw0 interface has been created, ifconfig(8) create will throw a warning: ifconfig: create: bad value' when trying to create it again. PR: 241013 Submitted by: Jose Luis Duran Approved by: kp MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D30083
|
#
51206126 |
|
18-Dec-2020 |
Mark Johnston <markj@FreeBSD.org> |
Fix the ipfw service status output when ipfw.ko isn't loaded Reported by: lme Reviewed by: lme MFC after: 1 week Differential Revision: https://reviews.freebsd.org/D27657
|
#
fb6b5cd0 |
|
13-Jul-2020 |
Allan Jude <allanjude@FreeBSD.org> |
Remove excess spaces from rc.d scripts The space between words is already being echoed by the space between quoted strings: % echo 'foo' 'bar' foo bar % echo 'foo' ' baz' foo baz Found in `ipfw` and `mountlate` messages. PR: 247948 Submitted by: Jose Luis Duran <jlduran@gmail.com> MFC after: 2 weeks Sponsored by: Klara Inc.
|
#
4c607608 |
|
21-Jan-2020 |
Eugene Grosbein <eugen@FreeBSD.org> |
libexec/rc/rc.d/ipfw: style fix after r356943 Also, make sure it does not break for systems without ipfw code loaded. MFC after: 1 months X-MFC-with: 356943
|
#
7d821948 |
|
21-Jan-2020 |
Eugene Grosbein <eugen@FreeBSD.org> |
Correct "service ipfw status" for INET6-only systems. MFC after: 1 month
|
#
0bd4858e |
|
23-Mar-2019 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Add ability to automatically load ipfw_nat64, ipfw_nptv6 and ipfw_pmod modules by declaring corresponding variables in rc.conf. Also document them in rc.conf(5). Submitted by: Dries Michiels Differential Revision: https://reviews.freebsd.org/D19673
|
#
0696600c |
|
17-Oct-2018 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Move the rc framework out of sbin/init into libexec/rc. The reasons for this are forward looking to pkgbase: * /sbin/init is a special binary; try not to replace it with every package update because an rc script was touched. (a follow-up commit will make init its own package) * having rc in its own place will allow more easy replacement of the rc framework with alternatives, such as openrc. Discussed with: brd (during BSDCam), kmoore Requested by: cem, bz PR: 231522 Approved by: re (gjb)
|