From d37d74e09be92aa40d09aa98d09c3d0c5b32294a Mon Sep 17 00:00:00 2001 From: ajacoutot <> Date: Sat, 2 May 2015 09:35:44 +0000 Subject: [PATCH] Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made tweakable: there's no real point and these files support the 'include' option so one can always get its config from whatever path... especially useful when testing a new ruleset. man page inputs from schwarze@ ok halex@ schwarze@ rpe@ deraadt@ --- src/etc/rc | 10 +++++----- src/etc/rc.conf | 4 +--- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/src/etc/rc b/src/etc/rc index cffb719d..fe870797 100644 --- a/src/etc/rc +++ b/src/etc/rc @@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.448 2015/03/11 14:48:58 krw Exp $ +# $OpenBSD: rc,v 1.449 2015/05/02 09:35:44 ajacoutot Exp $ # System startup script run by init on autoboot # or after single-user. @@ -362,8 +362,8 @@ sh /etc/netstart dmesg > /dev/random # any write triggers a rekey if [ X"${pf}" != X"NO" ]; then - if [ -f ${pf_rules} ]; then - pfctl -f ${pf_rules} + if [ -f /etc/pf.conf ]; then + pfctl -f /etc/pf.conf fi # bring up pfsync after the working ruleset has been loaded if [ -f /etc/hostname.pfsync0 ]; then @@ -392,8 +392,8 @@ start_daemon iscsid isakmpd iked sasyncd ldapd npppd echo '.' if [ X"${ipsec}" != X"NO" ]; then - if [ -f ${ipsec_rules} ]; then - ipsecctl -f ${ipsec_rules} + if [ -f /etc/ipsec.conf ]; then + ipsecctl -f /etc/ipsec.conf fi fi diff --git a/src/etc/rc.conf b/src/etc/rc.conf index cc0d6162..b52590ed 100644 --- a/src/etc/rc.conf +++ b/src/etc/rc.conf @@ -1,4 +1,4 @@ -# $OpenBSD: rc.conf,v 1.200 2014/12/03 20:13:49 florian Exp $ +# $OpenBSD: rc.conf,v 1.201 2015/05/02 09:35:44 ajacoutot Exp $ # DO NOT EDIT THIS FILE!! # @@ -101,8 +101,6 @@ lockd_flags=NO # for normal use: "" statd_flags=NO # for normal use: "" amd_master=/etc/amd/master # AMD 'master' map syslogd_flags= # add more flags, e.g. "-u -a /chroot/dev/log" -pf_rules=/etc/pf.conf # Packet filter rules file -ipsec_rules=/etc/ipsec.conf # IPsec rules file pflogd_flags= # add more flags, e.g. "-s 256" shlib_dirs= # extra directories for ldconfig, separated # by space