Browse Source

Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made

tweakable: there's no real point and these files support the 'include' option so
one can always get its config from whatever path... especially useful when
testing a new ruleset.
man page inputs from schwarze@
ok halex@ schwarze@ rpe@ deraadt@
OPENBSD_5_8
ajacoutot 9 years ago
parent
commit
d37d74e09b
2 changed files with 6 additions and 8 deletions
  1. +5
    -5
      src/etc/rc
  2. +1
    -3
      src/etc/rc.conf

+ 5
- 5
src/etc/rc View File

@ -1,4 +1,4 @@
# $OpenBSD: rc,v 1.448 2015/03/11 14:48:58 krw Exp $
# $OpenBSD: rc,v 1.449 2015/05/02 09:35:44 ajacoutot Exp $
# System startup script run by init on autoboot # System startup script run by init on autoboot
# or after single-user. # or after single-user.
@ -362,8 +362,8 @@ sh /etc/netstart
dmesg > /dev/random # any write triggers a rekey dmesg > /dev/random # any write triggers a rekey
if [ X"${pf}" != X"NO" ]; then if [ X"${pf}" != X"NO" ]; then
if [ -f ${pf_rules} ]; then
pfctl -f ${pf_rules}
if [ -f /etc/pf.conf ]; then
pfctl -f /etc/pf.conf
fi fi
# bring up pfsync after the working ruleset has been loaded # bring up pfsync after the working ruleset has been loaded
if [ -f /etc/hostname.pfsync0 ]; then if [ -f /etc/hostname.pfsync0 ]; then
@ -392,8 +392,8 @@ start_daemon iscsid isakmpd iked sasyncd ldapd npppd
echo '.' echo '.'
if [ X"${ipsec}" != X"NO" ]; then if [ X"${ipsec}" != X"NO" ]; then
if [ -f ${ipsec_rules} ]; then
ipsecctl -f ${ipsec_rules}
if [ -f /etc/ipsec.conf ]; then
ipsecctl -f /etc/ipsec.conf
fi fi
fi fi


+ 1
- 3
src/etc/rc.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: rc.conf,v 1.200 2014/12/03 20:13:49 florian Exp $
# $OpenBSD: rc.conf,v 1.201 2015/05/02 09:35:44 ajacoutot Exp $
# DO NOT EDIT THIS FILE!! # DO NOT EDIT THIS FILE!!
# #
@ -101,8 +101,6 @@ lockd_flags=NO # for normal use: ""
statd_flags=NO # for normal use: "" statd_flags=NO # for normal use: ""
amd_master=/etc/amd/master # AMD 'master' map amd_master=/etc/amd/master # AMD 'master' map
syslogd_flags= # add more flags, e.g. "-u -a /chroot/dev/log" syslogd_flags= # add more flags, e.g. "-u -a /chroot/dev/log"
pf_rules=/etc/pf.conf # Packet filter rules file
ipsec_rules=/etc/ipsec.conf # IPsec rules file
pflogd_flags= # add more flags, e.g. "-s 256" pflogd_flags= # add more flags, e.g. "-s 256"
shlib_dirs= # extra directories for ldconfig, separated shlib_dirs= # extra directories for ldconfig, separated
# by space # by space


Loading…
Cancel
Save