- rdr-anchor "relayd/*": the anchor used by relayd to load
redirections into pf.
- pass in on $ext_if proto icmp to ($ext_if): it is a bad habit to
block icmp, this example proposes to allow it by default.
ok henning@
has been loaded. Otherwise, states that are received during the
initial bulk update mismatch the correct pf-checksum and
do not attach to the rules.
Problem identified by david@. Fix done in collaboration.
OK henning@
make the installation media's life easier:
- stop using ``Pc'' as a getty terminal type, use std.9600 instead.
- on platforms with multiple virtual consoles (alpha, amd64, i386,
zaurus), console is disabled, various ttyC* are enabled.
- on other platforms, console is enabled, all other devices are
disabled. This only changes armish, mac68k, sgi.
- default terminal for console is unknown on serial-only machines, vt220
on glass-capable machines (questionable, but done for consistency).
- minor whitespace changes.
- glass console forgotten on a couple platforms (luna88k, sparc64, vax).
eyeballed by deraadt@, ok krw@
replace IPv4 and IPv6 loopback zones with BIND's autogenerated empty zones.
move root.hint to /var/named/etc
remove empty directory /var/named/standard
and graphical console based on the selection made in the ARCBIOS.
Early attachment of gbe(4) is still required, otherwise we have a working
graphical console.
ok miod@
the tables will look more like pf tables, it is easier to re-use
tables with different options, "services" will become "redirections"
(they refer to rdr pf rules), sync configuration directives of
redirect (l3, ex-service) relay (l7) sections (for example "virtual
host" will become "listen on"), all target definitions will start with
"forward to", etc. pp. (see relay.conf(5) and etc/relayd.conf)
discussed with pyr and deraadt
ok pyr@
- internal intel graphics semi-agp chipsets need special handling in pchb.c
- re-add the i965GM device
- use the correct major device id for /dev/agp0 on amd64 (not the i386 one)
ok deraadt@
actually get detected and attached. Also adds a kernel api for
manipulating agp.
Enable this on i386 and amd64.
"I think you should commit it" deraadt@, ok matthieu. Looked over by
several others.
Include filters to block some well-known instant messengers; thanks to
Rene Badalassi (rene at cybersecure dot com dot au) for providing the
examples.
(This change depends on my latest fix to hoststated)