suggested by naddy@. This solves the problem that occurs when a
server crashes or is hard booted and comes back up without tearing
down any connections to it, and packets from these connections don't
match any existing state or rule and are silenty dropped.
ok phessler@ henning@ claudio@ dlg@
marking up words that are not trademarks (ASCII, I/O, NFS, TCP, TELNET).
While here, remove .Tn markup from the same words in the body
of these pages, too.
Our dhclient only uses the bpf tap for broadcast packets (which bypass
pf) but lease renewals will use a regular socket and are blocked without
this change. Rules are written so that accidential forwarding of packets
is not possible.
Diff from brad@, OK henning@, benno@, mikeb@
It was there to try and ensure that failure was reported if nsd stopped
shortly after startup (as it used to do if the address was in use, etc),
but this is no longer the case with nsd 4 which returns a failure at
startup in these cases, and having it there breaks properly printing
"(ok)" when stopping.
contain both a 2048-byte sector ffs filesystem, and a 512-byte volume header,
so that the IP27 boot magic^Wuglyness recently added to the boot-only cd-rom
(cdXX.iso) can be applied as well.
The full-blown installation iso can now boot on IP27/28/30/32/35.
right __dso_handle and have dlopen'ed shared objects run their atexit handlers
when they get unloaded. This is what Linux does, and several ports depend on
this behaviour (and will crash upon exit without this chang).
Based on an earlier diff from matthew@
Tested by ajacoutot@
ok deraadt@
stsp