filters (AS, peer-as, source-as, transit-as).
Add a use case (block illegal AS numbers) to the bgpd.conf example.
feedback from claudio, sthen, florian,
ok florian@ phessler@
Point at wikipedia's list of blacklists instead, some are DNS-only but there
are a few rsyncable ones in there (including a good commercial one and some
free ones).
- run commands in subshell only if mktemp is successful
- on error just leave the for-loop but set _error=true
- cleanup tmpdirs afterwards
- set _error=true if the ro remount fails
- print appropriate final message depending on $_error
positive feedback from deraadt
OK krw
- move the info message inside the function
- skip reordering if /usr/lib is on a nfs mounted filesystem
- temporarily remount rw if /usr/lib is on a ro ffs file-system
OK deraadt
and force long filenames on the first mount of fat 16 filesystems so
this works.
U-boot scripts have not yet been changed to load these files.
ok kettenis@
about pkg.conf isn't really that helpful and if a big syntax change comes along
well we have current.html.
it was disabled during p2k16 and no one complained so far
discussed with and ok deraadt@
above it is "starting network", which can make you think something is
broken when your machine is as slow as some of mine.
"Yeah, that's a pretty crappy machine" deraadt@
table has to be defined BEFORE
consequently move all tables in the examples to the beginning and before the
listen directive to avoid tables not being found
no functional change
ran into this myself earlier, also reported by cjones via irc
ok gilles
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.
Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.
Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree
unused for now, but I plan to convert all programs in base to use it in
a future diff. /dev/bpf0 is for compatibility with existing binaries
and is to be removed after a transition period.
ok rpe krw, for the installer part
"Let's see it hit the tree." deraadt
chance to update the *default* configuration of the important daemons.
Factorize rc.firsttime into a run_upgrade_script() function which takes the
script suffix name as an argument.
i.e. run_upgrade_script sysmerge / run_upgrade_script firsttime
discussed with deraadt@
ok deraadt@ rpe@
It works by adding daemon_rtable=$id in /etc/rc.conf.local.
rcctl(8) support coming in a few and so are the man pages bits.
If you want multiple instances of the same daemon running in different
routing tables, just symlink the original rc.d script.
e.g.
# cd /etc/rc.d && ln -s dhcpd dhcpd42
Then enable your daemons as such in rc.conf.local:
dhcpd_flags=
dhcpd42_flags=
dhcpd42_rtable=42
most work done by Jiri B <jirib@devio.us>; with a few tweaks and simplifications
by yours truly
ok robert@
... should make henning happy ;-)
daemon_class, daemon_flags, daemon_timeout, daemon_user, pexp
Add "pexp" as a valid variable to _rc_parse_conf() and sort the list while here.
Besides having an easy way to see how a daemon was started exactly, it opens the
door to rdomain/rtable support in rc.d(8). We need to have as much information
on a daemon as possible if we want to target a specific rtable (using -T) and it
also makes it easier to start multiple instances of the same daemon with similar
flags as a different user...
Of course that only works with rc.d scripts *not* overwritting the default rc_*
functions.
Man page tweaks coming later.
discussed with and ok robert@
visa