CVS log for src/etc/rc.d/ipfilter
![[BACK]](/gifs/back.gif){kind=small}
Up to [FreeBSD] / src / etc / rc.d
Request diff between arbitrary revisions
Keyword substitution: kv
Default branch: MAIN
Revision 1.32: download - view: text, markup, annotated - select for diffs
Sat Jan 14 02:18:41 2012 UTC (3 weeks, 6 days ago) by dougb
Branches: MAIN
Diff to: previous 1.31: preferred, colored
Changes since revision 1.31: +1 -1 lines
SVN rev 230099 on 2012-01-14 02:18:41Z by dougb
Prepare for the removal of set_rcvar() by changing the rcvar=
assignments to the literal values it would have returned.
The concept of set_rcvar() was nice in theory, but the forks
it creates are a drag on the startup process, which is especially
noticeable on slower systems, such as embedded ones.
During the discussion on freebsd-rc@ a preference was expressed for
using ${name}_enable instead of the literal values. However the
code portability concept doesn't really apply since there are so
many other places where the literal name has to be searched for
and replaced. Also, using the literal value is also a tiny bit
faster than dereferencing the variables, and every little bit helps.
Revision 1.31: download - view: text, markup, annotated - select for diffs
Tue May 17 07:40:13 2011 UTC (8 months, 3 weeks ago) by hrs
Branches: MAIN
CVS tags: RELENG_9_BP, RELENG_9
Diff to: previous 1.30: preferred, colored
Changes since revision 1.30: +1 -1 lines
SVN rev 222007 on 2011-05-17 07:40:13Z by hrs Remove redundant keywords. Submitted by: wxs
Revision 1.30: download - view: text, markup, annotated - select for diffs
Mon Jun 1 05:35:03 2009 UTC (2 years, 8 months ago) by dougb
Branches: MAIN
CVS tags: RELENG_8_BP, RELENG_8
Diff to: previous 1.29: preferred, colored
Changes since revision 1.29: +0 -1 lines
SVN rev 193198 on 2009-06-01 05:35:03Z by dougb Make the pf and ipfw firewalls start before netif, just like ipfilter already does. This eliminates a logical inconsistency, and a small window where the system is open after the network comes up.
Revision 1.29: download - view: text, markup, annotated - select for diffs
Sat Dec 8 07:20:22 2007 UTC (4 years, 2 months ago) by dougb
Branches: MAIN
Diff to: previous 1.28: preferred, colored
Changes since revision 1.28: +0 -1 lines
Remove $NetBSD$ CVS tags. We no longer attempt to synch our rc.d files with theirs, so this information doesn't need to be in the live file. Having it in our CVS history is enough.
Revision 1.28: download - view: text, markup, annotated - select for diffs
Mon Apr 9 08:53:40 2007 UTC (4 years, 10 months ago) by des
Branches: MAIN
CVS tags: RELENG_7_BP, RELENG_7_0_BP, RELENG_7_0, RELENG_7
Diff to: previous 1.27: preferred, colored
Changes since revision 1.27: +1 -1 lines
FILESYSTEMS requires root, so requiring both of them is redundant.
Revision 1.27: download - view: text, markup, annotated - select for diffs
Mon Apr 2 22:53:07 2007 UTC (4 years, 10 months ago) by des
Branches: MAIN
Diff to: previous 1.26: preferred, colored
Changes since revision 1.26: +1 -1 lines
Add a dummy script, FILESYSTEMS, which depends on root and mountcritlocal and takes over mountcritlocal's role as the early / late divider. This makes it far easier to add rc scripts which need to run early, such as a startup script for zfs, which is right around the corner. This change should be a no-op; I have verified that the only change in rcorder's output is the insertion of FILESYSTEMS immediately after mountcritlocal. MFC after: 3 weeks
Revision 1.21.2.2: download - view: text, markup, annotated - select for diffs
Sun Dec 31 17:54:41 2006 UTC (5 years, 1 month ago) by ceri
Branches: RELENG_5
Diff to: previous 1.21.2.1: preferred, colored; branchpoint 1.21: preferred, colored; next MAIN 1.22: preferred, colored
Changes since revision 1.21.2.1: +6 -0 lines
MFC revision 1.25: Ensure that the load of rules into the alternate ruleset worked before loading them into the live one too. PR: conf/97311 Approved by: ru
Revision 1.26: download - view: text, markup, annotated - select for diffs
Sun Dec 31 10:37:18 2006 UTC (5 years, 1 month ago) by yar
Branches: MAIN
Diff to: previous 1.25: preferred, colored
Changes since revision 1.25: +2 -34 lines
Use $required_modules wherever suitable. Use load_kld() in special cases. So we get rid of quite a few lines of duplicated code.
Revision 1.25: download - view: text, markup, annotated - select for diffs
Sat Nov 11 10:48:34 2006 UTC (5 years, 3 months ago) by ceri
Branches: MAIN
Diff to: previous 1.24: preferred, colored
Changes since revision 1.24: +6 -0 lines
Ensure that the load of rules into the alternate ruleset worked before loading them into the live one too. PR: conf/97311 Submitted by: David Bushong Reviewed by: silence on rc@ Approved by: ru (mentor) MFC after: 10 days
Revision 1.24: download - view: text, markup, annotated - select for diffs
Thu Jul 7 05:59:44 2005 UTC (6 years, 7 months ago) by jkim
Branches: MAIN
CVS tags: RELENG_6_BP, RELENG_6_2_BP, RELENG_6_2_0_RELEASE, RELENG_6_2, RELENG_6_1_BP, RELENG_6_1_0_RELEASE, RELENG_6_1, RELENG_6_0_BP, RELENG_6_0_0_RELEASE, RELENG_6_0, RELENG_6
Diff to: previous 1.23: preferred, colored
Changes since revision 1.23: +1 -1 lines
`net.inet.ipf.fr_running' can be a negative value, which was introduced by recent ipfilter import. Approved by: re (scottl), anholt (mentor)
Revision 1.23: download - view: text, markup, annotated - select for diffs
Tue Jun 21 09:39:09 2005 UTC (6 years, 7 months ago) by dd
Branches: MAIN
Diff to: previous 1.22: preferred, colored
Changes since revision 1.22: +1 -1 lines
Unbreak the ipfilter_loaded function. There doesn't seem to be a way for kldstat to ever print "IP Filter" (the module is called "ipfilter" and modules don't have anything like a description), so this function would always return false. That would cause prestart to attempt to load the module even if it's already loaded, which would fail and prevent the rules from being loaded. Approved by: re (dwhite)
Revision 1.21.2.1: download - view: text, markup, annotated - select for diffs
Sun Oct 10 09:50:53 2004 UTC (7 years, 4 months ago) by mtm
Branches: RELENG_5
CVS tags: RELENG_5_5_BP, RELENG_5_5_0_RELEASE, RELENG_5_5, RELENG_5_4_BP, RELENG_5_4_0_RELEASE, RELENG_5_4, RELENG_5_3_BP, RELENG_5_3_0_RELEASE, RELENG_5_3
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +1 -1 lines
RCS file: /home/ncvs/src/etc/rc,v
Revision 1.335: download - view: text, markup, annotated - select for diffs
Fri Oct 8 14:23:49 2004 UTC (7 years, 4 months ago) by mtm
Branches: MAIN
CVS tags: HEAD
Diff to: previous 1.334: preferred, colored
Changes since revision 1.334: +0 -1 lines
Remove an unused variable. Submitted by: Pawel Worach <pawel.worach@telia.com>
Revision 1.22: download - view: text, markup, annotated - select for diffs
Thu Oct 7 13:55:26 2004 UTC (7 years, 4 months ago) by mtm
Branches: MAIN
Diff to: previous 1.21: preferred, colored
Changes since revision 1.21: +1 -1 lines
Remove the requirement for the FreeBSD keyword as it no longer makes any sense. Discussed with: dougb, brooks MFC after: 3 days
Revision 1.334: download - view: text, markup, annotated - select for diffs
Thu Oct 7 13:55:25 2004 UTC (7 years, 4 months ago) by mtm
Branches: MAIN
Diff to: previous 1.32: preferred, colored
Changes since revision 1.32: +1 -1 lines
Remove the requirement for the FreeBSD keyword as it no longer makes any sense. Discussed with: dougb, brooks MFC after: 3 days
Revision 1.21: download - view: text, markup, annotated - select for diffs
Fri Apr 23 15:43:13 2004 UTC (7 years, 9 months ago) by darrenr
Branches: MAIN
CVS tags: RELENG_5_BP
Branch point for: RELENG_5
Diff to: previous 1.20: preferred, colored
Changes since revision 1.20: +0 -0 lines
Change the dependency between these two scripts so that ipmon depends on ipfilter rather than the other way around, preventing ipmon from exiting at startup because ipfilter is not yet enabled (using the device results too early results in ENXIO.)
Revision 1.20: download - view: text, markup, annotated - select for diffs
Tue Apr 20 13:30:49 2004 UTC (7 years, 9 months ago) by darrenr
Branches: MAIN
Diff to: previous 1.19: preferred, colored
Changes since revision 1.19: +1 -1 lines
apply patch so pr can be closed PR: misc/56715 Submitted by: grant@NetBSD.org Reviewed by: darrenr
Revision 1.19: download - view: text, markup, annotated - select for diffs
Mon Mar 8 12:25:05 2004 UTC (7 years, 11 months ago) by pjd
Branches: MAIN
Diff to: previous 1.18: preferred, colored
Changes since revision 1.18: +1 -1 lines
Mark scripts as not usable inside a jail by adding keyword 'nojail'. Some suggestions from: rwatson, Ruben de Groot <mail25@bzerk.org>
Revision 1.18: download - view: text, markup, annotated - select for diffs
Fri Mar 5 07:43:38 2004 UTC (7 years, 11 months ago) by mtm
Branches: MAIN
Diff to: previous 1.17: preferred, colored
Changes since revision 1.17: +1 -1 lines
Remove scripts we don't use from requirement lines. These were hold-overs from the initial NetBSD import.
Revision 1.17: download - view: text, markup, annotated - select for diffs
Sat Jan 24 20:40:11 2004 UTC (8 years ago) by mux
Branches: MAIN
Diff to: previous 1.16: preferred, colored
Changes since revision 1.16: +11 -2 lines
Move the test used to determine whether IPFilter is loaded or not into its own function to avoid a small duplication of code.
Revision 1.16: download - view: text, markup, annotated - select for diffs
Sat Jan 17 10:40:45 2004 UTC (8 years ago) by mtm
Branches: MAIN
Diff to: previous 1.15: preferred, colored
Changes since revision 1.15: +33 -102 lines
Luke Mewburn has indicated that they (NetBSD) are not interested in keeping the scripts under rc.d in sync with us. So, remove NetBSD specific stuff (which made our scripts more complicated than necessary). The NetBSD ident string will be left intact, both for history and also incase we wish to pull in future versions.
Revision 1.15: download - view: text, markup, annotated - select for diffs
Sat Jan 17 10:16:38 2004 UTC (8 years ago) by mtm
Branches: MAIN
Diff to: previous 1.14: preferred, colored
Changes since revision 1.14: +1 -1 lines
Luke Mewburn has indicated that they (NetBSD) are not interested in keeping the scripts under rc.d in sync with us. So, begin removal of NetBSD specific stuff (which made our scripts more complicated than necessary), starting with the NetBSD KEYWORD.
Revision 1.14: download - view: text, markup, annotated - select for diffs
Mon Oct 13 08:20:55 2003 UTC (8 years, 4 months ago) by dougb
Branches: MAIN
CVS tags: RELENG_5_2_BP, RELENG_5_2_1_RELEASE, RELENG_5_2_0_RELEASE, RELENG_5_2
Diff to: previous 1.13: preferred, colored
Changes since revision 1.13: +1 -1 lines
Remove trailing whitespace
Revision 1.13: download - view: text, markup, annotated - select for diffs
Fri Oct 3 11:57:43 2003 UTC (8 years, 4 months ago) by mux
Branches: MAIN
Diff to: previous 1.12: preferred, colored
Changes since revision 1.12: +3 -1 lines
Fix bogon in ipfilter_resync() introduced in my last commit. Spotted by: Gennady Proskurin <gpr@nvnpp.vrn.ru>
Revision 1.12: download - view: text, markup, annotated - select for diffs
Sat Sep 27 13:50:47 2003 UTC (8 years, 4 months ago) by mux
Branches: MAIN
Diff to: previous 1.11: preferred, colored
Changes since revision 1.11: +22 -15 lines
A number of fixes/enhancements for the ipfilter rc script:
- Use a more robust check to determine if we need to load ipl.ko.
- Don't try to run ipf -E if ipfilter is already enabled. Look at
the net.inet.ipf.fr_running sysctl to figure this out. This fixes
a warning message about ipfilter being already initialized.
- Only one ipf -E command is needed. We don't need an extra one for
the -6 case which would only print a warning message about ipfilter
being already initialized.
- Fix one occurence where we were running /sbin/ipf directly without
using the ${ipfilter_program} variable if set.
- In ipfilter_stop(), don't try to save the firewall state tables if
ipfilter is disabled. Similarly, don't try to disable it if it's
already disabled. This fixes some more error messages.
Revision 1.11: download - view: text, markup, annotated - select for diffs
Wed Jul 30 18:53:59 2003 UTC (8 years, 6 months ago) by mtm
Branches: MAIN
Diff to: previous 1.10: preferred, colored
Changes since revision 1.10: +1 -1 lines
tty whacking should occur early, but not so early that the required commands are not on a mounted file system. Noticed by: bde
Revision 1.10: download - view: text, markup, annotated - select for diffs
Wed Apr 30 02:54:17 2003 UTC (8 years, 9 months ago) by mtm
Branches: MAIN
CVS tags: RELENG_5_1_BP, RELENG_5_1_0_RELEASE, RELENG_5_1
Diff to: previous 1.9: preferred, colored
Changes since revision 1.9: +1 -1 lines
o Make the 'Ip-filter module loaded' messages informational o Make 'No ipnat rules' a warning o Remove unecessary ' ..' Approved by: markm (implicit)
Revision 1.9: download - view: text, markup, annotated - select for diffs
Wed Apr 30 02:19:38 2003 UTC (8 years, 9 months ago) by mtm
Branches: MAIN
Diff to: previous 1.8: preferred, colored
Changes since revision 1.8: +2 -2 lines
Running the script with restart or manually stopping and starting it doesn't work because the start_cmd doesn't enable ipfilter if it is currently disabled. Approved by: markm (mentor) (implicit) Submitted by: Michael Lyngbøl <lyngbol@bifrost.lyngbol.dk> PR: conf/46103
Revision 1.8: download - view: text, markup, annotated - select for diffs
Thu Apr 24 08:20:47 2003 UTC (8 years, 9 months ago) by mtm
Branches: MAIN
Diff to: previous 1.7: preferred, colored
Changes since revision 1.7: +3 -3 lines
Make ipfilter, ipnat, ipmon, and ipfs behave more like the old rc. o group them together so they run one right after another o use the NetBSD supplied ipfs script instead of tacking it on to the end of ipnat o Load the ipl module in ipnat and ipfilter, if it's not already loaded o In ipmon and ipnat show a warning if neither ipfilter nor ipnat is enabled or the ipl module is not loaded, and exit Approved by: markm (mentor) (implicit) Tested by: leafy <leafy@leafy.idv.tw>
Revision 1.7: download - view: text, markup, annotated - select for diffs
Sat Mar 22 14:53:23 2003 UTC (8 years, 10 months ago) by ume
Branches: MAIN
Diff to: previous 1.6: preferred, colored
Changes since revision 1.6: +1 -0 lines
add missing `ipf -s'. Submitted by: Mark Huizer <xaa+freebsd@timewasters.nl>
Revision 1.6: download - view: text, markup, annotated - select for diffs
Wed Mar 5 17:16:22 2003 UTC (8 years, 11 months ago) by ume
Branches: MAIN
Diff to: previous 1.5: preferred, colored
Changes since revision 1.5: +2 -0 lines
Latest IPFilter requires flushing rules for IPv6 separately from IPv4.
Revision 1.5: download - view: text, markup, annotated - select for diffs
Sat Nov 2 08:21:25 2002 UTC (9 years, 3 months ago) by ume
Branches: MAIN
CVS tags: RELENG_5_0_BP, RELENG_5_0_0_RELEASE, RELENG_5_0
Diff to: previous 1.4: preferred, colored
Changes since revision 1.4: +21 -6 lines
Add IPv6 setup for ipfilter. `ipv6_ipfilter_rules' was added to specify rules definition file for ipfilter. The default is /etc/ipf6.rules. If there is a file which is specified by 'ipv6_ipfilter_rules', IPv6 rule is installed. Reviewed by: Ronald van der Pol <Ronald.vanderPol@rvdp.org> MFC after: 1 week
Revision 1.4: download - view: text, markup, annotated - select for diffs
Sat Oct 12 10:31:31 2002 UTC (9 years, 4 months ago) by schweikh
Branches: MAIN
Diff to: previous 1.3: preferred, colored
Changes since revision 1.3: +3 -3 lines
Fix style bugs: * Space -> tabs conversion. * Removed blanks before semicolon in "if ... ; then". * Proper indentation of misindented lines. * Put a full stop after some comments. * Removed whitespace at end of line. Approved by: silence from gordon
Revision 1.3: download - view: text, markup, annotated - select for diffs
Fri Sep 6 16:18:05 2002 UTC (9 years, 5 months ago) by gordon
Branches: MAIN
Diff to: previous 1.2: preferred, colored
Changes since revision 1.2: +6 -6 lines
Convert from `${CMD_OSTYPE}` to ${OSTYPE}. This saves a shell invocation on
OS-dependent case switches.
Revision 1.1.1.2 (vendor branch): download - view: text, markup, annotated - select for diffs
Fri Jun 21 19:07:21 2002 UTC (9 years, 7 months ago) by obrien
Branches: NETBSD
CVS tags: head_20020621
Diff to: previous 1.1.1.1: preferred, colored
Changes since revision 1.1.1.1: +9 -2 lines
Sync with NetBSD's mainline.
Revision 1.2: download - view: text, markup, annotated - select for diffs
Thu Jun 13 22:14:36 2002 UTC (9 years, 8 months ago) by gordon
Branches: MAIN
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +95 -21 lines
Merge in all the changes that Mike Makonnen has been maintaining for a while. This is only the script pieces, the glue for the build comes next. Submitted by: Mike Makonnen <makonnen@pacbell.net> Reviewed by: silence on -current and -hackers Prodded by: rwatson
Revision 1.1.1.1 (vendor branch): download - view: text, markup, annotated - select for diffs
Sat Jun 16 07:16:14 2001 UTC (10 years, 7 months ago) by obrien
Branches: NETBSD
CVS tags: head_20010615
Diff to: previous 1.1: preferred, colored
Changes since revision 1.1: +0 -0 lines
Import the NetBSD 1.5 RC system. Note that `rc' and `rc.shutdown' could not be imported because we already have files with those names.
Revision 1.1: download - view: text, markup, annotated - select for diffs
Sat Jun 16 07:16:14 2001 UTC (10 years, 7 months ago) by obrien
Branches: MAIN
Initial revision