diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-freebsd/freebsd-sbin/files | |
download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'sys-freebsd/freebsd-sbin/files')
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/adjkerntz-crontab | 4 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/devd.conf | 153 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/devd.initd | 47 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/devd_queue | 50 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/freebsd-sbin-10.0-zlib.patch | 22 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.1-pr102701.patch | 17 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.2-ldconfig.patch | 13 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/freebsd-sbin-7.1-zlib.patch | 21 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/freebsd-sbin-bsdxml2expat.patch | 13 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/freebsd-sbin-setXid.patch | 20 | ||||
-rwxr-xr-x | sys-freebsd/freebsd-sbin/files/idmapd.initd | 20 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/ipfw.confd | 10 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/ipfw.initd | 110 | ||||
-rw-r--r-- | sys-freebsd/freebsd-sbin/files/sysctl.initd | 28 |
14 files changed, 528 insertions, 0 deletions
diff --git a/sys-freebsd/freebsd-sbin/files/adjkerntz-crontab b/sys-freebsd/freebsd-sbin/files/adjkerntz-crontab new file mode 100644 index 000000000000..5fc46f5bf48e --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/adjkerntz-crontab @@ -0,0 +1,4 @@ +# Adjust the time zone if the CMOS clock keeps local time, as opposed to +# UTC time. See adjkerntz(8) for details. +1,31 0-5 * * * root /sbin/adjkerntz -a + diff --git a/sys-freebsd/freebsd-sbin/files/devd.conf b/sys-freebsd/freebsd-sbin/files/devd.conf new file mode 100644 index 000000000000..fd1e0352e5ba --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/devd.conf @@ -0,0 +1,153 @@ +# Refer to devd.conf(5) and devd(8) man pages for the details on how to +# run and configure devd. +# + +# NB: All regular expressions have an implicit ^$ around them. +# NB: device-name is shorthand for 'match device-name' + +options { + # Each directory directive adds a directory the list of directories + # that we scan for files. Files are read-in in the order that they + # are returned from readdir(3). The rule-sets are combined to + # create a DFA that's used to match events to actions. + directory "/etc/devd"; + directory "/usr/local/etc/devd"; + pid-file "/var/run/devd.pid"; + + # Setup some shorthand for regex that we use later in the file. + #XXX Yes, these are gross -- imp + set scsi-controller-regex + "(aac|adv|adw|aha|ahb|ahc|ahd|aic|amd|amr|asr|bt|ciss|ct|dpt|\ + esp|ida|iir|ips|isp|mlx|mly|mpt|ncr|ncv|nsp|stg|sym|trm|wds)\ + [0-9]+"; +}; + +# Note that the attach/detach with the highest value wins, so that one can +# override these general rules. + +# +# For ethernet like devices start configuring the interface. Due to +# a historical accident, this script is called pccard_ether. +# +attach 0 { + media-type "ethernet"; + action "/etc/devd_queue add env IN_HOTPLUG=1 /etc/init.d/net.$device-name start"; +}; + +detach 0 { + media-type "ethernet"; + action "/etc/devd_queue add env IN_HOTPLUG=1 /etc/init.d/net.$device-name stop"; +}; + +# +# Try to start dhclient on Ethernet like interfaces when the link comes +# up. Only devices that are configured to support DHCP will actually +# run it. No link down rule exists because dhclient automaticly exits +# when the link goes down. +# +notify 0 { + match "system" "IFNET"; + match "type" "LINK_UP"; + media-type "ethernet"; + action "/etc/devd_queue add /etc/init.d/net.$subsystem start"; +}; +notify 0 { + match "system" "IFNET"; + match "type" "LINK_DOWN"; + media-type "ethernet"; + action "/etc/devd_queue add /etc/init.d/net.$subsystem stop"; +}; + +# +# Like Ethernet devices, but separate because +# they have a different media type. We may want +# to exploit this later. +# +#detach 0 { +# media-type "802.11"; +# action "env IN_HOTPLUG=1 /etc/init.d/net.$device-name stop"; +#}; +#attach 0 { +# media-type "802.11"; +# action "env IN_HOTPLUG=1 /etc/init.d/net.$device-name start"; +#}; + +# Not sure how to handle this in Gentoo yet +# When a USB Bluetooth dongle appears activate it +#attach 100 { +# device-name "ubt[0-9]+"; +# action "/etc/rc.d/bluetooth start $device-name"; +#}; +#detach 100 { +# device-name "ubt[0-9]+"; +# action "/etc/rc.d/bluetooth stop $device-name"; +#}; + +# When a USB keyboard arrives, attach it as the console keyboard. +attach 100 { + device-name "ukbd0"; + action "kbdcontrol -k /dev/ukbd0 < /dev/console"; +}; +detach 100 { + device-name "ukbd0"; + action "kbdcontrol -k /dev/kbd0 < /dev/console"; +}; + +# The entry below starts and stops moused when a mouse is plugged in. +attach 100 { + device-name "psm[0-9]+"; + action "/etc/devd_queue add env IN_HOTPLUG=1 /etc/init.d/moused.$device-name start"; +}; +detach 100 { + device-name "psm[0-9]+"; + action "/etc/devd_queue add env IN_HOTPLUG=1 /etc/init.d/moused.$device-name stop"; +}; +attach 100 { + device-name "ums[0-9]+"; + action "/etc/devd_queue add env IN_HOTPLUG=1 /etc/init.d/moused.$device-name start"; +}; +detach 100 { + device-name "ums[0-9]+"; + action "/etc/devd_queue add env IN_HOTPLUG=1 /etc/init.d/moused.$device-name stop"; +}; + +# Notify all users before beginning emergency shutdown when we get +# a _CRT or _HOT thermal event and we're going to power down the system +# very soon. +notify 10 { + match "system" "ACPI"; + match "subsystem" "Thermal"; + match "notify" "0xcc"; + action "logger -p kern.emerg 'WARNING: system temperature too high, shutting down soon!'"; +}; + +/* EXAMPLES TO END OF FILE + + +# Examples of notify hooks. A notify is a generic way for a kernel +# subsystem to send event notification to userland. +# +# Here are some examples of ACPI notify handlers. ACPI subsystems that +# generate notifies include the AC adapter, power/sleep buttons, +# control method batteries, lid switch, and thermal zones. +# +# Information returned is not always the same as the ACPI notify +# events. See the ACPI specification for more information about +# notifies. Here is the information returned for each subsystem: +# +# ACAD: AC line state (0 is offline, 1 is online) +# Button: Button pressed (0 for power, 1 for sleep) +# CMBAT: ACPI battery events +# Lid: Lid state (0 is closed, 1 is open) +# Thermal: ACPI thermal zone events +# +# This example calls a script when the AC state changes, passing the +# notify value as the first argument. If the state is 0x00, it might +# call some sysctls to implement economy mode. If 0x01, it might set +# the mode to performance. +notify 10 { + match "system" "ACPI"; + match "subsystem" "ACAD"; + action "/etc/acpi_ac $notify"; +}; +*/ diff --git a/sys-freebsd/freebsd-sbin/files/devd.initd b/sys-freebsd/freebsd-sbin/files/devd.initd new file mode 100644 index 000000000000..2b70320f4bb8 --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/devd.initd @@ -0,0 +1,47 @@ +#!/sbin/runscript +# Copyright 1999-2006 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need localmount + after bootmisc hostname + before net +} + +start() { + # Services may depend on us, so mark us as inactive + mark_service_inactive "${SVCNAME}" + + # Create a queue so that if things went UP DOWN UP DOWN UP DOWN UP + # We just do an UP + # This is used by /etc/devd_queue + mkdir -p /var/run/devd + + ebegin "Starting the Device State Change Daemon" + sysctl hw.bus.devctl_disable=0 >/dev/null + start-stop-daemon --start --exec /sbin/devd \ + --pidfile /var/run/devd.pid + eend $? "Failed to start devd" \ + || return $? + + ebegin "Waiting for Device State Change Daemon to settle" + LC_ALL=C sleep "${DEVD_WAIT:-2}" + eend $? + + # Now flush the queue + einfo "Flushing Device State Change Daemon queue" + /etc/devd_queue flush + + mark_service_started "${SVCNAME}" + return 0 +} + +stop() { + ebegin "Stopping the Device State Change Daemon" + sysctl hw.bus.devctl_disable=1 >/dev/null + start-stop-daemon --stop --exec /sbin/devd \ + --pidfile /var/run/devd.pid + eend $? "Failed to stop devd" +} + +# vim: ts=4 : diff --git a/sys-freebsd/freebsd-sbin/files/devd_queue b/sys-freebsd/freebsd-sbin/files/devd_queue new file mode 100644 index 000000000000..d42cb830c962 --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/devd_queue @@ -0,0 +1,50 @@ +#!/bin/sh + +# Notify the rc system that we're in the background +export IN_BACKGROUND=true + +arg1="$1" +if [ -z "$arg1" ] ; then + echo "Command required" > /dev/stderr + exit 1 +fi +shift + +case "$arg1" in + add) + if [ -z "$1" ] ; then + echo "Command missing!" > /dev/stderr + exit 1 + fi + + # If we don't have a queue then just run + if [ ! -d /var/run/devd ] ; then + "$@" + exit $? + fi + + cmd="$1" + args="$*" + if [ "$cmd" = "env" ] ; then + shift + while echo "$1" | grep -q "="; do + shift + [ "$1" = "--" ] && shift && break + done + cmd="$1" + fi + echo "$args" > /var/run/devd/$(basename "$cmd") + ;; + flush) + while ! rmdir /var/run/devd 2>/dev/null ; do + for cmd in $(cd /var/run/devd; ls) ; do + args=$(cat /var/run/devd/$cmd) + rm -f /var/run/devd/$cmd + $args + done + done + ;; + *) + echo "Unknown command $arg1" + ;; +esac diff --git a/sys-freebsd/freebsd-sbin/files/freebsd-sbin-10.0-zlib.patch b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-10.0-zlib.patch new file mode 100644 index 000000000000..c0a2bf923c23 --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-10.0-zlib.patch @@ -0,0 +1,22 @@ +diff --git a/sbin/savecore/savecore.c b/sbin/savecore/savecore.c +index bdbf7e3..a4c67ec 100644 +--- a/sbin/savecore/savecore.c ++++ b/sbin/savecore/savecore.c +@@ -92,7 +92,7 @@ static int checkfor, compress, clear, force, keep, verbose; /* flags */ + static int nfound, nsaved, nerr; /* statistics */ + static int maxdumps; + +-extern FILE *zopen(const char *, const char *); ++extern FILE *gzopen(const char *, const char *); + + static sig_atomic_t got_siginfo; + static void infohandler(int); +@@ -626,7 +626,7 @@ DoFile(const char *savedir, const char *device) + if (compress) { + snprintf(corename, sizeof(corename), "%s.%d.gz", + istextdump ? "textdump.tar" : "vmcore", bounds); +- fp = zopen(corename, "w"); ++ fp = gzopen(corename, "w"); + } else { + snprintf(corename, sizeof(corename), "%s.%d", + istextdump ? "textdump.tar" : "vmcore", bounds); diff --git a/sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.1-pr102701.patch b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.1-pr102701.patch new file mode 100644 index 000000000000..7b9578c40c87 --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.1-pr102701.patch @@ -0,0 +1,17 @@ +Solves the issue reported in Problem Report bin/102701. + +Can't delete an inet6 alias address from an interface. + +Index: fbsd-6.1/sbin/ifconfig/af_inet6.c +=================================================================== +--- fbsd-6.1.orig/sbin/ifconfig/af_inet6.c ++++ fbsd-6.1/sbin/ifconfig/af_inet6.c +@@ -515,7 +515,7 @@ static struct afswtch af_inet6 = { + .af_settunnel = in6_set_tunnel, + .af_difaddr = SIOCDIFADDR_IN6, + .af_aifaddr = SIOCAIFADDR_IN6, +- .af_ridreq = &in6_addreq, ++ .af_ridreq = &in6_ridreq, + .af_addreq = &in6_addreq, + }; + diff --git a/sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.2-ldconfig.patch b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.2-ldconfig.patch new file mode 100644 index 000000000000..81ad02461681 --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-6.2-ldconfig.patch @@ -0,0 +1,13 @@ +diff -ur sbin.orig/ldconfig/elfhints.c sbin/ldconfig/elfhints.c +--- sbin.orig/ldconfig/elfhints.c 2001-05-03 00:56:18 +0100 ++++ sbin/ldconfig/elfhints.c 2007-08-06 10:16:24 +0100 +@@ -245,6 +245,9 @@ + else + add_dir(hintsfile, argv[i], 0); + } ++ /* Always add our system dirs */ ++ add_dir (hintsfile, "/lib", 1); ++ add_dir (hintsfile, "/usr/lib", 1); + write_elf_hints(hintsfile); + } + diff --git a/sys-freebsd/freebsd-sbin/files/freebsd-sbin-7.1-zlib.patch b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-7.1-zlib.patch new file mode 100644 index 000000000000..22fb2ec62d4f --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-7.1-zlib.patch @@ -0,0 +1,21 @@ +diff -ur sbin/savecore/savecore.c sbin-zlib/savecore/savecore.c +--- sbin/savecore/savecore.c 2005-02-26 01:21:50 +0000 ++++ sbin-zlib/savecore/savecore.c 2005-05-06 12:00:06 +0000 +@@ -95,7 +95,7 @@ + static int checkfor, compress, clear, force, keep, verbose; /* flags */ + static int nfound, nsaved, nerr; /* statistics */ + +-extern FILE *zopen(const char *, const char *); ++extern FILE *gzopen(const char *, const char *); + + static void + printheader(FILE *f, const struct kerneldumpheader *h, const char *device, +@@ -553,7 +553,7 @@ + if (compress) { + sprintf(filename, "%s.%d.gz", istextdump ? "textdump.tar" : + "vmcore", bounds); +- fp = zopen(filename, "w"); ++ fp = gzopen(filename, "w"); + } else { + sprintf(filename, "%s.%d", istextdump ? "textdump.tar" : + "vmcore", bounds); diff --git a/sys-freebsd/freebsd-sbin/files/freebsd-sbin-bsdxml2expat.patch b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-bsdxml2expat.patch new file mode 100644 index 000000000000..bdda99b8c0da --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-bsdxml2expat.patch @@ -0,0 +1,13 @@ +diff -uNr sbin/ifconfig.old/regdomain.c sbin/ifconfig/regdomain.c +--- sbin/ifconfig.old/regdomain.c 2010-12-21 17:09:25.000000000 +0000 ++++ sbin/ifconfig/regdomain.c 2011-07-10 15:56:27.000000000 +0000 +@@ -39,7 +39,7 @@ + #include <err.h> + #include <unistd.h> + +-#include <bsdxml.h> ++#include <expat.h> + + #include "regdomain.h" + +Los ficheros binarios sbin/ifconfig.old/regdomain.o y sbin/ifconfig/regdomain.o son distintos diff --git a/sys-freebsd/freebsd-sbin/files/freebsd-sbin-setXid.patch b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-setXid.patch new file mode 100644 index 000000000000..c8cbebc68c2b --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/freebsd-sbin-setXid.patch @@ -0,0 +1,20 @@ +diff -ur sbin.orig/ping/Makefile sbin.setXid/ping/Makefile +--- sbin.orig/ping/Makefile Thu Apr 7 20:27:57 2005 ++++ sbin.setXid/ping/Makefile Thu Apr 7 20:42:02 2005 +@@ -18,4 +18,6 @@ + LDADD+= -lipsec + .endif + ++LDFLAGS+= -Wl,-z,now ++ + .include <bsd.prog.mk> +diff -ur sbin.orig/shutdown/Makefile sbin.setXid/shutdown/Makefile +--- sbin.orig/shutdown/Makefile Thu Apr 7 20:27:57 2005 ++++ sbin.setXid/shutdown/Makefile Thu Apr 7 20:42:17 2005 +@@ -7,4 +7,6 @@ + BINGRP= operator + BINMODE=4550 + ++LDFLAGS+= -Wl,-z,now ++ + .include <bsd.prog.mk> diff --git a/sys-freebsd/freebsd-sbin/files/idmapd.initd b/sys-freebsd/freebsd-sbin/files/idmapd.initd new file mode 100755 index 000000000000..407b0e87f85d --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/idmapd.initd @@ -0,0 +1,20 @@ +#!/sbin/runscript +# Copyright 1999-2008 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +depend() { + need rpcbind +} + +start() { + ebegin "Starting NFS idmapd" + start-stop-daemon --start --quiet --exec \ + /sbin/idmapd -- $idmapdopts + eend $? "Error starting NFS idmapd" +} + +stop() { + ebegin "Stopping NFS idmapd" + start-stop-daemon --stop --quiet --exec /sbin/idmapd + eend $? "Error stopping NFS idmapd" +} diff --git a/sys-freebsd/freebsd-sbin/files/ipfw.confd b/sys-freebsd/freebsd-sbin/files/ipfw.confd new file mode 100644 index 000000000000..687f92da922f --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/ipfw.confd @@ -0,0 +1,10 @@ +# ipfw provides a stateful firewall. +# This means we allow everything out, and if we have a connection we allow it +# back in. This is very flexable and quite secure. + +# For ease of use, we allow auth and ssh ports through as well. +# To override the list of allowed ports +#PORTS_IN="auth ssh" + +# You may want to enable logging of denied connections +#LOG_DENY="yes" diff --git a/sys-freebsd/freebsd-sbin/files/ipfw.initd b/sys-freebsd/freebsd-sbin/files/ipfw.initd new file mode 100644 index 000000000000..013400bfcf86 --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/ipfw.initd @@ -0,0 +1,110 @@ +#!/sbin/runscript +# Copyright 2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 + +# This is a nice client firewall script which should suit most desktop users. +# We allow auth and ssh in by default. + +PORTS_IN=${PORTS_IN-auth ssh} + +opts="panic showstatus" + +depend() { + before net + provide firewall +} + +ipfw() { + /sbin/ipfw -f -q "$@" +} + +init() { + # Load the kernel module + if ! sysctl net.inet.ip.fw.enable=1 >/dev/null 2>/dev/null ; then + if ! kldload ipfw ; then + eend 1 "Unable to load firewall module" + return 1 + fi + fi + + ipfw flush + + ipfw add allow all from any to any via lo0 + ipfw add allow all from any to 127.0.0.0/8 + ipfw add deny ip from 127.0.0.0/8 to any + + ipfw add allow ipv6-icmp from :: to ff02::/16 + ipfw add allow ipv6-icmp from fe80::/10 to fe80::/10 + ipfw add allow ipv6-icmp from fe80::/10 to ff02::/16 +} + +start() { + local x= log= + ebegin "Starting firewall rules" + if ! init ; then + eend 1 "Failed to flush firewall ruleset" + return 1 + fi + + [ "${LOG_DENY}" = "yes" ] && log="log" + + # Use a statefull firewall + ipfw add check-state + + # Open our configured ports + if [ -n "${PORTS_IN}" ] ; then + local pin= + for x in ${PORTS_IN} ; do + pin="${pin}${pin:+,}${x}" + done + ipfw add allow tcp from any to me ${pin} established keep-state + ipfw add allow tcp from any to me6 ${pin} established keep-state + ipfw add allow tcp from any to me ${pin} setup keep-state + ipfw add allow tcp from any to me6 ${pin} setup keep-state + ipfw add allow udp from any to me ${pin} established + ipfw add allow udp from any to me ${pin} keep-state + ipfw add allow udp from any to me6 ${pin} established + ipfw add allow udp from any to me6 ${pin} keep-state + fi + + # Nice flexable rules that disallow incoming except for stuff we + # have asked for, and allow all outgoing. + ipfw add allow tcp from me to any established keep-state + ipfw add allow tcp from me to any setup keep-state + ipfw add allow tcp from me6 to any established keep-state + ipfw add allow tcp from me6 to any setup keep-state + ipfw add deny ${log} tcp from any to any + ipfw add allow udp from me to any established + ipfw add allow udp from me to any keep-state + ipfw add allow udp from me6 to any established + ipfw add allow udp from me6 to any keep-state + ipfw add deny ${log} udp from any to any + + # Be a good firewall and allow some ICMP traffic. + # Remove 8 if you really want to disallow ping. + ipfw add allow icmp from any to any icmptypes 0,3,8,11,12 + ipfw add allow ip6 from any to any proto ipv6-icmp + + eend 0 +} + +stop() { + ebegin "Stopping firewall rules" + # We don't unload the kernel module as that action + # can cause memory leaks as of FreeBSD 6.x + sysctl net.inet.ip.fw.enable=0 >/dev/null + eend $? +} + +panic() { + ebegin "Stopping firewall rules - hard" + if ! init ; then + eend 1 "Failed to flush firewall ruleset" + return 1 + fi + eend 0 +} + +showstatus() { + ipfw show +} diff --git a/sys-freebsd/freebsd-sbin/files/sysctl.initd b/sys-freebsd/freebsd-sbin/files/sysctl.initd new file mode 100644 index 000000000000..f8a2469ae4d3 --- /dev/null +++ b/sys-freebsd/freebsd-sbin/files/sysctl.initd @@ -0,0 +1,28 @@ +#!/sbin/runscript +# Copyright 1999-2005 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +depend() { + after checkroot root +} + +start() { + ebegin "Configuring kernel parameters" + + if [ ! -f /etc/sysctl.conf ]; then + eend 1 "/etc/sysctl.conf" "not found" + return 1 + fi + + local retval=0 var= comments= + while read var comments ; do + case "${var}" in + ""|"#"*) continue;; + esac + sysctl "${var}" >/dev/null || retval=1 + done < /etc/sysctl.conf + eend ${retval} "Some errors were encountered" +} + +# vim: set ts=4 : |