[Midnightbsd-cvs] src [11762] trunk/etc/rc.d: update several scripts
laffer1 at midnightbsd.org
laffer1 at midnightbsd.org
Wed Jul 11 10:08:06 EDT 2018
Revision: 11762
http://svnweb.midnightbsd.org/src/?rev=11762
Author: laffer1
Date: 2018-07-11 10:08:05 -0400 (Wed, 11 Jul 2018)
Log Message:
-----------
update several scripts
Modified Paths:
--------------
trunk/etc/rc.d/initrandom
trunk/etc/rc.d/ip6addrctl
trunk/etc/rc.d/ipfilter
trunk/etc/rc.d/ipfs
trunk/etc/rc.d/ipfw
trunk/etc/rc.d/ipmon
Modified: trunk/etc/rc.d/initrandom
===================================================================
--- trunk/etc/rc.d/initrandom 2018-07-11 14:03:18 UTC (rev 11761)
+++ trunk/etc/rc.d/initrandom 2018-07-11 14:08:05 UTC (rev 11762)
@@ -14,13 +14,6 @@
start_cmd="initrandom_start"
stop_cmd=":"
-feed_dev_random()
-{
- if [ -f "${1}" -a -r "${1}" -a -s "${1}" ]; then
- cat "${1}" | dd of=/dev/random bs=8k 2>/dev/null
- fi
-}
-
initrandom_start()
{
soft_random_generator=`sysctl kern.random 2>/dev/null`
@@ -50,29 +43,15 @@
else
${SYSCTL} kern.random.sys.harvest.point_to_point=0 >/dev/null
fi
- fi
- # XXX temporary until we can improve the entropy
- # harvesting rate.
- # Entropy below is not great, but better than nothing.
- # This unblocks the generator at startup
- ( ps -fauxww; sysctl -a; date; df -ib; dmesg; ps -fauxww ) \
- | dd of=/dev/random bs=8k 2>/dev/null
- cat /bin/ls | dd of=/dev/random bs=8k 2>/dev/null
-
- # First pass at reseeding /dev/random.
- #
- case ${entropy_file} in
- [Nn][Oo] | '')
- ;;
- *)
- if [ -w /dev/random ]; then
- feed_dev_random "${entropy_file}"
+ if checkyesno harvest_swi; then
+ ${SYSCTL} kern.random.sys.harvest.swi=1 >/dev/null
+ echo -n ' swi'
+ else
+ ${SYSCTL} kern.random.sys.harvest.swi=0 >/dev/null
fi
- ;;
- esac
+ fi
- echo -n ' kickstart'
fi
echo '.'
Modified: trunk/etc/rc.d/ip6addrctl
===================================================================
--- trunk/etc/rc.d/ip6addrctl 2018-07-11 14:03:18 UTC (rev 11761)
+++ trunk/etc/rc.d/ip6addrctl 2018-07-11 14:08:05 UTC (rev 11762)
@@ -75,6 +75,8 @@
else
if checkyesno ipv6_activate_all_interfaces; then
ip6addrctl_prefer_ipv6
+ elif [ -n "$(list_vars ifconfig_\*_ipv6)" ]; then
+ ip6addrctl_prefer_ipv6
else
ip6addrctl_prefer_ipv4
fi
@@ -97,9 +99,6 @@
[Nn][Oo][Nn][Ee])
${IP6ADDRCTL_CMD} flush >/dev/null 2>&1
;;
- [Nn][Oo][Nn][Ee])
- ip6addrctl flush >/dev/null 2>&1
- ;;
*)
warn "\$ip6addrctl_policy is invalid: ${ip6addrctl_policy}. " \
" \"ipv4_prefer\" is used instead."
Modified: trunk/etc/rc.d/ipfilter
===================================================================
--- trunk/etc/rc.d/ipfilter 2018-07-11 14:03:18 UTC (rev 11761)
+++ trunk/etc/rc.d/ipfilter 2018-07-11 14:08:05 UTC (rev 11762)
@@ -29,7 +29,7 @@
ipfilter_start()
{
echo "Enabling ipfilter."
- if [ `sysctl -n net.inet.ipf.fr_running` -le 0 ]; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
${ipfilter_program:-/sbin/ipf} -E
fi
${ipfilter_program:-/sbin/ipf} -Fa
@@ -37,7 +37,6 @@
${ipfilter_program:-/sbin/ipf} \
-f "${ipfilter_rules}" ${ipfilter_flags}
fi
- ${ipfilter_program:-/sbin/ipf} -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
@@ -46,8 +45,7 @@
ipfilter_stop()
{
- # XXX - The ipf -D command is not effective for 'lkm's
- if [ `sysctl -n net.inet.ipf.fr_running` -eq 1 ]; then
+ if ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes'; then
echo "Saving firewall state tables"
${ipfs_program:-/sbin/ipfs} -W ${ipfs_flags}
echo "Disabling ipfilter."
@@ -67,7 +65,6 @@
err 1 'Load of rules into alternate set failed; aborting reload'
fi
fi
- ${ipfilter_program:-/sbin/ipf} -I -6 -Fa
if [ -r "${ipv6_ipfilter_rules}" ]; then
${ipfilter_program:-/sbin/ipf} -I -6 \
-f "${ipv6_ipfilter_rules}" ${ipfilter_flags}
Modified: trunk/etc/rc.d/ipfs
===================================================================
--- trunk/etc/rc.d/ipfs 2018-07-11 14:03:18 UTC (rev 11761)
+++ trunk/etc/rc.d/ipfs 2018-07-11 14:08:05 UTC (rev 11762)
@@ -23,7 +23,7 @@
if ! checkyesno ipfilter_enable -o ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
- if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0
Modified: trunk/etc/rc.d/ipfw
===================================================================
--- trunk/etc/rc.d/ipfw 2018-07-11 14:03:18 UTC (rev 11761)
+++ trunk/etc/rc.d/ipfw 2018-07-11 14:08:05 UTC (rev 11762)
@@ -25,11 +25,11 @@
if checkyesno dummynet_enable; then
required_modules="$required_modules dummynet"
fi
-
+ if checkyesno natd_enable; then
+ required_modules="$required_modules ipdivert"
+ fi
if checkyesno firewall_nat_enable; then
- if ! checkyesno natd_enable; then
- required_modules="$required_modules ipfw_nat"
- fi
+ required_modules="$required_modules ipfw_nat"
fi
}
@@ -57,6 +57,10 @@
echo 'Firewall logging enabled.'
sysctl net.inet.ip.fw.verbose=1 >/dev/null
fi
+ if checkyesno firewall_logif; then
+ ifconfig ipfw0 create
+ echo 'Firewall logging pseudo-interface (ipfw0) created.'
+ fi
}
ipfw_poststart()
Modified: trunk/etc/rc.d/ipmon
===================================================================
--- trunk/etc/rc.d/ipmon 2018-07-11 14:03:18 UTC (rev 11761)
+++ trunk/etc/rc.d/ipmon 2018-07-11 14:08:05 UTC (rev 11762)
@@ -23,7 +23,7 @@
if ! checkyesno ipfilter_enable && ! checkyesno ipnat_enable ; then
err 1 "${name} requires either ipfilter or ipnat enabled"
fi
- if ! sysctl net.inet.ipf.fr_pass >/dev/null 2>&1; then
+ if ! ${ipfilter_program:-/sbin/ipf} -V | grep -q 'Running: yes' >/dev/null 2>&1; then
err 1 "ipfilter module is not loaded"
fi
return 0
More information about the Midnightbsd-cvs
mailing list