From: ajacoutot Date: Sat, 2 May 2015 09:35:44 +0000 (+0000) Subject: Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=3544dba08d2e0f0cbacea088c90af8ec0ec03139;p=openbsd Drop pf_rules and ipsec_rules from rc.conf(5); it shouldn't have been made tweakable: there's no real point and these files support the 'include' option so one can always get its config from whatever path... especially useful when testing a new ruleset. man page inputs from schwarze@ ok halex@ schwarze@ rpe@ deraadt@ --- diff --git a/etc/rc b/etc/rc index cffb719d9e5..fe870797e13 100644 --- a/etc/rc +++ b/etc/rc @@ -1,4 +1,4 @@ -# $OpenBSD: rc,v 1.448 2015/03/11 14:48:58 krw Exp $ +# $OpenBSD: rc,v 1.449 2015/05/02 09:35:44 ajacoutot Exp $ # System startup script run by init on autoboot # or after single-user. @@ -362,8 +362,8 @@ sh /etc/netstart dmesg > /dev/random # any write triggers a rekey if [ X"${pf}" != X"NO" ]; then - if [ -f ${pf_rules} ]; then - pfctl -f ${pf_rules} + if [ -f /etc/pf.conf ]; then + pfctl -f /etc/pf.conf fi # bring up pfsync after the working ruleset has been loaded if [ -f /etc/hostname.pfsync0 ]; then @@ -392,8 +392,8 @@ start_daemon iscsid isakmpd iked sasyncd ldapd npppd echo '.' if [ X"${ipsec}" != X"NO" ]; then - if [ -f ${ipsec_rules} ]; then - ipsecctl -f ${ipsec_rules} + if [ -f /etc/ipsec.conf ]; then + ipsecctl -f /etc/ipsec.conf fi fi diff --git a/etc/rc.conf b/etc/rc.conf index cc0d6162279..b52590ed8aa 100644 --- a/etc/rc.conf +++ b/etc/rc.conf @@ -1,4 +1,4 @@ -# $OpenBSD: rc.conf,v 1.200 2014/12/03 20:13:49 florian Exp $ +# $OpenBSD: rc.conf,v 1.201 2015/05/02 09:35:44 ajacoutot Exp $ # DO NOT EDIT THIS FILE!! # @@ -101,8 +101,6 @@ lockd_flags=NO # for normal use: "" statd_flags=NO # for normal use: "" amd_master=/etc/amd/master # AMD 'master' map syslogd_flags= # add more flags, e.g. "-u -a /chroot/dev/log" -pf_rules=/etc/pf.conf # Packet filter rules file -ipsec_rules=/etc/ipsec.conf # IPsec rules file pflogd_flags= # add more flags, e.g. "-s 256" shlib_dirs= # extra directories for ldconfig, separated # by space diff --git a/share/man/man8/rc.conf.8 b/share/man/man8/rc.conf.8 index a32d886cdf7..c5542a170c2 100644 --- a/share/man/man8/rc.conf.8 +++ b/share/man/man8/rc.conf.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rc.conf.8,v 1.24 2015/04/04 09:32:21 ajacoutot Exp $ +.\" $OpenBSD: rc.conf.8,v 1.25 2015/05/02 09:35:44 ajacoutot Exp $ .\" .\" Copyright (c) 1997 Ian F. Darwin .\" Copyright (c) 2014 Ingo Schwarze @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd $Mdocdate: April 4 2015 $ +.Dd $Mdocdate: May 2 2015 $ .Dt RC.CONF 8 .Os .Sh NAME @@ -137,15 +137,14 @@ rc calls: .It Cm ipsec rc calls: .Xr ipsecctl 8 -.Fl f Pf $ Brq Ar ipsec_rules +.Fl f Pa /etc/ipsec.conf .It Cm multicast_host , multicast_router See .Xr netstart 8 . .It Cm pf rc calls: .Xr pfctl 8 -.Fl ef -.Pf $ Brq Ar pf_rules +.Fl ef Pa /etc/pf.conf .It Cm spamd_black The script .Pa /etc/rc.d/spamd @@ -161,7 +160,7 @@ and configuration variables mostly determine the locations of specific configuration files. The boot scripts use them as follows: -.Bl -tag -width ipsec_rules +.Bl -tag -width amd_master .It Cm amd_master The .Xr amd 8 @@ -169,28 +168,6 @@ master map file. The script .Pa /etc/rc.d/amd appends its content to the command line when starting the auto mounter daemon. -.It Cm pf_rules -The -.Xr pf 4 -packet filter rule file. -If the -.Cm pf -service is enabled, -rc calls: -.Xr pfctl 8 -.Fl ef -.Pf $ Brq Ar pf_rules -.It Cm ipsec_rules -The -.Xr ipsec 4 -configuration file. -If the -.Cm ipsec -service is enabled, -rc calls: -.Xr ipsecctl 8 -.Fl f -.Pf $ Brq Ar ipsec_rules .It Cm shlib_dirs Extra shared library search path entries. rc calls: @@ -233,11 +210,11 @@ argument at shutdown: pkg_scripts=messagebus cupsd .Ed .Pp -The default location of the ruleset for -.Xr pf 4 -is: +The default location of the +.Xr amd 8 +master map file is: .Bd -literal -offset indent -pf_rules=/etc/pf.conf # Packet filter rules file +amd_master=/etc/amd/master # AMD 'master' map .Ed .Sh SEE ALSO .Xr init 8 ,