head 1.5; access; symbols netbsd-11-0-RC4:1.5 netbsd-11-0-RC3:1.5 netbsd-11-0-RC2:1.5 netbsd-11-0-RC1:1.5 perseant-exfatfs-base-20250801:1.5 netbsd-11:1.5.0.98 netbsd-11-base:1.5 netbsd-10-1-RELEASE:1.5 perseant-exfatfs-base-20240630:1.5 perseant-exfatfs:1.5.0.96 perseant-exfatfs-base:1.5 netbsd-8-3-RELEASE:1.5 netbsd-9-4-RELEASE:1.5 netbsd-10-0-RELEASE:1.5 netbsd-10-0-RC6:1.5 netbsd-10-0-RC5:1.5 netbsd-10-0-RC4:1.5 netbsd-10-0-RC3:1.5 netbsd-10-0-RC2:1.5 netbsd-10-0-RC1:1.5 netbsd-10:1.5.0.94 netbsd-10-base:1.5 netbsd-9-3-RELEASE:1.5 cjep_sun2x-base1:1.5 cjep_sun2x:1.5.0.92 cjep_sun2x-base:1.5 cjep_staticlib_x-base1:1.5 netbsd-9-2-RELEASE:1.5 cjep_staticlib_x:1.5.0.90 cjep_staticlib_x-base:1.5 netbsd-9-1-RELEASE:1.5 phil-wifi-20200421:1.5 phil-wifi-20200411:1.5 is-mlppp:1.5.0.88 is-mlppp-base:1.5 phil-wifi-20200406:1.5 netbsd-8-2-RELEASE:1.5 netbsd-9-0-RELEASE:1.5 netbsd-9-0-RC2:1.5 netbsd-9-0-RC1:1.5 phil-wifi-20191119:1.5 netbsd-9:1.5.0.86 netbsd-9-base:1.5 phil-wifi-20190609:1.5 netbsd-8-1-RELEASE:1.5 netbsd-8-1-RC1:1.5 pgoyette-compat-merge-20190127:1.5 pgoyette-compat-20190127:1.5 pgoyette-compat-20190118:1.5 pgoyette-compat-1226:1.5 pgoyette-compat-1126:1.5 pgoyette-compat-1020:1.5 pgoyette-compat-0930:1.5 pgoyette-compat-0906:1.5 netbsd-7-2-RELEASE:1.5 pgoyette-compat-0728:1.5 netbsd-8-0-RELEASE:1.5 phil-wifi:1.5.0.84 phil-wifi-base:1.5 pgoyette-compat-0625:1.5 netbsd-8-0-RC2:1.5 pgoyette-compat-0521:1.5 pgoyette-compat-0502:1.5 pgoyette-compat-0422:1.5 netbsd-8-0-RC1:1.5 pgoyette-compat-0415:1.5 pgoyette-compat-0407:1.5 pgoyette-compat-0330:1.5 pgoyette-compat-0322:1.5 pgoyette-compat-0315:1.5 netbsd-7-1-2-RELEASE:1.5 pgoyette-compat:1.5.0.82 pgoyette-compat-base:1.5 netbsd-7-1-1-RELEASE:1.5 matt-nb8-mediatek:1.5.0.80 matt-nb8-mediatek-base:1.5 perseant-stdc-iso10646:1.5.0.78 perseant-stdc-iso10646-base:1.5 netbsd-8:1.5.0.76 netbsd-8-base:1.5 prg-localcount2-base3:1.5 prg-localcount2-base2:1.5 prg-localcount2-base1:1.5 prg-localcount2:1.5.0.74 prg-localcount2-base:1.5 pgoyette-localcount-20170426:1.5 bouyer-socketcan-base1:1.5 pgoyette-localcount-20170320:1.5 netbsd-7-1:1.5.0.72 netbsd-7-1-RELEASE:1.5 netbsd-7-1-RC2:1.5 netbsd-7-nhusb-base-20170116:1.5 bouyer-socketcan:1.5.0.70 bouyer-socketcan-base:1.5 pgoyette-localcount-20170107:1.5 netbsd-7-1-RC1:1.5 pgoyette-localcount-20161104:1.5 netbsd-7-0-2-RELEASE:1.5 localcount-20160914:1.5 netbsd-7-nhusb:1.5.0.68 netbsd-7-nhusb-base:1.5 pgoyette-localcount-20160806:1.5 pgoyette-localcount-20160726:1.5 pgoyette-localcount:1.5.0.66 pgoyette-localcount-base:1.5 netbsd-7-0-1-RELEASE:1.5 netbsd-7-0:1.5.0.64 netbsd-7-0-RELEASE:1.5 netbsd-7-0-RC3:1.5 netbsd-7-0-RC2:1.5 netbsd-7-0-RC1:1.5 netbsd-5-2-3-RELEASE:1.5 netbsd-5-1-5-RELEASE:1.5 netbsd-6-0-6-RELEASE:1.5 netbsd-6-1-5-RELEASE:1.5 netbsd-7:1.5.0.62 netbsd-7-base:1.5 yamt-pagecache-base9:1.5 yamt-pagecache-tag8:1.5 netbsd-6-1-4-RELEASE:1.5 netbsd-6-0-5-RELEASE:1.5 tls-earlyentropy:1.5.0.60 tls-earlyentropy-base:1.5 riastradh-xf86-video-intel-2-7-1-pre-2-21-15:1.5 riastradh-drm2-base3:1.5 netbsd-6-1-3-RELEASE:1.5 netbsd-6-0-4-RELEASE:1.5 netbsd-5-2-2-RELEASE:1.5 netbsd-5-1-4-RELEASE:1.5 netbsd-6-1-2-RELEASE:1.5 netbsd-6-0-3-RELEASE:1.5 netbsd-5-2-1-RELEASE:1.5 netbsd-5-1-3-RELEASE:1.5 netbsd-6-1-1-RELEASE:1.5 riastradh-drm2-base2:1.5 riastradh-drm2-base1:1.5 riastradh-drm2:1.5.0.54 riastradh-drm2-base:1.5 netbsd-6-1:1.5.0.58 netbsd-6-0-2-RELEASE:1.5 netbsd-6-1-RELEASE:1.5 netbsd-6-1-RC4:1.5 netbsd-6-1-RC3:1.5 agc-symver:1.5.0.56 agc-symver-base:1.5 netbsd-6-1-RC2:1.5 netbsd-6-1-RC1:1.5 yamt-pagecache-base8:1.5 netbsd-5-2:1.5.0.52 netbsd-6-0-1-RELEASE:1.5 yamt-pagecache-base7:1.5 netbsd-5-2-RELEASE:1.5 netbsd-5-2-RC1:1.5 matt-nb6-plus-nbase:1.5 yamt-pagecache-base6:1.5 netbsd-6-0:1.5.0.50 netbsd-6-0-RELEASE:1.5 netbsd-6-0-RC2:1.5 tls-maxphys:1.5.0.48 tls-maxphys-base:1.5 matt-nb6-plus:1.5.0.46 matt-nb6-plus-base:1.5 netbsd-6-0-RC1:1.5 yamt-pagecache-base5:1.5 yamt-pagecache-base4:1.5 netbsd-6:1.5.0.44 netbsd-6-base:1.5 netbsd-5-1-2-RELEASE:1.5 netbsd-5-1-1-RELEASE:1.5 yamt-pagecache-base3:1.5 yamt-pagecache-base2:1.5 yamt-pagecache:1.5.0.42 yamt-pagecache-base:1.5 cherry-xenmp:1.5.0.40 cherry-xenmp-base:1.5 bouyer-quota2-nbase:1.5 bouyer-quota2:1.5.0.38 bouyer-quota2-base:1.5 matt-mips64-premerge-20101231:1.5 matt-nb5-mips64-premerge-20101231:1.5 matt-nb5-pq3:1.5.0.36 matt-nb5-pq3-base:1.5 netbsd-5-1:1.5.0.34 netbsd-5-1-RELEASE:1.5 netbsd-5-1-RC4:1.5 matt-nb5-mips64-k15:1.5 netbsd-5-1-RC3:1.5 netbsd-5-1-RC2:1.5 netbsd-5-1-RC1:1.5 netbsd-5-0-2-RELEASE:1.5 matt-nb5-mips64-premerge-20091211:1.5 matt-premerge-20091211:1.5 matt-nb5-mips64-u2-k2-k4-k7-k8-k9:1.5 matt-nb4-mips64-k7-u2a-k9b:1.5 matt-nb5-mips64-u1-k1-k5:1.5 matt-nb5-mips64:1.5.0.32 netbsd-5-0-1-RELEASE:1.5 jym-xensuspend-nbase:1.5 netbsd-5-0:1.5.0.30 netbsd-5-0-RELEASE:1.5 netbsd-5-0-RC4:1.5 netbsd-5-0-RC3:1.5 netbsd-5-0-RC2:1.5 jym-xensuspend:1.5.0.28 jym-xensuspend-base:1.5 netbsd-5-0-RC1:1.5 netbsd-5:1.5.0.26 netbsd-5-base:1.5 matt-mips64-base2:1.5 matt-mips64:1.5.0.24 mjf-devfs2:1.5.0.22 mjf-devfs2-base:1.5 netbsd-4-0-1-RELEASE:1.5 wrstuden-revivesa-base-3:1.5 wrstuden-revivesa-base-2:1.5 wrstuden-fixsa-newbase:1.5 wrstuden-revivesa-base-1:1.5 yamt-pf42-base4:1.5 yamt-pf42-base3:1.5 hpcarm-cleanup-nbase:1.5 yamt-pf42-baseX:1.5 yamt-pf42-base2:1.5 wrstuden-revivesa:1.5.0.20 wrstuden-revivesa-base:1.5 yamt-pf42:1.5.0.18 yamt-pf42-base:1.5 keiichi-mipv6-nbase:1.5 keiichi-mipv6:1.5.0.16 keiichi-mipv6-base:1.5 matt-armv6-nbase:1.5 matt-armv6-prevmlocking:1.5 wrstuden-fixsa-base-1:1.5 netbsd-4-0:1.5.0.14 netbsd-4-0-RELEASE:1.5 cube-autoconf:1.5.0.12 cube-autoconf-base:1.5 netbsd-4-0-RC5:1.5 netbsd-4-0-RC4:1.5 netbsd-4-0-RC3:1.5 netbsd-4-0-RC2:1.5 netbsd-4-0-RC1:1.5 matt-armv6:1.5.0.10 matt-armv6-base:1.5 matt-mips64-base:1.5 hpcarm-cleanup:1.5.0.8 hpcarm-cleanup-base:1.5 netbsd-3-1-1-RELEASE:1.1.2.4 netbsd-3-0-3-RELEASE:1.1.2.4 wrstuden-fixsa:1.5.0.6 wrstuden-fixsa-base:1.5 abandoned-netbsd-4-base:1.5 abandoned-netbsd-4:1.5.0.2 netbsd-3-1:1.1.2.4.0.4 netbsd-3-1-RELEASE:1.1.2.4 netbsd-3-0-2-RELEASE:1.1.2.4 netbsd-3-1-RC4:1.1.2.4 netbsd-3-1-RC3:1.1.2.4 netbsd-3-1-RC2:1.1.2.4 netbsd-3-1-RC1:1.1.2.4 netbsd-4:1.5.0.4 netbsd-4-base:1.5 netbsd-3-0-1-RELEASE:1.1.2.4 netbsd-3-0:1.1.2.4.0.2 netbsd-3-0-RELEASE:1.1.2.4 netbsd-3-0-RC6:1.1.2.4 netbsd-3-0-RC5:1.1.2.4 netbsd-3-0-RC4:1.1.2.4 netbsd-3-0-RC3:1.1.2.4 netbsd-3-0-RC2:1.1.2.4 netbsd-3-0-RC1:1.1.2.4 netbsd-3:1.1.0.2 netbsd-3-base:1.1; locks; strict; comment @# @; 1.5 date 2005.08.23.12.12.56; author peter; state Exp; branches; next 1.4; 1.4 date 2005.06.27.20.32.40; author peter; state Exp; branches; next 1.3; 1.3 date 2005.04.19.08.42.54; author tron; state Exp; branches; next 1.2; 1.2 date 2005.04.12.14.39.39; author jwise; state Exp; branches; next 1.1; 1.1 date 2004.11.14.11.26.48; author yamt; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2005.04.13.16.26.37; author tron; state Exp; branches; next 1.1.2.2; 1.1.2.2 date 2005.05.07.14.52.32; author riz; state Exp; branches; next 1.1.2.3; 1.1.2.3 date 2005.07.02.23.37.32; author tron; state Exp; branches; next 1.1.2.4; 1.1.2.4 date 2005.09.02.12.29.36; author tron; state Exp; branches; next ; desc @@ 1.5 log @pf needs to be started after the network is up, because some pf rules derive IP address(es) from the interface (e.g "... from any to fxp0"). This however, creates window for possible attacks from the network. Implement the solution proposed by YAMAMOTO Takashi: Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot script before starting the network. People who don't like the default rules can override it with their own /etc/pf.boot.conf. The default rules have been obtained from OpenBSD. No objections on: tech-security @ text @# $NetBSD: Makefile,v 1.4 2005/06/27 20:32:40 peter Exp $ .include .PATH: ${NETBSDSRCDIR}/dist/pf/share/man/man5 MAN+= pf.boot.conf.5 MAN+= pf.conf.5 MAN+= pf.os.5 .include @ 1.4 log @Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it appeared and whether it's really part of pf or not is still unclear. Looking at the other *BSDs it seems that they have left out spamd when importing pf, and now we do that too. Also, the name conflicted with another more popular used tool, after the rename to pfspamd it was left with completely unusable documentation which apparently no-one wanted to fix. A port of the latest spamd will be imported into pkgsrc soon. Suggested by several people, no objections on last proposal on tech-userlevel. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.3 2005/04/19 08:42:54 tron Exp $ d7 1 @ 1.3 log @Remove copy of manual page created during build. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.2 2005/04/12 14:39:39 jwise Exp $ a8 6 MAN+= pfspamd.conf.5 pfspamd.conf.5: spamd.conf.5 cp $> $@@ CLEANFILES+= pfspamd.conf.5 @ 1.2 log @spamd.conf is now pfspamd.conf. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1 2004/11/14 11:26:48 yamt Exp $ d14 2 @ 1.1 log @merge after importing pf from openbsd 3.6. (userland part) some files were imported to the different places from the previous version. v3_5: etc/pf.conf etc/pf.os etc/spamd.conf share/man/man4/pf.4 share/man/man4/pflog.4 share/man/man5/pf.conf.5 share/man/man5/pf.os.5 share/man/man5/spamd.conf.5 v3_6: dist/pf/etc/pf.conf dist/pf/etc/pf.os dist/pf/etc/spamd.conf dist/pf/share/man/man4/pf.4 dist/pf/share/man/man4/pflog.4 dist/pf/share/man/man5/pf.conf.5 dist/pf/share/man/man5/pf.os.5 dist/pf/share/man/man5/spamd.conf.5 @ text @d1 1 a1 1 # $NetBSD$ d9 4 a12 1 MAN+= spamd.conf.5 @ 1.1.2.1 log @Pull up revision 1.2 (requested by jwise in ticket #138): spamd.conf is now pfspamd.conf. @ text @d9 1 a9 4 MAN+= pfspamd.conf.5 pfspamd.conf.5: spamd.conf.5 cp $> $@@ @ 1.1.2.2 log @Pull up revision 1.3 (requested by tron in ticket #148): Remove copy of manual page created during build. @ text @d1 1 a1 1 # $NetBSD: Makefile,v 1.1.2.1 2005/04/13 16:26:37 tron Exp $ a13 2 CLEANFILES+= pfspamd.conf.5 @ 1.1.2.3 log @Pull up revision 1.4 (requested by peter in ticket #518): Remove (pf)spamd. Its right to exist in NetBSD has been questioned since it appeared and whether it's really part of pf or not is still unclear. Looking at the other *BSDs it seems that they have left out spamd when importing pf, and now we do that too. Also, the name conflicted with another more popular used tool, after the rename to pfspamd it was left with completely unusable documentation which apparently no-one wanted to fix. A port of the latest spamd will be imported into pkgsrc soon. Suggested by several people, no objections on last proposal on tech-userlevel. @ text @d1 1 a1 1 # $NetBSD$ d9 6 @ 1.1.2.4 log @Pull up following revision(s) (requested by peter in ticket #717): usr.sbin/pf/man/man5/pf.boot.conf.5: revision 1.1 usr.sbin/postinstall/postinstall: revision 1.4 etc/rc.d/pf: revision 1.6 etc/rc.d/pf_boot: revision 1.1 usr.sbin/pf/etc/defaults/pf.boot.conf: revision 1.1 usr.sbin/pf/Makefile: revision 1.7 etc/rc.d/Makefile: revision 1.52 etc/mtree/special: revision 1.89 usr.sbin/pf/man/man5/Makefile: revision 1.5 usr.sbin/pf/etc/defaults/Makefile: revision 1.1 pf needs to be started after the network is up, because some pf rules derive IP address(es) from the interface (e.g "... from any to fxp0"). This however, creates window for possible attacks from the network. Implement the solution proposed by YAMAMOTO Takashi: Add /etc/defaults/pf.boot.conf and load it with the /etc/rc.d/pf_boot script before starting the network. People who don't like the default rules can override it with their own /etc/pf.boot.conf. The default rules have been obtained from OpenBSD. No objections on: tech-security @ text @a6 1 MAN+= pf.boot.conf.5 @