src/libexec/rc/rc.d/ippool, branch main FreeBSD source tree rc.d/{ipfilter,ippool}: Fix typo in variable name 2025-12-09T20:33:26+00:00 Cy Schubert cy@FreeBSD.org 2025-12-09T20:32:24+00:00 f04b23ce3547c238dcd52d4fa1a7d401ad38d1b1 MFC after: 1 day 
MFC after:	1 day
ipfilter: Load optionlist prior to ippool invocation 2025-11-26T22:26:38+00:00 Cy Schubert cy@FreeBSD.org 2025-11-26T19:40:36+00:00 d5d005e9bf4933d5680dd0bb5d42bdf440122aa4 As a safety precaution df381bec2d2b limits ippool hash table size to 1K. This causes any legitimely large hash table to fail to load. The htable_size_max ipf tuneable adjusts this but the adjustment is made in the ipfilter rc script, invoked after the ippool script (because it depends on ippool). Let's load the ipfilter_optionlist in ippool as well. ipfilter_optionlist load will also occur in the ipfilter rc script in case the user uses ipfilter without ippool. Fixes: df381bec2d2b MFC after: 3 days 
As a safety precaution df381bec2d2b limits ippool hash table size to 1K.
This causes any legitimely large hash table to fail to load. The
htable_size_max ipf tuneable adjusts this but the adjustment is made
in the ipfilter rc script, invoked after the ippool script (because it
depends on ippool). Let's load the ipfilter_optionlist in ippool as well.
ipfilter_optionlist load will also occur in the ipfilter rc script in case
the user uses ipfilter without ippool.

Fixes:		df381bec2d2b
MFC after:	3 days
rc.d: add a service jails config to all base system services 2024-05-22T13:41:49+00:00 Alexander Leidinger netchild@FreeBSD.org 2024-05-22T13:31:47+00:00 f99f0ee14e3af81c23150a6a340259ca8a33d01a This gives more permissions to services (e.g. network access to services which require this) when they are started as an automatic service jail. The sshd patch is important for the sshd-related functionality as described in the man-page in the service jails part. The location of the added env vars is supposed to allow overriding them in rc.conf, and to hard-disable the use of svcj for some parts where it doesn't make sense or will not work. Only a subset of all of the services are fully tested (I'm running this since more than a year with various services started as service jails). The untested parts should be most of the time ok, in some edge-cases more permissions are needed inside the service jail. Differential Revision: https://reviews.freebsd.org/D40371 
This gives more permissions to services (e.g. network access to
services which require this) when they are started as an automatic
service jail.

The sshd patch is important for the sshd-related functionality as
described in the man-page in the service jails part.

The location of the added env vars is supposed to allow overriding them
in rc.conf, and to hard-disable the use of svcj for some parts where it
doesn't make sense or will not work.

Only a subset of all of the services are fully tested (I'm running this
since more than a year with various services started as service jails).
The untested parts should be most of the time ok, in some edge-cases
more permissions are needed inside the service jail.
Differential Revision:	https://reviews.freebsd.org/D40371
Remove $FreeBSD$: one-line sh pattern 2023-08-16T17:55:03+00:00 Warner Losh imp@FreeBSD.org 2023-08-16T17:55:03+00:00 d0b2dbfa0ecf2bbc9709efc5e20baf8e4b44bbbf Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/ 
Remove /^\s*#[#!]?\s*\$FreeBSD\$.*$\n/
Load ipfilter, ipnat, and ippool rules, and start ipmon in a vnet jail. 2020-07-23T17:39:45+00:00 Cy Schubert cy@FreeBSD.org 2020-07-23T17:39:45+00:00 795be686d8c4cbacd2c78a773b1bf2a98dfa61f3 PR: 248109 Reported by: joeb1@a1poweruser.com MFC after: 2 weeks 
PR:		248109
Reported by:	joeb1@a1poweruser.com
MFC after:	2 weeks
The check for $ippool_rules in start_cmd is tautological. 2019-03-23T04:32:10+00:00 Cy Schubert cy@FreeBSD.org 2019-03-23T04:32:10+00:00 817c58e3ac86ea98cb36257f8f6211e40e21aa64 Reported by: hrs@ MFC after: 13 days X-MFC with: r345400 
Reported by:	hrs@
MFC after:	13 days
X-MFC with:	r345400
Use internal command variables for consistent style. 2019-03-22T11:46:35+00:00 Cy Schubert cy@FreeBSD.org 2019-03-22T11:46:35+00:00 299173580f30b6fd28260bd4fd4b071f4809e2e7 Reported by: rgrimes@ MFC after: 13 days X-MFC with: r345400 
Reported by:	rgrimes@
MFC after:	13 days
X-MFC with:	r345400
Add rc.d support for ippool(8). 2019-03-22T01:30:51+00:00 Cy Schubert cy@FreeBSD.org 2019-03-22T01:30:51+00:00 d8f937104405eddc49dc5028846585bc340d1bbd I've been using ippool at my site for approximately two years. It's about time this was committed. PR: 218433 MFC after: 2 weeks 
I've been using ippool at my site for approximately two years. It's
about time this was committed.

PR:		218433
MFC after:	2 weeks