View | Details | Raw Unified | Return to bug 254153
Collapse All | Expand All

(-)b/documentation/content/en/books/handbook/advanced-networking/_index.adoc (-13 / +11 lines)
Lines 378-392 For users who do not want to use modules, it is possible to compile these driver Link Here
378
378
379
[.programlisting]
379
[.programlisting]
380
....
380
....
381
device wlan              # 802.11 support
381
device wlan                 # 802.11 support
382
device wlan_wep          # 802.11 WEP support
382
device wlan_wep             # 802.11 WEP support
383
device wlan_ccmp         # 802.11 CCMP support
383
device wlan_ccmp            # 802.11 CCMP support
384
device wlan_tkip         # 802.11 TKIP support
384
device wlan_tkip            # 802.11 TKIP support
385
device wlan_amrr         # AMRR transmit rate control algorithm
385
device wlan_amrr            # AMRR transmit rate control algorithm
386
device ath               # Atheros pci/cardbus NIC's
386
device ath                  # Atheros pci/cardbus NIC's
387
device ath_hal           # pci/cardbus chip support
387
device ath_hal              # pci/cardbus chip support
388
options AH_SUPPORT_AR5416 # enable AR5416 tx/rx descriptors
388
options AH_SUPPORT_AR5416   # enable AR5416 tx/rx descriptors
389
device ath_rate_sample   # SampleRate tx rate control for ath
389
device ath_rate_sample      # SampleRate tx rate control for ath
390
....
390
....
391
391
392
With this information in the kernel configuration file, recompile the kernel and reboot the FreeBSD machine.
392
With this information in the kernel configuration file, recompile the kernel and reboot the FreeBSD machine.
Lines 423-430 To persist the settings, add it to [.filename]#/etc/rc.conf#: Link Here
423
423
424
Infrastructure (BSS) mode is the mode that is typically used. In this mode, a number of wireless access points are connected to a wired network. Each wireless network has its own name, called the SSID. Wireless clients connect to the wireless access points.
424
Infrastructure (BSS) mode is the mode that is typically used. In this mode, a number of wireless access points are connected to a wired network. Each wireless network has its own name, called the SSID. Wireless clients connect to the wireless access points.
425
425
426
==== FreeBSD Clients
427
428
===== How to Find Access Points
426
===== How to Find Access Points
429
427
430
To scan for available networks, use man:ifconfig[8]. This request may take a few moments to complete as it requires the system to switch to each available wireless frequency and probe for available access points. Only the superuser can initiate a scan:
428
To scan for available networks, use man:ifconfig[8]. This request may take a few moments to complete as it requires the system to switch to each available wireless frequency and probe for available access points. Only the superuser can initiate a scan:
Lines 1232-1238 Debugging support is provided by man:wpa_supplicant[8]. Try running this utility Link Here
1232
  net.wlan.0.debug: 0 => 0xc80000<assoc,auth,scan>
1230
  net.wlan.0.debug: 0 => 0xc80000<assoc,auth,scan>
1233
....
1231
....
1234
+ 
1232
+ 
1235
Many useful statistics are maintained by the 802.11 layer and `wlanstats`, found in [.filename]#/usr/src/tools/tools/net80211#, will dump this information. These statistics should display all errors identified by the 802.11 layer. However, some errors are identified in the device drivers that lie below the 802.11 layer so they may not show up. To diagnose device-specific problems, refer to the drivers' documentation.
1233
Many useful statistics are maintained by the 802.11 layer and `wlanstats`, found in [.filename]#/usr/src/tools/tools/net80211#, will dump this information. These statistics should display all errors identified by the 802.11 layer. However, some errors are identified in the device drivers that lie below the 802.11 layer so they may not show up. To diagnose device-specific problems, refer to the driver documentation.
1236
1234
1237
If the above information does not help to clarify the problem, submit a problem report and include output from the above tools.
1235
If the above information does not help to clarify the problem, submit a problem report and include output from the above tools.
1238
1236
Lines 1653-1659 A bridge can be used when firewall functionality is needed without routing or Ne Link Here
1653
An example is a small company that is connected via DSL or ISDN to an ISP. There are thirteen public IP addresses from the ISP and ten computers on the network. In this situation, using a router-based firewall is difficult because of subnetting issues. A bridge-based firewall can be configured without any IP addressing issues.
1651
An example is a small company that is connected via DSL or ISDN to an ISP. There are thirteen public IP addresses from the ISP and ten computers on the network. In this situation, using a router-based firewall is difficult because of subnetting issues. A bridge-based firewall can be configured without any IP addressing issues.
1654
1652
1655
Network Tap::
1653
Network Tap::
1656
A bridge can join two network segments in order to inspect all Ethernet frames that pass between them using man:bpf[4] and man:tcpdump[1] on the bridge interface or by sending a copy of all frames out an additional interface known as a span port.
1654
A bridge can join two network segments in order to inspect all Ethernet frames that pass between them using man:bpf[4] and man:tcpdump[1] on the bridge interface, or by sending a copy of all frames out on an additional interface known as a span port.
1657
1655
1658
Layer 2 VPN::
1656
Layer 2 VPN::
1659
Two Ethernet networks can be joined across an IP link by bridging the networks to an EtherIP tunnel or a man:tap[4] based solution such as OpenVPN.
1657
Two Ethernet networks can be joined across an IP link by bridging the networks to an EtherIP tunnel or a man:tap[4] based solution such as OpenVPN.
(-)b/documentation/content/en/books/handbook/bibliography/_index.adoc (-3 / +3 lines)
Lines 52-61 International books: Link Here
52
52
53
English language books:
53
English language books:
54
54
55
* http://www.absoluteFreeBSD.com/[Absolute FreeBSD, 2nd Edition: The Complete Guide to FreeBSD], published by http://www.nostarch.com/[No Starch Press], 2007. ISBN: 978-1-59327-151-0
55
* Absolute FreeBSD: The Complete Guide To FreeBSD, Third Edition, published by http://www.nostarch.com/[No Starch Press], 2018. ISBN: 9781593278922
56
* http://www.freebsdmall.com/cgi-bin/fm/bsdcomp[The Complete FreeBSD], published by http://www.oreilly.com/[O'Reilly], 2003. ISBN: 0596005164
56
* The Complete FreeBSD, published by http://www.oreilly.com/[O'Reilly], 2003. ISBN: 0596005164
57
* http://www.freebsd-corp-net-guide.com/[The FreeBSD Corporate Networker's Guide], published by http://www.awl.com/aw/[Addison-Wesley], 2000. ISBN: 0201704811
57
* http://www.freebsd-corp-net-guide.com/[The FreeBSD Corporate Networker's Guide], published by http://www.awl.com/aw/[Addison-Wesley], 2000. ISBN: 0201704811
58
* http://andrsn.stanford.edu/FreeBSD/introbook/[FreeBSD: An Open-Source Operating System for Your Personal Computer], published by The Bit Tree Press, 2001. ISBN: 0971204500
58
* FreeBSD: An Open-Source Operating System for Your Personal Computer, published by The Bit Tree Press, 2001. ISBN: 0971204500
59
* Teach Yourself FreeBSD in 24 Hours, published by http://www.samspublishing.com/[Sams], 2002. ISBN: 0672324245
59
* Teach Yourself FreeBSD in 24 Hours, published by http://www.samspublishing.com/[Sams], 2002. ISBN: 0672324245
60
* FreeBSD 6 Unleashed, published by http://www.samspublishing.com/[Sams], 2006. ISBN: 0672328755
60
* FreeBSD 6 Unleashed, published by http://www.samspublishing.com/[Sams], 2006. ISBN: 0672328755
61
* FreeBSD: The Complete Reference, published by http://books.mcgraw-hill.com[McGrawHill], 2003. ISBN: 0072224096
61
* FreeBSD: The Complete Reference, published by http://books.mcgraw-hill.com[McGrawHill], 2003. ISBN: 0072224096
(-)b/documentation/content/en/books/handbook/firewalls/_index.adoc (-7 / +12 lines)
Lines 407-413 Configuring working FTP rules can be problematic due to the nature of the FTP pr Link Here
407
* The protocol demands the use of at least two TCP connections (control and data) on separate ports.
407
* The protocol demands the use of at least two TCP connections (control and data) on separate ports.
408
* When a session is established, data is communicated using randomly selected ports.
408
* When a session is established, data is communicated using randomly selected ports.
409
409
410
All of these points present security challenges, even before considering any potential security weaknesses in client or server software. More secure alternatives for file transfer exist, such as man:sftp[1] or man:scp[1], which both feature authentication and data transfer over encrypted connections..
410
All of these points present security challenges, even before considering any potential security weaknesses in client or server software. More secure alternatives for file transfer exist, such as man:sftp[1] or man:scp[1], which both feature authentication and data transfer over encrypted connections.
411
411
412
For those situations when FTP is required, PF provides redirection of FTP traffic to a small proxy program called man:ftp-proxy[8], which is included in the base system of FreeBSD. The role of the proxy is to dynamically insert and delete rules in the ruleset, using a set of anchors, to correctly handle FTP traffic.
412
For those situations when FTP is required, PF provides redirection of FTP traffic to a small proxy program called man:ftp-proxy[8], which is included in the base system of FreeBSD. The role of the proxy is to dynamically insert and delete rules in the ruleset, using a set of anchors, to correctly handle FTP traffic.
413
413
Lines 418-424 To enable the FTP proxy, add this line to [.filename]#/etc/rc.conf#: Link Here
418
ftpproxy_enable="YES"
418
ftpproxy_enable="YES"
419
....
419
....
420
420
421
Then start the proxy by running `service ftp-proxy start`.
421
Then start the proxy by running:
422
423
[source,bash]
424
....
425
# service ftp-proxy start
426
....
422
427
423
For a basic configuration, three elements need to be added to [.filename]#/etc/pf.conf#. First, the anchors which the proxy will use to insert the rules it generates for the FTP sessions:
428
For a basic configuration, three elements need to be added to [.filename]#/etc/pf.conf#. First, the anchors which the proxy will use to insert the rules it generates for the FTP sessions:
424
429
Lines 1223-1229 With in-kernel NAT it is necessary to disable TCP segmentation offloading (TSO) Link Here
1223
net.inet.tcp.tso="0"
1228
net.inet.tcp.tso="0"
1224
....
1229
....
1225
1230
1226
A NAT instance will also be configured. It is possible to have multiple NAT instances each with their own configuration. For this example only one NAT instance is needed, NAT instance number 1. The configuration can take a few options such as: `if` which indicates the public interface, `same_ports` which takes care that alliased ports and local port numbers are mapped the same, `unreg_only` will result in only unregistered (private) address spaces to be processed by the NAT instance, and `reset` which will help to keep a functioning NAT instance even when the public IP address of the IPFW machine changes. For all possible options that can be passed to a single NAT instance configuration consult man:ipfw[8]. When configuring a stateful NATing firewall, it is necessary to allow translated packets to be reinjected in the firewall for further processing. This can be achieved by disabling `one_pass` behavior at the start of the firewall script.
1231
A NAT instance will also be configured. It is possible to have multiple NAT instances each with their own configuration. For this example only one NAT instance is needed, NAT instance number 1. The configuration can take a few options such as: `if` which indicates the public interface, `same_ports` which takes care that aliased ports and local port numbers are mapped the same, `unreg_only` will result in only unregistered (private) address spaces to be processed by the NAT instance, and `reset` which will help to keep a functioning NAT instance even when the public IP address of the IPFW machine changes. For all possible options that can be passed to a single NAT instance configuration consult man:ipfw[8]. When configuring a stateful NATing firewall, it is necessary to allow translated packets to be reinjected in the firewall for further processing. This can be achieved by disabling `one_pass` behavior at the start of the firewall script.
1227
1232
1228
[.programlisting]
1233
[.programlisting]
1229
....
1234
....
Lines 1727-1736 This set of rules defines the outbound section of the public interface named [.f Link Here
1727
# firewall, destined for the Internet.
1732
# firewall, destined for the Internet.
1728
1733
1729
# Allow outbound access to public DNS servers.
1734
# Allow outbound access to public DNS servers.
1730
# Replace x.x.x. with address listed in /etc/resolv.conf.
1735
# Replace x.x.x.x with address listed in /etc/resolv.conf.
1731
# Repeat for each DNS server.
1736
# Repeat for each DNS server.
1732
pass out quick on dc0 proto tcp from any to x.x.x. port = 53 flags S keep state
1737
pass out quick on dc0 proto tcp from any to x.x.x.x port = 53 flags S keep state
1733
pass out quick on dc0 proto udp from any to xxx port = 53 keep state
1738
pass out quick on dc0 proto udp from any to x.x.x.x port = 53 keep state
1734
1739
1735
# Allow access to ISP's specified DHCP server for cable or DSL networks.
1740
# Allow access to ISP's specified DHCP server for cable or DSL networks.
1736
# Use the first rule, then check log for the IP address of DHCP server.
1741
# Use the first rule, then check log for the IP address of DHCP server.
Lines 2222-2225 After identifying the address to be unblocked from the list, the following comma Link Here
2222
# pfctl -a blacklistd/22 -t port22 -T delete 213.0.123.128/25
2227
# pfctl -a blacklistd/22 -t port22 -T delete 213.0.123.128/25
2223
....
2228
....
2224
2229
2225
The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF. The entry in blacklistd's database will eventually expire and be removed from its output eventually. The entry will be added again if the host is matching one of the block rules in blacklistd again.
2230
The address is now removed from PF, but will still show up in the blacklistctl list, since it does not know about any changes made in PF. The entry in blacklistd's database will eventually expire and be removed from its output. The entry will be added again if the host is matching one of the block rules in blacklistd again.
(-)b/documentation/content/en/books/handbook/geom/_index.adoc (-1 / +1 lines)
Lines 553-559 Manual root filesystem specification: Link Here
553
      Mount <device> using filesystem <fstype>
553
      Mount <device> using filesystem <fstype>
554
      and with the specified (optional) option list.
554
      and with the specified (optional) option list.
555
555
556
    eg. ufs:/dev/da0s1a
556
    e.g. ufs:/dev/da0s1a
557
        zfs:tank
557
        zfs:tank
558
        cd9660:/dev/acd0 ro
558
        cd9660:/dev/acd0 ro
559
          (which is equivalent to: mount -t cd9660 -o ro /dev/acd0 /)
559
          (which is equivalent to: mount -t cd9660 -o ro /dev/acd0 /)
(-)b/documentation/content/en/books/handbook/mail/_index.adoc (-1 / +1 lines)
Lines 468-474 Alternate MX sites should have separate Internet connections in order to be most Link Here
468
[[mail-domain]]
468
[[mail-domain]]
469
=== Mail for a Domain
469
=== Mail for a Domain
470
470
471
When configuring a MTA for a network, any mail sent to hosts in its domain should be diverted to the MTA so that users can receive their mail on the master mail server.
471
When configuring an MTA for a network, any mail sent to hosts in its domain should be diverted to the MTA so that users can receive their mail on the master mail server.
472
472
473
To make life easiest, a user account with the same _username_ should exist on both the MTA and the system with the MUA. Use man:adduser[8] to create the user accounts.
473
To make life easiest, a user account with the same _username_ should exist on both the MTA and the system with the MUA. Use man:adduser[8] to create the user accounts.
474
474
(-)b/documentation/content/en/books/handbook/network-servers/_index.adoc (-11 / +10 lines)
Lines 219-225 Additional options are available. Refer to man:inetd[8] for the full list of opt Link Here
219
219
220
Many of the daemons which can be managed by inetd are not security-conscious. Some daemons, such as fingerd, can provide information that may be useful to an attacker. Only enable the services which are needed and monitor the system for excessive connection attempts. `max-connections-per-ip-per-minute`, `max-child` and `max-child-per-ip` can be used to limit such attacks.
220
Many of the daemons which can be managed by inetd are not security-conscious. Some daemons, such as fingerd, can provide information that may be useful to an attacker. Only enable the services which are needed and monitor the system for excessive connection attempts. `max-connections-per-ip-per-minute`, `max-child` and `max-child-per-ip` can be used to limit such attacks.
221
221
222
By default, TCP wrappers is enabled. Consult man:hosts_access[5] for more information on placing TCP restrictions on various inetd invoked daemons.
222
By default, TCP wrappers are enabled. Consult man:hosts_access[5] for more information on placing TCP restrictions on various inetd invoked daemons.
223
223
224
[[network-nfs]]
224
[[network-nfs]]
225
== Network File System (NFS)
225
== Network File System (NFS)
Lines 403-413 If locking is not required on the server, the NFS client can be configured to lo Link Here
403
The man:autofs[5] automount facility is supported starting with FreeBSD 10.1-RELEASE. To use the automounter functionality in older versions of FreeBSD, use man:amd[8] instead. This chapter only describes the man:autofs[5] automounter.
403
The man:autofs[5] automount facility is supported starting with FreeBSD 10.1-RELEASE. To use the automounter functionality in older versions of FreeBSD, use man:amd[8] instead. This chapter only describes the man:autofs[5] automounter.
404
====
404
====
405
405
406
The man:autofs[5] facility is a common name for several components that, together, allow for automatic mounting of remote and local filesystems whenever a file or directory within that file system is accessed. It consists of the kernel component, man:autofs[5], and several userspace applications: man:automount[8], man:automountd[8] and man:autounmountd[8]. It serves as an alternative for man:amd[8] from previous FreeBSD releases. Amd is still provided for backward compatibility purposes, as the two use different map format; the one used by autofs is the same as with other SVR4 automounters, such as the ones in Solaris, MacOS X, and Linux.
406
The man:autofs[5] facility is a common name for several components that, together, allow for automatic mounting of remote and local filesystems whenever a file or directory within that file system is accessed. It consists of the kernel component, man:autofs[5], and several userspace applications: man:automount[8], man:automountd[8] and man:autounmountd[8]. It serves as an alternative for man:amd[8] from previous FreeBSD releases. amd is still provided for backward compatibility purposes, as the two use different map formats; the one used by autofs is the same as with other SVR4 automounters, such as the ones in Solaris, MacOS X, and Linux.
407
407
408
The man:autofs[5] virtual filesystem is mounted on specified mountpoints by man:automount[8], usually invoked during boot.
408
The man:autofs[5] virtual filesystem is mounted on specified mountpoints by man:automount[8], usually invoked during boot.
409
409
410
Whenever a process attempts to access file within the man:autofs[5] mountpoint, the kernel will notify man:automountd[8] daemon and pause the triggering process. The man:automountd[8] daemon will handle kernel requests by finding the proper map and mounting the filesystem according to it, then signal the kernel to release blocked process. The man:autounmountd[8] daemon automatically unmounts automounted filesystems after some time, unless they are still being used.
410
Whenever a process attempts to access a file within the man:autofs[5] mountpoint, the kernel will notify man:automountd[8] daemon and pause the triggering process. The man:automountd[8] daemon will handle kernel requests by finding the proper map and mounting the filesystem according to it, then signal the kernel to release blocked process. The man:autounmountd[8] daemon automatically unmounts automounted filesystems after some time, unless they are still being used.
411
411
412
The primary autofs configuration file is [.filename]#/etc/auto_master#. It assigns individual maps to top-level mounts. For an explanation of [.filename]#auto_master# and the map syntax, refer to man:auto_master[5].
412
The primary autofs configuration file is [.filename]#/etc/auto_master#. It assigns individual maps to top-level mounts. For an explanation of [.filename]#auto_master# and the map syntax, refer to man:auto_master[5].
413
413
Lines 1678-1690 Any existing nameservers in [.filename]#/etc/resolv.conf# will be configured as Link Here
1678
[NOTE]
1678
[NOTE]
1679
====
1679
====
1680
If any of the listed nameservers do not support DNSSEC, local DNS resolution will fail. Be sure to test each nameserver and remove any that fail the test. The following command will show the trust tree or a failure for a nameserver running on `192.168.1.1`:
1680
If any of the listed nameservers do not support DNSSEC, local DNS resolution will fail. Be sure to test each nameserver and remove any that fail the test. The following command will show the trust tree or a failure for a nameserver running on `192.168.1.1`:
1681
====
1682
1683
1681
1684
[source,bash]
1682
[source,bash]
1685
....
1683
....
1686
% drill -S FreeBSD.org @192.168.1.1
1684
% drill -S FreeBSD.org @192.168.1.1
1687
....
1685
....
1686
====
1688
1687
1689
Once each nameserver is confirmed to support DNSSEC, start Unbound:
1688
Once each nameserver is confirmed to support DNSSEC, start Unbound:
1690
1689
Lines 2199-2211 This section describes how to configure ntpd on FreeBSD. Further documentation c Link Here
2199
2198
2200
=== NTP Configuration
2199
=== NTP Configuration
2201
2200
2202
On FreeBSD, the built-in ntpd can be used to synchronize a system's clock. Ntpd is configured using man:rc.conf[5] variables and [.filename]#/etc/ntp.conf#, as detailed in the following sections.
2201
On FreeBSD, the built-in ntpd can be used to synchronize a system's clock. ntpd is configured using man:rc.conf[5] variables and [.filename]#/etc/ntp.conf#, as detailed in the following sections.
2203
2202
2204
Ntpd communicates with its network peers using UDP packets. Any firewalls between your machine and its NTP peers must be configured to allow UDP packets in and out on port 123.
2203
ntpd communicates with its network peers using UDP packets. Any firewalls between your machine and its NTP peers must be configured to allow UDP packets in and out on port 123.
2205
2204
2206
==== The [.filename]#/etc/ntp.conf# file
2205
==== The [.filename]#/etc/ntp.conf# file
2207
2206
2208
Ntpd reads [.filename]#/etc/ntp.conf# to determine which NTP servers to query. Choosing several NTP servers is recommended in case one of the servers becomes unreachable or its clock proves unreliable. As ntpd receives responses, it favors reliable servers over the less reliable ones. The servers which are queried can be local to the network, provided by an ISP, or selected from an http://support.ntp.org/bin/view/Servers/WebHome[ online list of publicly accessible NTP servers]. When choosing a public NTP server, select one that is geographically close and review its usage policy. The `pool` configuration keyword selects one or more servers from a pool of servers. An http://support.ntp.org/bin/view/Servers/NTPPoolServers[ online list of publicly accessible NTP pools] is available, organized by geographic area. In addition, FreeBSD provides a project-sponsored pool, `0.freebsd.pool.ntp.org`.
2207
ntpd reads [.filename]#/etc/ntp.conf# to determine which NTP servers to query. Choosing several NTP servers is recommended in case one of the servers becomes unreachable or its clock proves unreliable. As ntpd receives responses, it favors reliable servers over the less reliable ones. The servers which are queried can be local to the network, provided by an ISP, or selected from an http://support.ntp.org/bin/view/Servers/WebHome[ online list of publicly accessible NTP servers]. When choosing a public NTP server, select one that is geographically close and review its usage policy. The `pool` configuration keyword selects one or more servers from a pool of servers. An http://support.ntp.org/bin/view/Servers/NTPPoolServers[ online list of publicly accessible NTP pools] is available, organized by geographic area. In addition, FreeBSD provides a project-sponsored pool, `0.freebsd.pool.ntp.org`.
2209
2208
2210
.Sample [.filename]#/etc/ntp.conf#
2209
.Sample [.filename]#/etc/ntp.conf#
2211
[example]
2210
[example]
Lines 2241-2247 The format of this file is described in man:ntp.conf[5]. The descriptions below Link Here
2241
2240
2242
By default, an NTP server is accessible to any network host. The `restrict` keyword controls which systems can access the server. Multiple `restrict` entries are supported, each one refining the restrictions given in previous statements. The values shown in the example grant the local system full query and control access, while allowing remote systems only the ability to query the time. For more details, refer to the `Access Control Support` subsection of man:ntp.conf[5].
2241
By default, an NTP server is accessible to any network host. The `restrict` keyword controls which systems can access the server. Multiple `restrict` entries are supported, each one refining the restrictions given in previous statements. The values shown in the example grant the local system full query and control access, while allowing remote systems only the ability to query the time. For more details, refer to the `Access Control Support` subsection of man:ntp.conf[5].
2243
2242
2244
The `server` keyword specifies a single server to query. The file can contain multiple server keywords, with one server listed on each line. The `pool` keyword specifies a pool of servers. Ntpd will add one or more servers from this pool as needed to reach the number of peers specified using the `tos minclock` value. The `iburst` keyword directs ntpd to perform a burst of eight quick packet exchanges with a server when contact is first established, to help quickly synchronize system time.
2243
The `server` keyword specifies a single server to query. The file can contain multiple server keywords, with one server listed on each line. The `pool` keyword specifies a pool of servers. ntpd will add one or more servers from this pool as needed to reach the number of peers specified using the `tos minclock` value. The `iburst` keyword directs ntpd to perform a burst of eight quick packet exchanges with a server when contact is first established, to help quickly synchronize system time.
2245
2244
2246
The `leapfile` keyword specifies the location of a file containing information about leap seconds. The file is updated automatically by man:periodic[8]. The file location specified by this keyword must match the location set in the `ntp_db_leapfile` variable in [.filename]#/etc/rc.conf#.
2245
The `leapfile` keyword specifies the location of a file containing information about leap seconds. The file is updated automatically by man:periodic[8]. The file location specified by this keyword must match the location set in the `ntp_db_leapfile` variable in [.filename]#/etc/rc.conf#.
2247
2246
Lines 2268-2276 Set `ntpd_flags=` to contain any other ntpd flags as needed, but avoid using the Link Here
2268
* `-c` (set `ntpd_config=` instead)
2267
* `-c` (set `ntpd_config=` instead)
2269
2268
2270
2269
2271
==== Ntpd and the unpriveleged `ntpd` user
2270
==== ntpd and the unpriveleged `ntpd` user
2272
2271
2273
Ntpd on FreeBSD can start and run as an unpriveleged user. Doing so requires the man:mac_ntpd[4] policy module. The [.filename]#/etc/rc.d/ntpd# startup script first examines the NTP configuration. If possible, it loads the `mac_ntpd` module, then starts ntpd as unpriveleged user `ntpd` (user id 123). To avoid problems with file and directory access, the startup script will not automatically start ntpd as `ntpd` when the configuration contains any file-related options.
2272
ntpd on FreeBSD can start and run as an unpriveleged user. Doing so requires the man:mac_ntpd[4] policy module. The [.filename]#/etc/rc.d/ntpd# startup script first examines the NTP configuration. If possible, it loads the `mac_ntpd` module, then starts ntpd as unpriveleged user `ntpd` (user id 123). To avoid problems with file and directory access, the startup script will not automatically start ntpd as `ntpd` when the configuration contains any file-related options.
2274
2273
2275
The presence of any of the following in `ntpd_flags` requires manual configuration as described below to run as the `ntpd` user: 
2274
The presence of any of the following in `ntpd_flags` requires manual configuration as described below to run as the `ntpd` user: 
2276
2275
(-)b/documentation/content/en/books/handbook/security/_index.adoc (-7 / +7 lines)
Lines 882-891 If you enter '.', the field will be left blank. Link Here
882
-----
882
-----
883
Country Name (2 letter code) [AU]:US
883
Country Name (2 letter code) [AU]:US
884
State or Province Name (full name) [Some-State]:PA
884
State or Province Name (full name) [Some-State]:PA
885
Locality Name (eg, city) []:Pittsburgh
885
Locality Name (e.g., city) []:Pittsburgh
886
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
886
Organization Name (e.g., company) [Internet Widgits Pty Ltd]:My Company
887
Organizational Unit Name (eg, section) []:Systems Administrator
887
Organizational Unit Name (e.g., section) []:Systems Administrator
888
Common Name (eg, YOUR name) []:localhost.example.org
888
Common Name (e.g., YOUR name) []:localhost.example.org
889
Email Address []:trhodes@FreeBSD.org
889
Email Address []:trhodes@FreeBSD.org
890
890
891
Please enter the following 'extra' attributes
891
Please enter the following 'extra' attributes
Lines 924-932 If you enter '.', the field will be left blank. Link Here
924
-----
924
-----
925
Country Name (2 letter code) [AU]:US
925
Country Name (2 letter code) [AU]:US
926
State or Province Name (full name) [Some-State]:PA
926
State or Province Name (full name) [Some-State]:PA
927
Locality Name (eg, city) []:Pittsburgh
927
Locality Name (e.g., city) []:Pittsburgh
928
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My Company
928
Organization Name (e.g., company) [Internet Widgits Pty Ltd]:My Company
929
Organizational Unit Name (eg, section) []:Systems Administrator
929
Organizational Unit Name (e.g., section) []:Systems Administrator
930
Common Name (e.g. server FQDN or YOUR name) []:localhost.example.org
930
Common Name (e.g. server FQDN or YOUR name) []:localhost.example.org
931
Email Address []:trhodes@FreeBSD.org
931
Email Address []:trhodes@FreeBSD.org
932
....
932
....
(-)b/documentation/content/en/books/handbook/usb-device-mode/_index.adoc (-3 / +2 lines)
Lines 115-121 To load the module and set the template without rebooting use: Link Here
115
115
116
=== Connecting to USB Device Mode Serial Ports from FreeBSD
116
=== Connecting to USB Device Mode Serial Ports from FreeBSD
117
117
118
To connect to a board configured to provide USB device mode serial ports, connect the USB host, such as a laptop, to the boards USB OTG or USB client port. Use `pstat -t` on the host to list the terminal lines. Near the end of the list you should see a USB serial port, eg "ttyU0". To open the connection, use:
118
To connect to a board configured to provide USB device mode serial ports, connect the USB host, such as a laptop, to the boards USB OTG or USB client port. Use `pstat -t` on the host to list the terminal lines. Near the end of the list you should see a USB serial port, e.g. "ttyU0". To open the connection, use:
119
119
120
[source,bash]
120
[source,bash]
121
....
121
....
Lines 197-203 Differently from serial and network functionality, the template should not be se Link Here
197
197
198
=== Configuring USB Mass Storage Using Other Means
198
=== Configuring USB Mass Storage Using Other Means
199
199
200
The rest of this chapter provides detailed description of setting the target without using the cfumass rc file. This is necessary if eg one wants to provide a writeable LUN.
200
The rest of this chapter provides detailed description of setting the target without using the cfumass rc file. This is necessary if e.g. one wants to provide a writeable LUN.
201
201
202
USB Mass Storage does not require the man:ctld[8] daemon to be running, although it can be used if desired. This is different from iSCSI. Thus, there are two ways to configure the target: man:ctladm[8], or man:ctld[8]. Both require the [.filename]#cfumass.ko# kernel module to be loaded. The module can be loaded manually:
202
USB Mass Storage does not require the man:ctld[8] daemon to be running, although it can be used if desired. This is different from iSCSI. Thus, there are two ways to configure the target: man:ctladm[8], or man:ctld[8]. Both require the [.filename]#cfumass.ko# kernel module to be loaded. The module can be loaded manually:
203
203
204
- 

Return to bug 254153