4# From: @(#)netstart 5.9 (Berkeley) 3/30/91 5 6# Note that almost all of the user-configurable behavior is no longer in 7# this file, but rather in /etc/defaults/rc.conf. Please check that file 8# first before contemplating any changes here. If you do need to change 9# this file for some reason, we would like to know about it. 10 11# First pass startup stuff. 12# 13network_pass1() { 14 echo -n 'Doing initial network setup:' 15 16 # Set the host name if it is not already set 17 # 18 if [ -z "`hostname -s`" ]; then 19 hostname ${hostname} 20 echo -n ' hostname' 21 fi 22 23 # Set the domainname if we're using NIS 24 # 25 case ${nisdomainname} in 26 [Nn][Oo] | '') 27 ;; 28 *) 29 domainname ${nisdomainname} 30 echo -n ' domain' 31 ;; 32 esac 33 34 echo '.' 35 36 # Initial ATM interface configuration 37 # 38 case ${atm_enable} in 39 [Yy][Ee][Ss]) 40 if [ -r /etc/rc.atm ]; then 41 . /etc/rc.atm 42 atm_pass1 43 fi 44 ;; 45 esac 46 47 # Special options for sppp(4) interfaces go here. These need 48 # to go _before_ the general ifconfig section, since in the case 49 # of hardwired (no link1 flag) but required authentication, you 50 # cannot pass auth parameters down to the already running interface. 51 # 52 for ifn in ${sppp_interfaces}; do 53 eval spppcontrol_args=\$spppconfig_${ifn} 54 if [ -n "${spppcontrol_args}" ]; then 55 # The auth secrets might contain spaces; in order 56 # to retain the quotation, we need to eval them 57 # here. 58 eval spppcontrol ${ifn} ${spppcontrol_args} 59 fi 60 done 61 62 # Set up all the network interfaces, calling startup scripts if needed 63 # 64 case ${network_interfaces} in 65 [Aa][Uu][Tt][Oo]) 66 network_interfaces="`ifconfig -l`" 67 ;; 68 esac 69 70 dhcp_interfaces="" 71 for ifn in ${network_interfaces}; do 72 if [ -r /etc/start_if.${ifn} ]; then 73 . /etc/start_if.${ifn} 74 eval showstat_$ifn=1 75 fi 76 77 # Do the primary ifconfig if specified 78 # 79 eval ifconfig_args=\$ifconfig_${ifn} 80 81 case ${ifconfig_args} in 82 '') 83 ;; 84 [Dd][Hh][Cc][Pp]) 85 # DHCP inits are done all in one go below 86 dhcp_interfaces="$dhcp_interfaces $ifn" 87 eval showstat_$ifn=1 88 ;; 89 *) 90 ifconfig ${ifn} ${ifconfig_args} 91 eval showstat_$ifn=1 92 ;; 93 esac 94 done 95 96 if [ ! -z "${dhcp_interfaces}" ]; then 97 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 98 fi 99 100 for ifn in ${network_interfaces}; do 101 # Check to see if aliases need to be added 102 # 103 alias=0 104 while : ; do 105 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 106 if [ -n "${ifconfig_args}" ]; then 107 ifconfig ${ifn} ${ifconfig_args} alias 108 eval showstat_$ifn=1 109 alias=`expr ${alias} + 1` 110 else 111 break; 112 fi 113 done 114 115 # Do ipx address if specified 116 # 117 eval ifconfig_args=\$ifconfig_${ifn}_ipx 118 if [ -n "${ifconfig_args}" ]; then 119 ifconfig ${ifn} ${ifconfig_args} 120 eval showstat_$ifn=1 121 fi 122 done 123 124 for ifn in ${network_interfaces}; do 125 eval showstat=\$showstat_${ifn} 126 if [ ! -z ${showstat} ]; then 127 ifconfig ${ifn} 128 fi 129 done 130 131 # ISDN subsystem startup 132 # 133 case ${isdn_enable} in 134 [Yy][Ee][Ss]) 135 if [ -r /etc/rc.isdn ]; then 136 . /etc/rc.isdn 137 fi 138 ;; 139 esac 140 141 # Start user ppp if required. This must happen before natd. 142 # 143 case ${ppp_enable} in 144 [Yy][Ee][Ss]) 145 # Establish ppp mode. 146 # 147 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 148 -a "${ppp_mode}" != "dedicated" \ 149 -a "${ppp_mode}" != "background" ]; then 150 ppp_mode="auto" 151 fi 152 153 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 154 155 # Switch on NAT mode? 156 # 157 case ${ppp_nat} in 158 [Yy][Ee][Ss]) 159 ppp_command="${ppp_command} -nat" 160 ;; 161 esac 162 163 ppp_command="${ppp_command} ${ppp_profile}" 164 165 echo -n "Starting ppp as \"${ppp_user}\"" 166 su ${ppp_user} -c "exec ${ppp_command}" 167 ;; 168 esac 169 170 # Initialize IP filtering using ipfw 171 # 172 if /sbin/ipfw -q flush > /dev/null 2>&1; then 173 firewall_in_kernel=1 174 else 175 firewall_in_kernel=0 176 fi 177 178 case ${firewall_enable} in 179 [Yy][Ee][Ss]) 180 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 181 firewall_in_kernel=1 182 echo "Kernel firewall module loaded." 183 elif [ "${firewall_in_kernel}" -eq 0 ]; then 184 echo "Warning: firewall kernel module failed to load." 185 fi 186 ;; 187 esac 188 189 # Load the filters if required 190 # 191 case ${firewall_in_kernel} in 192 1) 193 if [ -z "${firewall_script}" ]; then 194 firewall_script=/etc/rc.firewall 195 fi 196 197 case ${firewall_enable} in 198 [Yy][Ee][Ss]) 199 if [ -r "${firewall_script}" ]; then 200 . "${firewall_script}" 201 echo -n 'Firewall rules loaded, starting divert daemons:' 202 203 # Network Address Translation daemon 204 # 205 case ${natd_enable} in 206 [Yy][Ee][Ss]) 207 if [ -n "${natd_interface}" ]; then 208 if echo ${natd_interface} | \ 209 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 210 natd_ifarg="-a ${natd_interface}" 211 else 212 natd_ifarg="-n ${natd_interface}" 213 fi 214 215 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 216 fi 217 ;; 218 esac 219 220 echo '.' 221 222 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 223 echo -n "Warning: kernel has firewall functionality, " 224 echo "but firewall rules are not enabled." 225 echo " All ip services are disabled." 226 fi 227 228 case ${firewall_logging} in 229 [Yy][Ee][Ss] | '') 230 echo 'Firewall logging=YES' 231 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 232 ;; 233 *) 234 ;; 235 esac 236 237 ;; 238 esac 239 ;; 240 esac 241 242 # Additional ATM interface configuration 243 # 244 if [ -n "${atm_pass1_done}" ]; then 245 atm_pass2 246 fi 247 248 # Configure routing 249 # 250 case ${defaultrouter} in 251 [Nn][Oo] | '') 252 ;; 253 *) 254 static_routes="default ${static_routes}" 255 route_default="default ${defaultrouter}" 256 ;; 257 esac 258 259 # Set up any static routes. This should be done before router discovery. 260 # 261 if [ -n "${static_routes}" ]; then 262 for i in ${static_routes}; do 263 eval route_args=\$route_${i} 264 route add ${route_args} 265 done 266 fi 267 268 echo -n 'Additional routing options:' 269 case ${tcp_extensions} in 270 [Yy][Ee][Ss] | '') 271 ;; 272 *) 273 echo -n ' tcp extensions=NO' 274 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 275 ;; 276 esac 277 278 case ${icmp_bmcastecho} in 279 [Yy][Ee][Ss]) 280 echo -n ' broadcast ping responses=YES' 281 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 282 ;; 283 esac 284 285 case ${icmp_drop_redirect} in 286 [Yy][Ee][Ss]) 287 echo -n ' ignore ICMP redirect=YES' 288 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 289 ;; 290 esac 291 292 case ${icmp_log_redirect} in 293 [Yy][Ee][Ss]) 294 echo -n ' log ICMP redirect=YES' 295 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 296 ;; 297 esac 298 299 case ${gateway_enable} in 300 [Yy][Ee][Ss]) 301 echo -n ' IP gateway=YES' 302 sysctl -w net.inet.ip.forwarding=1 >/dev/null 303 ;; 304 esac 305 306 case ${forward_sourceroute} in 307 [Yy][Ee][Ss]) 308 echo -n ' do source routing=YES' 309 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 310 ;; 311 esac 312 313 case ${accept_sourceroute} in 314 [Yy][Ee][Ss]) 315 echo -n ' accept source routing=YES' 316 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 317 ;; 318 esac 319 320 case ${tcp_keepalive} in 321 [Yy][Ee][Ss]) 322 echo -n ' TCP keepalive=YES' 323 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 324 ;; 325 esac 326 327 case ${tcp_restrict_rst} in 328 [Yy][Ee][Ss]) 329 echo -n ' restrict TCP reset=YES' 330 sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 331 ;; 332 esac 333 334 case ${tcp_drop_synfin} in 335 [Yy][Ee][Ss]) 336 echo -n ' drop SYN+FIN packets=YES' 337 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 338 ;; 339 esac 340 341 case ${ipxgateway_enable} in 342 [Yy][Ee][Ss]) 343 echo -n ' IPX gateway=YES' 344 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 345 ;; 346 esac 347 348 case ${arpproxy_all} in 349 [Yy][Ee][Ss]) 350 echo -n ' ARP proxyall=YES' 351 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 352 ;; 353 esac 354 355 case ${ip_portrange_first} in 356 [Nn][Oo] | '') 357 ;; 358 *) 359 echo -n ' ip_portrange_first=$ip_portrange_first' 360 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 361 ;; 362 esac 363 364 case ${ip_portrange_last} in 365 [Nn][Oo] | '')
|