Cross Reference: /freebsd-10.1-release/etc/rc.d/defaultroute

Deleted Added

sdiff udiff text old ( 64471 ) new ( 64731 )

full compact

1#!/bin/sh -
2#

3# $FreeBSD: head/etc/rc.d/routing 64471 2000-08-10 00:13:02Z brian $

3# $FreeBSD: head/etc/rc.d/routing 64731 2000-08-16 23:08:28Z jhb $

4# From: @(#)netstart 5.9 (Berkeley) 3/30/91
5
6# Note that almost all of the user-configurable behavior is no longer in
7# this file, but rather in /etc/defaults/rc.conf. Please check that file
8# first before contemplating any changes here. If you do need to change
9# this file for some reason, we would like to know about it.
10
11# First pass startup stuff.
12#
13network_pass1() {
14 echo -n 'Doing initial network setup:'
15
16 # Set the host name if it is not already set
17 #
18 if [ -z "`hostname -s`" ]; then
19 hostname ${hostname}
20 echo -n ' hostname'
21 fi
22
23 # Set the domainname if we're using NIS
24 #
25 case ${nisdomainname} in
26 [Nn][Oo] | '')
27 ;;
28 *)
29 domainname ${nisdomainname}
30 echo -n ' domain'
31 ;;
32 esac
33
34 echo '.'
35
36 # Initial ATM interface configuration
37 #
38 case ${atm_enable} in
39 [Yy][Ee][Ss])
40 if [ -r /etc/rc.atm ]; then
41 . /etc/rc.atm
42 atm_pass1
43 fi
44 ;;
45 esac
46
47 # Special options for sppp(4) interfaces go here. These need
48 # to go _before_ the general ifconfig section, since in the case
49 # of hardwired (no link1 flag) but required authentication, you
50 # cannot pass auth parameters down to the already running interface.
51 #
52 for ifn in ${sppp_interfaces}; do
53 eval spppcontrol_args=\$spppconfig_${ifn}
54 if [ -n "${spppcontrol_args}" ]; then
55 # The auth secrets might contain spaces; in order
56 # to retain the quotation, we need to eval them
57 # here.
58 eval spppcontrol ${ifn} ${spppcontrol_args}
59 fi
60 done
61
62 # Set up all the network interfaces, calling startup scripts if needed
63 #
64 case ${network_interfaces} in
65 [Aa][Uu][Tt][Oo])
66 network_interfaces="`ifconfig -l`"
67 ;;
68 esac
69
70 dhcp_interfaces=""
71 for ifn in ${network_interfaces}; do
72 if [ -r /etc/start_if.${ifn} ]; then
73 . /etc/start_if.${ifn}
74 eval showstat_$ifn=1
75 fi
76
77 # Do the primary ifconfig if specified
78 #
79 eval ifconfig_args=\$ifconfig_${ifn}
80
81 case ${ifconfig_args} in
82 '')
83 ;;
84 [Dd][Hh][Cc][Pp])
85 # DHCP inits are done all in one go below
86 dhcp_interfaces="$dhcp_interfaces $ifn"
87 eval showstat_$ifn=1
88 ;;
89 *)
90 ifconfig ${ifn} ${ifconfig_args}
91 eval showstat_$ifn=1
92 ;;
93 esac
94 done
95
96 if [ ! -z "${dhcp_interfaces}" ]; then
97 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
98 fi
99
100 for ifn in ${network_interfaces}; do
101 # Check to see if aliases need to be added
102 #
103 alias=0
104 while : ; do
105 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
106 if [ -n "${ifconfig_args}" ]; then
107 ifconfig ${ifn} ${ifconfig_args} alias
108 eval showstat_$ifn=1
109 alias=`expr ${alias} + 1`
110 else
111 break;
112 fi
113 done
114
115 # Do ipx address if specified
116 #
117 eval ifconfig_args=\$ifconfig_${ifn}_ipx
118 if [ -n "${ifconfig_args}" ]; then
119 ifconfig ${ifn} ${ifconfig_args}
120 eval showstat_$ifn=1
121 fi
122 done
123
124 for ifn in ${network_interfaces}; do
125 eval showstat=\$showstat_${ifn}
126 if [ ! -z ${showstat} ]; then
127 ifconfig ${ifn}
128 fi
129 done
130
131 # ISDN subsystem startup
132 #
133 case ${isdn_enable} in
134 [Yy][Ee][Ss])
135 if [ -r /etc/rc.isdn ]; then
136 . /etc/rc.isdn
137 fi
138 ;;
139 esac
140
141 # Start user ppp if required. This must happen before natd.
142 #
143 case ${ppp_enable} in
144 [Yy][Ee][Ss])
145 # Establish ppp mode.
146 #
147 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
148 -a "${ppp_mode}" != "dedicated" \
149 -a "${ppp_mode}" != "background" ]; then
150 ppp_mode="auto"
151 fi
152
153 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
154
155 # Switch on NAT mode?
156 #
157 case ${ppp_nat} in
158 [Yy][Ee][Ss])
159 ppp_command="${ppp_command} -nat"
160 ;;
161 esac
162
163 ppp_command="${ppp_command} ${ppp_profile}"
164
165 echo -n "Starting ppp as \"${ppp_user}\""
166 su ${ppp_user} -c "exec ${ppp_command}"
167 ;;
168 esac
169
170 # Initialize IP filtering using ipfw
171 #
172 if /sbin/ipfw -q flush > /dev/null 2>&1; then
173 firewall_in_kernel=1
174 else
175 firewall_in_kernel=0
176 fi
177
178 case ${firewall_enable} in
179 [Yy][Ee][Ss])
180 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
181 firewall_in_kernel=1
182 echo "Kernel firewall module loaded."
183 elif [ "${firewall_in_kernel}" -eq 0 ]; then
184 echo "Warning: firewall kernel module failed to load."
185 fi
186 ;;
187 esac
188
189 # Load the filters if required
190 #
191 case ${firewall_in_kernel} in
192 1)
193 if [ -z "${firewall_script}" ]; then
194 firewall_script=/etc/rc.firewall
195 fi
196
197 case ${firewall_enable} in
198 [Yy][Ee][Ss])
199 if [ -r "${firewall_script}" ]; then
200 . "${firewall_script}"
201 echo -n 'Firewall rules loaded, starting divert daemons:'
202
203 # Network Address Translation daemon
204 #
205 case ${natd_enable} in
206 [Yy][Ee][Ss])
207 if [ -n "${natd_interface}" ]; then
208 if echo ${natd_interface} | \
209 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
210 natd_ifarg="-a ${natd_interface}"
211 else
212 natd_ifarg="-n ${natd_interface}"
213 fi
214
215 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
216 fi
217 ;;
218 esac
219
220 echo '.'
221
222 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
223 echo -n "Warning: kernel has firewall functionality, "
224 echo "but firewall rules are not enabled."
225 echo " All ip services are disabled."
226 fi
227
228 case ${firewall_logging} in
229 [Yy][Ee][Ss] | '')
230 echo 'Firewall logging=YES'
231 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
232 ;;
233 *)
234 ;;
235 esac
236
237 ;;
238 esac
239 ;;
240 esac
241
242 # Additional ATM interface configuration
243 #
244 if [ -n "${atm_pass1_done}" ]; then
245 atm_pass2
246 fi
247
248 # Configure routing
249 #
250 case ${defaultrouter} in
251 [Nn][Oo] | '')
252 ;;
253 *)
254 static_routes="default ${static_routes}"
255 route_default="default ${defaultrouter}"
256 ;;
257 esac
258
259 # Set up any static routes. This should be done before router discovery.
260 #
261 if [ -n "${static_routes}" ]; then
262 for i in ${static_routes}; do
263 eval route_args=\$route_${i}
264 route add ${route_args}
265 done
266 fi
267
268 echo -n 'Additional routing options:'
269 case ${tcp_extensions} in
270 [Yy][Ee][Ss] | '')
271 ;;
272 *)
273 echo -n ' tcp extensions=NO'
274 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
275 ;;
276 esac
277
278 case ${icmp_bmcastecho} in
279 [Yy][Ee][Ss])
280 echo -n ' broadcast ping responses=YES'
281 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
282 ;;
283 esac
284
285 case ${icmp_drop_redirect} in
286 [Yy][Ee][Ss])
287 echo -n ' ignore ICMP redirect=YES'
288 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
289 ;;
290 esac
291
292 case ${icmp_log_redirect} in
293 [Yy][Ee][Ss])
294 echo -n ' log ICMP redirect=YES'
295 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
296 ;;
297 esac
298
299 case ${gateway_enable} in
300 [Yy][Ee][Ss])
301 echo -n ' IP gateway=YES'
302 sysctl -w net.inet.ip.forwarding=1 >/dev/null
303 ;;
304 esac
305
306 case ${forward_sourceroute} in
307 [Yy][Ee][Ss])
308 echo -n ' do source routing=YES'
309 sysctl -w net.inet.ip.sourceroute=1 >/dev/null
310 ;;
311 esac
312
313 case ${accept_sourceroute} in
314 [Yy][Ee][Ss])
315 echo -n ' accept source routing=YES'
316 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
317 ;;
318 esac
319
320 case ${tcp_keepalive} in
321 [Yy][Ee][Ss])
322 echo -n ' TCP keepalive=YES'
323 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
324 ;;
325 esac
326
327 case ${tcp_restrict_rst} in
328 [Yy][Ee][Ss])
329 echo -n ' restrict TCP reset=YES'
330 sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
331 ;;
332 esac
333
334 case ${tcp_drop_synfin} in
335 [Yy][Ee][Ss])
336 echo -n ' drop SYN+FIN packets=YES'
337 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
338 ;;
339 esac
340
341 case ${ipxgateway_enable} in
342 [Yy][Ee][Ss])
343 echo -n ' IPX gateway=YES'
344 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
345 ;;
346 esac
347
348 case ${arpproxy_all} in
349 [Yy][Ee][Ss])
350 echo -n ' ARP proxyall=YES'
351 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
352 ;;
353 esac
354
355 case ${ip_portrange_first} in
356 [Nn][Oo] | '')
357 ;;
358 *)
359 echo -n ' ip_portrange_first=$ip_portrange_first'
360 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
361 ;;
362 esac
363
364 case ${ip_portrange_last} in
365 [Nn][Oo] | '')

~~366~~ ;;

366 ;;

367 *)
368 echo -n ' ip_portrange_last=$ip_portrange_last'
369 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
370 ;;
371 esac
372
373 echo '.'
374
375 case ${ipsec_enable} in
376 [Yy][Ee][Ss])
377 if [ -f ${ipsec_file} ]; then
378 echo ' ipsec: enabled'
379 setkey -f ${ipsec_file}
380 else
381 echo ' ipsec: file not found'
382 fi
383 ;;
384 esac
385
386 echo -n 'routing daemons:'
387 case ${router_enable} in
388 [Yy][Ee][Ss])
389 echo -n " ${router}"; ${router} ${router_flags}
390 ;;
391 esac
392
393 case ${ipxrouted_enable} in
394 [Yy][Ee][Ss])
395 echo -n ' IPXrouted'
396 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
397 ;;
398 esac
399
400 case ${mrouted_enable} in
401 [Yy][Ee][Ss])
402 echo -n ' mrouted'; mrouted ${mrouted_flags}
403 ;;
404 esac
405
406 case ${rarpd_enable} in
407 [Yy][Ee][Ss])
408 echo -n ' rarpd'; rarpd ${rarpd_flags}
409 ;;
410 esac
411 echo '.'
412
413 # Let future generations know we made it.
414 #
415 network_pass1_done=YES
416}
417
418network_pass2() {
419 echo -n 'Doing additional network setup:'
420 case ${named_enable} in
421 [Yy][Ee][Ss])
422 echo -n ' named'; ${named_program:-named} ${named_flags}
423 ;;
424 esac
425
426 case ${ntpdate_enable} in
427 [Yy][Ee][Ss])
428 echo -n ' ntpdate'
429 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
430 ;;
431 esac
432
433 case ${xntpd_enable} in
434 [Yy][Ee][Ss])
435 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags}
436 ;;
437 esac
438
439 case ${timed_enable} in
440 [Yy][Ee][Ss])
441 echo -n ' timed'; timed ${timed_flags}
442 ;;
443 esac
444
445 case ${portmap_enable} in
446 [Yy][Ee][Ss])
447 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
448 ;;
449 esac
450
451 # Start ypserv if we're an NIS server.
452 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
453 #
454 case ${nis_server_enable} in
455 [Yy][Ee][Ss])
456 echo -n ' ypserv'; ypserv ${nis_server_flags}
457
458 case ${nis_ypxfrd_enable} in
459 [Yy][Ee][Ss])
460 echo -n ' rpc.ypxfrd'
461 rpc.ypxfrd ${nis_ypxfrd_flags}
462 ;;
463 esac
464
465 case ${nis_yppasswdd_enable} in
466 [Yy][Ee][Ss])
467 echo -n ' rpc.yppasswdd'
468 rpc.yppasswdd ${nis_yppasswdd_flags}
469 ;;
470 esac
471 ;;
472 esac
473
474 # Start ypbind if we're an NIS client
475 #
476 case ${nis_client_enable} in
477 [Yy][Ee][Ss])
478 echo -n ' ypbind'; ypbind ${nis_client_flags}
479 case ${nis_ypset_enable} in
480 [Yy][Ee][Ss])
481 echo -n ' ypset'; ypset ${nis_ypset_flags}
482 ;;
483 esac
484 ;;
485 esac
486
487 # Start keyserv if we are running Secure RPC
488 #
489 case ${keyserv_enable} in
490 [Yy][Ee][Ss])
491 echo -n ' keyserv'; keyserv ${keyserv_flags}
492 ;;
493 esac
494
495 # Start ypupdated if we are running Secure RPC and we are NIS master
496 #
497 case ${rpc_ypupdated_enable} in
498 [Yy][Ee][Ss])
499 echo -n ' rpc.ypupdated'; rpc.ypupdated
500 ;;
501 esac
502
503 # Start ATM daemons
504 if [ -n "${atm_pass2_done}" ]; then
505 atm_pass3
506 fi
507
508 echo '.'
509 network_pass2_done=YES
510}
511
512network_pass3() {
513 echo -n 'Starting final network daemons:'
514
515 case ${nfs_server_enable} in
516 [Yy][Ee][Ss])
517 if [ -r /etc/exports ]; then
518 echo -n ' mountd'
519
520 case ${weak_mountd_authentication} in
521 [Yy][Ee][Ss])
522 mountd_flags="${mountd_flags} -n"
523 ;;
524 esac
525
526 mountd ${mountd_flags}
527
528 case ${nfs_reserved_port_only} in
529 [Yy][Ee][Ss])
530 echo -n ' NFS on reserved port only=YES'
531 sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
532 ;;
533 esac
534
535 echo -n ' nfsd'; nfsd ${nfs_server_flags}
536
537 if [ -n "${nfs_bufpackets}" ]; then
538 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
539 > /dev/null
540 fi
541
542 case ${rpc_lockd_enable} in
543 [Yy][Ee][Ss])
544 echo -n ' rpc.lockd'; rpc.lockd
545 ;;
546 esac
547
548 case ${rpc_statd_enable} in
549 [Yy][Ee][Ss])
550 echo -n ' rpc.statd'; rpc.statd
551 ;;
552 esac
553 fi
554 ;;
555 *)
556 case ${single_mountd_enable} in
557 [Yy][Ee][Ss])
558 if [ -r /etc/exports ]; then
559 echo -n ' mountd'
560
561 case ${weak_mountd_authentication} in
562 [Yy][Ee][Ss])
563 mountd_flags="-n"
564 ;;
565 esac
566
567 mountd ${mountd_flags}
568 fi
569 ;;
570 esac
571 ;;
572 esac
573
574 case ${nfs_client_enable} in
575 [Yy][Ee][Ss])
576 echo -n ' nfsiod'; nfsiod ${nfs_client_flags}
577 if [ -n "${nfs_access_cache}" ]; then
578 echo -n " NFS access cache time=${nfs_access_cache}"
579 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
580 >/dev/null
581 fi
582 ;;
583 esac
584
585 # If /var/db/mounttab exists, some nfs-server has not been
586 # sucessfully notified about a previous client shutdown.
587 # If there is no /var/db/mounttab, we do nothing.
588 if [ -f /var/db/mounttab ]; then
589 rpc.umntall -k
590 fi
591
592 case ${amd_enable} in
593 [Yy][Ee][Ss])
594 echo -n ' amd'
595 case ${amd_map_program} in
596 [Nn][Oo] | '')
597 ;;
598 *)
599 amd_flags="${amd_flags} `eval ${amd_map_program}`"
600 ;;
601 esac
602
603 if [ -n "${amd_flags}" ]; then
604 amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
605 else
606 amd 2> /dev/null
607 fi
608 ;;
609 esac
610
611 case ${rwhod_enable} in
612 [Yy][Ee][Ss])
613 echo -n ' rwhod'; rwhod ${rwhod_flags}
614 ;;
615 esac
616
617 # Kerberos runs ONLY on the Kerberos server machine
618 case ${kerberos_server_enable} in
619 [Yy][Ee][Ss])
620 case ${kerberos_stash} in
621 [Yy][Ee][Ss])
622 stash_flag=-n
623 ;;
624 *)
625 stash_flag=
626 ;;
627 esac
628
629 echo -n ' kerberos'
630 kerberos ${stash_flag} >> /var/log/kerberos.log &
631
632 case ${kadmind_server_enable} in
633 [Yy][Ee][Ss])
634 echo -n ' kadmind'
635 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
636 ;;
637 esac
638 unset stash_flag
639 ;;
640 esac
641
642 case ${pppoed_enable} in
643 [Yy][Ee][Ss])
644 if [ -n "${pppoed_provider}" ]; then
645 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
646 fi
647 echo -n ' pppoed';
648 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
649 ;;
650 esac
651
652 case ${sshd_enable} in
653 [Yy][Ee][Ss])
654 if [ ! -f /etc/ssh/ssh_host_key ]; then
655 echo ' creating ssh RSA host key';
656 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
657 fi
658 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
659 echo ' creating ssh DSA host key';
660 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
661 fi
662 ;;
663 esac
664
665 echo '.'
666 network_pass3_done=YES
667}
668
669network_pass4() {
670 echo -n 'Additional TCP options:'
671 case ${log_in_vain} in
672 [Nn][Oo] | '')
673 ;;
674 *)
675 echo -n ' log_in_vain=YES'
676 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
677 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
678 ;;
679 esac
680
681 echo '.'
682 network_pass4_done=YES
683}