defaultroute revision 60628
118334Speter#!/bin/sh - 290075Sobrien# 390075Sobrien# $FreeBSD: head/etc/rc.d/routing 60628 2000-05-16 06:52:11Z dillon $ 418334Speter# From: @(#)netstart 5.9 (Berkeley) 3/30/91 590075Sobrien 618334Speter# Note that almost all of the user-configurable behavior is no longer in 790075Sobrien# this file, but rather in /etc/defaults/rc.conf. Please check that file 890075Sobrien# first before contemplating any changes here. If you do need to change 990075Sobrien# this file for some reason, we would like to know about it. 1090075Sobrien 1118334Speter# First pass startup stuff. 1290075Sobrien# 1390075Sobriennetwork_pass1() { 1490075Sobrien echo -n 'Doing initial network setup:' 1590075Sobrien 1618334Speter # Set the host name if it is not already set 1718334Speter # 1890075Sobrien if [ -z "`hostname -s`" ]; then 1990075Sobrien hostname ${hostname} 2090075Sobrien echo -n ' hostname' 2118334Speter fi 2218334Speter 2318334Speter # Set the domainname if we're using NIS 2418334Speter # 2518334Speter case ${nisdomainname} in 2618334Speter [Nn][Oo] | '') 2718334Speter ;; 2818334Speter *) 2918334Speter domainname ${nisdomainname} 3018334Speter echo -n ' domain' 3118334Speter ;; 3218334Speter esac 3318334Speter 3450397Sobrien echo '.' 3550397Sobrien 3618334Speter # Initial ATM interface configuration 3718334Speter # 3818334Speter case ${atm_enable} in 3918334Speter [Yy][Ee][Ss]) 4018334Speter if [ -r /etc/rc.atm ]; then 4118334Speter . /etc/rc.atm 4218334Speter atm_pass1 4318334Speter fi 4418334Speter ;; 4518334Speter esac 4618334Speter 4718334Speter # Special options for sppp(4) interfaces go here. These need 4818334Speter # to go _before_ the general ifconfig section, since in the case 4918334Speter # of hardwired (no link1 flag) but required authentication, you 5050397Sobrien # cannot pass auth parameters down to the already running interface. 5190075Sobrien # 5290075Sobrien for ifn in ${sppp_interfaces}; do 5390075Sobrien eval spppcontrol_args=\$spppconfig_${ifn} 5418334Speter if [ -n "${spppcontrol_args}" ]; then 5552284Sobrien # The auth secrets might contain spaces; in order 5652284Sobrien # to retain the quotation, we need to eval them 5752284Sobrien # here. 5852284Sobrien eval spppcontrol ${ifn} ${spppcontrol_args} 5952284Sobrien fi 6052284Sobrien done 6152284Sobrien 6218334Speter # Set up all the network interfaces, calling startup scripts if needed 6318334Speter # 6418334Speter case ${network_interfaces} in 6590075Sobrien [Aa][Uu][Tt][Oo]) 6690075Sobrien network_interfaces="`ifconfig -l`" 6790075Sobrien ;; 6818334Speter esac 6918334Speter 7018334Speter dhcp_interfaces="" 7150397Sobrien for ifn in ${network_interfaces}; do 7218334Speter if [ -r /etc/start_if.${ifn} ]; then 7318334Speter . /etc/start_if.${ifn} 7418334Speter eval showstat_$ifn=1 7518334Speter fi 7618334Speter 7718334Speter # Do the primary ifconfig if specified 7896263Sobrien # 7996263Sobrien eval ifconfig_args=\$ifconfig_${ifn} 8096263Sobrien 8196263Sobrien case ${ifconfig_args} in 8296263Sobrien '') 8396263Sobrien ;; 8496263Sobrien [Dd][Hh][Cc][Pp]) 8596263Sobrien # DHCP inits are done all in one go below 8696263Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 8796263Sobrien eval showstat_$ifn=1 8896263Sobrien ;; 8918334Speter *) 9096263Sobrien ifconfig ${ifn} ${ifconfig_args} 9196263Sobrien eval showstat_$ifn=1 9296263Sobrien ;; 9396263Sobrien esac 9496263Sobrien done 9596263Sobrien 9696263Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 9796263Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 9896263Sobrien fi 9996263Sobrien 10096263Sobrien for ifn in ${network_interfaces}; do 10196263Sobrien # Check to see if aliases need to be added 10218334Speter # 10390075Sobrien alias=0 10490075Sobrien while : ; do 10590075Sobrien eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 10690075Sobrien if [ -n "${ifconfig_args}" ]; then 10796263Sobrien ifconfig ${ifn} ${ifconfig_args} alias 10896263Sobrien eval showstat_$ifn=1 10990075Sobrien alias=`expr ${alias} + 1` 11018334Speter else 11190075Sobrien break; 11290075Sobrien fi 11390075Sobrien done 11418334Speter 11518334Speter # Do ipx address if specified 11618334Speter # 11718334Speter eval ifconfig_args=\$ifconfig_${ifn}_ipx 11818334Speter if [ -n "${ifconfig_args}" ]; then 11918334Speter ifconfig ${ifn} ${ifconfig_args} 12018334Speter eval showstat_$ifn=1 12118334Speter fi 12218334Speter done 12318334Speter 12418334Speter for ifn in ${network_interfaces}; do 12518334Speter eval showstat=\$showstat_${ifn} 12618334Speter if [ ! -z ${showstat} ]; then 12718334Speter ifconfig ${ifn} 12818334Speter fi 12918334Speter done 13018334Speter 13118334Speter # ISDN subsystem startup 13218334Speter # 13318334Speter case ${isdn_enable} in 13418334Speter [Yy][Ee][Ss]) 13518334Speter if [ -r /etc/rc.isdn ]; then 13618334Speter . /etc/rc.isdn 13718334Speter fi 13818334Speter ;; 13918334Speter esac 14050397Sobrien 14150397Sobrien # Warm up user ppp if required, must happen before natd. 14250397Sobrien # 14350397Sobrien case ${ppp_enable} in 14450397Sobrien [Yy][Ee][Ss]) 14552284Sobrien # Establish ppp mode. 14652284Sobrien # 14752284Sobrien if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 14852284Sobrien -a "${ppp_mode}" != "dedicated" \ 14952284Sobrien -a "${ppp_mode}" != "background" ]; then 15052284Sobrien ppp_mode="auto"; 15152284Sobrien fi 15252284Sobrien 15352284Sobrien ppp_command="-${ppp_mode} "; 15452284Sobrien 15552284Sobrien # Switch on alias mode? 15618334Speter # 15718334Speter case ${ppp_nat} in 15818334Speter [Yy][Ee][Ss]) 15918334Speter ppp_command="${ppp_command} -nat"; 16018334Speter ;; 16118334Speter esac 16218334Speter 16318334Speter echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 16418334Speter ;; 16518334Speter esac 16618334Speter 16718334Speter # Initialize IP filtering using ipfw 16818334Speter # 16918334Speter echo '' 17018334Speter 17118334Speter if /sbin/ipfw -q flush > /dev/null 2>&1; then 17250397Sobrien firewall_in_kernel=1 17318334Speter else 17418334Speter firewall_in_kernel=0 17518334Speter fi 17618334Speter 17718334Speter case ${firewall_enable} in 17818334Speter [Yy][Ee][Ss]) 17918334Speter if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 18018334Speter firewall_in_kernel=1 18118334Speter echo "Kernel firewall module loaded." 18218334Speter elif [ "${firewall_in_kernel}" -eq 0 ]; then 18350397Sobrien echo "Warning: firewall kernel module failed to load." 18418334Speter fi 18518334Speter ;; 18618334Speter esac 18718334Speter 18818334Speter # Load the filters if required 18918334Speter # 19018334Speter case ${firewall_in_kernel} in 19150397Sobrien 1) 19250397Sobrien if [ -z "${firewall_script}" ]; then 19350397Sobrien firewall_script=/etc/rc.firewall 19450397Sobrien fi 19550397Sobrien 19650397Sobrien case ${firewall_enable} in 19750397Sobrien [Yy][Ee][Ss]) 19850397Sobrien if [ -r "${firewall_script}" ]; then 19950397Sobrien . "${firewall_script}" 20050397Sobrien echo -n 'Firewall rules loaded, starting divert daemons:' 20150397Sobrien 20250397Sobrien # Network Address Translation daemon 20350397Sobrien # 20450397Sobrien case ${natd_enable} in 20550397Sobrien [Yy][Ee][Ss]) 20650397Sobrien if [ -n "${natd_interface}" ]; then 20750397Sobrien if echo ${natd_interface} | \ 20850397Sobrien grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 20950397Sobrien natd_ifarg="-a ${natd_interface}" 21050397Sobrien else 21150397Sobrien natd_ifarg="-n ${natd_interface}" 21250397Sobrien fi 21350397Sobrien 21450397Sobrien echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 21550397Sobrien fi 21650397Sobrien ;; 21750397Sobrien esac 21850397Sobrien 21950397Sobrien echo '.' 22050397Sobrien 22150397Sobrien elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 22250397Sobrien echo -n "Warning: kernel has firewall functionality, " 22350397Sobrien echo "but firewall rules are not enabled." 22450397Sobrien echo " All ip services are disabled." 22550397Sobrien fi 22650397Sobrien 22750397Sobrien case ${firewall_logging} in 22850397Sobrien [Yy][Ee][Ss] | '') 22950397Sobrien echo 'Firewall logging=YES' 23050397Sobrien sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 23150397Sobrien ;; 23250397Sobrien *) 23350397Sobrien ;; 23450397Sobrien esac 23550397Sobrien 23650397Sobrien ;; 23750397Sobrien esac 23850397Sobrien ;; 23950397Sobrien esac 24050397Sobrien 24150397Sobrien # Additional ATM interface configuration 24250397Sobrien # 24350397Sobrien if [ -n "${atm_pass1_done}" ]; then 24450397Sobrien atm_pass2 24518334Speter fi 24690075Sobrien 24790075Sobrien # Configure routing 24818334Speter # 24990075Sobrien case ${defaultrouter} in 25090075Sobrien [Nn][Oo] | '') 25190075Sobrien ;; 25290075Sobrien *) 25390075Sobrien static_routes="default ${static_routes}" 25490075Sobrien route_default="default ${defaultrouter}" 25518334Speter ;; 25618334Speter esac 25718334Speter 25818334Speter # Set up any static routes. This should be done before router discovery. 25918334Speter # 26018334Speter if [ -n "${static_routes}" ]; then 26118334Speter for i in ${static_routes}; do 26218334Speter eval route_args=\$route_${i} 26318334Speter route add ${route_args} 26418334Speter done 26590075Sobrien fi 26690075Sobrien 26790075Sobrien echo -n 'Additional routing options:' 26890075Sobrien case ${tcp_extensions} in 26990075Sobrien [Yy][Ee][Ss] | '') 27090075Sobrien ;; 27190075Sobrien *) 27218334Speter echo -n ' tcp extensions=NO' 27390075Sobrien sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 27490075Sobrien ;; 27590075Sobrien esac 27618334Speter 27790075Sobrien case ${icmp_bmcastecho} in 27890075Sobrien [Yy][Ee][Ss]) 27918334Speter echo -n ' broadcast ping responses=YES' 28090075Sobrien sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 28190075Sobrien ;; 28290075Sobrien esac 28390075Sobrien 28490075Sobrien case ${icmp_drop_redirect} in 28590075Sobrien [Yy][Ee][Ss]) 28690075Sobrien echo -n ' ignore ICMP redirect=YES' 28790075Sobrien sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 28890075Sobrien ;; 28990075Sobrien esac 29090075Sobrien 29118334Speter case ${icmp_log_redirect} in 29252284Sobrien [Yy][Ee][Ss]) 29352284Sobrien echo -n ' log ICMP redirect=YES' 29490075Sobrien sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 29590075Sobrien ;; 29652284Sobrien esac 29718334Speter 29890075Sobrien case ${gateway_enable} in 29918334Speter [Yy][Ee][Ss]) 30018334Speter echo -n ' IP gateway=YES' 30118334Speter sysctl -w net.inet.ip.forwarding=1 >/dev/null 30290075Sobrien ;; 30390075Sobrien esac 30490075Sobrien 30518334Speter case ${forward_sourceroute} in 30618334Speter [Yy][Ee][Ss]) 30790075Sobrien echo -n ' do source routing=YES' 30850397Sobrien sysctl -w net.inet.ip.sourceroute=1 >/dev/null 30918334Speter ;; 31018334Speter esac 31118334Speter 31218334Speter case ${accept_sourceroute} in 31318334Speter [Yy][Ee][Ss]) 31418334Speter echo -n ' accept source routing=YES' 31518334Speter sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 31690075Sobrien ;; 31718334Speter esac 31818334Speter 31996263Sobrien case ${tcp_keepalive} in 32018334Speter [Yy][Ee][Ss]) 32118334Speter echo -n ' TCP keepalive=YES' 32290075Sobrien sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 32390075Sobrien ;; 32418334Speter esac 32550397Sobrien 32690075Sobrien case ${tcp_restrict_rst} in 32790075Sobrien [Yy][Ee][Ss]) 32850397Sobrien echo -n ' restrict TCP reset=YES' 32918334Speter sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 33018334Speter ;; 33190075Sobrien esac 33290075Sobrien 33390075Sobrien case ${tcp_drop_synfin} in 33450397Sobrien [Yy][Ee][Ss]) 33590075Sobrien echo -n ' drop SYN+FIN packets=YES' 33690075Sobrien sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 33790075Sobrien ;; 33890075Sobrien esac 33950397Sobrien 34090075Sobrien case ${ipxgateway_enable} in 34118334Speter [Yy][Ee][Ss]) 34290075Sobrien echo -n ' IPX gateway=YES' 34390075Sobrien sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 34490075Sobrien ;; 34590075Sobrien esac 34690075Sobrien 34790075Sobrien case ${arpproxy_all} in 34890075Sobrien [Yy][Ee][Ss]) 34990075Sobrien echo -n ' ARP proxyall=YES' 35090075Sobrien sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 35190075Sobrien ;; 35290075Sobrien esac 35390075Sobrien echo '.' 35496263Sobrien 35590075Sobrien case ${ipsec_enable} in 35690075Sobrien [Yy][Ee][Ss]) 35790075Sobrien if [ -f ${ipsec_file} ]; then 35890075Sobrien echo ' ipsec: enabled' 35990075Sobrien setkey -f ${ipsec_file} 36090075Sobrien else 36190075Sobrien echo ' ipsec: file not found' 36290075Sobrien fi 36318334Speter ;; 36418334Speter esac 36518334Speter 36618334Speter echo -n 'routing daemons:' 36790075Sobrien case ${router_enable} in 36818334Speter [Yy][Ee][Ss]) 36918334Speter echo -n " ${router}"; ${router} ${router_flags} 37090075Sobrien ;; 37118334Speter esac 37290075Sobrien 37390075Sobrien case ${ipxrouted_enable} in 37490075Sobrien [Yy][Ee][Ss]) 37590075Sobrien echo -n ' IPXrouted' 37690075Sobrien IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 37790075Sobrien ;; 37890075Sobrien esac 37918334Speter 38018334Speter case ${mrouted_enable} in 38190075Sobrien [Yy][Ee][Ss]) 38218334Speter echo -n ' mrouted'; mrouted ${mrouted_flags} 38318334Speter ;; 38490075Sobrien esac 38518334Speter 38652284Sobrien case ${rarpd_enable} in 38790075Sobrien [Yy][Ee][Ss]) 38852284Sobrien echo -n ' rarpd'; rarpd ${rarpd_flags} 38918334Speter ;; 39018334Speter esac 39190075Sobrien echo '.' 39218334Speter 39318334Speter # Let future generations know we made it. 39490075Sobrien # 39518334Speter network_pass1_done=YES 39618334Speter} 39790075Sobrien 39890075Sobriennetwork_pass2() { 39918334Speter echo -n 'Doing additional network setup:' 40018334Speter case ${named_enable} in 40190075Sobrien [Yy][Ee][Ss]) 40218334Speter echo -n ' named'; ${named_program:-named} ${named_flags} 40318334Speter ;; 40418334Speter esac 40590075Sobrien 40618334Speter case ${ntpdate_enable} in 40718334Speter [Yy][Ee][Ss]) 40818334Speter echo -n ' ntpdate' 40990075Sobrien ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 41018334Speter ;; 41150397Sobrien esac 41250397Sobrien 41390075Sobrien case ${xntpd_enable} in 41490075Sobrien [Yy][Ee][Ss]) 41550397Sobrien echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 41650397Sobrien ;; 41790075Sobrien esac 41850397Sobrien 41952284Sobrien case ${timed_enable} in 42090075Sobrien [Yy][Ee][Ss]) 42190075Sobrien echo -n ' timed'; timed ${timed_flags} 42252284Sobrien ;; 42352284Sobrien esac 42418334Speter 42590075Sobrien case ${portmap_enable} in 42690075Sobrien [Yy][Ee][Ss]) 42718334Speter echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 42818334Speter ;; 42990075Sobrien esac 43090075Sobrien 43150397Sobrien # Start ypserv if we're an NIS server. 43290075Sobrien # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 43318334Speter # 43418334Speter case ${nis_server_enable} in 43590075Sobrien [Yy][Ee][Ss]) 43690075Sobrien echo -n ' ypserv'; ypserv ${nis_server_flags} 43718334Speter 43890075Sobrien case ${nis_ypxfrd_enable} in 43990075Sobrien [Yy][Ee][Ss]) 44090075Sobrien echo -n ' rpc.ypxfrd' 44190075Sobrien rpc.ypxfrd ${nis_ypxfrd_flags} 44290075Sobrien ;; 44390075Sobrien esac 44490075Sobrien 44590075Sobrien case ${nis_yppasswdd_enable} in 44690075Sobrien [Yy][Ee][Ss]) 44790075Sobrien echo -n ' rpc.yppasswdd' 44890075Sobrien rpc.yppasswdd ${nis_yppasswdd_flags} 44990075Sobrien ;; 45090075Sobrien esac 45190075Sobrien ;; 45290075Sobrien esac 45390075Sobrien 45490075Sobrien # Start ypbind if we're an NIS client 45590075Sobrien # 45690075Sobrien case ${nis_client_enable} in 45718334Speter [Yy][Ee][Ss]) 45890075Sobrien echo -n ' ypbind'; ypbind ${nis_client_flags} 45918334Speter case ${nis_ypset_enable} in 46018334Speter [Yy][Ee][Ss]) 46190075Sobrien echo -n ' ypset'; ypset ${nis_ypset_flags} 46218334Speter ;; 46318334Speter esac 46418334Speter ;; 46590075Sobrien esac 46618334Speter 46718334Speter # Start keyserv if we are running Secure RPC 46818334Speter # 46990075Sobrien case ${keyserv_enable} in 47090075Sobrien [Yy][Ee][Ss]) 47190075Sobrien echo -n ' keyserv'; keyserv ${keyserv_flags} 47218334Speter ;; 47390075Sobrien esac 47490075Sobrien 47518334Speter # Start ypupdated if we are running Secure RPC and we are NIS master 47618334Speter # 47718334Speter case ${rpc_ypupdated_enable} in 47818334Speter [Yy][Ee][Ss]) 47918334Speter echo -n ' rpc.ypupdated'; rpc.ypupdated 48090075Sobrien ;; 48118334Speter esac 48218334Speter 48318334Speter # Start ATM daemons 48418334Speter if [ -n "${atm_pass2_done}" ]; then 48518334Speter atm_pass3 48690075Sobrien fi 48718334Speter 48890075Sobrien echo '.' 48990075Sobrien network_pass2_done=YES 49090075Sobrien} 49190075Sobrien 49290075Sobriennetwork_pass3() { 49390075Sobrien echo -n 'Starting final network daemons:' 49490075Sobrien 49590075Sobrien case ${nfs_server_enable} in 49650397Sobrien [Yy][Ee][Ss]) 49718334Speter if [ -r /etc/exports ]; then 49818334Speter echo -n ' mountd' 49918334Speter 50090075Sobrien case ${weak_mountd_authentication} in 50190075Sobrien [Yy][Ee][Ss]) 50218334Speter mountd_flags="-n" 50318334Speter ;; 50418334Speter esac 50590075Sobrien 50618334Speter mountd ${mountd_flags} 50718334Speter 50818334Speter case ${nfs_reserved_port_only} in 50990075Sobrien [Yy][Ee][Ss]) 51018334Speter echo -n ' NFS on reserved port only=YES' 51118334Speter sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 51290075Sobrien ;; 51318334Speter esac 51418334Speter 51590075Sobrien echo -n ' nfsd'; nfsd ${nfs_server_flags} 51690075Sobrien 51790075Sobrien if [ -n "${nfs_bufpackets}" ]; then 51890075Sobrien sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 51918334Speter > /dev/null 52090075Sobrien fi 52118334Speter 52218334Speter case ${rpc_lockd_enable} in 52390075Sobrien [Yy][Ee][Ss]) 52418334Speter echo -n ' rpc.lockd'; rpc.lockd 52518334Speter ;; 52618334Speter esac 52790075Sobrien 52818334Speter case ${rpc_statd_enable} in 52918334Speter [Yy][Ee][Ss]) 53018334Speter echo -n ' rpc.statd'; rpc.statd 53190075Sobrien ;; 53290075Sobrien esac 53390075Sobrien fi 53490075Sobrien ;; 53590075Sobrien *) 53618334Speter case ${single_mountd_enable} in 53790075Sobrien [Yy][Ee][Ss]) 53890075Sobrien if [ -r /etc/exports ]; then 53990075Sobrien echo -n ' mountd' 54090075Sobrien 54190075Sobrien case ${weak_mountd_authentication} in 54290075Sobrien [Yy][Ee][Ss]) 54390075Sobrien mountd_flags="-n" 54490075Sobrien ;; 54518334Speter esac 54618334Speter 54718334Speter mountd ${mountd_flags} 54818334Speter fi 54990075Sobrien ;; 55018334Speter esac 551102780Skan ;; 552102780Skan esac 553102780Skan 554102780Skan case ${nfs_client_enable} in 55590075Sobrien [Yy][Ee][Ss]) 55618334Speter echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 55718334Speter if [ -n "${nfs_access_cache}" ]; then 55818334Speter echo -n " NFS access cache time=${nfs_access_cache}" 55990075Sobrien sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 56018334Speter >/dev/null 56118334Speter fi 56290075Sobrien ;; 56318334Speter esac 56418334Speter 56518334Speter # If /var/db/mounttab exists, some nfs-server has not been 56690075Sobrien # sucessfully notified about a previous client shutdown. 56718334Speter # If there is no /var/db/mounttab, we do nothing. 56890075Sobrien if [ -f /var/db/mounttab ]; then 56918334Speter rpc.umntall -k 57090075Sobrien fi 57118334Speter 57290075Sobrien case ${amd_enable} in 57390075Sobrien [Yy][Ee][Ss]) 57490075Sobrien echo -n ' amd' 57590075Sobrien case ${amd_map_program} in 57690075Sobrien [Nn][Oo] | '') 57790075Sobrien ;; 57890075Sobrien *) 57990075Sobrien amd_flags="${amd_flags} `eval ${amd_map_program}`" 58090075Sobrien ;; 58190075Sobrien esac 58290075Sobrien 58318334Speter if [ -n "${amd_flags}" ]; then 58490075Sobrien amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 58518334Speter else 58618334Speter amd 2> /dev/null 58718334Speter fi 58890075Sobrien ;; 58990075Sobrien esac 59018334Speter 59118334Speter case ${rwhod_enable} in 59218334Speter [Yy][Ee][Ss]) 59318334Speter echo -n ' rwhod'; rwhod ${rwhod_flags} 59490075Sobrien ;; 59518334Speter esac 59618334Speter 59718334Speter # Kerberos runs ONLY on the Kerberos server machine 59890075Sobrien case ${kerberos_server_enable} in 59918334Speter [Yy][Ee][Ss]) 60018334Speter case ${kerberos_stash} in 60190075Sobrien [Yy][Ee][Ss]) 60218334Speter stash_flag=-n 60390075Sobrien ;; 60490075Sobrien *) 60590075Sobrien stash_flag= 60690075Sobrien ;; 60790075Sobrien esac 60890075Sobrien 60990075Sobrien echo -n ' kerberos' 61090075Sobrien kerberos ${stash_flag} >> /var/log/kerberos.log & 61190075Sobrien 61290075Sobrien case ${kadmind_server_enable} in 61390075Sobrien [Yy][Ee][Ss]) 61490075Sobrien echo -n ' kadmind' 615103445Skan (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 616103445Skan ;; 617103445Skan esac 61818334Speter unset stash_flag 61918334Speter ;; 62018334Speter esac 62118334Speter 62290075Sobrien case ${pppoed_enable} in 62318334Speter [Yy][Ee][Ss]) 62490075Sobrien if [ -n "${pppoed_provider}" ]; then 62590075Sobrien pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 62690075Sobrien fi 62790075Sobrien echo -n ' pppoed'; 62890075Sobrien /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 62990075Sobrien ;; 63090075Sobrien esac 63190075Sobrien 63290075Sobrien case ${sshd_enable} in 63390075Sobrien [Yy][Ee][Ss]) 63490075Sobrien if [ ! -f /etc/ssh/ssh_host_key ]; then 63590075Sobrien echo ' creating ssh RSA host key'; 63690075Sobrien /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 63790075Sobrien fi 63890075Sobrien if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 63990075Sobrien echo ' creating ssh DSA host key'; 64090075Sobrien /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 64190075Sobrien fi 64290075Sobrien ;; 64390075Sobrien esac 64490075Sobrien 64590075Sobrien echo '.' 64690075Sobrien network_pass3_done=YES 64790075Sobrien} 64890075Sobrien 64990075Sobriennetwork_pass4() { 65090075Sobrien echo -n 'Additional TCP options:' 65190075Sobrien case ${log_in_vain} in 65290075Sobrien [Nn][Oo] | '') 65390075Sobrien ;; 65490075Sobrien *) 65590075Sobrien echo -n ' log_in_vain=YES' 65690075Sobrien sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 65790075Sobrien sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 65890075Sobrien ;; 65990075Sobrien esac 66090075Sobrien 66190075Sobrien echo '.' 66290075Sobrien network_pass4_done=YES 66390075Sobrien} 66490075Sobrien