network.subr revision 51209
125184Sjkh#!/bin/sh - 225184Sjkh# 350472Speter# $FreeBSD: head/etc/network.subr 51209 1999-09-12 17:22:08Z des $ 425184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 525184Sjkh 625184Sjkh# Note that almost all the user-configurable behavior is no longer in 725184Sjkh# this file, but rather in /etc/rc.conf. Please check that file 825184Sjkh# first before contemplating any changes here. If you do need to change 925184Sjkh# this file for some reason, we would like to know about it. 1025184Sjkh 1125184Sjkh# First pass startup stuff. 1225184Sjkh 1325184Sjkhnetwork_pass1() { 1425184Sjkh echo -n 'Doing initial network setup:' 1525184Sjkh # Set the host name if it is not already set 1625184Sjkh if [ -z "`hostname -s`" ] ; then 1750357Ssheldonh hostname ${hostname} 1825184Sjkh echo -n ' hostname' 1925184Sjkh fi 2025184Sjkh 2125184Sjkh # Set the domainname if we're using NIS 2250357Ssheldonh if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then 2350357Ssheldonh domainname ${nisdomainname} 2425184Sjkh echo -n ' domain' 2525184Sjkh fi 2625184Sjkh echo '.' 2725184Sjkh 2840006Sphk # Initial ATM interface configuration 2950357Ssheldonh if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then 3040006Sphk . /etc/rc.atm 3140006Sphk atm_pass1 3240006Sphk fi 3340006Sphk 3442621Shm # ISDN subsystem startup 3550357Ssheldonh if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then 3642621Shm . /etc/rc.isdn 3742621Shm fi 3842621Shm 3942627Sjoerg # Special options for sppp(4) interfaces go here. These need 4042627Sjoerg # to go _before_ the general ifconfig section, since in the case 4142627Sjoerg # of hardwired (no link1 flag) but required authentication, you 4242627Sjoerg # cannot pass auth parameters down to the already running interface. 4342627Sjoerg for ifn in ${sppp_interfaces}; do 4442627Sjoerg eval spppcontrol_args=\$spppconfig_${ifn} 4542627Sjoerg if [ -n "${spppcontrol_args}" ] ; then 4642627Sjoerg # The auth secrets might contain spaces; in order 4742627Sjoerg # to retain the quotation, we need to eval them 4842627Sjoerg # here. 4942627Sjoerg eval spppcontrol ${ifn} ${spppcontrol_args} 5042627Sjoerg fi 5142627Sjoerg done 5242627Sjoerg 5325184Sjkh # Set up all the network interfaces, calling startup scripts if needed 5450357Ssheldonh if [ "${network_interfaces}" = "auto" ]; then 5548687Speter network_interfaces="`ifconfig -l`" 5648687Speter fi 5748687Speter for ifn in ${network_interfaces}; do 5848662Speter showstat=false 5925184Sjkh if [ -e /etc/start_if.${ifn} ]; then 6033682Sbrian . /etc/start_if.${ifn} 6148662Speter showstat=true 6225184Sjkh fi 6325184Sjkh # Do the primary ifconfig if specified 6425184Sjkh eval ifconfig_args=\$ifconfig_${ifn} 6525184Sjkh if [ -n "${ifconfig_args}" ] ; then 6648842Sjkh # See if we are using DHCP 6750470Sjkh if [ "${ifconfig_args}" = "DHCP" ]; then 6848842Sjkh ${dhcp_program} ${dhcp_flags} ${ifn} 6948842Sjkh else 7048842Sjkh ifconfig ${ifn} ${ifconfig_args} 7148842Sjkh fi 7248662Speter showstat=true 7325184Sjkh fi 7425184Sjkh # Check to see if aliases need to be added 7525184Sjkh alias=0 7625184Sjkh while : 7725184Sjkh do 7825184Sjkh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 7925184Sjkh if [ -n "${ifconfig_args}" ]; then 8025184Sjkh ifconfig ${ifn} ${ifconfig_args} alias 8148662Speter showstat=true 8225184Sjkh alias=`expr ${alias} + 1` 8325184Sjkh else 8425184Sjkh break; 8525184Sjkh fi 8625184Sjkh done 8725184Sjkh # Do ipx address if specified 8825184Sjkh eval ifconfig_args=\$ifconfig_${ifn}_ipx 8925184Sjkh if [ -n "${ifconfig_args}" ]; then 9025184Sjkh ifconfig ${ifn} ${ifconfig_args} 9148662Speter showstat=true 9225184Sjkh fi 9348662Speter if [ "${showstat}" = "true" ] 9448662Speter then 9548662Speter ifconfig ${ifn} 9648662Speter fi 9725184Sjkh done 9829300Sdanny 9949122Sbrian # Warm up user ppp if required, must happen before natd. 10050357Ssheldonh if [ "${ppp_enable}" = "YES" ]; then 10149122Sbrian # Establish ppp mode. 10250357Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 10350735Speter -a "${ppp_mode}" != "dedicated" \ 10450735Speter -a "${ppp_mode}" != "background" ]; then 10549122Sbrian ppp_mode="auto"; 10649122Sbrian fi 10749122Sbrian ppp_command="-${ppp_mode} "; 10849122Sbrian 10949122Sbrian # Switch on alias mode? 11050357Ssheldonh if [ "${ppp_nat}" = "YES" ]; then 11150193Sbrian ppp_command="${ppp_command} -nat"; 11249122Sbrian fi 11349122Sbrian 11450063Sbrian echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 11549122Sbrian fi 11649122Sbrian 11729300Sdanny # Initialize IP filtering using ipfw 11829300Sdanny echo "" 11929300Sdanny /sbin/ipfw -q flush > /dev/null 2>&1 12032382Salex if [ $? = 0 ] ; then 12132382Salex firewall_in_kernel=1 12232382Salex else 12329300Sdanny firewall_in_kernel=0 12429300Sdanny fi 12529300Sdanny 12650357Ssheldonh if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then 12741077Speter if kldload ipfw; then 12829300Sdanny firewall_in_kernel=1 # module loaded successfully 12929300Sdanny echo "Kernel firewall module loaded." 13029300Sdanny else 13129300Sdanny echo "Warning: firewall kernel module failed to load." 13229300Sdanny fi 13329300Sdanny fi 13429300Sdanny 13529300Sdanny # Load the filters if required 13650357Ssheldonh if [ ${firewall_in_kernel} = 1 ]; then 13745542Sdes if [ -z "${firewall_script}" ] ; then 13845542Sdes firewall_script="/etc/rc.firewall" 13945542Sdes fi 14050357Ssheldonh if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then 14145542Sdes . ${firewall_script} 14245622Sbrian echo -n 'Firewall rules loaded, starting divert daemons:' 14344992Sbrian 14444992Sbrian # Network Address Translation daemon 14550357Ssheldonh if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then 14644992Sbrian if echo ${natd_interface} | \ 14744992Sbrian grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 14844992Sbrian natd_ifarg="-a ${natd_interface}" 14944992Sbrian else 15044992Sbrian natd_ifarg="-n ${natd_interface}" 15144992Sbrian fi 15244992Sbrian echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} 15344992Sbrian fi 15444992Sbrian echo '.' 15529300Sdanny else 15633337Salex IPFW_DEFAULT=`ipfw l 65535` 15750357Ssheldonh if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then 15833149Salex echo -n "Warning: kernel has firewall functionality, " 15933149Salex echo "but firewall rules are not enabled." 16033149Salex echo " All ip services are disabled." 16133149Salex fi 16229300Sdanny fi 16325184Sjkh fi 16425184Sjkh 16540006Sphk # Additional ATM interface configuration 16640006Sphk if [ -n "${atm_pass1_done}" ]; then 16740006Sphk atm_pass2 16840006Sphk fi 16940006Sphk 17029300Sdanny # Configure routing 17129300Sdanny 17250357Ssheldonh if [ "${defaultrouter}" != "NO" ] ; then 17325184Sjkh static_routes="default ${static_routes}" 17425184Sjkh route_default="default ${defaultrouter}" 17525184Sjkh fi 17625184Sjkh 17725184Sjkh # Set up any static routes. This should be done before router discovery. 17850357Ssheldonh if [ -n "${static_routes}" ]; then 17925184Sjkh for i in ${static_routes}; do 18025184Sjkh eval route_args=\$route_${i} 18125184Sjkh route add ${route_args} 18225184Sjkh done 18325184Sjkh fi 18425184Sjkh 18525184Sjkh echo -n 'Additional routing options:' 18650357Ssheldonh if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then 18727218Spst echo -n ' tcp extensions=NO' 18847755Sbde sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 18927218Spst fi 19027218Spst 19150357Ssheldonh if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then 19245096Simp echo -n ' log_in_vain=YES' 19347755Sbde sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 19447755Sbde sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 19545096Simp fi 19645096Simp 19750357Ssheldonh if [ "${icmp_bmcastecho}" = "YES" ]; then 19839267Sjkoshy echo -n ' broadcast ping responses=YES' 19947755Sbde sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 20039267Sjkoshy fi 20149603Sdes 20250357Ssheldonh if [ "${icmp_drop_redirect}" = "YES" ]; then 20349603Sdes echo -n ' ignore ICMP redirect=YES' 20449603Sdes sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 20549603Sdes fi 20649603Sdes 20750357Ssheldonh if [ "${icmp_log_redirect}" = "YES" ]; then 20849603Sdes echo -n ' log ICMP redirect=YES' 20949603Sdes sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 21049603Sdes fi 21139267Sjkoshy 21250357Ssheldonh if [ "${gateway_enable}" = "YES" ]; then 21325365Sjkh echo -n ' IP gateway=YES' 21447755Sbde sysctl -w net.inet.ip.forwarding=1 >/dev/null 21525184Sjkh fi 21625184Sjkh 21750357Ssheldonh if [ "${forward_sourceroute}" = "YES" ]; then 21833439Sguido echo -n ' do source routing=YES' 21947755Sbde sysctl -w net.inet.ip.sourceroute=1 >/dev/null 22033439Sguido fi 22133439Sguido 22250357Ssheldonh if [ "${accept_sourceroute}" = "YES" ]; then 22333439Sguido echo -n ' accept source routing=YES' 22447755Sbde sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 22533439Sguido fi 22633439Sguido 22750357Ssheldonh if [ "${tcp_keepalive}" = "YES" ]; then 22847752Sphk echo -n ' TCP keepalive=YES' 22947755Sbde sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 23047752Sphk fi 23147752Sphk 23251209Sdes if [ "X$tcp_restrict_rst" = X"YES" ]; then 23351209Sdes echo -n ' restrict TCP reset=YES' 23451209Sdes sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 23551209Sdes fi 23651209Sdes 23751209Sdes if [ "X$tcp_drop_synfin" = X"YES" ]; then 23851209Sdes echo -n ' drop SYN+FIN packets=YES' 23951209Sdes sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 24051209Sdes fi 24151209Sdes 24250357Ssheldonh if [ "${ipxgateway_enable}" = "YES" ]; then 24325365Sjkh echo -n ' IPX gateway=YES' 24447755Sbde sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 24525184Sjkh fi 24625184Sjkh 24750357Ssheldonh if [ "${arpproxy_all}" = "YES" ]; then 24847755Sbde echo -n ' ARP proxyall=YES' 24947755Sbde sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 25036174Sjkh fi 25136174Sjkh echo '.' 25236174Sjkh 25336174Sjkh echo -n 'routing daemons:' 25450357Ssheldonh if [ "${router_enable}" = "YES" ]; then 25536174Sjkh echo -n " ${router}"; ${router} ${router_flags} 25636174Sjkh fi 25736174Sjkh 25850357Ssheldonh if [ "${ipxrouted_enable}" = "YES" ]; then 25936174Sjkh echo -n ' IPXrouted' 26025184Sjkh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 26125184Sjkh fi 26225765Sjkh 26350357Ssheldonh if [ "${mrouted_enable}" = "YES" ]; then 26436174Sjkh echo -n ' mrouted'; mrouted ${mrouted_flags} 26525765Sjkh fi 26636174Sjkh 26750357Ssheldonh if [ "${rarpd_enable}" = "YES" ]; then 26834395Sjkh echo -n ' rarpd'; rarpd ${rarpd_flags} 26934395Sjkh fi 27025184Sjkh echo '.' 27125184Sjkh network_pass1_done=YES # Let future generations know we made it. 27225184Sjkh} 27325184Sjkh 27425184Sjkhnetwork_pass2() { 27525184Sjkh echo -n 'Doing additional network setup:' 27650357Ssheldonh if [ "${named_enable}" = "YES" ]; then 27732949Swollman echo -n ' named'; ${named_program-"named"} ${named_flags} 27825184Sjkh fi 27925184Sjkh 28050357Ssheldonh if [ "${ntpdate_enable}" = "YES" ]; then 28135787Sandreas echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 28231472Sobrien fi 28325184Sjkh 28450357Ssheldonh if [ "${xntpd_enable}" = "YES" ]; then 28535787Sandreas echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} 28625184Sjkh fi 28725184Sjkh 28850357Ssheldonh if [ "${timed_enable}" = "YES" ]; then 28925184Sjkh echo -n ' timed'; timed ${timed_flags} 29025184Sjkh fi 29125184Sjkh 29250357Ssheldonh if [ "${portmap_enable}" = "YES" ]; then 29344668Sjfitz echo -n ' portmap'; ${portmap_program} ${portmap_flags} 29425184Sjkh fi 29525184Sjkh 29625184Sjkh # Start ypserv if we're an NIS server. 29725184Sjkh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 29850357Ssheldonh if [ "${nis_server_enable}" = "YES" ]; then 29925184Sjkh echo -n ' ypserv'; ypserv ${nis_server_flags} 30025184Sjkh 30150357Ssheldonh if [ "${nis_ypxfrd_enable}" = "YES" ]; then 30225184Sjkh echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} 30325184Sjkh fi 30425184Sjkh 30550357Ssheldonh if [ "${nis_yppasswdd_enable}" = "YES" ]; then 30625184Sjkh echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} 30725184Sjkh fi 30825184Sjkh fi 30925184Sjkh 31025184Sjkh # Start ypbind if we're an NIS client 31150357Ssheldonh if [ "${nis_client_enable}" = "YES" ]; then 31225184Sjkh echo -n ' ypbind'; ypbind ${nis_client_flags} 31350357Ssheldonh if [ "${nis_ypset_enable}" = "YES" ]; then 31425184Sjkh echo -n ' ypset'; ypset ${nis_ypset_flags} 31525184Sjkh fi 31625184Sjkh fi 31725184Sjkh 31835149Smarkm # Start keyserv if we are running Secure RPC 31950357Ssheldonh if [ "${keyserv_enable}" = "YES" ]; then 32035149Smarkm echo -n ' keyserv'; keyserv ${keyserv_flags} 32135149Smarkm fi 32235149Smarkm # Start ypupdated if we are running Secure RPC and we are NIS master 32350357Ssheldonh if [ "${rpc_ypupdated_enable}" = "YES" ]; then 32435149Smarkm echo -n ' rpc.ypupdated'; rpc.ypupdated 32535149Smarkm fi 32635149Smarkm 32740006Sphk # Start ATM daemons 32840006Sphk if [ -n "${atm_pass2_done}" ]; then 32940006Sphk atm_pass3 33040006Sphk fi 33140006Sphk 33225184Sjkh echo '.' 33325184Sjkh network_pass2_done=YES 33425184Sjkh} 33525184Sjkh 33625184Sjkhnetwork_pass3() { 33725184Sjkh echo -n 'Starting final network daemons:' 33825184Sjkh 33950357Ssheldonh if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then 34025184Sjkh echo -n ' mountd' 34150357Ssheldonh if [ "${weak_mountd_authentication}" = "YES" ]; then 34225184Sjkh mountd_flags="-n" 34325184Sjkh fi 34425184Sjkh mountd ${mountd_flags} 34550357Ssheldonh if [ "${nfs_reserved_port_only}" = "YES" ]; then 34647755Sbde echo -n ' NFS on reserved port only=YES' 34747755Sbde sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 34825184Sjkh fi 34925916Sjkh echo -n ' nfsd'; nfsd ${nfs_server_flags} 35050357Ssheldonh if [ "${rpc_lockd_enable}" = "YES" ]; then 35125184Sjkh echo -n ' rpc.lockd'; rpc.lockd 35225184Sjkh fi 35350357Ssheldonh if [ "${rpc_statd_enable}" = "YES" ]; then 35425184Sjkh echo -n ' rpc.statd'; rpc.statd 35525184Sjkh fi 35625184Sjkh fi 35725184Sjkh 35850357Ssheldonh if [ "${nfs_client_enable}" = "YES" ]; then 35925916Sjkh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 36050357Ssheldonh if [ "${nfs_access_cache}" != "X" ]; then 36147755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 36241371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 36347755Sbde >/dev/null 36441185Smsmith fi 36525184Sjkh fi 36625184Sjkh 36750357Ssheldonh if [ "${amd_enable}" = "YES" ]; then 36825184Sjkh echo -n ' amd' 36950357Ssheldonh if [ "${amd_map_program}" != "NO" ]; then 37039380Scracauer amd_flags="${amd_flags} `eval ${amd_map_program}`" 37135459Sphk fi 37250357Ssheldonh if [ -n "${amd_flags}" ] 37347838Sbrian then 37447838Sbrian amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 37547838Sbrian else 37647838Sbrian amd 2> /dev/null 37747838Sbrian fi 37825184Sjkh fi 37925184Sjkh 38050357Ssheldonh if [ "${rwhod_enable}" = "YES" ]; then 38142270Sjkh echo -n ' rwhod'; rwhod ${rwhod_flags} 38225184Sjkh fi 38325184Sjkh 38425184Sjkh # Kerberos runs ONLY on the Kerberos server machine 38550357Ssheldonh if [ "${kerberos_server_enable}" = "YES" ]; then 38650357Ssheldonh if [ "${kerberos_stash}" = "YES" ]; then 38731033Ssef stash_flag=-n 38831033Ssef else 38931033Ssef stash_flag= 39031033Ssef fi 39131033Ssef echo -n ' kerberos'; \ 39238316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 39350357Ssheldonh if [ "${kadmind_server_enable}" = "YES" ]; then 39431033Ssef echo -n ' kadmind'; \ 39538316Sphk (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 39631033Ssef fi 39731033Ssef unset stash_flag 39825184Sjkh fi 39925184Sjkh 40025184Sjkh echo '.' 40125184Sjkh network_pass3_done=YES 40225184Sjkh} 403