network.subr revision 64731
125184Sjkh#!/bin/sh - 225184Sjkh# 350472Speter# $FreeBSD: head/etc/network.subr 64731 2000-08-16 23:08:28Z jhb $ 425184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 525184Sjkh 651231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 751231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 825184Sjkh# first before contemplating any changes here. If you do need to change 925184Sjkh# this file for some reason, we would like to know about it. 1025184Sjkh 1125184Sjkh# First pass startup stuff. 1251231Ssheldonh# 1325184Sjkhnetwork_pass1() { 1451231Ssheldonh echo -n 'Doing initial network setup:' 1525184Sjkh 1651231Ssheldonh # Set the host name if it is not already set 1751231Ssheldonh # 1851231Ssheldonh if [ -z "`hostname -s`" ]; then 1951231Ssheldonh hostname ${hostname} 2051231Ssheldonh echo -n ' hostname' 2151231Ssheldonh fi 2225184Sjkh 2351231Ssheldonh # Set the domainname if we're using NIS 2451231Ssheldonh # 2551231Ssheldonh case ${nisdomainname} in 2651231Ssheldonh [Nn][Oo] | '') 2751231Ssheldonh ;; 2851231Ssheldonh *) 2951231Ssheldonh domainname ${nisdomainname} 3051231Ssheldonh echo -n ' domain' 3151231Ssheldonh ;; 3251231Ssheldonh esac 3340006Sphk 3451231Ssheldonh echo '.' 3542621Shm 3651231Ssheldonh # Initial ATM interface configuration 3751231Ssheldonh # 3851231Ssheldonh case ${atm_enable} in 3951231Ssheldonh [Yy][Ee][Ss]) 4051231Ssheldonh if [ -r /etc/rc.atm ]; then 4151231Ssheldonh . /etc/rc.atm 4251231Ssheldonh atm_pass1 4351231Ssheldonh fi 4451231Ssheldonh ;; 4551231Ssheldonh esac 4642627Sjoerg 4751231Ssheldonh # Special options for sppp(4) interfaces go here. These need 4851231Ssheldonh # to go _before_ the general ifconfig section, since in the case 4951231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 5051231Ssheldonh # cannot pass auth parameters down to the already running interface. 5151231Ssheldonh # 5251231Ssheldonh for ifn in ${sppp_interfaces}; do 5351231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 5451231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 5551231Ssheldonh # The auth secrets might contain spaces; in order 5651231Ssheldonh # to retain the quotation, we need to eval them 5751231Ssheldonh # here. 5851231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 5951231Ssheldonh fi 6051231Ssheldonh done 6149122Sbrian 6251231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 6351231Ssheldonh # 6451231Ssheldonh case ${network_interfaces} in 6551231Ssheldonh [Aa][Uu][Tt][Oo]) 6651231Ssheldonh network_interfaces="`ifconfig -l`" 6751231Ssheldonh ;; 6851231Ssheldonh esac 6949122Sbrian 7054458Sobrien dhcp_interfaces="" 7151231Ssheldonh for ifn in ${network_interfaces}; do 7251231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 7351231Ssheldonh . /etc/start_if.${ifn} 7454458Sobrien eval showstat_$ifn=1 7551231Ssheldonh fi 7649122Sbrian 7751231Ssheldonh # Do the primary ifconfig if specified 7851231Ssheldonh # 7951231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 8029300Sdanny 8151231Ssheldonh case ${ifconfig_args} in 8251231Ssheldonh '') 8351231Ssheldonh ;; 8451231Ssheldonh [Dd][Hh][Cc][Pp]) 8554458Sobrien # DHCP inits are done all in one go below 8654458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 8754458Sobrien eval showstat_$ifn=1 8851231Ssheldonh ;; 8951231Ssheldonh *) 9051231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 9154458Sobrien eval showstat_$ifn=1 9251231Ssheldonh ;; 9351231Ssheldonh esac 9454458Sobrien done 9551231Ssheldonh 9654458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 9754458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 9854458Sobrien fi 9954458Sobrien 10054458Sobrien for ifn in ${network_interfaces}; do 10151231Ssheldonh # Check to see if aliases need to be added 10251231Ssheldonh # 10351231Ssheldonh alias=0 10451231Ssheldonh while : ; do 10551231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 10651231Ssheldonh if [ -n "${ifconfig_args}" ]; then 10751231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 10854458Sobrien eval showstat_$ifn=1 10951231Ssheldonh alias=`expr ${alias} + 1` 11051231Ssheldonh else 11151231Ssheldonh break; 11251231Ssheldonh fi 11351231Ssheldonh done 11451231Ssheldonh 11551231Ssheldonh # Do ipx address if specified 11651231Ssheldonh # 11751231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 11851231Ssheldonh if [ -n "${ifconfig_args}" ]; then 11951231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 12054458Sobrien eval showstat_$ifn=1 12151231Ssheldonh fi 12254458Sobrien done 12351231Ssheldonh 12454458Sobrien for ifn in ${network_interfaces}; do 12554458Sobrien eval showstat=\$showstat_${ifn} 12654458Sobrien if [ ! -z ${showstat} ]; then 12751231Ssheldonh ifconfig ${ifn} 12854458Sobrien fi 12951231Ssheldonh done 13051231Ssheldonh 13157012Shm # ISDN subsystem startup 13257012Shm # 13357012Shm case ${isdn_enable} in 13457012Shm [Yy][Ee][Ss]) 13557012Shm if [ -r /etc/rc.isdn ]; then 13657012Shm . /etc/rc.isdn 13757012Shm fi 13857012Shm ;; 13957012Shm esac 14057012Shm 14164471Sbrian # Start user ppp if required. This must happen before natd. 14251231Ssheldonh # 14351231Ssheldonh case ${ppp_enable} in 14451231Ssheldonh [Yy][Ee][Ss]) 14551231Ssheldonh # Establish ppp mode. 14651231Ssheldonh # 14751231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 14851231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 14951231Ssheldonh -a "${ppp_mode}" != "background" ]; then 15064471Sbrian ppp_mode="auto" 15151231Ssheldonh fi 15251231Ssheldonh 15364471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 15451231Ssheldonh 15564471Sbrian # Switch on NAT mode? 15651231Ssheldonh # 15751231Ssheldonh case ${ppp_nat} in 15851231Ssheldonh [Yy][Ee][Ss]) 15964471Sbrian ppp_command="${ppp_command} -nat" 16051231Ssheldonh ;; 16151231Ssheldonh esac 16251231Ssheldonh 16364471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 16464471Sbrian 16564471Sbrian echo -n "Starting ppp as \"${ppp_user}\"" 16664471Sbrian su ${ppp_user} -c "exec ${ppp_command}" 16751231Ssheldonh ;; 16851231Ssheldonh esac 16951231Ssheldonh 17051231Ssheldonh # Initialize IP filtering using ipfw 17151231Ssheldonh # 17251231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 17351231Ssheldonh firewall_in_kernel=1 17429300Sdanny else 17551231Ssheldonh firewall_in_kernel=0 17629300Sdanny fi 17729300Sdanny 17851231Ssheldonh case ${firewall_enable} in 17951231Ssheldonh [Yy][Ee][Ss]) 18051231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 18151231Ssheldonh firewall_in_kernel=1 18251231Ssheldonh echo "Kernel firewall module loaded." 18351231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 18451231Ssheldonh echo "Warning: firewall kernel module failed to load." 18551231Ssheldonh fi 18651231Ssheldonh ;; 18751231Ssheldonh esac 18844992Sbrian 18951231Ssheldonh # Load the filters if required 19051231Ssheldonh # 19151231Ssheldonh case ${firewall_in_kernel} in 19251231Ssheldonh 1) 19351231Ssheldonh if [ -z "${firewall_script}" ]; then 19451231Ssheldonh firewall_script=/etc/rc.firewall 19544992Sbrian fi 19651231Ssheldonh 19751231Ssheldonh case ${firewall_enable} in 19851231Ssheldonh [Yy][Ee][Ss]) 19951426Sgreen if [ -r "${firewall_script}" ]; then 20051426Sgreen . "${firewall_script}" 20151231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 20251231Ssheldonh 20351231Ssheldonh # Network Address Translation daemon 20451231Ssheldonh # 20551231Ssheldonh case ${natd_enable} in 20651231Ssheldonh [Yy][Ee][Ss]) 20751231Ssheldonh if [ -n "${natd_interface}" ]; then 20851231Ssheldonh if echo ${natd_interface} | \ 20951231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 21051231Ssheldonh natd_ifarg="-a ${natd_interface}" 21151231Ssheldonh else 21251231Ssheldonh natd_ifarg="-n ${natd_interface}" 21351231Ssheldonh fi 21451231Ssheldonh 21551231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 21651231Ssheldonh fi 21751231Ssheldonh ;; 21851231Ssheldonh esac 21951231Ssheldonh 22051231Ssheldonh echo '.' 22151231Ssheldonh 22251231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 22351231Ssheldonh echo -n "Warning: kernel has firewall functionality, " 22451231Ssheldonh echo "but firewall rules are not enabled." 22551231Ssheldonh echo " All ip services are disabled." 22651231Ssheldonh fi 22760103Sache 22860103Sache case ${firewall_logging} in 22960103Sache [Yy][Ee][Ss] | '') 23060103Sache echo 'Firewall logging=YES' 23160103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 23260103Sache ;; 23360103Sache *) 23460103Sache ;; 23560103Sache esac 23660103Sache 23751231Ssheldonh ;; 23851231Ssheldonh esac 23951231Ssheldonh ;; 24051231Ssheldonh esac 24151231Ssheldonh 24251231Ssheldonh # Additional ATM interface configuration 24351231Ssheldonh # 24451231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 24551231Ssheldonh atm_pass2 24629300Sdanny fi 24725184Sjkh 24851231Ssheldonh # Configure routing 24951231Ssheldonh # 25051231Ssheldonh case ${defaultrouter} in 25151231Ssheldonh [Nn][Oo] | '') 25251231Ssheldonh ;; 25351231Ssheldonh *) 25451231Ssheldonh static_routes="default ${static_routes}" 25551231Ssheldonh route_default="default ${defaultrouter}" 25651231Ssheldonh ;; 25751231Ssheldonh esac 25840006Sphk 25951231Ssheldonh # Set up any static routes. This should be done before router discovery. 26051231Ssheldonh # 26151231Ssheldonh if [ -n "${static_routes}" ]; then 26251231Ssheldonh for i in ${static_routes}; do 26351231Ssheldonh eval route_args=\$route_${i} 26451231Ssheldonh route add ${route_args} 26551231Ssheldonh done 26651231Ssheldonh fi 26729300Sdanny 26851231Ssheldonh echo -n 'Additional routing options:' 26951231Ssheldonh case ${tcp_extensions} in 27051231Ssheldonh [Yy][Ee][Ss] | '') 27151231Ssheldonh ;; 27251231Ssheldonh *) 27351231Ssheldonh echo -n ' tcp extensions=NO' 27451231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 27551231Ssheldonh ;; 27651231Ssheldonh esac 27725184Sjkh 27851231Ssheldonh case ${icmp_bmcastecho} in 27951231Ssheldonh [Yy][Ee][Ss]) 28051231Ssheldonh echo -n ' broadcast ping responses=YES' 28151231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 28251231Ssheldonh ;; 28351231Ssheldonh esac 28445096Simp 28551231Ssheldonh case ${icmp_drop_redirect} in 28651231Ssheldonh [Yy][Ee][Ss]) 28751231Ssheldonh echo -n ' ignore ICMP redirect=YES' 28851231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 28951231Ssheldonh ;; 29051231Ssheldonh esac 29139267Sjkoshy 29251231Ssheldonh case ${icmp_log_redirect} in 29351231Ssheldonh [Yy][Ee][Ss]) 29451231Ssheldonh echo -n ' log ICMP redirect=YES' 29551231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 29651231Ssheldonh ;; 29751231Ssheldonh esac 29833439Sguido 29951231Ssheldonh case ${gateway_enable} in 30051231Ssheldonh [Yy][Ee][Ss]) 30151231Ssheldonh echo -n ' IP gateway=YES' 30251231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 30351231Ssheldonh ;; 30451231Ssheldonh esac 30533439Sguido 30651231Ssheldonh case ${forward_sourceroute} in 30751231Ssheldonh [Yy][Ee][Ss]) 30851231Ssheldonh echo -n ' do source routing=YES' 30951231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 31051231Ssheldonh ;; 31151231Ssheldonh esac 31247752Sphk 31351231Ssheldonh case ${accept_sourceroute} in 31451231Ssheldonh [Yy][Ee][Ss]) 31551231Ssheldonh echo -n ' accept source routing=YES' 31651231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 31751231Ssheldonh ;; 31851231Ssheldonh esac 31951209Sdes 32051231Ssheldonh case ${tcp_keepalive} in 32151231Ssheldonh [Yy][Ee][Ss]) 32251231Ssheldonh echo -n ' TCP keepalive=YES' 32351231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 32451231Ssheldonh ;; 32551231Ssheldonh esac 32651209Sdes 32751231Ssheldonh case ${tcp_restrict_rst} in 32851231Ssheldonh [Yy][Ee][Ss]) 32951231Ssheldonh echo -n ' restrict TCP reset=YES' 33051231Ssheldonh sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 33151231Ssheldonh ;; 33251231Ssheldonh esac 33336174Sjkh 33451231Ssheldonh case ${tcp_drop_synfin} in 33551231Ssheldonh [Yy][Ee][Ss]) 33651231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 33751231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 33851231Ssheldonh ;; 33951231Ssheldonh esac 34036174Sjkh 34151231Ssheldonh case ${ipxgateway_enable} in 34251231Ssheldonh [Yy][Ee][Ss]) 34351231Ssheldonh echo -n ' IPX gateway=YES' 34451231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 34551231Ssheldonh ;; 34651231Ssheldonh esac 34751231Ssheldonh 34851231Ssheldonh case ${arpproxy_all} in 34951231Ssheldonh [Yy][Ee][Ss]) 35051231Ssheldonh echo -n ' ARP proxyall=YES' 35151231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 35251231Ssheldonh ;; 35351231Ssheldonh esac 35461961Sdillon 35561961Sdillon case ${ip_portrange_first} in 35661961Sdillon [Nn][Oo] | '') 35761961Sdillon ;; 35861961Sdillon *) 35961961Sdillon echo -n ' ip_portrange_first=$ip_portrange_first' 36061961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 36161961Sdillon ;; 36261961Sdillon esac 36361961Sdillon 36461961Sdillon case ${ip_portrange_last} in 36561961Sdillon [Nn][Oo] | '') 36664731Sjhb ;; 36761961Sdillon *) 36861961Sdillon echo -n ' ip_portrange_last=$ip_portrange_last' 36961961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 37061961Sdillon ;; 37161961Sdillon esac 37261961Sdillon 37351231Ssheldonh echo '.' 37451231Ssheldonh 37560628Sdillon case ${ipsec_enable} in 37660628Sdillon [Yy][Ee][Ss]) 37760628Sdillon if [ -f ${ipsec_file} ]; then 37860628Sdillon echo ' ipsec: enabled' 37960628Sdillon setkey -f ${ipsec_file} 38060628Sdillon else 38160628Sdillon echo ' ipsec: file not found' 38260628Sdillon fi 38360628Sdillon ;; 38460628Sdillon esac 38560628Sdillon 38651231Ssheldonh echo -n 'routing daemons:' 38751231Ssheldonh case ${router_enable} in 38851231Ssheldonh [Yy][Ee][Ss]) 38951231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 39051231Ssheldonh ;; 39151231Ssheldonh esac 39251231Ssheldonh 39351231Ssheldonh case ${ipxrouted_enable} in 39451231Ssheldonh [Yy][Ee][Ss]) 39551231Ssheldonh echo -n ' IPXrouted' 39651231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 39751231Ssheldonh ;; 39851231Ssheldonh esac 39951231Ssheldonh 40051231Ssheldonh case ${mrouted_enable} in 40151231Ssheldonh [Yy][Ee][Ss]) 40251231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 40351231Ssheldonh ;; 40451231Ssheldonh esac 40551231Ssheldonh 40651231Ssheldonh case ${rarpd_enable} in 40751231Ssheldonh [Yy][Ee][Ss]) 40851231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 40951231Ssheldonh ;; 41051231Ssheldonh esac 41151231Ssheldonh echo '.' 41251231Ssheldonh 41351231Ssheldonh # Let future generations know we made it. 41451231Ssheldonh # 41551231Ssheldonh network_pass1_done=YES 41625184Sjkh} 41725184Sjkh 41825184Sjkhnetwork_pass2() { 41951231Ssheldonh echo -n 'Doing additional network setup:' 42051231Ssheldonh case ${named_enable} in 42151231Ssheldonh [Yy][Ee][Ss]) 42251231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 42351231Ssheldonh ;; 42451231Ssheldonh esac 42525184Sjkh 42651231Ssheldonh case ${ntpdate_enable} in 42751231Ssheldonh [Yy][Ee][Ss]) 42851231Ssheldonh echo -n ' ntpdate' 42951231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 43051231Ssheldonh ;; 43151231Ssheldonh esac 43225184Sjkh 43351231Ssheldonh case ${xntpd_enable} in 43451231Ssheldonh [Yy][Ee][Ss]) 43554739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 43651231Ssheldonh ;; 43751231Ssheldonh esac 43825184Sjkh 43951231Ssheldonh case ${timed_enable} in 44051231Ssheldonh [Yy][Ee][Ss]) 44151231Ssheldonh echo -n ' timed'; timed ${timed_flags} 44251231Ssheldonh ;; 44351231Ssheldonh esac 44425184Sjkh 44551231Ssheldonh case ${portmap_enable} in 44651231Ssheldonh [Yy][Ee][Ss]) 44751231Ssheldonh echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 44851231Ssheldonh ;; 44951231Ssheldonh esac 45025184Sjkh 45151231Ssheldonh # Start ypserv if we're an NIS server. 45251231Ssheldonh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 45351231Ssheldonh # 45451231Ssheldonh case ${nis_server_enable} in 45551231Ssheldonh [Yy][Ee][Ss]) 45651231Ssheldonh echo -n ' ypserv'; ypserv ${nis_server_flags} 45725184Sjkh 45851231Ssheldonh case ${nis_ypxfrd_enable} in 45951231Ssheldonh [Yy][Ee][Ss]) 46051231Ssheldonh echo -n ' rpc.ypxfrd' 46151231Ssheldonh rpc.ypxfrd ${nis_ypxfrd_flags} 46251231Ssheldonh ;; 46351231Ssheldonh esac 46425184Sjkh 46551231Ssheldonh case ${nis_yppasswdd_enable} in 46651231Ssheldonh [Yy][Ee][Ss]) 46751231Ssheldonh echo -n ' rpc.yppasswdd' 46851231Ssheldonh rpc.yppasswdd ${nis_yppasswdd_flags} 46951231Ssheldonh ;; 47051231Ssheldonh esac 47151231Ssheldonh ;; 47251231Ssheldonh esac 47335149Smarkm 47451231Ssheldonh # Start ypbind if we're an NIS client 47551231Ssheldonh # 47651231Ssheldonh case ${nis_client_enable} in 47751231Ssheldonh [Yy][Ee][Ss]) 47851231Ssheldonh echo -n ' ypbind'; ypbind ${nis_client_flags} 47951231Ssheldonh case ${nis_ypset_enable} in 48051231Ssheldonh [Yy][Ee][Ss]) 48151231Ssheldonh echo -n ' ypset'; ypset ${nis_ypset_flags} 48251231Ssheldonh ;; 48351231Ssheldonh esac 48451231Ssheldonh ;; 48551231Ssheldonh esac 48640006Sphk 48751231Ssheldonh # Start keyserv if we are running Secure RPC 48851231Ssheldonh # 48951231Ssheldonh case ${keyserv_enable} in 49051231Ssheldonh [Yy][Ee][Ss]) 49151231Ssheldonh echo -n ' keyserv'; keyserv ${keyserv_flags} 49251231Ssheldonh ;; 49351231Ssheldonh esac 49451231Ssheldonh 49551231Ssheldonh # Start ypupdated if we are running Secure RPC and we are NIS master 49651231Ssheldonh # 49751231Ssheldonh case ${rpc_ypupdated_enable} in 49851231Ssheldonh [Yy][Ee][Ss]) 49951231Ssheldonh echo -n ' rpc.ypupdated'; rpc.ypupdated 50051231Ssheldonh ;; 50151231Ssheldonh esac 50251231Ssheldonh 50351231Ssheldonh # Start ATM daemons 50451231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 50551231Ssheldonh atm_pass3 50651231Ssheldonh fi 50751231Ssheldonh 50851231Ssheldonh echo '.' 50951231Ssheldonh network_pass2_done=YES 51025184Sjkh} 51125184Sjkh 51225184Sjkhnetwork_pass3() { 51351231Ssheldonh echo -n 'Starting final network daemons:' 51425184Sjkh 51551231Ssheldonh case ${nfs_server_enable} in 51651231Ssheldonh [Yy][Ee][Ss]) 51751231Ssheldonh if [ -r /etc/exports ]; then 51851231Ssheldonh echo -n ' mountd' 51951231Ssheldonh 52051231Ssheldonh case ${weak_mountd_authentication} in 52151231Ssheldonh [Yy][Ee][Ss]) 52263147Snbm mountd_flags="${mountd_flags} -n" 52351231Ssheldonh ;; 52451231Ssheldonh esac 52551231Ssheldonh 52651231Ssheldonh mountd ${mountd_flags} 52751231Ssheldonh 52851231Ssheldonh case ${nfs_reserved_port_only} in 52951231Ssheldonh [Yy][Ee][Ss]) 53051231Ssheldonh echo -n ' NFS on reserved port only=YES' 53151231Ssheldonh sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 53251231Ssheldonh ;; 53351231Ssheldonh esac 53451231Ssheldonh 53551231Ssheldonh echo -n ' nfsd'; nfsd ${nfs_server_flags} 53651231Ssheldonh 53758710Sdillon if [ -n "${nfs_bufpackets}" ]; then 53858710Sdillon sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 53958710Sdillon > /dev/null 54058710Sdillon fi 54158710Sdillon 54251231Ssheldonh case ${rpc_lockd_enable} in 54351231Ssheldonh [Yy][Ee][Ss]) 54451231Ssheldonh echo -n ' rpc.lockd'; rpc.lockd 54551231Ssheldonh ;; 54651231Ssheldonh esac 54751231Ssheldonh 54851231Ssheldonh case ${rpc_statd_enable} in 54951231Ssheldonh [Yy][Ee][Ss]) 55051231Ssheldonh echo -n ' rpc.statd'; rpc.statd 55151231Ssheldonh ;; 55251231Ssheldonh esac 55351231Ssheldonh fi 55451231Ssheldonh ;; 55553158Sache *) 55653158Sache case ${single_mountd_enable} in 55753158Sache [Yy][Ee][Ss]) 55853158Sache if [ -r /etc/exports ]; then 55953158Sache echo -n ' mountd' 56053158Sache 56153158Sache case ${weak_mountd_authentication} in 56253158Sache [Yy][Ee][Ss]) 56353158Sache mountd_flags="-n" 56453158Sache ;; 56553158Sache esac 56653158Sache 56753158Sache mountd ${mountd_flags} 56853158Sache fi 56953158Sache ;; 57053158Sache esac 57153158Sache ;; 57251231Ssheldonh esac 57351231Ssheldonh 57451231Ssheldonh case ${nfs_client_enable} in 57551231Ssheldonh [Yy][Ee][Ss]) 57651231Ssheldonh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 57751231Ssheldonh if [ -n "${nfs_access_cache}" ]; then 57847755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 57941371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 58051231Ssheldonh >/dev/null 58151231Ssheldonh fi 58251231Ssheldonh ;; 58351231Ssheldonh esac 58425184Sjkh 58556038Sgreen # If /var/db/mounttab exists, some nfs-server has not been 58656038Sgreen # sucessfully notified about a previous client shutdown. 58756038Sgreen # If there is no /var/db/mounttab, we do nothing. 58856038Sgreen if [ -f /var/db/mounttab ]; then 58956038Sgreen rpc.umntall -k 59056038Sgreen fi 59156038Sgreen 59251231Ssheldonh case ${amd_enable} in 59351231Ssheldonh [Yy][Ee][Ss]) 59451231Ssheldonh echo -n ' amd' 59551231Ssheldonh case ${amd_map_program} in 59651231Ssheldonh [Nn][Oo] | '') 59751231Ssheldonh ;; 59851231Ssheldonh *) 59951231Ssheldonh amd_flags="${amd_flags} `eval ${amd_map_program}`" 60051231Ssheldonh ;; 60151231Ssheldonh esac 60225184Sjkh 60351231Ssheldonh if [ -n "${amd_flags}" ]; then 60451231Ssheldonh amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 60551231Ssheldonh else 60651231Ssheldonh amd 2> /dev/null 60751231Ssheldonh fi 60851231Ssheldonh ;; 60951231Ssheldonh esac 61025184Sjkh 61151231Ssheldonh case ${rwhod_enable} in 61251231Ssheldonh [Yy][Ee][Ss]) 61351231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 61451231Ssheldonh ;; 61551231Ssheldonh esac 61651231Ssheldonh 61751231Ssheldonh # Kerberos runs ONLY on the Kerberos server machine 61851231Ssheldonh case ${kerberos_server_enable} in 61951231Ssheldonh [Yy][Ee][Ss]) 62051231Ssheldonh case ${kerberos_stash} in 62151231Ssheldonh [Yy][Ee][Ss]) 62251231Ssheldonh stash_flag=-n 62351231Ssheldonh ;; 62451231Ssheldonh *) 62551231Ssheldonh stash_flag= 62651231Ssheldonh ;; 62751231Ssheldonh esac 62851231Ssheldonh 62951231Ssheldonh echo -n ' kerberos' 63038316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 63151231Ssheldonh 63251231Ssheldonh case ${kadmind_server_enable} in 63351231Ssheldonh [Yy][Ee][Ss]) 63451231Ssheldonh echo -n ' kadmind' 63551231Ssheldonh (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 63651231Ssheldonh ;; 63751231Ssheldonh esac 63851231Ssheldonh unset stash_flag 63951231Ssheldonh ;; 64051231Ssheldonh esac 64151231Ssheldonh 64253611Sbrian case ${pppoed_enable} in 64353611Sbrian [Yy][Ee][Ss]) 64453613Sbrian if [ -n "${pppoed_provider}" ]; then 64553611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 64653611Sbrian fi 64753611Sbrian echo -n ' pppoed'; 64853611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 64953611Sbrian ;; 65053611Sbrian esac 65153611Sbrian 65257459Smarkm case ${sshd_enable} in 65357459Smarkm [Yy][Ee][Ss]) 65457567Sjkh if [ ! -f /etc/ssh/ssh_host_key ]; then 65560578Skris echo ' creating ssh RSA host key'; 65657567Sjkh /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 65757567Sjkh fi 65860578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 65960578Skris echo ' creating ssh DSA host key'; 66060578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 66160578Skris fi 66260578Skris ;; 66357459Smarkm esac 66457459Smarkm 66551231Ssheldonh echo '.' 66651231Ssheldonh network_pass3_done=YES 66725184Sjkh} 66853314Sache 66953314Sachenetwork_pass4() { 67053314Sache echo -n 'Additional TCP options:' 67153314Sache case ${log_in_vain} in 67253314Sache [Nn][Oo] | '') 67353314Sache ;; 67453314Sache *) 67553314Sache echo -n ' log_in_vain=YES' 67653314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 67753314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 67853314Sache ;; 67953314Sache esac 68053314Sache 68153314Sache echo '.' 68253314Sache network_pass4_done=YES 68353314Sache} 684