network.subr revision 77651
125184Sjkh#!/bin/sh - 225184Sjkh# 366830Sobrien# Copyright (c) 1993 The FreeBSD Project 466830Sobrien# All rights reserved. 566830Sobrien# 666830Sobrien# Redistribution and use in source and binary forms, with or without 766830Sobrien# modification, are permitted provided that the following conditions 866830Sobrien# are met: 966830Sobrien# 1. Redistributions of source code must retain the above copyright 1066830Sobrien# notice, this list of conditions and the following disclaimer. 1166830Sobrien# 2. Redistributions in binary form must reproduce the above copyright 1266830Sobrien# notice, this list of conditions and the following disclaimer in the 1366830Sobrien# documentation and/or other materials provided with the distribution. 1466830Sobrien# 1566830Sobrien# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1666830Sobrien# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1766830Sobrien# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1866830Sobrien# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1966830Sobrien# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2066830Sobrien# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2166830Sobrien# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2266830Sobrien# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2366830Sobrien# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2466830Sobrien# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2566830Sobrien# SUCH DAMAGE. 2666830Sobrien# 2750472Speter# $FreeBSD: head/etc/network.subr 77651 2001-06-03 12:26:56Z brian $ 2825184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2966830Sobrien# 3025184Sjkh 3151231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 3251231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 3325184Sjkh# first before contemplating any changes here. If you do need to change 3425184Sjkh# this file for some reason, we would like to know about it. 3525184Sjkh 3625184Sjkh# First pass startup stuff. 3751231Ssheldonh# 3825184Sjkhnetwork_pass1() { 3951231Ssheldonh echo -n 'Doing initial network setup:' 4025184Sjkh 4165532Snectar # Convert host.conf to nsswitch.conf if necessary 4265532Snectar if [ -f "/etc/host.conf" ]; then 4370108Sdougb echo '' 4470108Sdougb echo 'Warning: /etc/host.conf is no longer used' 4565532Snectar if [ -f "/etc/nsswitch.conf" ]; then 4670108Sdougb echo ' /etc/nsswitch.conf will be used instead' 4765532Snectar else 4870108Sdougb echo ' /etc/nsswitch.conf will be created for you' 4965532Snectar convert_host_conf /etc/host.conf /etc/nsswitch.conf 5065532Snectar fi 5165532Snectar fi 5265532Snectar 5351231Ssheldonh # Set the host name if it is not already set 5451231Ssheldonh # 5551231Ssheldonh if [ -z "`hostname -s`" ]; then 5651231Ssheldonh hostname ${hostname} 5751231Ssheldonh echo -n ' hostname' 5851231Ssheldonh fi 5925184Sjkh 6066745Sdarrenr # Establish ipfilter ruleset as early as possible (best in 6166745Sdarrenr # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6266745Sdarrenr # 6366745Sdarrenr case "${ipfilter_enable}" in 6466745Sdarrenr [Yy][Ee][Ss]) 6566745Sdarrenr if [ -r "${ipfilter_rules}" ]; then 6666745Sdarrenr echo -n ' ipfilter'; 6770129Sdougb ${ipfilter_program:-/sbin/ipf -Fa -f} \ 6870129Sdougb "${ipfilter_rules}" ${ipfilter_flags} 6966745Sdarrenr case "${ipmon_enable}" in 7066745Sdarrenr [Yy][Ee][Ss]) 7166745Sdarrenr echo -n ' ipmon' 7270129Sdougb ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 7366745Sdarrenr ;; 7466745Sdarrenr esac 7566745Sdarrenr case "${ipnat_enable}" in 7666745Sdarrenr [Yy][Ee][Ss]) 7766745Sdarrenr if [ -r "${ipnat_rules}" ]; then 7866745Sdarrenr echo -n ' ipnat'; 7970129Sdougb eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 8070129Sdougb "${ipnat_rules}" ${ipnat_flags} 8166745Sdarrenr else 8266745Sdarrenr echo -n ' NO IPNAT RULES' 8366745Sdarrenr fi 8466745Sdarrenr ;; 8566745Sdarrenr esac 8666745Sdarrenr else 8766745Sdarrenr ipfilter_enable="NO" 8866745Sdarrenr echo -n ' NO IPF RULES' 8966745Sdarrenr fi 9066745Sdarrenr ;; 9166745Sdarrenr esac 9266745Sdarrenr 9351231Ssheldonh # Set the domainname if we're using NIS 9451231Ssheldonh # 9551231Ssheldonh case ${nisdomainname} in 9651231Ssheldonh [Nn][Oo] | '') 9751231Ssheldonh ;; 9851231Ssheldonh *) 9951231Ssheldonh domainname ${nisdomainname} 10051231Ssheldonh echo -n ' domain' 10151231Ssheldonh ;; 10251231Ssheldonh esac 10340006Sphk 10451231Ssheldonh echo '.' 10542621Shm 10651231Ssheldonh # Initial ATM interface configuration 10751231Ssheldonh # 10851231Ssheldonh case ${atm_enable} in 10951231Ssheldonh [Yy][Ee][Ss]) 11051231Ssheldonh if [ -r /etc/rc.atm ]; then 11151231Ssheldonh . /etc/rc.atm 11251231Ssheldonh atm_pass1 11351231Ssheldonh fi 11451231Ssheldonh ;; 11551231Ssheldonh esac 11642627Sjoerg 11751231Ssheldonh # Special options for sppp(4) interfaces go here. These need 11851231Ssheldonh # to go _before_ the general ifconfig section, since in the case 11951231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 12051231Ssheldonh # cannot pass auth parameters down to the already running interface. 12151231Ssheldonh # 12251231Ssheldonh for ifn in ${sppp_interfaces}; do 12351231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 12451231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 12551231Ssheldonh # The auth secrets might contain spaces; in order 12651231Ssheldonh # to retain the quotation, we need to eval them 12751231Ssheldonh # here. 12851231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 12951231Ssheldonh fi 13051231Ssheldonh done 13149122Sbrian 13277651Sbrian # gifconfig 13377651Sbrian network_gif_setup 13477651Sbrian 13551231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 13651231Ssheldonh # 13751231Ssheldonh case ${network_interfaces} in 13851231Ssheldonh [Aa][Uu][Tt][Oo]) 13951231Ssheldonh network_interfaces="`ifconfig -l`" 14051231Ssheldonh ;; 14151231Ssheldonh esac 14249122Sbrian 14354458Sobrien dhcp_interfaces="" 14451231Ssheldonh for ifn in ${network_interfaces}; do 14551231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 14651231Ssheldonh . /etc/start_if.${ifn} 14754458Sobrien eval showstat_$ifn=1 14851231Ssheldonh fi 14949122Sbrian 15051231Ssheldonh # Do the primary ifconfig if specified 15151231Ssheldonh # 15251231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 15329300Sdanny 15451231Ssheldonh case ${ifconfig_args} in 15551231Ssheldonh '') 15651231Ssheldonh ;; 15751231Ssheldonh [Dd][Hh][Cc][Pp]) 15854458Sobrien # DHCP inits are done all in one go below 15954458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 16054458Sobrien eval showstat_$ifn=1 16151231Ssheldonh ;; 16251231Ssheldonh *) 16351231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 16454458Sobrien eval showstat_$ifn=1 16551231Ssheldonh ;; 16651231Ssheldonh esac 16754458Sobrien done 16851231Ssheldonh 16954458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 17054458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 17154458Sobrien fi 17254458Sobrien 17354458Sobrien for ifn in ${network_interfaces}; do 17451231Ssheldonh # Check to see if aliases need to be added 17551231Ssheldonh # 17651231Ssheldonh alias=0 17751231Ssheldonh while : ; do 17851231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 17951231Ssheldonh if [ -n "${ifconfig_args}" ]; then 18051231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 18154458Sobrien eval showstat_$ifn=1 18251231Ssheldonh alias=`expr ${alias} + 1` 18351231Ssheldonh else 18451231Ssheldonh break; 18551231Ssheldonh fi 18651231Ssheldonh done 18751231Ssheldonh 18851231Ssheldonh # Do ipx address if specified 18951231Ssheldonh # 19051231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 19151231Ssheldonh if [ -n "${ifconfig_args}" ]; then 19251231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 19354458Sobrien eval showstat_$ifn=1 19451231Ssheldonh fi 19554458Sobrien done 19651231Ssheldonh 19754458Sobrien for ifn in ${network_interfaces}; do 19854458Sobrien eval showstat=\$showstat_${ifn} 19954458Sobrien if [ ! -z ${showstat} ]; then 20051231Ssheldonh ifconfig ${ifn} 20154458Sobrien fi 20251231Ssheldonh done 20351231Ssheldonh 20457012Shm # ISDN subsystem startup 20557012Shm # 20657012Shm case ${isdn_enable} in 20757012Shm [Yy][Ee][Ss]) 20857012Shm if [ -r /etc/rc.isdn ]; then 20957012Shm . /etc/rc.isdn 21057012Shm fi 21157012Shm ;; 21257012Shm esac 21357012Shm 21464471Sbrian # Start user ppp if required. This must happen before natd. 21551231Ssheldonh # 21651231Ssheldonh case ${ppp_enable} in 21751231Ssheldonh [Yy][Ee][Ss]) 21851231Ssheldonh # Establish ppp mode. 21951231Ssheldonh # 22051231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 22151231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 22251231Ssheldonh -a "${ppp_mode}" != "background" ]; then 22364471Sbrian ppp_mode="auto" 22451231Ssheldonh fi 22551231Ssheldonh 22664471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 22751231Ssheldonh 22864471Sbrian # Switch on NAT mode? 22951231Ssheldonh # 23051231Ssheldonh case ${ppp_nat} in 23151231Ssheldonh [Yy][Ee][Ss]) 23264471Sbrian ppp_command="${ppp_command} -nat" 23351231Ssheldonh ;; 23451231Ssheldonh esac 23551231Ssheldonh 23664471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 23764471Sbrian 23864471Sbrian echo -n "Starting ppp as \"${ppp_user}\"" 23966422Sbrian su -m ${ppp_user} -c "exec ${ppp_command}" 24051231Ssheldonh ;; 24151231Ssheldonh esac 24251231Ssheldonh 24351231Ssheldonh # Initialize IP filtering using ipfw 24451231Ssheldonh # 24551231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 24651231Ssheldonh firewall_in_kernel=1 24729300Sdanny else 24851231Ssheldonh firewall_in_kernel=0 24929300Sdanny fi 25029300Sdanny 25151231Ssheldonh case ${firewall_enable} in 25251231Ssheldonh [Yy][Ee][Ss]) 25351231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 25451231Ssheldonh firewall_in_kernel=1 25570108Sdougb echo 'Kernel firewall module loaded' 25651231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 25770108Sdougb echo 'Warning: firewall kernel module failed to load' 25851231Ssheldonh fi 25951231Ssheldonh ;; 26051231Ssheldonh esac 26144992Sbrian 26251231Ssheldonh # Load the filters if required 26351231Ssheldonh # 26451231Ssheldonh case ${firewall_in_kernel} in 26551231Ssheldonh 1) 26651231Ssheldonh if [ -z "${firewall_script}" ]; then 26751231Ssheldonh firewall_script=/etc/rc.firewall 26844992Sbrian fi 26951231Ssheldonh 27051231Ssheldonh case ${firewall_enable} in 27151231Ssheldonh [Yy][Ee][Ss]) 27251426Sgreen if [ -r "${firewall_script}" ]; then 27351426Sgreen . "${firewall_script}" 27451231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 27551231Ssheldonh 27651231Ssheldonh # Network Address Translation daemon 27751231Ssheldonh # 27851231Ssheldonh case ${natd_enable} in 27951231Ssheldonh [Yy][Ee][Ss]) 28051231Ssheldonh if [ -n "${natd_interface}" ]; then 28151231Ssheldonh if echo ${natd_interface} | \ 28251231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 28351231Ssheldonh natd_ifarg="-a ${natd_interface}" 28451231Ssheldonh else 28551231Ssheldonh natd_ifarg="-n ${natd_interface}" 28651231Ssheldonh fi 28751231Ssheldonh 28851231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 28951231Ssheldonh fi 29051231Ssheldonh ;; 29151231Ssheldonh esac 29251231Ssheldonh 29351231Ssheldonh echo '.' 29451231Ssheldonh 29551231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 29670108Sdougb echo 'Warning: kernel has firewall functionality,' \ 29770108Sdougb 'but firewall rules are not enabled.' 29870108Sdougb echo ' All ip services are disabled.' 29951231Ssheldonh fi 30060103Sache 30160103Sache case ${firewall_logging} in 30260103Sache [Yy][Ee][Ss] | '') 30360103Sache echo 'Firewall logging=YES' 30460103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 30560103Sache ;; 30660103Sache *) 30760103Sache ;; 30860103Sache esac 30960103Sache 31051231Ssheldonh ;; 31151231Ssheldonh esac 31251231Ssheldonh ;; 31351231Ssheldonh esac 31451231Ssheldonh 31551231Ssheldonh # Additional ATM interface configuration 31651231Ssheldonh # 31751231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 31851231Ssheldonh atm_pass2 31929300Sdanny fi 32025184Sjkh 32151231Ssheldonh # Configure routing 32251231Ssheldonh # 32351231Ssheldonh case ${defaultrouter} in 32451231Ssheldonh [Nn][Oo] | '') 32551231Ssheldonh ;; 32651231Ssheldonh *) 32751231Ssheldonh static_routes="default ${static_routes}" 32851231Ssheldonh route_default="default ${defaultrouter}" 32951231Ssheldonh ;; 33051231Ssheldonh esac 33140006Sphk 33251231Ssheldonh # Set up any static routes. This should be done before router discovery. 33351231Ssheldonh # 33451231Ssheldonh if [ -n "${static_routes}" ]; then 33551231Ssheldonh for i in ${static_routes}; do 33651231Ssheldonh eval route_args=\$route_${i} 33751231Ssheldonh route add ${route_args} 33851231Ssheldonh done 33951231Ssheldonh fi 34029300Sdanny 34151231Ssheldonh echo -n 'Additional routing options:' 34251231Ssheldonh case ${tcp_extensions} in 34351231Ssheldonh [Yy][Ee][Ss] | '') 34451231Ssheldonh ;; 34551231Ssheldonh *) 34651231Ssheldonh echo -n ' tcp extensions=NO' 34751231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 34851231Ssheldonh ;; 34951231Ssheldonh esac 35025184Sjkh 35151231Ssheldonh case ${icmp_bmcastecho} in 35251231Ssheldonh [Yy][Ee][Ss]) 35351231Ssheldonh echo -n ' broadcast ping responses=YES' 35451231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 35551231Ssheldonh ;; 35651231Ssheldonh esac 35745096Simp 35851231Ssheldonh case ${icmp_drop_redirect} in 35951231Ssheldonh [Yy][Ee][Ss]) 36051231Ssheldonh echo -n ' ignore ICMP redirect=YES' 36151231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 36251231Ssheldonh ;; 36351231Ssheldonh esac 36439267Sjkoshy 36551231Ssheldonh case ${icmp_log_redirect} in 36651231Ssheldonh [Yy][Ee][Ss]) 36751231Ssheldonh echo -n ' log ICMP redirect=YES' 36851231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 36951231Ssheldonh ;; 37051231Ssheldonh esac 37133439Sguido 37251231Ssheldonh case ${gateway_enable} in 37351231Ssheldonh [Yy][Ee][Ss]) 37451231Ssheldonh echo -n ' IP gateway=YES' 37551231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 37651231Ssheldonh ;; 37751231Ssheldonh esac 37833439Sguido 37951231Ssheldonh case ${forward_sourceroute} in 38051231Ssheldonh [Yy][Ee][Ss]) 38151231Ssheldonh echo -n ' do source routing=YES' 38251231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 38351231Ssheldonh ;; 38451231Ssheldonh esac 38547752Sphk 38651231Ssheldonh case ${accept_sourceroute} in 38751231Ssheldonh [Yy][Ee][Ss]) 38851231Ssheldonh echo -n ' accept source routing=YES' 38951231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 39051231Ssheldonh ;; 39151231Ssheldonh esac 39251209Sdes 39351231Ssheldonh case ${tcp_keepalive} in 39451231Ssheldonh [Yy][Ee][Ss]) 39551231Ssheldonh echo -n ' TCP keepalive=YES' 39651231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 39751231Ssheldonh ;; 39851231Ssheldonh esac 39951209Sdes 40051231Ssheldonh case ${tcp_drop_synfin} in 40151231Ssheldonh [Yy][Ee][Ss]) 40251231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 40351231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 40451231Ssheldonh ;; 40551231Ssheldonh esac 40636174Sjkh 40751231Ssheldonh case ${ipxgateway_enable} in 40851231Ssheldonh [Yy][Ee][Ss]) 40951231Ssheldonh echo -n ' IPX gateway=YES' 41051231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 41151231Ssheldonh ;; 41251231Ssheldonh esac 41351231Ssheldonh 41451231Ssheldonh case ${arpproxy_all} in 41551231Ssheldonh [Yy][Ee][Ss]) 41651231Ssheldonh echo -n ' ARP proxyall=YES' 41751231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 41851231Ssheldonh ;; 41951231Ssheldonh esac 42061961Sdillon 42161961Sdillon case ${ip_portrange_first} in 42261961Sdillon [Nn][Oo] | '') 42361961Sdillon ;; 42461961Sdillon *) 42567012Sru echo -n " ip_portrange_first=$ip_portrange_first" 42661961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 42761961Sdillon ;; 42861961Sdillon esac 42961961Sdillon 43061961Sdillon case ${ip_portrange_last} in 43161961Sdillon [Nn][Oo] | '') 43264731Sjhb ;; 43361961Sdillon *) 43467012Sru echo -n " ip_portrange_last=$ip_portrange_last" 43561961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 43661961Sdillon ;; 43761961Sdillon esac 43861961Sdillon 43951231Ssheldonh echo '.' 44051231Ssheldonh 44160628Sdillon case ${ipsec_enable} in 44260628Sdillon [Yy][Ee][Ss]) 44360628Sdillon if [ -f ${ipsec_file} ]; then 44460628Sdillon echo ' ipsec: enabled' 44560628Sdillon setkey -f ${ipsec_file} 44660628Sdillon else 44760628Sdillon echo ' ipsec: file not found' 44860628Sdillon fi 44960628Sdillon ;; 45060628Sdillon esac 45160628Sdillon 45270108Sdougb echo -n 'Routing daemons:' 45351231Ssheldonh case ${router_enable} in 45451231Ssheldonh [Yy][Ee][Ss]) 45551231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 45651231Ssheldonh ;; 45751231Ssheldonh esac 45851231Ssheldonh 45951231Ssheldonh case ${ipxrouted_enable} in 46051231Ssheldonh [Yy][Ee][Ss]) 46151231Ssheldonh echo -n ' IPXrouted' 46251231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 46351231Ssheldonh ;; 46451231Ssheldonh esac 46551231Ssheldonh 46651231Ssheldonh case ${mrouted_enable} in 46751231Ssheldonh [Yy][Ee][Ss]) 46851231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 46951231Ssheldonh ;; 47051231Ssheldonh esac 47151231Ssheldonh 47251231Ssheldonh case ${rarpd_enable} in 47351231Ssheldonh [Yy][Ee][Ss]) 47451231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 47551231Ssheldonh ;; 47651231Ssheldonh esac 47751231Ssheldonh echo '.' 47851231Ssheldonh 47951231Ssheldonh # Let future generations know we made it. 48051231Ssheldonh # 48151231Ssheldonh network_pass1_done=YES 48225184Sjkh} 48325184Sjkh 48425184Sjkhnetwork_pass2() { 48551231Ssheldonh echo -n 'Doing additional network setup:' 48651231Ssheldonh case ${named_enable} in 48751231Ssheldonh [Yy][Ee][Ss]) 48851231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 48951231Ssheldonh ;; 49051231Ssheldonh esac 49125184Sjkh 49251231Ssheldonh case ${ntpdate_enable} in 49351231Ssheldonh [Yy][Ee][Ss]) 49451231Ssheldonh echo -n ' ntpdate' 49551231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 49651231Ssheldonh ;; 49751231Ssheldonh esac 49825184Sjkh 49951231Ssheldonh case ${xntpd_enable} in 50051231Ssheldonh [Yy][Ee][Ss]) 50154739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 50251231Ssheldonh ;; 50351231Ssheldonh esac 50425184Sjkh 50551231Ssheldonh case ${timed_enable} in 50651231Ssheldonh [Yy][Ee][Ss]) 50751231Ssheldonh echo -n ' timed'; timed ${timed_flags} 50851231Ssheldonh ;; 50951231Ssheldonh esac 51025184Sjkh 51151231Ssheldonh case ${portmap_enable} in 51251231Ssheldonh [Yy][Ee][Ss]) 51374462Salfred echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 51474462Salfred ${portmap_flags} 51525184Sjkh 51674462Salfred # Start ypserv if we're an NIS server. 51774462Salfred # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 51874462Salfred # 51974462Salfred case ${nis_server_enable} in 52074462Salfred [Yy][Ee][Ss]) 52174462Salfred echo -n ' ypserv'; ypserv ${nis_server_flags} 52225184Sjkh 52374462Salfred case ${nis_ypxfrd_enable} in 52474462Salfred [Yy][Ee][Ss]) 52574462Salfred echo -n ' rpc.ypxfrd' 52674462Salfred rpc.ypxfrd ${nis_ypxfrd_flags} 52774462Salfred ;; 52874462Salfred esac 52974462Salfred 53074462Salfred case ${nis_yppasswdd_enable} in 53174462Salfred [Yy][Ee][Ss]) 53274462Salfred echo -n ' rpc.yppasswdd' 53374462Salfred rpc.yppasswdd ${nis_yppasswdd_flags} 53474462Salfred ;; 53574462Salfred esac 53674462Salfred ;; 53774462Salfred esac 53874462Salfred 53974462Salfred # Start ypbind if we're an NIS client 54074462Salfred # 54174462Salfred case ${nis_client_enable} in 54251231Ssheldonh [Yy][Ee][Ss]) 54374462Salfred echo -n ' ypbind'; ypbind ${nis_client_flags} 54474462Salfred case ${nis_ypset_enable} in 54574462Salfred [Yy][Ee][Ss]) 54674462Salfred echo -n ' ypset'; ypset ${nis_ypset_flags} 54774462Salfred ;; 54874462Salfred esac 54951231Ssheldonh ;; 55051231Ssheldonh esac 55125184Sjkh 55274462Salfred # Start keyserv if we are running Secure RPC 55374462Salfred # 55474462Salfred case ${keyserv_enable} in 55551231Ssheldonh [Yy][Ee][Ss]) 55674462Salfred echo -n ' keyserv'; keyserv ${keyserv_flags} 55751231Ssheldonh ;; 55851231Ssheldonh esac 55935149Smarkm 56074462Salfred # Start ypupdated if we are running Secure RPC 56174462Salfred # and we are NIS master 56274462Salfred # 56374462Salfred case ${rpc_ypupdated_enable} in 56451231Ssheldonh [Yy][Ee][Ss]) 56574462Salfred echo -n ' rpc.ypupdated'; rpc.ypupdated 56651231Ssheldonh ;; 56751231Ssheldonh esac 56851231Ssheldonh ;; 56951231Ssheldonh esac 57040006Sphk 57151231Ssheldonh # Start ATM daemons 57251231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 57351231Ssheldonh atm_pass3 57451231Ssheldonh fi 57551231Ssheldonh 57651231Ssheldonh echo '.' 57751231Ssheldonh network_pass2_done=YES 57825184Sjkh} 57925184Sjkh 58025184Sjkhnetwork_pass3() { 58151231Ssheldonh echo -n 'Starting final network daemons:' 58225184Sjkh 58374462Salfred case ${portmap_enable} in 58451231Ssheldonh [Yy][Ee][Ss]) 58574462Salfred case ${nfs_server_enable} in 58674462Salfred [Yy][Ee][Ss]) 58774462Salfred if [ -r /etc/exports ]; then 58874462Salfred echo -n ' mountd' 58951231Ssheldonh 59074462Salfred case ${weak_mountd_authentication} in 59174462Salfred [Yy][Ee][Ss]) 59274462Salfred mountd_flags="${mountd_flags} -n" 59374462Salfred ;; 59474462Salfred esac 59551231Ssheldonh 59674462Salfred mountd ${mountd_flags} 59751231Ssheldonh 59874462Salfred case ${nfs_reserved_port_only} in 59974462Salfred [Yy][Ee][Ss]) 60074462Salfred echo -n ' NFS on reserved port only=YES' 60174462Salfred sysctl -w vfs.nfs.nfs_privport=1 > /dev/null 60274462Salfred ;; 60374462Salfred esac 60451231Ssheldonh 60574462Salfred echo -n ' nfsd'; nfsd ${nfs_server_flags} 60651231Ssheldonh 60774462Salfred if [ -n "${nfs_bufpackets}" ]; then 60874462Salfred sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 60974462Salfred fi 61074462Salfred 61174462Salfred case ${rpc_lockd_enable} in 61274462Salfred [Yy][Ee][Ss]) 61374462Salfred echo -n ' rpc.lockd'; rpc.lockd 61474462Salfred ;; 61574462Salfred esac 61674462Salfred 61774462Salfred case ${rpc_statd_enable} in 61874462Salfred [Yy][Ee][Ss]) 61974462Salfred echo -n ' rpc.statd'; rpc.statd 62074462Salfred ;; 62174462Salfred esac 62258710Sdillon fi 62374462Salfred ;; 62474462Salfred *) 62574462Salfred case ${single_mountd_enable} in 62674462Salfred [Yy][Ee][Ss]) 62774462Salfred if [ -r /etc/exports ]; then 62874462Salfred echo -n ' mountd' 62958710Sdillon 63074462Salfred case ${weak_mountd_authentication} in 63174462Salfred [Yy][Ee][Ss]) 63274462Salfred mountd_flags="-n" 63374462Salfred ;; 63474462Salfred esac 63574462Salfred 63674462Salfred mountd ${mountd_flags} 63774462Salfred fi 63851231Ssheldonh ;; 63951231Ssheldonh esac 64074462Salfred ;; 64174462Salfred esac 64251231Ssheldonh 64374462Salfred case ${nfs_client_enable} in 64453158Sache [Yy][Ee][Ss]) 64574462Salfred echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 64674462Salfred if [ -n "${nfs_access_cache}" ]; then 64774462Salfred echo -n " NFS access cache time=${nfs_access_cache}" 64874462Salfred sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 64953158Sache fi 65053158Sache ;; 65153158Sache esac 65251231Ssheldonh 65374462Salfred # If /var/db/mounttab exists, some nfs-server has not been 65474462Salfred # sucessfully notified about a previous client shutdown. 65574462Salfred # If there is no /var/db/mounttab, we do nothing. 65674462Salfred if [ -f /var/db/mounttab ]; then 65774462Salfred rpc.umntall -k 65851231Ssheldonh fi 65925184Sjkh 66074462Salfred case ${amd_enable} in 66174462Salfred [Yy][Ee][Ss]) 66274462Salfred echo -n ' amd' 66374462Salfred case ${amd_map_program} in 66474462Salfred [Nn][Oo] | '') 66574462Salfred ;; 66674462Salfred *) 66774462Salfred amd_flags="${amd_flags} `eval\ 66874462Salfred ${amd_map_program}`" 66974462Salfred ;; 67074462Salfred esac 67156038Sgreen 67274462Salfred if [ -n "${amd_flags}" ]; then 67374462Salfred amd -p ${amd_flags}\ 67474462Salfred > /var/run/amd.pid 2> /dev/null 67574462Salfred else 67674462Salfred amd 2> /dev/null 67774462Salfred fi 67851231Ssheldonh ;; 67951231Ssheldonh esac 68051231Ssheldonh ;; 68151231Ssheldonh esac 68225184Sjkh 68351231Ssheldonh case ${rwhod_enable} in 68451231Ssheldonh [Yy][Ee][Ss]) 68551231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 68651231Ssheldonh ;; 68751231Ssheldonh esac 68851231Ssheldonh 68951231Ssheldonh # Kerberos runs ONLY on the Kerberos server machine 69051231Ssheldonh case ${kerberos_server_enable} in 69151231Ssheldonh [Yy][Ee][Ss]) 69251231Ssheldonh case ${kerberos_stash} in 69351231Ssheldonh [Yy][Ee][Ss]) 69451231Ssheldonh stash_flag=-n 69551231Ssheldonh ;; 69651231Ssheldonh *) 69751231Ssheldonh stash_flag= 69851231Ssheldonh ;; 69951231Ssheldonh esac 70051231Ssheldonh 70151231Ssheldonh echo -n ' kerberos' 70238316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 70351231Ssheldonh 70451231Ssheldonh case ${kadmind_server_enable} in 70551231Ssheldonh [Yy][Ee][Ss]) 70651231Ssheldonh echo -n ' kadmind' 70751231Ssheldonh (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 70851231Ssheldonh ;; 70951231Ssheldonh esac 71051231Ssheldonh unset stash_flag 71151231Ssheldonh ;; 71251231Ssheldonh esac 71351231Ssheldonh 71453611Sbrian case ${pppoed_enable} in 71553611Sbrian [Yy][Ee][Ss]) 71653613Sbrian if [ -n "${pppoed_provider}" ]; then 71753611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 71853611Sbrian fi 71953611Sbrian echo -n ' pppoed'; 72053611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 72153611Sbrian ;; 72253611Sbrian esac 72353611Sbrian 72457459Smarkm case ${sshd_enable} in 72557459Smarkm [Yy][Ee][Ss]) 72676820Sobrien if [ ! -f /etc/ssh/ssh_host_key ]; then 72776820Sobrien echo ' creating ssh RSA host key'; 72876820Sobrien /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 72957567Sjkh fi 73060578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 73160578Skris echo ' creating ssh DSA host key'; 73260578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 73360578Skris fi 73460578Skris ;; 73557459Smarkm esac 73657459Smarkm 73751231Ssheldonh echo '.' 73851231Ssheldonh network_pass3_done=YES 73925184Sjkh} 74053314Sache 74153314Sachenetwork_pass4() { 74253314Sache echo -n 'Additional TCP options:' 74353314Sache case ${log_in_vain} in 74453314Sache [Nn][Oo] | '') 74553314Sache ;; 74653314Sache *) 74753314Sache echo -n ' log_in_vain=YES' 74853314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 74953314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 75053314Sache ;; 75153314Sache esac 75253314Sache 75353314Sache echo '.' 75453314Sache network_pass4_done=YES 75553314Sache} 75665532Snectar 75777651Sbriannetwork_gif_setup() { 75877651Sbrian case ${gif_interfaces} in 75977651Sbrian [Nn][Oo] | '') 76077651Sbrian ;; 76177651Sbrian *) 76277651Sbrian for i in ${gif_interfaces}; do 76377651Sbrian eval peers=\$gifconfig_$i 76477651Sbrian case ${peers} in 76577651Sbrian '') 76677651Sbrian continue 76777651Sbrian ;; 76877651Sbrian *) 76977651Sbrian gifconfig $i ${peers} 77077651Sbrian ;; 77177651Sbrian esac 77277651Sbrian done 77377651Sbrian ;; 77477651Sbrian esac 77577651Sbrian} 77677651Sbrian 77765532Snectarconvert_host_conf() { 77865532Snectar host_conf=$1; shift; 77965532Snectar nsswitch_conf=$1; shift; 78065532Snectar awk ' \ 78165532Snectar /^[:blank:]*#/ { next } \ 78265532Snectar /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 78365532Snectar /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 78465532Snectar /nis/ { nsswitch[c] = "nis"; c++; next } \ 78565532Snectar { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 78665532Snectar END { \ 78765532Snectar printf "hosts: "; \ 78865532Snectar for (i in nsswitch) printf "%s ", nsswitch[i]; \ 78965532Snectar printf "\n"; \ 79065532Snectar }' < $host_conf > $nsswitch_conf 79165532Snectar} 79265532Snectar 793