network.subr revision 83656
125184Sjkh#!/bin/sh - 225184Sjkh# 366830Sobrien# Copyright (c) 1993 The FreeBSD Project 466830Sobrien# All rights reserved. 566830Sobrien# 666830Sobrien# Redistribution and use in source and binary forms, with or without 766830Sobrien# modification, are permitted provided that the following conditions 866830Sobrien# are met: 966830Sobrien# 1. Redistributions of source code must retain the above copyright 1066830Sobrien# notice, this list of conditions and the following disclaimer. 1166830Sobrien# 2. Redistributions in binary form must reproduce the above copyright 1266830Sobrien# notice, this list of conditions and the following disclaimer in the 1366830Sobrien# documentation and/or other materials provided with the distribution. 1466830Sobrien# 1566830Sobrien# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1666830Sobrien# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1766830Sobrien# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1866830Sobrien# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1966830Sobrien# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2066830Sobrien# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2166830Sobrien# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2266830Sobrien# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2366830Sobrien# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2466830Sobrien# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2566830Sobrien# SUCH DAMAGE. 2666830Sobrien# 2750472Speter# $FreeBSD: head/etc/network.subr 83656 2001-09-19 00:22:26Z peter $ 2825184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2966830Sobrien# 3025184Sjkh 3151231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 3251231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 3325184Sjkh# first before contemplating any changes here. If you do need to change 3425184Sjkh# this file for some reason, we would like to know about it. 3525184Sjkh 3625184Sjkh# First pass startup stuff. 3751231Ssheldonh# 3825184Sjkhnetwork_pass1() { 3951231Ssheldonh echo -n 'Doing initial network setup:' 4025184Sjkh 4165532Snectar # Convert host.conf to nsswitch.conf if necessary 4265532Snectar if [ -f "/etc/host.conf" ]; then 4370108Sdougb echo '' 4470108Sdougb echo 'Warning: /etc/host.conf is no longer used' 4565532Snectar if [ -f "/etc/nsswitch.conf" ]; then 4670108Sdougb echo ' /etc/nsswitch.conf will be used instead' 4765532Snectar else 4870108Sdougb echo ' /etc/nsswitch.conf will be created for you' 4965532Snectar convert_host_conf /etc/host.conf /etc/nsswitch.conf 5065532Snectar fi 5165532Snectar fi 5265532Snectar 5351231Ssheldonh # Set the host name if it is not already set 5451231Ssheldonh # 5551231Ssheldonh if [ -z "`hostname -s`" ]; then 5651231Ssheldonh hostname ${hostname} 5751231Ssheldonh echo -n ' hostname' 5851231Ssheldonh fi 5925184Sjkh 6066745Sdarrenr # Establish ipfilter ruleset as early as possible (best in 6166745Sdarrenr # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6266745Sdarrenr # 6380683Sdarrenr if /sbin/ipfstat -i > /dev/null 2>&1; then 6480683Sdarrenr ipfilter_in_kernel=1 6580683Sdarrenr else 6680683Sdarrenr ipfilter_in_kernel=0 6780683Sdarrenr fi 6880683Sdarrenr 6966745Sdarrenr case "${ipfilter_enable}" in 7066745Sdarrenr [Yy][Ee][Ss]) 7180683Sdarrenr if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 7280683Sdarrenr ipfilter_in_kernel=1 7380683Sdarrenr echo "Kernel ipfilter module loaded." 7480683Sdarrenr elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 7580683Sdarrenr echo "Warning: ipfilter kernel module failed to load." 7680683Sdarrenr fi 7780683Sdarrenr 7866745Sdarrenr if [ -r "${ipfilter_rules}" ]; then 7966745Sdarrenr echo -n ' ipfilter'; 8070129Sdougb ${ipfilter_program:-/sbin/ipf -Fa -f} \ 8170129Sdougb "${ipfilter_rules}" ${ipfilter_flags} 8266745Sdarrenr case "${ipmon_enable}" in 8366745Sdarrenr [Yy][Ee][Ss]) 8466745Sdarrenr echo -n ' ipmon' 8570129Sdougb ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 8666745Sdarrenr ;; 8766745Sdarrenr esac 8866745Sdarrenr case "${ipnat_enable}" in 8966745Sdarrenr [Yy][Ee][Ss]) 9066745Sdarrenr if [ -r "${ipnat_rules}" ]; then 9166745Sdarrenr echo -n ' ipnat'; 9270129Sdougb eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 9370129Sdougb "${ipnat_rules}" ${ipnat_flags} 9466745Sdarrenr else 9566745Sdarrenr echo -n ' NO IPNAT RULES' 9666745Sdarrenr fi 9766745Sdarrenr ;; 9866745Sdarrenr esac 9966745Sdarrenr else 10066745Sdarrenr ipfilter_enable="NO" 10166745Sdarrenr echo -n ' NO IPF RULES' 10266745Sdarrenr fi 10366745Sdarrenr ;; 10466745Sdarrenr esac 10566745Sdarrenr 10651231Ssheldonh # Set the domainname if we're using NIS 10751231Ssheldonh # 10851231Ssheldonh case ${nisdomainname} in 10951231Ssheldonh [Nn][Oo] | '') 11051231Ssheldonh ;; 11151231Ssheldonh *) 11251231Ssheldonh domainname ${nisdomainname} 11351231Ssheldonh echo -n ' domain' 11451231Ssheldonh ;; 11551231Ssheldonh esac 11640006Sphk 11751231Ssheldonh echo '.' 11842621Shm 11951231Ssheldonh # Initial ATM interface configuration 12051231Ssheldonh # 12151231Ssheldonh case ${atm_enable} in 12251231Ssheldonh [Yy][Ee][Ss]) 12351231Ssheldonh if [ -r /etc/rc.atm ]; then 12451231Ssheldonh . /etc/rc.atm 12551231Ssheldonh atm_pass1 12651231Ssheldonh fi 12751231Ssheldonh ;; 12851231Ssheldonh esac 12942627Sjoerg 13051231Ssheldonh # Special options for sppp(4) interfaces go here. These need 13151231Ssheldonh # to go _before_ the general ifconfig section, since in the case 13251231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 13351231Ssheldonh # cannot pass auth parameters down to the already running interface. 13451231Ssheldonh # 13551231Ssheldonh for ifn in ${sppp_interfaces}; do 13651231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 13751231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 13851231Ssheldonh # The auth secrets might contain spaces; in order 13951231Ssheldonh # to retain the quotation, we need to eval them 14051231Ssheldonh # here. 14151231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 14251231Ssheldonh fi 14351231Ssheldonh done 14449122Sbrian 14577651Sbrian # gifconfig 14677651Sbrian network_gif_setup 14777651Sbrian 14851231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 14951231Ssheldonh # 15051231Ssheldonh case ${network_interfaces} in 15151231Ssheldonh [Aa][Uu][Tt][Oo]) 15251231Ssheldonh network_interfaces="`ifconfig -l`" 15351231Ssheldonh ;; 15451231Ssheldonh esac 15549122Sbrian 15654458Sobrien dhcp_interfaces="" 15751231Ssheldonh for ifn in ${network_interfaces}; do 15851231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 15951231Ssheldonh . /etc/start_if.${ifn} 16054458Sobrien eval showstat_$ifn=1 16151231Ssheldonh fi 16249122Sbrian 16351231Ssheldonh # Do the primary ifconfig if specified 16451231Ssheldonh # 16551231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 16629300Sdanny 16751231Ssheldonh case ${ifconfig_args} in 16851231Ssheldonh '') 16951231Ssheldonh ;; 17051231Ssheldonh [Dd][Hh][Cc][Pp]) 17154458Sobrien # DHCP inits are done all in one go below 17254458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 17354458Sobrien eval showstat_$ifn=1 17451231Ssheldonh ;; 17551231Ssheldonh *) 17651231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 17754458Sobrien eval showstat_$ifn=1 17851231Ssheldonh ;; 17951231Ssheldonh esac 18054458Sobrien done 18151231Ssheldonh 18254458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 18354458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 18454458Sobrien fi 18554458Sobrien 18654458Sobrien for ifn in ${network_interfaces}; do 18751231Ssheldonh # Check to see if aliases need to be added 18851231Ssheldonh # 18951231Ssheldonh alias=0 19051231Ssheldonh while : ; do 19151231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 19251231Ssheldonh if [ -n "${ifconfig_args}" ]; then 19351231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 19454458Sobrien eval showstat_$ifn=1 19551231Ssheldonh alias=`expr ${alias} + 1` 19651231Ssheldonh else 19751231Ssheldonh break; 19851231Ssheldonh fi 19951231Ssheldonh done 20051231Ssheldonh 20151231Ssheldonh # Do ipx address if specified 20251231Ssheldonh # 20351231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 20451231Ssheldonh if [ -n "${ifconfig_args}" ]; then 20551231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 20654458Sobrien eval showstat_$ifn=1 20751231Ssheldonh fi 20854458Sobrien done 20951231Ssheldonh 21054458Sobrien for ifn in ${network_interfaces}; do 21154458Sobrien eval showstat=\$showstat_${ifn} 21254458Sobrien if [ ! -z ${showstat} ]; then 21351231Ssheldonh ifconfig ${ifn} 21454458Sobrien fi 21551231Ssheldonh done 21651231Ssheldonh 21757012Shm # ISDN subsystem startup 21857012Shm # 21957012Shm case ${isdn_enable} in 22057012Shm [Yy][Ee][Ss]) 22157012Shm if [ -r /etc/rc.isdn ]; then 22257012Shm . /etc/rc.isdn 22357012Shm fi 22457012Shm ;; 22557012Shm esac 22657012Shm 22764471Sbrian # Start user ppp if required. This must happen before natd. 22851231Ssheldonh # 22951231Ssheldonh case ${ppp_enable} in 23051231Ssheldonh [Yy][Ee][Ss]) 23151231Ssheldonh # Establish ppp mode. 23251231Ssheldonh # 23351231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 23451231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 23551231Ssheldonh -a "${ppp_mode}" != "background" ]; then 23664471Sbrian ppp_mode="auto" 23751231Ssheldonh fi 23851231Ssheldonh 23964471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 24051231Ssheldonh 24164471Sbrian # Switch on NAT mode? 24251231Ssheldonh # 24351231Ssheldonh case ${ppp_nat} in 24451231Ssheldonh [Yy][Ee][Ss]) 24564471Sbrian ppp_command="${ppp_command} -nat" 24651231Ssheldonh ;; 24751231Ssheldonh esac 24851231Ssheldonh 24964471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 25064471Sbrian 25177992Sbrian echo "Starting ppp as \"${ppp_user}\"" 25266422Sbrian su -m ${ppp_user} -c "exec ${ppp_command}" 25351231Ssheldonh ;; 25451231Ssheldonh esac 25551231Ssheldonh 25651231Ssheldonh # Initialize IP filtering using ipfw 25751231Ssheldonh # 25851231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 25951231Ssheldonh firewall_in_kernel=1 26029300Sdanny else 26151231Ssheldonh firewall_in_kernel=0 26229300Sdanny fi 26329300Sdanny 26451231Ssheldonh case ${firewall_enable} in 26551231Ssheldonh [Yy][Ee][Ss]) 26651231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 26751231Ssheldonh firewall_in_kernel=1 26870108Sdougb echo 'Kernel firewall module loaded' 26951231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 27070108Sdougb echo 'Warning: firewall kernel module failed to load' 27151231Ssheldonh fi 27251231Ssheldonh ;; 27351231Ssheldonh esac 27444992Sbrian 27551231Ssheldonh # Load the filters if required 27651231Ssheldonh # 27751231Ssheldonh case ${firewall_in_kernel} in 27851231Ssheldonh 1) 27951231Ssheldonh if [ -z "${firewall_script}" ]; then 28051231Ssheldonh firewall_script=/etc/rc.firewall 28144992Sbrian fi 28251231Ssheldonh 28351231Ssheldonh case ${firewall_enable} in 28451231Ssheldonh [Yy][Ee][Ss]) 28551426Sgreen if [ -r "${firewall_script}" ]; then 28651426Sgreen . "${firewall_script}" 28751231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 28851231Ssheldonh 28951231Ssheldonh # Network Address Translation daemon 29051231Ssheldonh # 29151231Ssheldonh case ${natd_enable} in 29251231Ssheldonh [Yy][Ee][Ss]) 29351231Ssheldonh if [ -n "${natd_interface}" ]; then 29451231Ssheldonh if echo ${natd_interface} | \ 29551231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 29651231Ssheldonh natd_ifarg="-a ${natd_interface}" 29751231Ssheldonh else 29851231Ssheldonh natd_ifarg="-n ${natd_interface}" 29951231Ssheldonh fi 30051231Ssheldonh 30151231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 30251231Ssheldonh fi 30351231Ssheldonh ;; 30451231Ssheldonh esac 30551231Ssheldonh 30651231Ssheldonh echo '.' 30751231Ssheldonh 30851231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 30970108Sdougb echo 'Warning: kernel has firewall functionality,' \ 31070108Sdougb 'but firewall rules are not enabled.' 31170108Sdougb echo ' All ip services are disabled.' 31251231Ssheldonh fi 31360103Sache 31460103Sache case ${firewall_logging} in 31560103Sache [Yy][Ee][Ss] | '') 31660103Sache echo 'Firewall logging=YES' 31760103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 31860103Sache ;; 31960103Sache *) 32060103Sache ;; 32160103Sache esac 32260103Sache 32351231Ssheldonh ;; 32451231Ssheldonh esac 32551231Ssheldonh ;; 32651231Ssheldonh esac 32751231Ssheldonh 32851231Ssheldonh # Additional ATM interface configuration 32951231Ssheldonh # 33051231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 33151231Ssheldonh atm_pass2 33229300Sdanny fi 33325184Sjkh 33451231Ssheldonh # Configure routing 33551231Ssheldonh # 33651231Ssheldonh case ${defaultrouter} in 33751231Ssheldonh [Nn][Oo] | '') 33851231Ssheldonh ;; 33951231Ssheldonh *) 34051231Ssheldonh static_routes="default ${static_routes}" 34151231Ssheldonh route_default="default ${defaultrouter}" 34251231Ssheldonh ;; 34351231Ssheldonh esac 34440006Sphk 34551231Ssheldonh # Set up any static routes. This should be done before router discovery. 34651231Ssheldonh # 34751231Ssheldonh if [ -n "${static_routes}" ]; then 34851231Ssheldonh for i in ${static_routes}; do 34951231Ssheldonh eval route_args=\$route_${i} 35051231Ssheldonh route add ${route_args} 35151231Ssheldonh done 35251231Ssheldonh fi 35329300Sdanny 35451231Ssheldonh echo -n 'Additional routing options:' 35551231Ssheldonh case ${tcp_extensions} in 35651231Ssheldonh [Yy][Ee][Ss] | '') 35751231Ssheldonh ;; 35851231Ssheldonh *) 35951231Ssheldonh echo -n ' tcp extensions=NO' 36051231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 36151231Ssheldonh ;; 36251231Ssheldonh esac 36325184Sjkh 36451231Ssheldonh case ${icmp_bmcastecho} in 36551231Ssheldonh [Yy][Ee][Ss]) 36651231Ssheldonh echo -n ' broadcast ping responses=YES' 36751231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 36851231Ssheldonh ;; 36951231Ssheldonh esac 37045096Simp 37151231Ssheldonh case ${icmp_drop_redirect} in 37251231Ssheldonh [Yy][Ee][Ss]) 37351231Ssheldonh echo -n ' ignore ICMP redirect=YES' 37451231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 37551231Ssheldonh ;; 37651231Ssheldonh esac 37739267Sjkoshy 37851231Ssheldonh case ${icmp_log_redirect} in 37951231Ssheldonh [Yy][Ee][Ss]) 38051231Ssheldonh echo -n ' log ICMP redirect=YES' 38151231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 38251231Ssheldonh ;; 38351231Ssheldonh esac 38433439Sguido 38551231Ssheldonh case ${gateway_enable} in 38651231Ssheldonh [Yy][Ee][Ss]) 38751231Ssheldonh echo -n ' IP gateway=YES' 38851231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 38951231Ssheldonh ;; 39051231Ssheldonh esac 39133439Sguido 39251231Ssheldonh case ${forward_sourceroute} in 39351231Ssheldonh [Yy][Ee][Ss]) 39451231Ssheldonh echo -n ' do source routing=YES' 39551231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 39651231Ssheldonh ;; 39751231Ssheldonh esac 39847752Sphk 39951231Ssheldonh case ${accept_sourceroute} in 40051231Ssheldonh [Yy][Ee][Ss]) 40151231Ssheldonh echo -n ' accept source routing=YES' 40251231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 40351231Ssheldonh ;; 40451231Ssheldonh esac 40551209Sdes 40651231Ssheldonh case ${tcp_keepalive} in 40751231Ssheldonh [Yy][Ee][Ss]) 40851231Ssheldonh echo -n ' TCP keepalive=YES' 40951231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 41051231Ssheldonh ;; 41151231Ssheldonh esac 41251209Sdes 41351231Ssheldonh case ${tcp_drop_synfin} in 41451231Ssheldonh [Yy][Ee][Ss]) 41551231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 41651231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 41751231Ssheldonh ;; 41851231Ssheldonh esac 41936174Sjkh 42051231Ssheldonh case ${ipxgateway_enable} in 42151231Ssheldonh [Yy][Ee][Ss]) 42251231Ssheldonh echo -n ' IPX gateway=YES' 42351231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 42451231Ssheldonh ;; 42551231Ssheldonh esac 42651231Ssheldonh 42751231Ssheldonh case ${arpproxy_all} in 42851231Ssheldonh [Yy][Ee][Ss]) 42951231Ssheldonh echo -n ' ARP proxyall=YES' 43051231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 43151231Ssheldonh ;; 43251231Ssheldonh esac 43361961Sdillon 43461961Sdillon case ${ip_portrange_first} in 43561961Sdillon [Nn][Oo] | '') 43661961Sdillon ;; 43761961Sdillon *) 43867012Sru echo -n " ip_portrange_first=$ip_portrange_first" 43961961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 44061961Sdillon ;; 44161961Sdillon esac 44261961Sdillon 44361961Sdillon case ${ip_portrange_last} in 44461961Sdillon [Nn][Oo] | '') 44564731Sjhb ;; 44661961Sdillon *) 44767012Sru echo -n " ip_portrange_last=$ip_portrange_last" 44861961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 44961961Sdillon ;; 45061961Sdillon esac 45161961Sdillon 45251231Ssheldonh echo '.' 45351231Ssheldonh 45460628Sdillon case ${ipsec_enable} in 45560628Sdillon [Yy][Ee][Ss]) 45660628Sdillon if [ -f ${ipsec_file} ]; then 45760628Sdillon echo ' ipsec: enabled' 45860628Sdillon setkey -f ${ipsec_file} 45960628Sdillon else 46060628Sdillon echo ' ipsec: file not found' 46160628Sdillon fi 46260628Sdillon ;; 46360628Sdillon esac 46460628Sdillon 46570108Sdougb echo -n 'Routing daemons:' 46651231Ssheldonh case ${router_enable} in 46751231Ssheldonh [Yy][Ee][Ss]) 46851231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 46951231Ssheldonh ;; 47051231Ssheldonh esac 47151231Ssheldonh 47251231Ssheldonh case ${ipxrouted_enable} in 47351231Ssheldonh [Yy][Ee][Ss]) 47451231Ssheldonh echo -n ' IPXrouted' 47551231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 47651231Ssheldonh ;; 47751231Ssheldonh esac 47851231Ssheldonh 47951231Ssheldonh case ${mrouted_enable} in 48051231Ssheldonh [Yy][Ee][Ss]) 48151231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 48251231Ssheldonh ;; 48351231Ssheldonh esac 48451231Ssheldonh 48551231Ssheldonh case ${rarpd_enable} in 48651231Ssheldonh [Yy][Ee][Ss]) 48751231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 48851231Ssheldonh ;; 48951231Ssheldonh esac 49051231Ssheldonh echo '.' 49151231Ssheldonh 49251231Ssheldonh # Let future generations know we made it. 49351231Ssheldonh # 49451231Ssheldonh network_pass1_done=YES 49525184Sjkh} 49625184Sjkh 49725184Sjkhnetwork_pass2() { 49851231Ssheldonh echo -n 'Doing additional network setup:' 49951231Ssheldonh case ${named_enable} in 50051231Ssheldonh [Yy][Ee][Ss]) 50151231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 50251231Ssheldonh ;; 50351231Ssheldonh esac 50425184Sjkh 50551231Ssheldonh case ${ntpdate_enable} in 50651231Ssheldonh [Yy][Ee][Ss]) 50751231Ssheldonh echo -n ' ntpdate' 50851231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 50951231Ssheldonh ;; 51051231Ssheldonh esac 51125184Sjkh 51251231Ssheldonh case ${xntpd_enable} in 51351231Ssheldonh [Yy][Ee][Ss]) 51454739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 51551231Ssheldonh ;; 51651231Ssheldonh esac 51725184Sjkh 51851231Ssheldonh case ${timed_enable} in 51951231Ssheldonh [Yy][Ee][Ss]) 52051231Ssheldonh echo -n ' timed'; timed ${timed_flags} 52151231Ssheldonh ;; 52251231Ssheldonh esac 52325184Sjkh 52451231Ssheldonh case ${portmap_enable} in 52551231Ssheldonh [Yy][Ee][Ss]) 52674462Salfred echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 52774462Salfred ${portmap_flags} 52825184Sjkh 52974462Salfred # Start ypserv if we're an NIS server. 53074462Salfred # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 53174462Salfred # 53274462Salfred case ${nis_server_enable} in 53374462Salfred [Yy][Ee][Ss]) 53474462Salfred echo -n ' ypserv'; ypserv ${nis_server_flags} 53525184Sjkh 53674462Salfred case ${nis_ypxfrd_enable} in 53774462Salfred [Yy][Ee][Ss]) 53874462Salfred echo -n ' rpc.ypxfrd' 53974462Salfred rpc.ypxfrd ${nis_ypxfrd_flags} 54074462Salfred ;; 54174462Salfred esac 54274462Salfred 54374462Salfred case ${nis_yppasswdd_enable} in 54474462Salfred [Yy][Ee][Ss]) 54574462Salfred echo -n ' rpc.yppasswdd' 54674462Salfred rpc.yppasswdd ${nis_yppasswdd_flags} 54774462Salfred ;; 54874462Salfred esac 54974462Salfred ;; 55074462Salfred esac 55174462Salfred 55274462Salfred # Start ypbind if we're an NIS client 55374462Salfred # 55474462Salfred case ${nis_client_enable} in 55551231Ssheldonh [Yy][Ee][Ss]) 55674462Salfred echo -n ' ypbind'; ypbind ${nis_client_flags} 55774462Salfred case ${nis_ypset_enable} in 55874462Salfred [Yy][Ee][Ss]) 55974462Salfred echo -n ' ypset'; ypset ${nis_ypset_flags} 56074462Salfred ;; 56174462Salfred esac 56251231Ssheldonh ;; 56351231Ssheldonh esac 56425184Sjkh 56574462Salfred # Start keyserv if we are running Secure RPC 56674462Salfred # 56774462Salfred case ${keyserv_enable} in 56851231Ssheldonh [Yy][Ee][Ss]) 56974462Salfred echo -n ' keyserv'; keyserv ${keyserv_flags} 57051231Ssheldonh ;; 57151231Ssheldonh esac 57235149Smarkm 57374462Salfred # Start ypupdated if we are running Secure RPC 57474462Salfred # and we are NIS master 57574462Salfred # 57674462Salfred case ${rpc_ypupdated_enable} in 57751231Ssheldonh [Yy][Ee][Ss]) 57874462Salfred echo -n ' rpc.ypupdated'; rpc.ypupdated 57951231Ssheldonh ;; 58051231Ssheldonh esac 58151231Ssheldonh ;; 58251231Ssheldonh esac 58340006Sphk 58451231Ssheldonh # Start ATM daemons 58551231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 58651231Ssheldonh atm_pass3 58751231Ssheldonh fi 58851231Ssheldonh 58951231Ssheldonh echo '.' 59051231Ssheldonh network_pass2_done=YES 59125184Sjkh} 59225184Sjkh 59325184Sjkhnetwork_pass3() { 59451231Ssheldonh echo -n 'Starting final network daemons:' 59525184Sjkh 59674462Salfred case ${portmap_enable} in 59751231Ssheldonh [Yy][Ee][Ss]) 59874462Salfred case ${nfs_server_enable} in 59974462Salfred [Yy][Ee][Ss]) 60074462Salfred if [ -r /etc/exports ]; then 60174462Salfred echo -n ' mountd' 60251231Ssheldonh 60374462Salfred case ${weak_mountd_authentication} in 60474462Salfred [Yy][Ee][Ss]) 60574462Salfred mountd_flags="${mountd_flags} -n" 60674462Salfred ;; 60774462Salfred esac 60851231Ssheldonh 60974462Salfred mountd ${mountd_flags} 61051231Ssheldonh 61174462Salfred case ${nfs_reserved_port_only} in 61274462Salfred [Yy][Ee][Ss]) 61374462Salfred echo -n ' NFS on reserved port only=YES' 61483656Speter sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 61574462Salfred ;; 61674462Salfred esac 61751231Ssheldonh 61874462Salfred echo -n ' nfsd'; nfsd ${nfs_server_flags} 61951231Ssheldonh 62074462Salfred case ${rpc_lockd_enable} in 62174462Salfred [Yy][Ee][Ss]) 62274462Salfred echo -n ' rpc.lockd'; rpc.lockd 62374462Salfred ;; 62474462Salfred esac 62574462Salfred 62674462Salfred case ${rpc_statd_enable} in 62774462Salfred [Yy][Ee][Ss]) 62874462Salfred echo -n ' rpc.statd'; rpc.statd 62974462Salfred ;; 63074462Salfred esac 63158710Sdillon fi 63274462Salfred ;; 63374462Salfred *) 63474462Salfred case ${single_mountd_enable} in 63574462Salfred [Yy][Ee][Ss]) 63674462Salfred if [ -r /etc/exports ]; then 63774462Salfred echo -n ' mountd' 63858710Sdillon 63974462Salfred case ${weak_mountd_authentication} in 64074462Salfred [Yy][Ee][Ss]) 64174462Salfred mountd_flags="-n" 64274462Salfred ;; 64374462Salfred esac 64474462Salfred 64574462Salfred mountd ${mountd_flags} 64674462Salfred fi 64751231Ssheldonh ;; 64851231Ssheldonh esac 64974462Salfred ;; 65074462Salfred esac 65151231Ssheldonh 65274462Salfred case ${nfs_client_enable} in 65353158Sache [Yy][Ee][Ss]) 65483656Speter #echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 65583656Speter if [ -n "${nfs_access_cache}" ]; then 65683656Speter echo -n " NFS access cache time=${nfs_access_cache}" 65783656Speter sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 65853158Sache fi 65983656Speter if [ -n "${nfs_bufpackets}" ]; then 66083656Speter sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 66183656Speter fi 66253158Sache ;; 66353158Sache esac 66451231Ssheldonh 66574462Salfred # If /var/db/mounttab exists, some nfs-server has not been 66674462Salfred # sucessfully notified about a previous client shutdown. 66774462Salfred # If there is no /var/db/mounttab, we do nothing. 66874462Salfred if [ -f /var/db/mounttab ]; then 66974462Salfred rpc.umntall -k 67051231Ssheldonh fi 67125184Sjkh 67274462Salfred case ${amd_enable} in 67374462Salfred [Yy][Ee][Ss]) 67474462Salfred echo -n ' amd' 67574462Salfred case ${amd_map_program} in 67674462Salfred [Nn][Oo] | '') 67774462Salfred ;; 67874462Salfred *) 67974462Salfred amd_flags="${amd_flags} `eval\ 68074462Salfred ${amd_map_program}`" 68174462Salfred ;; 68278354Sschweikh esac 68356038Sgreen 68474462Salfred if [ -n "${amd_flags}" ]; then 68574462Salfred amd -p ${amd_flags}\ 68674462Salfred > /var/run/amd.pid 2> /dev/null 68774462Salfred else 68874462Salfred amd 2> /dev/null 68974462Salfred fi 69051231Ssheldonh ;; 69151231Ssheldonh esac 69251231Ssheldonh ;; 69351231Ssheldonh esac 69425184Sjkh 69551231Ssheldonh case ${rwhod_enable} in 69651231Ssheldonh [Yy][Ee][Ss]) 69751231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 69851231Ssheldonh ;; 69951231Ssheldonh esac 70051231Ssheldonh 70180515Smarkm # Kerberos servers run ONLY on the Kerberos server machine 70280515Smarkm case ${kerberos4_server_enable} in 70351231Ssheldonh [Yy][Ee][Ss]) 70451231Ssheldonh case ${kerberos_stash} in 70551231Ssheldonh [Yy][Ee][Ss]) 70680515Smarkm stash=-n 70751231Ssheldonh ;; 70851231Ssheldonh *) 70980515Smarkm stash= 71051231Ssheldonh ;; 71151231Ssheldonh esac 71251231Ssheldonh 71380515Smarkm echo -n ' kerberosIV' 71480515Smarkm ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 71551231Ssheldonh 71680515Smarkm case ${kadmind4_server_enable} in 71751231Ssheldonh [Yy][Ee][Ss]) 71880515Smarkm echo -n ' kadmindIV' 71980515Smarkm ( 72080515Smarkm sleep 20; 72180515Smarkm ${kadmind4_server} ${stash} >/dev/null 2>&1 & 72280515Smarkm ) & 72351231Ssheldonh ;; 72451231Ssheldonh esac 72551231Ssheldonh unset stash_flag 72651231Ssheldonh ;; 72751231Ssheldonh esac 72851231Ssheldonh 72980515Smarkm case ${kerberos5_server_enable} in 73080515Smarkm [Yy][Ee][Ss]) 73180515Smarkm echo -n ' kerberos5' 73280515Smarkm ${kerberos5_server} & 73380515Smarkm 73480515Smarkm case ${kadmind5_server_enable} in 73580515Smarkm [Yy][Ee][Ss]) 73680515Smarkm echo -n ' kadmind5' 73780515Smarkm ${kadmind5_server} & 73880515Smarkm ;; 73980515Smarkm esac 74080515Smarkm ;; 74180515Smarkm esac 74280515Smarkm 74353611Sbrian case ${pppoed_enable} in 74453611Sbrian [Yy][Ee][Ss]) 74553613Sbrian if [ -n "${pppoed_provider}" ]; then 74653611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 74753611Sbrian fi 74853611Sbrian echo -n ' pppoed'; 74953611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 75053611Sbrian ;; 75153611Sbrian esac 75253611Sbrian 75357459Smarkm case ${sshd_enable} in 75457459Smarkm [Yy][Ee][Ss]) 75576820Sobrien if [ ! -f /etc/ssh/ssh_host_key ]; then 75676820Sobrien echo ' creating ssh RSA host key'; 75776820Sobrien /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 75857567Sjkh fi 75960578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 76060578Skris echo ' creating ssh DSA host key'; 76160578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 76260578Skris fi 76360578Skris ;; 76457459Smarkm esac 76557459Smarkm 76651231Ssheldonh echo '.' 76751231Ssheldonh network_pass3_done=YES 76825184Sjkh} 76953314Sache 77053314Sachenetwork_pass4() { 77153314Sache echo -n 'Additional TCP options:' 77253314Sache case ${log_in_vain} in 77353314Sache [Nn][Oo] | '') 77453314Sache ;; 77553314Sache *) 77653314Sache echo -n ' log_in_vain=YES' 77753314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 77853314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 77953314Sache ;; 78053314Sache esac 78153314Sache 78253314Sache echo '.' 78353314Sache network_pass4_done=YES 78453314Sache} 78565532Snectar 78677651Sbriannetwork_gif_setup() { 78777651Sbrian case ${gif_interfaces} in 78877651Sbrian [Nn][Oo] | '') 78977651Sbrian ;; 79077651Sbrian *) 79177651Sbrian for i in ${gif_interfaces}; do 79277651Sbrian eval peers=\$gifconfig_$i 79377651Sbrian case ${peers} in 79477651Sbrian '') 79577651Sbrian continue 79677651Sbrian ;; 79777651Sbrian *) 79879107Sbrooks ifconfig $i create tunnel ${peers} 79977651Sbrian ;; 80077651Sbrian esac 80177651Sbrian done 80277651Sbrian ;; 80377651Sbrian esac 80477651Sbrian} 80577651Sbrian 80665532Snectarconvert_host_conf() { 80765532Snectar host_conf=$1; shift; 80865532Snectar nsswitch_conf=$1; shift; 80965532Snectar awk ' \ 81065532Snectar /^[:blank:]*#/ { next } \ 81165532Snectar /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 81265532Snectar /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 81365532Snectar /nis/ { nsswitch[c] = "nis"; c++; next } \ 81465532Snectar { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 81565532Snectar END { \ 81665532Snectar printf "hosts: "; \ 81765532Snectar for (i in nsswitch) printf "%s ", nsswitch[i]; \ 81865532Snectar printf "\n"; \ 81965532Snectar }' < $host_conf > $nsswitch_conf 82065532Snectar} 82165532Snectar 822