defaultroute revision 53314
1130803Smarcel#!/bin/sh - 2130803Smarcel# 3130803Smarcel# $FreeBSD: head/etc/rc.d/routing 53314 1999-11-17 22:38:02Z ache $ 4130803Smarcel# From: @(#)netstart 5.9 (Berkeley) 3/30/91 5130803Smarcel 6130803Smarcel# Note that almost all of the user-configurable behavior is no longer in 7130803Smarcel# this file, but rather in /etc/defaults/rc.conf. Please check that file 8130803Smarcel# first before contemplating any changes here. If you do need to change 9130803Smarcel# this file for some reason, we would like to know about it. 10130803Smarcel 11130803Smarcel# First pass startup stuff. 12130803Smarcel# 13130803Smarcelnetwork_pass1() { 14130803Smarcel echo -n 'Doing initial network setup:' 15130803Smarcel 16130803Smarcel # Set the host name if it is not already set 17130803Smarcel # 18130803Smarcel if [ -z "`hostname -s`" ]; then 19130803Smarcel hostname ${hostname} 20130803Smarcel echo -n ' hostname' 21130803Smarcel fi 22130803Smarcel 23130803Smarcel # Set the domainname if we're using NIS 24130803Smarcel # 25130803Smarcel case ${nisdomainname} in 26130803Smarcel [Nn][Oo] | '') 27130803Smarcel ;; 28130803Smarcel *) 29130803Smarcel domainname ${nisdomainname} 30130803Smarcel echo -n ' domain' 31130803Smarcel ;; 32130803Smarcel esac 33130803Smarcel 34130803Smarcel echo '.' 35130803Smarcel 36130803Smarcel # Initial ATM interface configuration 37130803Smarcel # 38130803Smarcel case ${atm_enable} in 39130803Smarcel [Yy][Ee][Ss]) 40130803Smarcel if [ -r /etc/rc.atm ]; then 41130803Smarcel . /etc/rc.atm 42130803Smarcel atm_pass1 43130803Smarcel fi 44130803Smarcel ;; 45130803Smarcel esac 46130803Smarcel 47130803Smarcel # ISDN subsystem startup 48130803Smarcel # 49130803Smarcel case ${isdn_enable} in 50130803Smarcel [Yy][Ee][Ss]) 51130803Smarcel if [ -r /etc/rc.isdn ]; then 52130803Smarcel . /etc/rc.isdn 53130803Smarcel fi 54130803Smarcel ;; 55130803Smarcel esac 56130803Smarcel 57130803Smarcel # Special options for sppp(4) interfaces go here. These need 58130803Smarcel # to go _before_ the general ifconfig section, since in the case 59130803Smarcel # of hardwired (no link1 flag) but required authentication, you 60130803Smarcel # cannot pass auth parameters down to the already running interface. 61130803Smarcel # 62130803Smarcel for ifn in ${sppp_interfaces}; do 63130803Smarcel eval spppcontrol_args=\$spppconfig_${ifn} 64130803Smarcel if [ -n "${spppcontrol_args}" ]; then 65130803Smarcel # The auth secrets might contain spaces; in order 66130803Smarcel # to retain the quotation, we need to eval them 67130803Smarcel # here. 68130803Smarcel eval spppcontrol ${ifn} ${spppcontrol_args} 69130803Smarcel fi 70130803Smarcel done 71130803Smarcel 72130803Smarcel # Set up all the network interfaces, calling startup scripts if needed 73130803Smarcel # 74130803Smarcel case ${network_interfaces} in 75130803Smarcel [Aa][Uu][Tt][Oo]) 76130803Smarcel network_interfaces="`ifconfig -l`" 77130803Smarcel ;; 78130803Smarcel esac 79130803Smarcel 80130803Smarcel for ifn in ${network_interfaces}; do 81130803Smarcel showstat=false 82130803Smarcel if [ -r /etc/start_if.${ifn} ]; then 83130803Smarcel . /etc/start_if.${ifn} 84130803Smarcel showstat=true 85130803Smarcel fi 86130803Smarcel 87130803Smarcel # Do the primary ifconfig if specified 88130803Smarcel # 89130803Smarcel eval ifconfig_args=\$ifconfig_${ifn} 90130803Smarcel 91130803Smarcel case ${ifconfig_args} in 92130803Smarcel '') 93130803Smarcel ;; 94130803Smarcel [Dd][Hh][Cc][Pp]) 95130803Smarcel ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn} 96130803Smarcel showstat=true 97130803Smarcel ;; 98130803Smarcel *) 99130803Smarcel ifconfig ${ifn} ${ifconfig_args} 100130803Smarcel showstat=true 101130803Smarcel ;; 102130803Smarcel esac 103130803Smarcel 104130803Smarcel # Check to see if aliases need to be added 105130803Smarcel # 106130803Smarcel alias=0 107130803Smarcel while : ; do 108130803Smarcel eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 109130803Smarcel if [ -n "${ifconfig_args}" ]; then 110130803Smarcel ifconfig ${ifn} ${ifconfig_args} alias 111130803Smarcel showstat=true 112130803Smarcel alias=`expr ${alias} + 1` 113130803Smarcel else 114130803Smarcel break; 115130803Smarcel fi 116130803Smarcel done 117130803Smarcel 118130803Smarcel # Do ipx address if specified 119130803Smarcel # 120130803Smarcel eval ifconfig_args=\$ifconfig_${ifn}_ipx 121130803Smarcel if [ -n "${ifconfig_args}" ]; then 122130803Smarcel ifconfig ${ifn} ${ifconfig_args} 123130803Smarcel showstat=true 124130803Smarcel fi 125130803Smarcel 126130803Smarcel case ${showstat} in 127130803Smarcel true) 128130803Smarcel ifconfig ${ifn} 129130803Smarcel ;; 130130803Smarcel esac 131130803Smarcel done 132130803Smarcel 133130803Smarcel # Warm up user ppp if required, must happen before natd. 134130803Smarcel # 135130803Smarcel case ${ppp_enable} in 136130803Smarcel [Yy][Ee][Ss]) 137130803Smarcel # Establish ppp mode. 138130803Smarcel # 139130803Smarcel if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 140130803Smarcel -a "${ppp_mode}" != "dedicated" \ 141130803Smarcel -a "${ppp_mode}" != "background" ]; then 142130803Smarcel ppp_mode="auto"; 143130803Smarcel fi 144130803Smarcel 145130803Smarcel ppp_command="-${ppp_mode} "; 146130803Smarcel 147130803Smarcel # Switch on alias mode? 148130803Smarcel # 149130803Smarcel case ${ppp_nat} in 150130803Smarcel [Yy][Ee][Ss]) 151130803Smarcel ppp_command="${ppp_command} -nat"; 152130803Smarcel ;; 153130803Smarcel esac 154130803Smarcel 155130803Smarcel echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 156130803Smarcel ;; 157130803Smarcel esac 158130803Smarcel 159130803Smarcel # Initialize IP filtering using ipfw 160130803Smarcel # 161130803Smarcel echo '' 162130803Smarcel 163130803Smarcel if /sbin/ipfw -q flush > /dev/null 2>&1; then 164130803Smarcel firewall_in_kernel=1 165130803Smarcel else 166130803Smarcel firewall_in_kernel=0 167130803Smarcel fi 168130803Smarcel 169130803Smarcel case ${firewall_enable} in 170130803Smarcel [Yy][Ee][Ss]) 171130803Smarcel if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 172130803Smarcel firewall_in_kernel=1 173130803Smarcel echo "Kernel firewall module loaded." 174130803Smarcel elif [ "${firewall_in_kernel}" -eq 0 ]; then 175130803Smarcel echo "Warning: firewall kernel module failed to load." 176130803Smarcel fi 177130803Smarcel ;; 178130803Smarcel esac 179130803Smarcel 180130803Smarcel # Load the filters if required 181130803Smarcel # 182130803Smarcel case ${firewall_in_kernel} in 183130803Smarcel 1) 184130803Smarcel if [ -z "${firewall_script}" ]; then 185130803Smarcel firewall_script=/etc/rc.firewall 186130803Smarcel fi 187130803Smarcel 188130803Smarcel case ${firewall_enable} in 189130803Smarcel [Yy][Ee][Ss]) 190130803Smarcel if [ -r "${firewall_script}" ]; then 191130803Smarcel . "${firewall_script}" 192130803Smarcel echo -n 'Firewall rules loaded, starting divert daemons:' 193130803Smarcel 194130803Smarcel # Network Address Translation daemon 195130803Smarcel # 196130803Smarcel case ${natd_enable} in 197130803Smarcel [Yy][Ee][Ss]) 198130803Smarcel if [ -n "${natd_interface}" ]; then 199130803Smarcel if echo ${natd_interface} | \ 200130803Smarcel grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 201130803Smarcel natd_ifarg="-a ${natd_interface}" 202130803Smarcel else 203130803Smarcel natd_ifarg="-n ${natd_interface}" 204130803Smarcel fi 205130803Smarcel 206130803Smarcel echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 207130803Smarcel fi 208130803Smarcel ;; 209130803Smarcel esac 210130803Smarcel 211130803Smarcel echo '.' 212130803Smarcel 213130803Smarcel elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 214130803Smarcel echo -n "Warning: kernel has firewall functionality, " 215130803Smarcel echo "but firewall rules are not enabled." 216130803Smarcel echo " All ip services are disabled." 217130803Smarcel fi 218130803Smarcel ;; 219130803Smarcel esac 220130803Smarcel ;; 221130803Smarcel esac 222130803Smarcel 223130803Smarcel # Additional ATM interface configuration 224130803Smarcel # 225130803Smarcel if [ -n "${atm_pass1_done}" ]; then 226130803Smarcel atm_pass2 227130803Smarcel fi 228130803Smarcel 229130803Smarcel # Configure routing 230130803Smarcel # 231130803Smarcel case ${defaultrouter} in 232130803Smarcel [Nn][Oo] | '') 233130803Smarcel ;; 234130803Smarcel *) 235130803Smarcel static_routes="default ${static_routes}" 236130803Smarcel route_default="default ${defaultrouter}" 237130803Smarcel ;; 238130803Smarcel esac 239130803Smarcel 240130803Smarcel # Set up any static routes. This should be done before router discovery. 241130803Smarcel # 242130803Smarcel if [ -n "${static_routes}" ]; then 243130803Smarcel for i in ${static_routes}; do 244130803Smarcel eval route_args=\$route_${i} 245130803Smarcel route add ${route_args} 246130803Smarcel done 247130803Smarcel fi 248130803Smarcel 249130803Smarcel echo -n 'Additional routing options:' 250130803Smarcel case ${tcp_extensions} in 251130803Smarcel [Yy][Ee][Ss] | '') 252130803Smarcel ;; 253130803Smarcel *) 254130803Smarcel echo -n ' tcp extensions=NO' 255130803Smarcel sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 256130803Smarcel ;; 257130803Smarcel esac 258130803Smarcel 259130803Smarcel case ${icmp_bmcastecho} in 260130803Smarcel [Yy][Ee][Ss]) 261130803Smarcel echo -n ' broadcast ping responses=YES' 262130803Smarcel sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 263130803Smarcel ;; 264130803Smarcel esac 265130803Smarcel 266130803Smarcel case ${icmp_drop_redirect} in 267130803Smarcel [Yy][Ee][Ss]) 268130803Smarcel echo -n ' ignore ICMP redirect=YES' 269130803Smarcel sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 270130803Smarcel ;; 271130803Smarcel esac 272130803Smarcel 273130803Smarcel case ${icmp_log_redirect} in 274130803Smarcel [Yy][Ee][Ss]) 275130803Smarcel echo -n ' log ICMP redirect=YES' 276130803Smarcel sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 277130803Smarcel ;; 278130803Smarcel esac 279130803Smarcel 280130803Smarcel case ${gateway_enable} in 281130803Smarcel [Yy][Ee][Ss]) 282130803Smarcel echo -n ' IP gateway=YES' 283130803Smarcel sysctl -w net.inet.ip.forwarding=1 >/dev/null 284130803Smarcel ;; 285130803Smarcel esac 286130803Smarcel 287130803Smarcel case ${forward_sourceroute} in 288130803Smarcel [Yy][Ee][Ss]) 289130803Smarcel echo -n ' do source routing=YES' 290130803Smarcel sysctl -w net.inet.ip.sourceroute=1 >/dev/null 291130803Smarcel ;; 292130803Smarcel esac 293130803Smarcel 294130803Smarcel case ${accept_sourceroute} in 295130803Smarcel [Yy][Ee][Ss]) 296130803Smarcel echo -n ' accept source routing=YES' 297130803Smarcel sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 298130803Smarcel ;; 299130803Smarcel esac 300130803Smarcel 301130803Smarcel case ${tcp_keepalive} in 302130803Smarcel [Yy][Ee][Ss]) 303130803Smarcel echo -n ' TCP keepalive=YES' 304130803Smarcel sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 305130803Smarcel ;; 306130803Smarcel esac 307130803Smarcel 308130803Smarcel case ${tcp_restrict_rst} in 309130803Smarcel [Yy][Ee][Ss]) 310130803Smarcel echo -n ' restrict TCP reset=YES' 311130803Smarcel sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 312130803Smarcel ;; 313130803Smarcel esac 314130803Smarcel 315130803Smarcel case ${tcp_drop_synfin} in 316130803Smarcel [Yy][Ee][Ss]) 317130803Smarcel echo -n ' drop SYN+FIN packets=YES' 318130803Smarcel sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 319130803Smarcel ;; 320130803Smarcel esac 321130803Smarcel 322130803Smarcel case ${ipxgateway_enable} in 323130803Smarcel [Yy][Ee][Ss]) 324130803Smarcel echo -n ' IPX gateway=YES' 325130803Smarcel sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 326130803Smarcel ;; 327130803Smarcel esac 328130803Smarcel 329130803Smarcel case ${arpproxy_all} in 330130803Smarcel [Yy][Ee][Ss]) 331130803Smarcel echo -n ' ARP proxyall=YES' 332130803Smarcel sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 333130803Smarcel ;; 334130803Smarcel esac 335130803Smarcel echo '.' 336130803Smarcel 337130803Smarcel echo -n 'routing daemons:' 338130803Smarcel case ${router_enable} in 339130803Smarcel [Yy][Ee][Ss]) 340130803Smarcel echo -n " ${router}"; ${router} ${router_flags} 341130803Smarcel ;; 342130803Smarcel esac 343130803Smarcel 344130803Smarcel case ${ipxrouted_enable} in 345130803Smarcel [Yy][Ee][Ss]) 346130803Smarcel echo -n ' IPXrouted' 347130803Smarcel IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 348130803Smarcel ;; 349130803Smarcel esac 350130803Smarcel 351130803Smarcel case ${mrouted_enable} in 352130803Smarcel [Yy][Ee][Ss]) 353130803Smarcel echo -n ' mrouted'; mrouted ${mrouted_flags} 354130803Smarcel ;; 355130803Smarcel esac 356130803Smarcel 357130803Smarcel case ${rarpd_enable} in 358130803Smarcel [Yy][Ee][Ss]) 359130803Smarcel echo -n ' rarpd'; rarpd ${rarpd_flags} 360130803Smarcel ;; 361130803Smarcel esac 362130803Smarcel echo '.' 363130803Smarcel 364130803Smarcel # Let future generations know we made it. 365130803Smarcel # 366130803Smarcel network_pass1_done=YES 367130803Smarcel} 368130803Smarcel 369130803Smarcelnetwork_pass2() { 370130803Smarcel echo -n 'Doing additional network setup:' 371130803Smarcel case ${named_enable} in 372130803Smarcel [Yy][Ee][Ss]) 373130803Smarcel echo -n ' named'; ${named_program:-named} ${named_flags} 374130803Smarcel ;; 375130803Smarcel esac 376130803Smarcel 377130803Smarcel case ${ntpdate_enable} in 378130803Smarcel [Yy][Ee][Ss]) 379130803Smarcel echo -n ' ntpdate' 380130803Smarcel ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 381130803Smarcel ;; 382130803Smarcel esac 383130803Smarcel 384130803Smarcel case ${xntpd_enable} in 385130803Smarcel [Yy][Ee][Ss]) 386130803Smarcel echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags} 387130803Smarcel ;; 388130803Smarcel esac 389130803Smarcel 390130803Smarcel case ${timed_enable} in 391130803Smarcel [Yy][Ee][Ss]) 392130803Smarcel echo -n ' timed'; timed ${timed_flags} 393130803Smarcel ;; 394130803Smarcel esac 395130803Smarcel 396130803Smarcel case ${portmap_enable} in 397130803Smarcel [Yy][Ee][Ss]) 398130803Smarcel echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 399130803Smarcel ;; 400130803Smarcel esac 401130803Smarcel 402130803Smarcel # Start ypserv if we're an NIS server. 403130803Smarcel # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 404130803Smarcel # 405130803Smarcel case ${nis_server_enable} in 406130803Smarcel [Yy][Ee][Ss]) 407130803Smarcel echo -n ' ypserv'; ypserv ${nis_server_flags} 408130803Smarcel 409130803Smarcel case ${nis_ypxfrd_enable} in 410130803Smarcel [Yy][Ee][Ss]) 411130803Smarcel echo -n ' rpc.ypxfrd' 412130803Smarcel rpc.ypxfrd ${nis_ypxfrd_flags} 413130803Smarcel ;; 414130803Smarcel esac 415130803Smarcel 416130803Smarcel case ${nis_yppasswdd_enable} in 417130803Smarcel [Yy][Ee][Ss]) 418130803Smarcel echo -n ' rpc.yppasswdd' 419130803Smarcel rpc.yppasswdd ${nis_yppasswdd_flags} 420130803Smarcel ;; 421130803Smarcel esac 422130803Smarcel ;; 423130803Smarcel esac 424130803Smarcel 425130803Smarcel # Start ypbind if we're an NIS client 426130803Smarcel # 427130803Smarcel case ${nis_client_enable} in 428130803Smarcel [Yy][Ee][Ss]) 429130803Smarcel echo -n ' ypbind'; ypbind ${nis_client_flags} 430130803Smarcel case ${nis_ypset_enable} in 431130803Smarcel [Yy][Ee][Ss]) 432130803Smarcel echo -n ' ypset'; ypset ${nis_ypset_flags} 433130803Smarcel ;; 434130803Smarcel esac 435130803Smarcel ;; 436130803Smarcel esac 437130803Smarcel 438130803Smarcel # Start keyserv if we are running Secure RPC 439130803Smarcel # 440130803Smarcel case ${keyserv_enable} in 441130803Smarcel [Yy][Ee][Ss]) 442130803Smarcel echo -n ' keyserv'; keyserv ${keyserv_flags} 443130803Smarcel ;; 444130803Smarcel esac 445130803Smarcel 446130803Smarcel # Start ypupdated if we are running Secure RPC and we are NIS master 447130803Smarcel # 448130803Smarcel case ${rpc_ypupdated_enable} in 449130803Smarcel [Yy][Ee][Ss]) 450130803Smarcel echo -n ' rpc.ypupdated'; rpc.ypupdated 451130803Smarcel ;; 452130803Smarcel esac 453130803Smarcel 454130803Smarcel # Start ATM daemons 455130803Smarcel if [ -n "${atm_pass2_done}" ]; then 456130803Smarcel atm_pass3 457130803Smarcel fi 458130803Smarcel 459130803Smarcel echo '.' 460130803Smarcel network_pass2_done=YES 461130803Smarcel} 462130803Smarcel 463130803Smarcelnetwork_pass3() { 464130803Smarcel echo -n 'Starting final network daemons:' 465130803Smarcel 466130803Smarcel case ${nfs_server_enable} in 467130803Smarcel [Yy][Ee][Ss]) 468130803Smarcel if [ -r /etc/exports ]; then 469130803Smarcel echo -n ' mountd' 470130803Smarcel 471130803Smarcel case ${weak_mountd_authentication} in 472130803Smarcel [Yy][Ee][Ss]) 473130803Smarcel mountd_flags="-n" 474130803Smarcel ;; 475130803Smarcel esac 476130803Smarcel 477130803Smarcel mountd ${mountd_flags} 478130803Smarcel 479130803Smarcel case ${nfs_reserved_port_only} in 480130803Smarcel [Yy][Ee][Ss]) 481130803Smarcel echo -n ' NFS on reserved port only=YES' 482130803Smarcel sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 483130803Smarcel ;; 484130803Smarcel esac 485130803Smarcel 486130803Smarcel echo -n ' nfsd'; nfsd ${nfs_server_flags} 487130803Smarcel 488130803Smarcel case ${rpc_lockd_enable} in 489130803Smarcel [Yy][Ee][Ss]) 490130803Smarcel echo -n ' rpc.lockd'; rpc.lockd 491130803Smarcel ;; 492130803Smarcel esac 493130803Smarcel 494130803Smarcel case ${rpc_statd_enable} in 495130803Smarcel [Yy][Ee][Ss]) 496130803Smarcel echo -n ' rpc.statd'; rpc.statd 497130803Smarcel ;; 498130803Smarcel esac 499130803Smarcel fi 500130803Smarcel ;; 501130803Smarcel *) 502130803Smarcel case ${single_mountd_enable} in 503130803Smarcel [Yy][Ee][Ss]) 504130803Smarcel if [ -r /etc/exports ]; then 505130803Smarcel echo -n ' mountd' 506130803Smarcel 507130803Smarcel case ${weak_mountd_authentication} in 508130803Smarcel [Yy][Ee][Ss]) 509130803Smarcel mountd_flags="-n" 510130803Smarcel ;; 511130803Smarcel esac 512130803Smarcel 513130803Smarcel mountd ${mountd_flags} 514130803Smarcel fi 515130803Smarcel ;; 516130803Smarcel esac 517130803Smarcel ;; 518130803Smarcel esac 519130803Smarcel 520130803Smarcel case ${nfs_client_enable} in 521130803Smarcel [Yy][Ee][Ss]) 522130803Smarcel echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 523130803Smarcel if [ -n "${nfs_access_cache}" ]; then 524130803Smarcel echo -n " NFS access cache time=${nfs_access_cache}" 525130803Smarcel sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 526130803Smarcel >/dev/null 527130803Smarcel fi 528130803Smarcel ;; 529130803Smarcel esac 530130803Smarcel 531130803Smarcel case ${amd_enable} in 532130803Smarcel [Yy][Ee][Ss]) 533130803Smarcel echo -n ' amd' 534130803Smarcel case ${amd_map_program} in 535130803Smarcel [Nn][Oo] | '') 536130803Smarcel ;; 537130803Smarcel *) 538130803Smarcel amd_flags="${amd_flags} `eval ${amd_map_program}`" 539130803Smarcel ;; 540130803Smarcel esac 541130803Smarcel 542130803Smarcel if [ -n "${amd_flags}" ]; then 543130803Smarcel amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 544130803Smarcel else 545130803Smarcel amd 2> /dev/null 546130803Smarcel fi 547130803Smarcel ;; 548130803Smarcel esac 549130803Smarcel 550130803Smarcel case ${rwhod_enable} in 551130803Smarcel [Yy][Ee][Ss]) 552130803Smarcel echo -n ' rwhod'; rwhod ${rwhod_flags} 553130803Smarcel ;; 554130803Smarcel esac 555130803Smarcel 556130803Smarcel # Kerberos runs ONLY on the Kerberos server machine 557130803Smarcel case ${kerberos_server_enable} in 558130803Smarcel [Yy][Ee][Ss]) 559130803Smarcel case ${kerberos_stash} in 560130803Smarcel [Yy][Ee][Ss]) 561130803Smarcel stash_flag=-n 562130803Smarcel ;; 563130803Smarcel *) 564130803Smarcel stash_flag= 565130803Smarcel ;; 566130803Smarcel esac 567130803Smarcel 568130803Smarcel echo -n ' kerberos' 569130803Smarcel kerberos ${stash_flag} >> /var/log/kerberos.log & 570130803Smarcel 571130803Smarcel case ${kadmind_server_enable} in 572130803Smarcel [Yy][Ee][Ss]) 573130803Smarcel echo -n ' kadmind' 574130803Smarcel (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 575130803Smarcel ;; 576130803Smarcel esac 577130803Smarcel unset stash_flag 578130803Smarcel ;; 579130803Smarcel esac 580130803Smarcel 581130803Smarcel echo '.' 582130803Smarcel network_pass3_done=YES 583130803Smarcel} 584130803Smarcel 585130803Smarcelnetwork_pass4() { 586130803Smarcel echo -n 'Additional TCP options:' 587130803Smarcel case ${log_in_vain} in 588130803Smarcel [Nn][Oo] | '') 589130803Smarcel ;; 590130803Smarcel *) 591130803Smarcel echo -n ' log_in_vain=YES' 592130803Smarcel sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 593130803Smarcel sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 594130803Smarcel ;; 595130803Smarcel esac 596130803Smarcel 597130803Smarcel echo '.' 598130803Smarcel network_pass4_done=YES 599130803Smarcel} 600130803Smarcel