defaultroute revision 53314
1#!/bin/sh - 2# 3# $FreeBSD: head/etc/rc.d/routing 53314 1999-11-17 22:38:02Z ache $ 4# From: @(#)netstart 5.9 (Berkeley) 3/30/91 5 6# Note that almost all of the user-configurable behavior is no longer in 7# this file, but rather in /etc/defaults/rc.conf. Please check that file 8# first before contemplating any changes here. If you do need to change 9# this file for some reason, we would like to know about it. 10 11# First pass startup stuff. 12# 13network_pass1() { 14 echo -n 'Doing initial network setup:' 15 16 # Set the host name if it is not already set 17 # 18 if [ -z "`hostname -s`" ]; then 19 hostname ${hostname} 20 echo -n ' hostname' 21 fi 22 23 # Set the domainname if we're using NIS 24 # 25 case ${nisdomainname} in 26 [Nn][Oo] | '') 27 ;; 28 *) 29 domainname ${nisdomainname} 30 echo -n ' domain' 31 ;; 32 esac 33 34 echo '.' 35 36 # Initial ATM interface configuration 37 # 38 case ${atm_enable} in 39 [Yy][Ee][Ss]) 40 if [ -r /etc/rc.atm ]; then 41 . /etc/rc.atm 42 atm_pass1 43 fi 44 ;; 45 esac 46 47 # ISDN subsystem startup 48 # 49 case ${isdn_enable} in 50 [Yy][Ee][Ss]) 51 if [ -r /etc/rc.isdn ]; then 52 . /etc/rc.isdn 53 fi 54 ;; 55 esac 56 57 # Special options for sppp(4) interfaces go here. These need 58 # to go _before_ the general ifconfig section, since in the case 59 # of hardwired (no link1 flag) but required authentication, you 60 # cannot pass auth parameters down to the already running interface. 61 # 62 for ifn in ${sppp_interfaces}; do 63 eval spppcontrol_args=\$spppconfig_${ifn} 64 if [ -n "${spppcontrol_args}" ]; then 65 # The auth secrets might contain spaces; in order 66 # to retain the quotation, we need to eval them 67 # here. 68 eval spppcontrol ${ifn} ${spppcontrol_args} 69 fi 70 done 71 72 # Set up all the network interfaces, calling startup scripts if needed 73 # 74 case ${network_interfaces} in 75 [Aa][Uu][Tt][Oo]) 76 network_interfaces="`ifconfig -l`" 77 ;; 78 esac 79 80 for ifn in ${network_interfaces}; do 81 showstat=false 82 if [ -r /etc/start_if.${ifn} ]; then 83 . /etc/start_if.${ifn} 84 showstat=true 85 fi 86 87 # Do the primary ifconfig if specified 88 # 89 eval ifconfig_args=\$ifconfig_${ifn} 90 91 case ${ifconfig_args} in 92 '') 93 ;; 94 [Dd][Hh][Cc][Pp]) 95 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn} 96 showstat=true 97 ;; 98 *) 99 ifconfig ${ifn} ${ifconfig_args} 100 showstat=true 101 ;; 102 esac 103 104 # Check to see if aliases need to be added 105 # 106 alias=0 107 while : ; do 108 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 109 if [ -n "${ifconfig_args}" ]; then 110 ifconfig ${ifn} ${ifconfig_args} alias 111 showstat=true 112 alias=`expr ${alias} + 1` 113 else 114 break; 115 fi 116 done 117 118 # Do ipx address if specified 119 # 120 eval ifconfig_args=\$ifconfig_${ifn}_ipx 121 if [ -n "${ifconfig_args}" ]; then 122 ifconfig ${ifn} ${ifconfig_args} 123 showstat=true 124 fi 125 126 case ${showstat} in 127 true) 128 ifconfig ${ifn} 129 ;; 130 esac 131 done 132 133 # Warm up user ppp if required, must happen before natd. 134 # 135 case ${ppp_enable} in 136 [Yy][Ee][Ss]) 137 # Establish ppp mode. 138 # 139 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 140 -a "${ppp_mode}" != "dedicated" \ 141 -a "${ppp_mode}" != "background" ]; then 142 ppp_mode="auto"; 143 fi 144 145 ppp_command="-${ppp_mode} "; 146 147 # Switch on alias mode? 148 # 149 case ${ppp_nat} in 150 [Yy][Ee][Ss]) 151 ppp_command="${ppp_command} -nat"; 152 ;; 153 esac 154 155 echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 156 ;; 157 esac 158 159 # Initialize IP filtering using ipfw 160 # 161 echo '' 162 163 if /sbin/ipfw -q flush > /dev/null 2>&1; then 164 firewall_in_kernel=1 165 else 166 firewall_in_kernel=0 167 fi 168 169 case ${firewall_enable} in 170 [Yy][Ee][Ss]) 171 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 172 firewall_in_kernel=1 173 echo "Kernel firewall module loaded." 174 elif [ "${firewall_in_kernel}" -eq 0 ]; then 175 echo "Warning: firewall kernel module failed to load." 176 fi 177 ;; 178 esac 179 180 # Load the filters if required 181 # 182 case ${firewall_in_kernel} in 183 1) 184 if [ -z "${firewall_script}" ]; then 185 firewall_script=/etc/rc.firewall 186 fi 187 188 case ${firewall_enable} in 189 [Yy][Ee][Ss]) 190 if [ -r "${firewall_script}" ]; then 191 . "${firewall_script}" 192 echo -n 'Firewall rules loaded, starting divert daemons:' 193 194 # Network Address Translation daemon 195 # 196 case ${natd_enable} in 197 [Yy][Ee][Ss]) 198 if [ -n "${natd_interface}" ]; then 199 if echo ${natd_interface} | \ 200 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 201 natd_ifarg="-a ${natd_interface}" 202 else 203 natd_ifarg="-n ${natd_interface}" 204 fi 205 206 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 207 fi 208 ;; 209 esac 210 211 echo '.' 212 213 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 214 echo -n "Warning: kernel has firewall functionality, " 215 echo "but firewall rules are not enabled." 216 echo " All ip services are disabled." 217 fi 218 ;; 219 esac 220 ;; 221 esac 222 223 # Additional ATM interface configuration 224 # 225 if [ -n "${atm_pass1_done}" ]; then 226 atm_pass2 227 fi 228 229 # Configure routing 230 # 231 case ${defaultrouter} in 232 [Nn][Oo] | '') 233 ;; 234 *) 235 static_routes="default ${static_routes}" 236 route_default="default ${defaultrouter}" 237 ;; 238 esac 239 240 # Set up any static routes. This should be done before router discovery. 241 # 242 if [ -n "${static_routes}" ]; then 243 for i in ${static_routes}; do 244 eval route_args=\$route_${i} 245 route add ${route_args} 246 done 247 fi 248 249 echo -n 'Additional routing options:' 250 case ${tcp_extensions} in 251 [Yy][Ee][Ss] | '') 252 ;; 253 *) 254 echo -n ' tcp extensions=NO' 255 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 256 ;; 257 esac 258 259 case ${icmp_bmcastecho} in 260 [Yy][Ee][Ss]) 261 echo -n ' broadcast ping responses=YES' 262 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 263 ;; 264 esac 265 266 case ${icmp_drop_redirect} in 267 [Yy][Ee][Ss]) 268 echo -n ' ignore ICMP redirect=YES' 269 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 270 ;; 271 esac 272 273 case ${icmp_log_redirect} in 274 [Yy][Ee][Ss]) 275 echo -n ' log ICMP redirect=YES' 276 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 277 ;; 278 esac 279 280 case ${gateway_enable} in 281 [Yy][Ee][Ss]) 282 echo -n ' IP gateway=YES' 283 sysctl -w net.inet.ip.forwarding=1 >/dev/null 284 ;; 285 esac 286 287 case ${forward_sourceroute} in 288 [Yy][Ee][Ss]) 289 echo -n ' do source routing=YES' 290 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 291 ;; 292 esac 293 294 case ${accept_sourceroute} in 295 [Yy][Ee][Ss]) 296 echo -n ' accept source routing=YES' 297 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 298 ;; 299 esac 300 301 case ${tcp_keepalive} in 302 [Yy][Ee][Ss]) 303 echo -n ' TCP keepalive=YES' 304 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 305 ;; 306 esac 307 308 case ${tcp_restrict_rst} in 309 [Yy][Ee][Ss]) 310 echo -n ' restrict TCP reset=YES' 311 sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 312 ;; 313 esac 314 315 case ${tcp_drop_synfin} in 316 [Yy][Ee][Ss]) 317 echo -n ' drop SYN+FIN packets=YES' 318 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 319 ;; 320 esac 321 322 case ${ipxgateway_enable} in 323 [Yy][Ee][Ss]) 324 echo -n ' IPX gateway=YES' 325 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 326 ;; 327 esac 328 329 case ${arpproxy_all} in 330 [Yy][Ee][Ss]) 331 echo -n ' ARP proxyall=YES' 332 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 333 ;; 334 esac 335 echo '.' 336 337 echo -n 'routing daemons:' 338 case ${router_enable} in 339 [Yy][Ee][Ss]) 340 echo -n " ${router}"; ${router} ${router_flags} 341 ;; 342 esac 343 344 case ${ipxrouted_enable} in 345 [Yy][Ee][Ss]) 346 echo -n ' IPXrouted' 347 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 348 ;; 349 esac 350 351 case ${mrouted_enable} in 352 [Yy][Ee][Ss]) 353 echo -n ' mrouted'; mrouted ${mrouted_flags} 354 ;; 355 esac 356 357 case ${rarpd_enable} in 358 [Yy][Ee][Ss]) 359 echo -n ' rarpd'; rarpd ${rarpd_flags} 360 ;; 361 esac 362 echo '.' 363 364 # Let future generations know we made it. 365 # 366 network_pass1_done=YES 367} 368 369network_pass2() { 370 echo -n 'Doing additional network setup:' 371 case ${named_enable} in 372 [Yy][Ee][Ss]) 373 echo -n ' named'; ${named_program:-named} ${named_flags} 374 ;; 375 esac 376 377 case ${ntpdate_enable} in 378 [Yy][Ee][Ss]) 379 echo -n ' ntpdate' 380 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 381 ;; 382 esac 383 384 case ${xntpd_enable} in 385 [Yy][Ee][Ss]) 386 echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags} 387 ;; 388 esac 389 390 case ${timed_enable} in 391 [Yy][Ee][Ss]) 392 echo -n ' timed'; timed ${timed_flags} 393 ;; 394 esac 395 396 case ${portmap_enable} in 397 [Yy][Ee][Ss]) 398 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 399 ;; 400 esac 401 402 # Start ypserv if we're an NIS server. 403 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 404 # 405 case ${nis_server_enable} in 406 [Yy][Ee][Ss]) 407 echo -n ' ypserv'; ypserv ${nis_server_flags} 408 409 case ${nis_ypxfrd_enable} in 410 [Yy][Ee][Ss]) 411 echo -n ' rpc.ypxfrd' 412 rpc.ypxfrd ${nis_ypxfrd_flags} 413 ;; 414 esac 415 416 case ${nis_yppasswdd_enable} in 417 [Yy][Ee][Ss]) 418 echo -n ' rpc.yppasswdd' 419 rpc.yppasswdd ${nis_yppasswdd_flags} 420 ;; 421 esac 422 ;; 423 esac 424 425 # Start ypbind if we're an NIS client 426 # 427 case ${nis_client_enable} in 428 [Yy][Ee][Ss]) 429 echo -n ' ypbind'; ypbind ${nis_client_flags} 430 case ${nis_ypset_enable} in 431 [Yy][Ee][Ss]) 432 echo -n ' ypset'; ypset ${nis_ypset_flags} 433 ;; 434 esac 435 ;; 436 esac 437 438 # Start keyserv if we are running Secure RPC 439 # 440 case ${keyserv_enable} in 441 [Yy][Ee][Ss]) 442 echo -n ' keyserv'; keyserv ${keyserv_flags} 443 ;; 444 esac 445 446 # Start ypupdated if we are running Secure RPC and we are NIS master 447 # 448 case ${rpc_ypupdated_enable} in 449 [Yy][Ee][Ss]) 450 echo -n ' rpc.ypupdated'; rpc.ypupdated 451 ;; 452 esac 453 454 # Start ATM daemons 455 if [ -n "${atm_pass2_done}" ]; then 456 atm_pass3 457 fi 458 459 echo '.' 460 network_pass2_done=YES 461} 462 463network_pass3() { 464 echo -n 'Starting final network daemons:' 465 466 case ${nfs_server_enable} in 467 [Yy][Ee][Ss]) 468 if [ -r /etc/exports ]; then 469 echo -n ' mountd' 470 471 case ${weak_mountd_authentication} in 472 [Yy][Ee][Ss]) 473 mountd_flags="-n" 474 ;; 475 esac 476 477 mountd ${mountd_flags} 478 479 case ${nfs_reserved_port_only} in 480 [Yy][Ee][Ss]) 481 echo -n ' NFS on reserved port only=YES' 482 sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 483 ;; 484 esac 485 486 echo -n ' nfsd'; nfsd ${nfs_server_flags} 487 488 case ${rpc_lockd_enable} in 489 [Yy][Ee][Ss]) 490 echo -n ' rpc.lockd'; rpc.lockd 491 ;; 492 esac 493 494 case ${rpc_statd_enable} in 495 [Yy][Ee][Ss]) 496 echo -n ' rpc.statd'; rpc.statd 497 ;; 498 esac 499 fi 500 ;; 501 *) 502 case ${single_mountd_enable} in 503 [Yy][Ee][Ss]) 504 if [ -r /etc/exports ]; then 505 echo -n ' mountd' 506 507 case ${weak_mountd_authentication} in 508 [Yy][Ee][Ss]) 509 mountd_flags="-n" 510 ;; 511 esac 512 513 mountd ${mountd_flags} 514 fi 515 ;; 516 esac 517 ;; 518 esac 519 520 case ${nfs_client_enable} in 521 [Yy][Ee][Ss]) 522 echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 523 if [ -n "${nfs_access_cache}" ]; then 524 echo -n " NFS access cache time=${nfs_access_cache}" 525 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 526 >/dev/null 527 fi 528 ;; 529 esac 530 531 case ${amd_enable} in 532 [Yy][Ee][Ss]) 533 echo -n ' amd' 534 case ${amd_map_program} in 535 [Nn][Oo] | '') 536 ;; 537 *) 538 amd_flags="${amd_flags} `eval ${amd_map_program}`" 539 ;; 540 esac 541 542 if [ -n "${amd_flags}" ]; then 543 amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 544 else 545 amd 2> /dev/null 546 fi 547 ;; 548 esac 549 550 case ${rwhod_enable} in 551 [Yy][Ee][Ss]) 552 echo -n ' rwhod'; rwhod ${rwhod_flags} 553 ;; 554 esac 555 556 # Kerberos runs ONLY on the Kerberos server machine 557 case ${kerberos_server_enable} in 558 [Yy][Ee][Ss]) 559 case ${kerberos_stash} in 560 [Yy][Ee][Ss]) 561 stash_flag=-n 562 ;; 563 *) 564 stash_flag= 565 ;; 566 esac 567 568 echo -n ' kerberos' 569 kerberos ${stash_flag} >> /var/log/kerberos.log & 570 571 case ${kadmind_server_enable} in 572 [Yy][Ee][Ss]) 573 echo -n ' kadmind' 574 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 575 ;; 576 esac 577 unset stash_flag 578 ;; 579 esac 580 581 echo '.' 582 network_pass3_done=YES 583} 584 585network_pass4() { 586 echo -n 'Additional TCP options:' 587 case ${log_in_vain} in 588 [Nn][Oo] | '') 589 ;; 590 *) 591 echo -n ' log_in_vain=YES' 592 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 593 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 594 ;; 595 esac 596 597 echo '.' 598 network_pass4_done=YES 599} 600