defaultroute revision 66745
125184Sjkh#!/bin/sh - 225184Sjkh# 350472Speter# $FreeBSD: head/etc/rc.d/routing 66745 2000-10-06 12:24:45Z darrenr $ 425184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 525184Sjkh 651231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 751231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 825184Sjkh# first before contemplating any changes here. If you do need to change 925184Sjkh# this file for some reason, we would like to know about it. 1025184Sjkh 1125184Sjkh# First pass startup stuff. 1251231Ssheldonh# 1325184Sjkhnetwork_pass1() { 1451231Ssheldonh echo -n 'Doing initial network setup:' 1525184Sjkh 1665532Snectar # Convert host.conf to nsswitch.conf if necessary 1765532Snectar if [ -f "/etc/host.conf" ]; then 1865532Snectar echo "" 1965532Snectar echo "Warning: /etc/host.conf is no longer used" 2065532Snectar if [ -f "/etc/nsswitch.conf" ]; then 2165532Snectar echo " /etc/nsswitch.conf will be used instead" 2265532Snectar else 2365532Snectar echo " /etc/nsswitch.conf will be created for you" 2465532Snectar convert_host_conf /etc/host.conf /etc/nsswitch.conf 2565532Snectar fi 2665532Snectar fi 2765532Snectar 2851231Ssheldonh # Set the host name if it is not already set 2951231Ssheldonh # 3051231Ssheldonh if [ -z "`hostname -s`" ]; then 3151231Ssheldonh hostname ${hostname} 3251231Ssheldonh echo -n ' hostname' 3351231Ssheldonh fi 3425184Sjkh 3566745Sdarrenr # Establish ipfilter ruleset as early as possible (best in 3666745Sdarrenr # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 3766745Sdarrenr # 3866745Sdarrenr case "${ipfilter_enable}" in 3966745Sdarrenr [Yy][Ee][Ss]) 4066745Sdarrenr if [ -r "${ipfilter_rules}" ]; then 4166745Sdarrenr echo -n ' ipfilter'; 4266745Sdarrenr ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags} 4366745Sdarrenr case "${ipmon_enable}" in 4466745Sdarrenr [Yy][Ee][Ss]) 4566745Sdarrenr echo -n ' ipmon' 4666745Sdarrenr ${ipmon_program:-ipmon} ${ipmon_flags} 4766745Sdarrenr ;; 4866745Sdarrenr esac 4966745Sdarrenr case "${ipnat_enable}" in 5066745Sdarrenr [Yy][Ee][Ss]) 5166745Sdarrenr if [ -r "${ipnat_rules}" ]; then 5266745Sdarrenr echo -n ' ipnat'; 5366745Sdarrenr ${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags} 5466745Sdarrenr else 5566745Sdarrenr echo -n ' NO IPNAT RULES' 5666745Sdarrenr fi 5766745Sdarrenr ;; 5866745Sdarrenr esac 5966745Sdarrenr else 6066745Sdarrenr ipfilter_enable="NO" 6166745Sdarrenr echo -n ' NO IPF RULES' 6266745Sdarrenr fi 6366745Sdarrenr ;; 6466745Sdarrenr esac 6566745Sdarrenr 6651231Ssheldonh # Set the domainname if we're using NIS 6751231Ssheldonh # 6851231Ssheldonh case ${nisdomainname} in 6951231Ssheldonh [Nn][Oo] | '') 7051231Ssheldonh ;; 7151231Ssheldonh *) 7251231Ssheldonh domainname ${nisdomainname} 7351231Ssheldonh echo -n ' domain' 7451231Ssheldonh ;; 7551231Ssheldonh esac 7640006Sphk 7751231Ssheldonh echo '.' 7842621Shm 7951231Ssheldonh # Initial ATM interface configuration 8051231Ssheldonh # 8151231Ssheldonh case ${atm_enable} in 8251231Ssheldonh [Yy][Ee][Ss]) 8351231Ssheldonh if [ -r /etc/rc.atm ]; then 8451231Ssheldonh . /etc/rc.atm 8551231Ssheldonh atm_pass1 8651231Ssheldonh fi 8751231Ssheldonh ;; 8851231Ssheldonh esac 8942627Sjoerg 9051231Ssheldonh # Special options for sppp(4) interfaces go here. These need 9151231Ssheldonh # to go _before_ the general ifconfig section, since in the case 9251231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 9351231Ssheldonh # cannot pass auth parameters down to the already running interface. 9451231Ssheldonh # 9551231Ssheldonh for ifn in ${sppp_interfaces}; do 9651231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 9751231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 9851231Ssheldonh # The auth secrets might contain spaces; in order 9951231Ssheldonh # to retain the quotation, we need to eval them 10051231Ssheldonh # here. 10151231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 10251231Ssheldonh fi 10351231Ssheldonh done 10449122Sbrian 10551231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 10651231Ssheldonh # 10751231Ssheldonh case ${network_interfaces} in 10851231Ssheldonh [Aa][Uu][Tt][Oo]) 10951231Ssheldonh network_interfaces="`ifconfig -l`" 11051231Ssheldonh ;; 11151231Ssheldonh esac 11249122Sbrian 11354458Sobrien dhcp_interfaces="" 11451231Ssheldonh for ifn in ${network_interfaces}; do 11551231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 11651231Ssheldonh . /etc/start_if.${ifn} 11754458Sobrien eval showstat_$ifn=1 11851231Ssheldonh fi 11949122Sbrian 12051231Ssheldonh # Do the primary ifconfig if specified 12151231Ssheldonh # 12251231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 12329300Sdanny 12451231Ssheldonh case ${ifconfig_args} in 12551231Ssheldonh '') 12651231Ssheldonh ;; 12751231Ssheldonh [Dd][Hh][Cc][Pp]) 12854458Sobrien # DHCP inits are done all in one go below 12954458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 13054458Sobrien eval showstat_$ifn=1 13151231Ssheldonh ;; 13251231Ssheldonh *) 13351231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 13454458Sobrien eval showstat_$ifn=1 13551231Ssheldonh ;; 13651231Ssheldonh esac 13754458Sobrien done 13851231Ssheldonh 13954458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 14054458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 14154458Sobrien fi 14254458Sobrien 14354458Sobrien for ifn in ${network_interfaces}; do 14451231Ssheldonh # Check to see if aliases need to be added 14551231Ssheldonh # 14651231Ssheldonh alias=0 14751231Ssheldonh while : ; do 14851231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 14951231Ssheldonh if [ -n "${ifconfig_args}" ]; then 15051231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 15154458Sobrien eval showstat_$ifn=1 15251231Ssheldonh alias=`expr ${alias} + 1` 15351231Ssheldonh else 15451231Ssheldonh break; 15551231Ssheldonh fi 15651231Ssheldonh done 15751231Ssheldonh 15851231Ssheldonh # Do ipx address if specified 15951231Ssheldonh # 16051231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 16151231Ssheldonh if [ -n "${ifconfig_args}" ]; then 16251231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 16354458Sobrien eval showstat_$ifn=1 16451231Ssheldonh fi 16554458Sobrien done 16651231Ssheldonh 16754458Sobrien for ifn in ${network_interfaces}; do 16854458Sobrien eval showstat=\$showstat_${ifn} 16954458Sobrien if [ ! -z ${showstat} ]; then 17051231Ssheldonh ifconfig ${ifn} 17154458Sobrien fi 17251231Ssheldonh done 17351231Ssheldonh 17457012Shm # ISDN subsystem startup 17557012Shm # 17657012Shm case ${isdn_enable} in 17757012Shm [Yy][Ee][Ss]) 17857012Shm if [ -r /etc/rc.isdn ]; then 17957012Shm . /etc/rc.isdn 18057012Shm fi 18157012Shm ;; 18257012Shm esac 18357012Shm 18464471Sbrian # Start user ppp if required. This must happen before natd. 18551231Ssheldonh # 18651231Ssheldonh case ${ppp_enable} in 18751231Ssheldonh [Yy][Ee][Ss]) 18851231Ssheldonh # Establish ppp mode. 18951231Ssheldonh # 19051231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 19151231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 19251231Ssheldonh -a "${ppp_mode}" != "background" ]; then 19364471Sbrian ppp_mode="auto" 19451231Ssheldonh fi 19551231Ssheldonh 19664471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 19751231Ssheldonh 19864471Sbrian # Switch on NAT mode? 19951231Ssheldonh # 20051231Ssheldonh case ${ppp_nat} in 20151231Ssheldonh [Yy][Ee][Ss]) 20264471Sbrian ppp_command="${ppp_command} -nat" 20351231Ssheldonh ;; 20451231Ssheldonh esac 20551231Ssheldonh 20664471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 20764471Sbrian 20864471Sbrian echo -n "Starting ppp as \"${ppp_user}\"" 20966422Sbrian su -m ${ppp_user} -c "exec ${ppp_command}" 21051231Ssheldonh ;; 21151231Ssheldonh esac 21251231Ssheldonh 21351231Ssheldonh # Initialize IP filtering using ipfw 21451231Ssheldonh # 21551231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 21651231Ssheldonh firewall_in_kernel=1 21729300Sdanny else 21851231Ssheldonh firewall_in_kernel=0 21929300Sdanny fi 22029300Sdanny 22151231Ssheldonh case ${firewall_enable} in 22251231Ssheldonh [Yy][Ee][Ss]) 22351231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 22451231Ssheldonh firewall_in_kernel=1 22551231Ssheldonh echo "Kernel firewall module loaded." 22651231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 22751231Ssheldonh echo "Warning: firewall kernel module failed to load." 22851231Ssheldonh fi 22951231Ssheldonh ;; 23051231Ssheldonh esac 23144992Sbrian 23251231Ssheldonh # Load the filters if required 23351231Ssheldonh # 23451231Ssheldonh case ${firewall_in_kernel} in 23551231Ssheldonh 1) 23651231Ssheldonh if [ -z "${firewall_script}" ]; then 23751231Ssheldonh firewall_script=/etc/rc.firewall 23844992Sbrian fi 23951231Ssheldonh 24051231Ssheldonh case ${firewall_enable} in 24151231Ssheldonh [Yy][Ee][Ss]) 24251426Sgreen if [ -r "${firewall_script}" ]; then 24351426Sgreen . "${firewall_script}" 24451231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 24551231Ssheldonh 24651231Ssheldonh # Network Address Translation daemon 24751231Ssheldonh # 24851231Ssheldonh case ${natd_enable} in 24951231Ssheldonh [Yy][Ee][Ss]) 25051231Ssheldonh if [ -n "${natd_interface}" ]; then 25151231Ssheldonh if echo ${natd_interface} | \ 25251231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 25351231Ssheldonh natd_ifarg="-a ${natd_interface}" 25451231Ssheldonh else 25551231Ssheldonh natd_ifarg="-n ${natd_interface}" 25651231Ssheldonh fi 25751231Ssheldonh 25851231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 25951231Ssheldonh fi 26051231Ssheldonh ;; 26151231Ssheldonh esac 26251231Ssheldonh 26351231Ssheldonh echo '.' 26451231Ssheldonh 26551231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 26651231Ssheldonh echo -n "Warning: kernel has firewall functionality, " 26751231Ssheldonh echo "but firewall rules are not enabled." 26851231Ssheldonh echo " All ip services are disabled." 26951231Ssheldonh fi 27060103Sache 27160103Sache case ${firewall_logging} in 27260103Sache [Yy][Ee][Ss] | '') 27360103Sache echo 'Firewall logging=YES' 27460103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 27560103Sache ;; 27660103Sache *) 27760103Sache ;; 27860103Sache esac 27960103Sache 28051231Ssheldonh ;; 28151231Ssheldonh esac 28251231Ssheldonh ;; 28351231Ssheldonh esac 28451231Ssheldonh 28551231Ssheldonh # Additional ATM interface configuration 28651231Ssheldonh # 28751231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 28851231Ssheldonh atm_pass2 28929300Sdanny fi 29025184Sjkh 29151231Ssheldonh # Configure routing 29251231Ssheldonh # 29351231Ssheldonh case ${defaultrouter} in 29451231Ssheldonh [Nn][Oo] | '') 29551231Ssheldonh ;; 29651231Ssheldonh *) 29751231Ssheldonh static_routes="default ${static_routes}" 29851231Ssheldonh route_default="default ${defaultrouter}" 29951231Ssheldonh ;; 30051231Ssheldonh esac 30140006Sphk 30251231Ssheldonh # Set up any static routes. This should be done before router discovery. 30351231Ssheldonh # 30451231Ssheldonh if [ -n "${static_routes}" ]; then 30551231Ssheldonh for i in ${static_routes}; do 30651231Ssheldonh eval route_args=\$route_${i} 30751231Ssheldonh route add ${route_args} 30851231Ssheldonh done 30951231Ssheldonh fi 31029300Sdanny 31151231Ssheldonh echo -n 'Additional routing options:' 31251231Ssheldonh case ${tcp_extensions} in 31351231Ssheldonh [Yy][Ee][Ss] | '') 31451231Ssheldonh ;; 31551231Ssheldonh *) 31651231Ssheldonh echo -n ' tcp extensions=NO' 31751231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 31851231Ssheldonh ;; 31951231Ssheldonh esac 32025184Sjkh 32151231Ssheldonh case ${icmp_bmcastecho} in 32251231Ssheldonh [Yy][Ee][Ss]) 32351231Ssheldonh echo -n ' broadcast ping responses=YES' 32451231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 32551231Ssheldonh ;; 32651231Ssheldonh esac 32745096Simp 32851231Ssheldonh case ${icmp_drop_redirect} in 32951231Ssheldonh [Yy][Ee][Ss]) 33051231Ssheldonh echo -n ' ignore ICMP redirect=YES' 33151231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 33251231Ssheldonh ;; 33351231Ssheldonh esac 33439267Sjkoshy 33551231Ssheldonh case ${icmp_log_redirect} in 33651231Ssheldonh [Yy][Ee][Ss]) 33751231Ssheldonh echo -n ' log ICMP redirect=YES' 33851231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 33951231Ssheldonh ;; 34051231Ssheldonh esac 34133439Sguido 34251231Ssheldonh case ${gateway_enable} in 34351231Ssheldonh [Yy][Ee][Ss]) 34451231Ssheldonh echo -n ' IP gateway=YES' 34551231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 34651231Ssheldonh ;; 34751231Ssheldonh esac 34833439Sguido 34951231Ssheldonh case ${forward_sourceroute} in 35051231Ssheldonh [Yy][Ee][Ss]) 35151231Ssheldonh echo -n ' do source routing=YES' 35251231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 35351231Ssheldonh ;; 35451231Ssheldonh esac 35547752Sphk 35651231Ssheldonh case ${accept_sourceroute} in 35751231Ssheldonh [Yy][Ee][Ss]) 35851231Ssheldonh echo -n ' accept source routing=YES' 35951231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 36051231Ssheldonh ;; 36151231Ssheldonh esac 36251209Sdes 36351231Ssheldonh case ${tcp_keepalive} in 36451231Ssheldonh [Yy][Ee][Ss]) 36551231Ssheldonh echo -n ' TCP keepalive=YES' 36651231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 36751231Ssheldonh ;; 36851231Ssheldonh esac 36951209Sdes 37051231Ssheldonh case ${tcp_restrict_rst} in 37151231Ssheldonh [Yy][Ee][Ss]) 37251231Ssheldonh echo -n ' restrict TCP reset=YES' 37351231Ssheldonh sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 37451231Ssheldonh ;; 37551231Ssheldonh esac 37636174Sjkh 37751231Ssheldonh case ${tcp_drop_synfin} in 37851231Ssheldonh [Yy][Ee][Ss]) 37951231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 38051231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 38151231Ssheldonh ;; 38251231Ssheldonh esac 38336174Sjkh 38451231Ssheldonh case ${ipxgateway_enable} in 38551231Ssheldonh [Yy][Ee][Ss]) 38651231Ssheldonh echo -n ' IPX gateway=YES' 38751231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 38851231Ssheldonh ;; 38951231Ssheldonh esac 39051231Ssheldonh 39151231Ssheldonh case ${arpproxy_all} in 39251231Ssheldonh [Yy][Ee][Ss]) 39351231Ssheldonh echo -n ' ARP proxyall=YES' 39451231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 39551231Ssheldonh ;; 39651231Ssheldonh esac 39761961Sdillon 39861961Sdillon case ${ip_portrange_first} in 39961961Sdillon [Nn][Oo] | '') 40061961Sdillon ;; 40161961Sdillon *) 40261961Sdillon echo -n ' ip_portrange_first=$ip_portrange_first' 40361961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 40461961Sdillon ;; 40561961Sdillon esac 40661961Sdillon 40761961Sdillon case ${ip_portrange_last} in 40861961Sdillon [Nn][Oo] | '') 40964731Sjhb ;; 41061961Sdillon *) 41161961Sdillon echo -n ' ip_portrange_last=$ip_portrange_last' 41261961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 41361961Sdillon ;; 41461961Sdillon esac 41561961Sdillon 41651231Ssheldonh echo '.' 41751231Ssheldonh 41860628Sdillon case ${ipsec_enable} in 41960628Sdillon [Yy][Ee][Ss]) 42060628Sdillon if [ -f ${ipsec_file} ]; then 42160628Sdillon echo ' ipsec: enabled' 42260628Sdillon setkey -f ${ipsec_file} 42360628Sdillon else 42460628Sdillon echo ' ipsec: file not found' 42560628Sdillon fi 42660628Sdillon ;; 42760628Sdillon esac 42860628Sdillon 42951231Ssheldonh echo -n 'routing daemons:' 43051231Ssheldonh case ${router_enable} in 43151231Ssheldonh [Yy][Ee][Ss]) 43251231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 43351231Ssheldonh ;; 43451231Ssheldonh esac 43551231Ssheldonh 43651231Ssheldonh case ${ipxrouted_enable} in 43751231Ssheldonh [Yy][Ee][Ss]) 43851231Ssheldonh echo -n ' IPXrouted' 43951231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 44051231Ssheldonh ;; 44151231Ssheldonh esac 44251231Ssheldonh 44351231Ssheldonh case ${mrouted_enable} in 44451231Ssheldonh [Yy][Ee][Ss]) 44551231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 44651231Ssheldonh ;; 44751231Ssheldonh esac 44851231Ssheldonh 44951231Ssheldonh case ${rarpd_enable} in 45051231Ssheldonh [Yy][Ee][Ss]) 45151231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 45251231Ssheldonh ;; 45351231Ssheldonh esac 45451231Ssheldonh echo '.' 45551231Ssheldonh 45651231Ssheldonh # Let future generations know we made it. 45751231Ssheldonh # 45851231Ssheldonh network_pass1_done=YES 45925184Sjkh} 46025184Sjkh 46125184Sjkhnetwork_pass2() { 46251231Ssheldonh echo -n 'Doing additional network setup:' 46351231Ssheldonh case ${named_enable} in 46451231Ssheldonh [Yy][Ee][Ss]) 46551231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 46651231Ssheldonh ;; 46751231Ssheldonh esac 46825184Sjkh 46951231Ssheldonh case ${ntpdate_enable} in 47051231Ssheldonh [Yy][Ee][Ss]) 47151231Ssheldonh echo -n ' ntpdate' 47251231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 47351231Ssheldonh ;; 47451231Ssheldonh esac 47525184Sjkh 47651231Ssheldonh case ${xntpd_enable} in 47751231Ssheldonh [Yy][Ee][Ss]) 47854739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 47951231Ssheldonh ;; 48051231Ssheldonh esac 48125184Sjkh 48251231Ssheldonh case ${timed_enable} in 48351231Ssheldonh [Yy][Ee][Ss]) 48451231Ssheldonh echo -n ' timed'; timed ${timed_flags} 48551231Ssheldonh ;; 48651231Ssheldonh esac 48725184Sjkh 48851231Ssheldonh case ${portmap_enable} in 48951231Ssheldonh [Yy][Ee][Ss]) 49051231Ssheldonh echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 49151231Ssheldonh ;; 49251231Ssheldonh esac 49325184Sjkh 49451231Ssheldonh # Start ypserv if we're an NIS server. 49551231Ssheldonh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 49651231Ssheldonh # 49751231Ssheldonh case ${nis_server_enable} in 49851231Ssheldonh [Yy][Ee][Ss]) 49951231Ssheldonh echo -n ' ypserv'; ypserv ${nis_server_flags} 50025184Sjkh 50151231Ssheldonh case ${nis_ypxfrd_enable} in 50251231Ssheldonh [Yy][Ee][Ss]) 50351231Ssheldonh echo -n ' rpc.ypxfrd' 50451231Ssheldonh rpc.ypxfrd ${nis_ypxfrd_flags} 50551231Ssheldonh ;; 50651231Ssheldonh esac 50725184Sjkh 50851231Ssheldonh case ${nis_yppasswdd_enable} in 50951231Ssheldonh [Yy][Ee][Ss]) 51051231Ssheldonh echo -n ' rpc.yppasswdd' 51151231Ssheldonh rpc.yppasswdd ${nis_yppasswdd_flags} 51251231Ssheldonh ;; 51351231Ssheldonh esac 51451231Ssheldonh ;; 51551231Ssheldonh esac 51635149Smarkm 51751231Ssheldonh # Start ypbind if we're an NIS client 51851231Ssheldonh # 51951231Ssheldonh case ${nis_client_enable} in 52051231Ssheldonh [Yy][Ee][Ss]) 52151231Ssheldonh echo -n ' ypbind'; ypbind ${nis_client_flags} 52251231Ssheldonh case ${nis_ypset_enable} in 52351231Ssheldonh [Yy][Ee][Ss]) 52451231Ssheldonh echo -n ' ypset'; ypset ${nis_ypset_flags} 52551231Ssheldonh ;; 52651231Ssheldonh esac 52751231Ssheldonh ;; 52851231Ssheldonh esac 52940006Sphk 53051231Ssheldonh # Start keyserv if we are running Secure RPC 53151231Ssheldonh # 53251231Ssheldonh case ${keyserv_enable} in 53351231Ssheldonh [Yy][Ee][Ss]) 53451231Ssheldonh echo -n ' keyserv'; keyserv ${keyserv_flags} 53551231Ssheldonh ;; 53651231Ssheldonh esac 53751231Ssheldonh 53851231Ssheldonh # Start ypupdated if we are running Secure RPC and we are NIS master 53951231Ssheldonh # 54051231Ssheldonh case ${rpc_ypupdated_enable} in 54151231Ssheldonh [Yy][Ee][Ss]) 54251231Ssheldonh echo -n ' rpc.ypupdated'; rpc.ypupdated 54351231Ssheldonh ;; 54451231Ssheldonh esac 54551231Ssheldonh 54651231Ssheldonh # Start ATM daemons 54751231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 54851231Ssheldonh atm_pass3 54951231Ssheldonh fi 55051231Ssheldonh 55151231Ssheldonh echo '.' 55251231Ssheldonh network_pass2_done=YES 55325184Sjkh} 55425184Sjkh 55525184Sjkhnetwork_pass3() { 55651231Ssheldonh echo -n 'Starting final network daemons:' 55725184Sjkh 55851231Ssheldonh case ${nfs_server_enable} in 55951231Ssheldonh [Yy][Ee][Ss]) 56051231Ssheldonh if [ -r /etc/exports ]; then 56151231Ssheldonh echo -n ' mountd' 56251231Ssheldonh 56351231Ssheldonh case ${weak_mountd_authentication} in 56451231Ssheldonh [Yy][Ee][Ss]) 56563147Snbm mountd_flags="${mountd_flags} -n" 56651231Ssheldonh ;; 56751231Ssheldonh esac 56851231Ssheldonh 56951231Ssheldonh mountd ${mountd_flags} 57051231Ssheldonh 57151231Ssheldonh case ${nfs_reserved_port_only} in 57251231Ssheldonh [Yy][Ee][Ss]) 57351231Ssheldonh echo -n ' NFS on reserved port only=YES' 57451231Ssheldonh sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 57551231Ssheldonh ;; 57651231Ssheldonh esac 57751231Ssheldonh 57851231Ssheldonh echo -n ' nfsd'; nfsd ${nfs_server_flags} 57951231Ssheldonh 58058710Sdillon if [ -n "${nfs_bufpackets}" ]; then 58158710Sdillon sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 58258710Sdillon > /dev/null 58358710Sdillon fi 58458710Sdillon 58551231Ssheldonh case ${rpc_lockd_enable} in 58651231Ssheldonh [Yy][Ee][Ss]) 58751231Ssheldonh echo -n ' rpc.lockd'; rpc.lockd 58851231Ssheldonh ;; 58951231Ssheldonh esac 59051231Ssheldonh 59151231Ssheldonh case ${rpc_statd_enable} in 59251231Ssheldonh [Yy][Ee][Ss]) 59351231Ssheldonh echo -n ' rpc.statd'; rpc.statd 59451231Ssheldonh ;; 59551231Ssheldonh esac 59651231Ssheldonh fi 59751231Ssheldonh ;; 59853158Sache *) 59953158Sache case ${single_mountd_enable} in 60053158Sache [Yy][Ee][Ss]) 60153158Sache if [ -r /etc/exports ]; then 60253158Sache echo -n ' mountd' 60353158Sache 60453158Sache case ${weak_mountd_authentication} in 60553158Sache [Yy][Ee][Ss]) 60653158Sache mountd_flags="-n" 60753158Sache ;; 60853158Sache esac 60953158Sache 61053158Sache mountd ${mountd_flags} 61153158Sache fi 61253158Sache ;; 61353158Sache esac 61453158Sache ;; 61551231Ssheldonh esac 61651231Ssheldonh 61751231Ssheldonh case ${nfs_client_enable} in 61851231Ssheldonh [Yy][Ee][Ss]) 61951231Ssheldonh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 62051231Ssheldonh if [ -n "${nfs_access_cache}" ]; then 62147755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 62241371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 62351231Ssheldonh >/dev/null 62451231Ssheldonh fi 62551231Ssheldonh ;; 62651231Ssheldonh esac 62725184Sjkh 62856038Sgreen # If /var/db/mounttab exists, some nfs-server has not been 62956038Sgreen # sucessfully notified about a previous client shutdown. 63056038Sgreen # If there is no /var/db/mounttab, we do nothing. 63156038Sgreen if [ -f /var/db/mounttab ]; then 63256038Sgreen rpc.umntall -k 63356038Sgreen fi 63456038Sgreen 63551231Ssheldonh case ${amd_enable} in 63651231Ssheldonh [Yy][Ee][Ss]) 63751231Ssheldonh echo -n ' amd' 63851231Ssheldonh case ${amd_map_program} in 63951231Ssheldonh [Nn][Oo] | '') 64051231Ssheldonh ;; 64151231Ssheldonh *) 64251231Ssheldonh amd_flags="${amd_flags} `eval ${amd_map_program}`" 64351231Ssheldonh ;; 64451231Ssheldonh esac 64525184Sjkh 64651231Ssheldonh if [ -n "${amd_flags}" ]; then 64751231Ssheldonh amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 64851231Ssheldonh else 64951231Ssheldonh amd 2> /dev/null 65051231Ssheldonh fi 65151231Ssheldonh ;; 65251231Ssheldonh esac 65325184Sjkh 65451231Ssheldonh case ${rwhod_enable} in 65551231Ssheldonh [Yy][Ee][Ss]) 65651231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 65751231Ssheldonh ;; 65851231Ssheldonh esac 65951231Ssheldonh 66051231Ssheldonh # Kerberos runs ONLY on the Kerberos server machine 66151231Ssheldonh case ${kerberos_server_enable} in 66251231Ssheldonh [Yy][Ee][Ss]) 66351231Ssheldonh case ${kerberos_stash} in 66451231Ssheldonh [Yy][Ee][Ss]) 66551231Ssheldonh stash_flag=-n 66651231Ssheldonh ;; 66751231Ssheldonh *) 66851231Ssheldonh stash_flag= 66951231Ssheldonh ;; 67051231Ssheldonh esac 67151231Ssheldonh 67251231Ssheldonh echo -n ' kerberos' 67338316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 67451231Ssheldonh 67551231Ssheldonh case ${kadmind_server_enable} in 67651231Ssheldonh [Yy][Ee][Ss]) 67751231Ssheldonh echo -n ' kadmind' 67851231Ssheldonh (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 67951231Ssheldonh ;; 68051231Ssheldonh esac 68151231Ssheldonh unset stash_flag 68251231Ssheldonh ;; 68351231Ssheldonh esac 68451231Ssheldonh 68553611Sbrian case ${pppoed_enable} in 68653611Sbrian [Yy][Ee][Ss]) 68753613Sbrian if [ -n "${pppoed_provider}" ]; then 68853611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 68953611Sbrian fi 69053611Sbrian echo -n ' pppoed'; 69153611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 69253611Sbrian ;; 69353611Sbrian esac 69453611Sbrian 69557459Smarkm case ${sshd_enable} in 69657459Smarkm [Yy][Ee][Ss]) 69757567Sjkh if [ ! -f /etc/ssh/ssh_host_key ]; then 69860578Skris echo ' creating ssh RSA host key'; 69957567Sjkh /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 70057567Sjkh fi 70160578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 70260578Skris echo ' creating ssh DSA host key'; 70360578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 70460578Skris fi 70560578Skris ;; 70657459Smarkm esac 70757459Smarkm 70851231Ssheldonh echo '.' 70951231Ssheldonh network_pass3_done=YES 71025184Sjkh} 71153314Sache 71253314Sachenetwork_pass4() { 71353314Sache echo -n 'Additional TCP options:' 71453314Sache case ${log_in_vain} in 71553314Sache [Nn][Oo] | '') 71653314Sache ;; 71753314Sache *) 71853314Sache echo -n ' log_in_vain=YES' 71953314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 72053314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 72153314Sache ;; 72253314Sache esac 72353314Sache 72453314Sache echo '.' 72553314Sache network_pass4_done=YES 72653314Sache} 72765532Snectar 72865532Snectarconvert_host_conf() { 72965532Snectar host_conf=$1; shift; 73065532Snectar nsswitch_conf=$1; shift; 73165532Snectar awk ' \ 73265532Snectar /^[:blank:]*#/ { next } \ 73365532Snectar /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 73465532Snectar /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 73565532Snectar /nis/ { nsswitch[c] = "nis"; c++; next } \ 73665532Snectar { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 73765532Snectar END { \ 73865532Snectar printf "hosts: "; \ 73965532Snectar for (i in nsswitch) printf "%s ", nsswitch[i]; \ 74065532Snectar printf "\n"; \ 74165532Snectar }' < $host_conf > $nsswitch_conf 74265532Snectar} 74365532Snectar 744