routing revision 64731
1249259Sdim#!/bin/sh - 2249259Sdim# 3249259Sdim# $FreeBSD: head/etc/rc.d/routing 64731 2000-08-16 23:08:28Z jhb $ 4249259Sdim# From: @(#)netstart 5.9 (Berkeley) 3/30/91 5249259Sdim 6249259Sdim# Note that almost all of the user-configurable behavior is no longer in 7249259Sdim# this file, but rather in /etc/defaults/rc.conf. Please check that file 8249259Sdim# first before contemplating any changes here. If you do need to change 9249259Sdim# this file for some reason, we would like to know about it. 10249259Sdim 11249259Sdim# First pass startup stuff. 12249259Sdim# 13249259Sdimnetwork_pass1() { 14249259Sdim echo -n 'Doing initial network setup:' 15249259Sdim 16249259Sdim # Set the host name if it is not already set 17249259Sdim # 18249259Sdim if [ -z "`hostname -s`" ]; then 19249259Sdim hostname ${hostname} 20249259Sdim echo -n ' hostname' 21249259Sdim fi 22249259Sdim 23249259Sdim # Set the domainname if we're using NIS 24249259Sdim # 25249259Sdim case ${nisdomainname} in 26249259Sdim [Nn][Oo] | '') 27249259Sdim ;; 28249259Sdim *) 29251662Sdim domainname ${nisdomainname} 30249259Sdim echo -n ' domain' 31249259Sdim ;; 32249259Sdim esac 33249259Sdim 34249259Sdim echo '.' 35249259Sdim 36249259Sdim # Initial ATM interface configuration 37249259Sdim # 38249259Sdim case ${atm_enable} in 39249259Sdim [Yy][Ee][Ss]) 40249259Sdim if [ -r /etc/rc.atm ]; then 41249259Sdim . /etc/rc.atm 42249259Sdim atm_pass1 43249259Sdim fi 44249259Sdim ;; 45249259Sdim esac 46249259Sdim 47249259Sdim # Special options for sppp(4) interfaces go here. These need 48249259Sdim # to go _before_ the general ifconfig section, since in the case 49249259Sdim # of hardwired (no link1 flag) but required authentication, you 50249259Sdim # cannot pass auth parameters down to the already running interface. 51249259Sdim # 52249259Sdim for ifn in ${sppp_interfaces}; do 53249259Sdim eval spppcontrol_args=\$spppconfig_${ifn} 54249259Sdim if [ -n "${spppcontrol_args}" ]; then 55249259Sdim # The auth secrets might contain spaces; in order 56249259Sdim # to retain the quotation, we need to eval them 57249259Sdim # here. 58249259Sdim eval spppcontrol ${ifn} ${spppcontrol_args} 59249259Sdim fi 60249259Sdim done 61249259Sdim 62249259Sdim # Set up all the network interfaces, calling startup scripts if needed 63249259Sdim # 64249259Sdim case ${network_interfaces} in 65249259Sdim [Aa][Uu][Tt][Oo]) 66249259Sdim network_interfaces="`ifconfig -l`" 67249259Sdim ;; 68249259Sdim esac 69249259Sdim 70249259Sdim dhcp_interfaces="" 71249259Sdim for ifn in ${network_interfaces}; do 72249259Sdim if [ -r /etc/start_if.${ifn} ]; then 73249259Sdim . /etc/start_if.${ifn} 74249259Sdim eval showstat_$ifn=1 75249259Sdim fi 76249259Sdim 77249259Sdim # Do the primary ifconfig if specified 78249259Sdim # 79249259Sdim eval ifconfig_args=\$ifconfig_${ifn} 80249259Sdim 81249259Sdim case ${ifconfig_args} in 82249259Sdim '') 83249259Sdim ;; 84249259Sdim [Dd][Hh][Cc][Pp]) 85249259Sdim # DHCP inits are done all in one go below 86249259Sdim dhcp_interfaces="$dhcp_interfaces $ifn" 87249259Sdim eval showstat_$ifn=1 88249259Sdim ;; 89249259Sdim *) 90249259Sdim ifconfig ${ifn} ${ifconfig_args} 91249259Sdim eval showstat_$ifn=1 92249259Sdim ;; 93249259Sdim esac 94249259Sdim done 95249259Sdim 96249259Sdim if [ ! -z "${dhcp_interfaces}" ]; then 97249259Sdim ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 98249259Sdim fi 99249259Sdim 100249259Sdim for ifn in ${network_interfaces}; do 101249259Sdim # Check to see if aliases need to be added 102249259Sdim # 103249259Sdim alias=0 104249259Sdim while : ; do 105249259Sdim eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 106249259Sdim if [ -n "${ifconfig_args}" ]; then 107249259Sdim ifconfig ${ifn} ${ifconfig_args} alias 108249259Sdim eval showstat_$ifn=1 109249259Sdim alias=`expr ${alias} + 1` 110249259Sdim else 111249259Sdim break; 112249259Sdim fi 113249259Sdim done 114249259Sdim 115249259Sdim # Do ipx address if specified 116249259Sdim # 117249259Sdim eval ifconfig_args=\$ifconfig_${ifn}_ipx 118249259Sdim if [ -n "${ifconfig_args}" ]; then 119249259Sdim ifconfig ${ifn} ${ifconfig_args} 120249259Sdim eval showstat_$ifn=1 121249259Sdim fi 122249259Sdim done 123249259Sdim 124249259Sdim for ifn in ${network_interfaces}; do 125249259Sdim eval showstat=\$showstat_${ifn} 126249259Sdim if [ ! -z ${showstat} ]; then 127249259Sdim ifconfig ${ifn} 128249259Sdim fi 129249259Sdim done 130249259Sdim 131249259Sdim # ISDN subsystem startup 132249259Sdim # 133249259Sdim case ${isdn_enable} in 134249259Sdim [Yy][Ee][Ss]) 135249259Sdim if [ -r /etc/rc.isdn ]; then 136249259Sdim . /etc/rc.isdn 137249259Sdim fi 138249259Sdim ;; 139249259Sdim esac 140251662Sdim 141249259Sdim # Start user ppp if required. This must happen before natd. 142249259Sdim # 143249259Sdim case ${ppp_enable} in 144249259Sdim [Yy][Ee][Ss]) 145249259Sdim # Establish ppp mode. 146249259Sdim # 147249259Sdim if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 148249259Sdim -a "${ppp_mode}" != "dedicated" \ 149249259Sdim -a "${ppp_mode}" != "background" ]; then 150249259Sdim ppp_mode="auto" 151249259Sdim fi 152249259Sdim 153249259Sdim ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 154249259Sdim 155249259Sdim # Switch on NAT mode? 156249259Sdim # 157249259Sdim case ${ppp_nat} in 158249259Sdim [Yy][Ee][Ss]) 159249259Sdim ppp_command="${ppp_command} -nat" 160249259Sdim ;; 161249259Sdim esac 162249259Sdim 163249259Sdim ppp_command="${ppp_command} ${ppp_profile}" 164249259Sdim 165249259Sdim echo -n "Starting ppp as \"${ppp_user}\"" 166249259Sdim su ${ppp_user} -c "exec ${ppp_command}" 167249259Sdim ;; 168249259Sdim esac 169249259Sdim 170249259Sdim # Initialize IP filtering using ipfw 171249259Sdim # 172249259Sdim if /sbin/ipfw -q flush > /dev/null 2>&1; then 173249259Sdim firewall_in_kernel=1 174249259Sdim else 175249259Sdim firewall_in_kernel=0 176249259Sdim fi 177249259Sdim 178249259Sdim case ${firewall_enable} in 179249259Sdim [Yy][Ee][Ss]) 180249259Sdim if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 181249259Sdim firewall_in_kernel=1 182249259Sdim echo "Kernel firewall module loaded." 183249259Sdim elif [ "${firewall_in_kernel}" -eq 0 ]; then 184249259Sdim echo "Warning: firewall kernel module failed to load." 185249259Sdim fi 186249259Sdim ;; 187249259Sdim esac 188249259Sdim 189249259Sdim # Load the filters if required 190249259Sdim # 191249259Sdim case ${firewall_in_kernel} in 192249259Sdim 1) 193249259Sdim if [ -z "${firewall_script}" ]; then 194249259Sdim firewall_script=/etc/rc.firewall 195249259Sdim fi 196249259Sdim 197249259Sdim case ${firewall_enable} in 198249259Sdim [Yy][Ee][Ss]) 199249259Sdim if [ -r "${firewall_script}" ]; then 200249259Sdim . "${firewall_script}" 201249259Sdim echo -n 'Firewall rules loaded, starting divert daemons:' 202249259Sdim 203249259Sdim # Network Address Translation daemon 204249259Sdim # 205249259Sdim case ${natd_enable} in 206249259Sdim [Yy][Ee][Ss]) 207249259Sdim if [ -n "${natd_interface}" ]; then 208249259Sdim if echo ${natd_interface} | \ 209249259Sdim grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 210249259Sdim natd_ifarg="-a ${natd_interface}" 211249259Sdim else 212249259Sdim natd_ifarg="-n ${natd_interface}" 213249259Sdim fi 214249259Sdim 215249259Sdim echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 216249259Sdim fi 217249259Sdim ;; 218249259Sdim esac 219249259Sdim 220249259Sdim echo '.' 221249259Sdim 222249259Sdim elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 223249259Sdim echo -n "Warning: kernel has firewall functionality, " 224249259Sdim echo "but firewall rules are not enabled." 225249259Sdim echo " All ip services are disabled." 226249259Sdim fi 227249259Sdim 228249259Sdim case ${firewall_logging} in 229249259Sdim [Yy][Ee][Ss] | '') 230249259Sdim echo 'Firewall logging=YES' 231249259Sdim sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 232249259Sdim ;; 233249259Sdim *) 234249259Sdim ;; 235249259Sdim esac 236249259Sdim 237249259Sdim ;; 238249259Sdim esac 239249259Sdim ;; 240249259Sdim esac 241249259Sdim 242249259Sdim # Additional ATM interface configuration 243249259Sdim # 244249259Sdim if [ -n "${atm_pass1_done}" ]; then 245249259Sdim atm_pass2 246249259Sdim fi 247249259Sdim 248249259Sdim # Configure routing 249249259Sdim # 250249259Sdim case ${defaultrouter} in 251249259Sdim [Nn][Oo] | '') 252249259Sdim ;; 253249259Sdim *) 254249259Sdim static_routes="default ${static_routes}" 255249259Sdim route_default="default ${defaultrouter}" 256249259Sdim ;; 257249259Sdim esac 258249259Sdim 259249259Sdim # Set up any static routes. This should be done before router discovery. 260249259Sdim # 261249259Sdim if [ -n "${static_routes}" ]; then 262249259Sdim for i in ${static_routes}; do 263249259Sdim eval route_args=\$route_${i} 264249259Sdim route add ${route_args} 265249259Sdim done 266249259Sdim fi 267249259Sdim 268249259Sdim echo -n 'Additional routing options:' 269249259Sdim case ${tcp_extensions} in 270249259Sdim [Yy][Ee][Ss] | '') 271249259Sdim ;; 272249259Sdim *) 273249259Sdim echo -n ' tcp extensions=NO' 274249259Sdim sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 275249259Sdim ;; 276249259Sdim esac 277249259Sdim 278249259Sdim case ${icmp_bmcastecho} in 279249259Sdim [Yy][Ee][Ss]) 280249259Sdim echo -n ' broadcast ping responses=YES' 281249259Sdim sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 282249259Sdim ;; 283249259Sdim esac 284249259Sdim 285249259Sdim case ${icmp_drop_redirect} in 286249259Sdim [Yy][Ee][Ss]) 287249259Sdim echo -n ' ignore ICMP redirect=YES' 288249259Sdim sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 289249259Sdim ;; 290249259Sdim esac 291249259Sdim 292249259Sdim case ${icmp_log_redirect} in 293249259Sdim [Yy][Ee][Ss]) 294249259Sdim echo -n ' log ICMP redirect=YES' 295249259Sdim sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 296249259Sdim ;; 297249259Sdim esac 298249259Sdim 299249259Sdim case ${gateway_enable} in 300249259Sdim [Yy][Ee][Ss]) 301249259Sdim echo -n ' IP gateway=YES' 302249259Sdim sysctl -w net.inet.ip.forwarding=1 >/dev/null 303249259Sdim ;; 304249259Sdim esac 305249259Sdim 306249259Sdim case ${forward_sourceroute} in 307249259Sdim [Yy][Ee][Ss]) 308249259Sdim echo -n ' do source routing=YES' 309249259Sdim sysctl -w net.inet.ip.sourceroute=1 >/dev/null 310249259Sdim ;; 311249259Sdim esac 312249259Sdim 313249259Sdim case ${accept_sourceroute} in 314249259Sdim [Yy][Ee][Ss]) 315249259Sdim echo -n ' accept source routing=YES' 316249259Sdim sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 317249259Sdim ;; 318249259Sdim esac 319249259Sdim 320249259Sdim case ${tcp_keepalive} in 321249259Sdim [Yy][Ee][Ss]) 322249259Sdim echo -n ' TCP keepalive=YES' 323249259Sdim sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 324249259Sdim ;; 325249259Sdim esac 326249259Sdim 327249259Sdim case ${tcp_restrict_rst} in 328249259Sdim [Yy][Ee][Ss]) 329249259Sdim echo -n ' restrict TCP reset=YES' 330249259Sdim sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 331249259Sdim ;; 332249259Sdim esac 333249259Sdim 334249259Sdim case ${tcp_drop_synfin} in 335249259Sdim [Yy][Ee][Ss]) 336249259Sdim echo -n ' drop SYN+FIN packets=YES' 337249259Sdim sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 338249259Sdim ;; 339249259Sdim esac 340249259Sdim 341249259Sdim case ${ipxgateway_enable} in 342249259Sdim [Yy][Ee][Ss]) 343249259Sdim echo -n ' IPX gateway=YES' 344249259Sdim sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 345249259Sdim ;; 346249259Sdim esac 347249259Sdim 348249259Sdim case ${arpproxy_all} in 349249259Sdim [Yy][Ee][Ss]) 350249259Sdim echo -n ' ARP proxyall=YES' 351249259Sdim sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 352249259Sdim ;; 353249259Sdim esac 354249259Sdim 355249259Sdim case ${ip_portrange_first} in 356251662Sdim [Nn][Oo] | '') 357249259Sdim ;; 358249259Sdim *) 359249259Sdim echo -n ' ip_portrange_first=$ip_portrange_first' 360249259Sdim sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 361249259Sdim ;; 362249259Sdim esac 363249259Sdim 364249259Sdim case ${ip_portrange_last} in 365249259Sdim [Nn][Oo] | '') 366249259Sdim ;; 367249259Sdim *) 368249259Sdim echo -n ' ip_portrange_last=$ip_portrange_last' 369249259Sdim sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 370249259Sdim ;; 371249259Sdim esac 372249259Sdim 373249259Sdim echo '.' 374249259Sdim 375249259Sdim case ${ipsec_enable} in 376249259Sdim [Yy][Ee][Ss]) 377249259Sdim if [ -f ${ipsec_file} ]; then 378249259Sdim echo ' ipsec: enabled' 379249259Sdim setkey -f ${ipsec_file} 380249259Sdim else 381249259Sdim echo ' ipsec: file not found' 382249259Sdim fi 383249259Sdim ;; 384249259Sdim esac 385249259Sdim 386249259Sdim echo -n 'routing daemons:' 387249259Sdim case ${router_enable} in 388249259Sdim [Yy][Ee][Ss]) 389249259Sdim echo -n " ${router}"; ${router} ${router_flags} 390249259Sdim ;; 391249259Sdim esac 392249259Sdim 393249259Sdim case ${ipxrouted_enable} in 394249259Sdim [Yy][Ee][Ss]) 395249259Sdim echo -n ' IPXrouted' 396249259Sdim IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 397249259Sdim ;; 398249259Sdim esac 399249259Sdim 400249259Sdim case ${mrouted_enable} in 401249259Sdim [Yy][Ee][Ss]) 402249259Sdim echo -n ' mrouted'; mrouted ${mrouted_flags} 403249259Sdim ;; 404249259Sdim esac 405249259Sdim 406249259Sdim case ${rarpd_enable} in 407249259Sdim [Yy][Ee][Ss]) 408249259Sdim echo -n ' rarpd'; rarpd ${rarpd_flags} 409249259Sdim ;; 410249259Sdim esac 411249259Sdim echo '.' 412249259Sdim 413249259Sdim # Let future generations know we made it. 414251662Sdim # 415249259Sdim network_pass1_done=YES 416249259Sdim} 417249259Sdim 418249259Sdimnetwork_pass2() { 419249259Sdim echo -n 'Doing additional network setup:' 420249259Sdim case ${named_enable} in 421249259Sdim [Yy][Ee][Ss]) 422249259Sdim echo -n ' named'; ${named_program:-named} ${named_flags} 423249259Sdim ;; 424249259Sdim esac 425249259Sdim 426249259Sdim case ${ntpdate_enable} in 427249259Sdim [Yy][Ee][Ss]) 428249259Sdim echo -n ' ntpdate' 429249259Sdim ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 430249259Sdim ;; 431249259Sdim esac 432249259Sdim 433249259Sdim case ${xntpd_enable} in 434249259Sdim [Yy][Ee][Ss]) 435249259Sdim echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 436249259Sdim ;; 437249259Sdim esac 438249259Sdim 439249259Sdim case ${timed_enable} in 440249259Sdim [Yy][Ee][Ss]) 441249259Sdim echo -n ' timed'; timed ${timed_flags} 442249259Sdim ;; 443249259Sdim esac 444249259Sdim 445249259Sdim case ${portmap_enable} in 446249259Sdim [Yy][Ee][Ss]) 447249259Sdim echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 448249259Sdim ;; 449249259Sdim esac 450249259Sdim 451249259Sdim # Start ypserv if we're an NIS server. 452249259Sdim # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 453249259Sdim # 454249259Sdim case ${nis_server_enable} in 455249259Sdim [Yy][Ee][Ss]) 456249259Sdim echo -n ' ypserv'; ypserv ${nis_server_flags} 457251662Sdim 458249259Sdim case ${nis_ypxfrd_enable} in 459249259Sdim [Yy][Ee][Ss]) 460249259Sdim echo -n ' rpc.ypxfrd' 461249259Sdim rpc.ypxfrd ${nis_ypxfrd_flags} 462249259Sdim ;; 463249259Sdim esac 464249259Sdim 465249259Sdim case ${nis_yppasswdd_enable} in 466249259Sdim [Yy][Ee][Ss]) 467249259Sdim echo -n ' rpc.yppasswdd' 468249259Sdim rpc.yppasswdd ${nis_yppasswdd_flags} 469249259Sdim ;; 470249259Sdim esac 471249259Sdim ;; 472249259Sdim esac 473249259Sdim 474249259Sdim # Start ypbind if we're an NIS client 475249259Sdim # 476249259Sdim case ${nis_client_enable} in 477249259Sdim [Yy][Ee][Ss]) 478249259Sdim echo -n ' ypbind'; ypbind ${nis_client_flags} 479249259Sdim case ${nis_ypset_enable} in 480249259Sdim [Yy][Ee][Ss]) 481249259Sdim echo -n ' ypset'; ypset ${nis_ypset_flags} 482249259Sdim ;; 483249259Sdim esac 484249259Sdim ;; 485249259Sdim esac 486249259Sdim 487249259Sdim # Start keyserv if we are running Secure RPC 488251662Sdim # 489249259Sdim case ${keyserv_enable} in 490249259Sdim [Yy][Ee][Ss]) 491249259Sdim echo -n ' keyserv'; keyserv ${keyserv_flags} 492249259Sdim ;; 493249259Sdim esac 494249259Sdim 495249259Sdim # Start ypupdated if we are running Secure RPC and we are NIS master 496249259Sdim # 497249259Sdim case ${rpc_ypupdated_enable} in 498249259Sdim [Yy][Ee][Ss]) 499249259Sdim echo -n ' rpc.ypupdated'; rpc.ypupdated 500249259Sdim ;; 501249259Sdim esac 502249259Sdim 503249259Sdim # Start ATM daemons 504249259Sdim if [ -n "${atm_pass2_done}" ]; then 505249259Sdim atm_pass3 506251662Sdim fi 507249259Sdim 508249259Sdim echo '.' 509249259Sdim network_pass2_done=YES 510249259Sdim} 511249259Sdim 512249259Sdimnetwork_pass3() { 513249259Sdim echo -n 'Starting final network daemons:' 514249259Sdim 515249259Sdim case ${nfs_server_enable} in 516249259Sdim [Yy][Ee][Ss]) 517249259Sdim if [ -r /etc/exports ]; then 518249259Sdim echo -n ' mountd' 519249259Sdim 520249259Sdim case ${weak_mountd_authentication} in 521249259Sdim [Yy][Ee][Ss]) 522249259Sdim mountd_flags="${mountd_flags} -n" 523249259Sdim ;; 524249259Sdim esac 525249259Sdim 526249259Sdim mountd ${mountd_flags} 527249259Sdim 528249259Sdim case ${nfs_reserved_port_only} in 529249259Sdim [Yy][Ee][Ss]) 530249259Sdim echo -n ' NFS on reserved port only=YES' 531249259Sdim sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 532249259Sdim ;; 533249259Sdim esac 534249259Sdim 535249259Sdim echo -n ' nfsd'; nfsd ${nfs_server_flags} 536249259Sdim 537249259Sdim if [ -n "${nfs_bufpackets}" ]; then 538249259Sdim sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 539249259Sdim > /dev/null 540249259Sdim fi 541249259Sdim 542249259Sdim case ${rpc_lockd_enable} in 543249259Sdim [Yy][Ee][Ss]) 544249259Sdim echo -n ' rpc.lockd'; rpc.lockd 545249259Sdim ;; 546249259Sdim esac 547249259Sdim 548249259Sdim case ${rpc_statd_enable} in 549249259Sdim [Yy][Ee][Ss]) 550249259Sdim echo -n ' rpc.statd'; rpc.statd 551249259Sdim ;; 552249259Sdim esac 553249259Sdim fi 554249259Sdim ;; 555249259Sdim *) 556249259Sdim case ${single_mountd_enable} in 557249259Sdim [Yy][Ee][Ss]) 558249259Sdim if [ -r /etc/exports ]; then 559249259Sdim echo -n ' mountd' 560249259Sdim 561249259Sdim case ${weak_mountd_authentication} in 562249259Sdim [Yy][Ee][Ss]) 563249259Sdim mountd_flags="-n" 564249259Sdim ;; 565249259Sdim esac 566249259Sdim 567249259Sdim mountd ${mountd_flags} 568249259Sdim fi 569249259Sdim ;; 570249259Sdim esac 571249259Sdim ;; 572249259Sdim esac 573249259Sdim 574249259Sdim case ${nfs_client_enable} in 575249259Sdim [Yy][Ee][Ss]) 576249259Sdim echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 577249259Sdim if [ -n "${nfs_access_cache}" ]; then 578249259Sdim echo -n " NFS access cache time=${nfs_access_cache}" 579249259Sdim sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 580249259Sdim >/dev/null 581249259Sdim fi 582251662Sdim ;; 583249259Sdim esac 584249259Sdim 585249259Sdim # If /var/db/mounttab exists, some nfs-server has not been 586249259Sdim # sucessfully notified about a previous client shutdown. 587249259Sdim # If there is no /var/db/mounttab, we do nothing. 588249259Sdim if [ -f /var/db/mounttab ]; then 589249259Sdim rpc.umntall -k 590249259Sdim fi 591249259Sdim 592249259Sdim case ${amd_enable} in 593249259Sdim [Yy][Ee][Ss]) 594249259Sdim echo -n ' amd' 595249259Sdim case ${amd_map_program} in 596249259Sdim [Nn][Oo] | '') 597249259Sdim ;; 598249259Sdim *) 599249259Sdim amd_flags="${amd_flags} `eval ${amd_map_program}`" 600249259Sdim ;; 601249259Sdim esac 602249259Sdim 603249259Sdim if [ -n "${amd_flags}" ]; then 604249259Sdim amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 605249259Sdim else 606249259Sdim amd 2> /dev/null 607249259Sdim fi 608249259Sdim ;; 609249259Sdim esac 610249259Sdim 611249259Sdim case ${rwhod_enable} in 612249259Sdim [Yy][Ee][Ss]) 613249259Sdim echo -n ' rwhod'; rwhod ${rwhod_flags} 614249259Sdim ;; 615249259Sdim esac 616249259Sdim 617249259Sdim # Kerberos runs ONLY on the Kerberos server machine 618249259Sdim case ${kerberos_server_enable} in 619249259Sdim [Yy][Ee][Ss]) 620249259Sdim case ${kerberos_stash} in 621249259Sdim [Yy][Ee][Ss]) 622249259Sdim stash_flag=-n 623249259Sdim ;; 624249259Sdim *) 625249259Sdim stash_flag= 626249259Sdim ;; 627249259Sdim esac 628249259Sdim 629249259Sdim echo -n ' kerberos' 630249259Sdim kerberos ${stash_flag} >> /var/log/kerberos.log & 631249259Sdim 632249259Sdim case ${kadmind_server_enable} in 633249259Sdim [Yy][Ee][Ss]) 634249259Sdim echo -n ' kadmind' 635249259Sdim (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 636249259Sdim ;; 637249259Sdim esac 638249259Sdim unset stash_flag 639249259Sdim ;; 640249259Sdim esac 641249259Sdim 642249259Sdim case ${pppoed_enable} in 643249259Sdim [Yy][Ee][Ss]) 644249259Sdim if [ -n "${pppoed_provider}" ]; then 645249259Sdim pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 646249259Sdim fi 647249259Sdim echo -n ' pppoed'; 648249259Sdim /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 649249259Sdim ;; 650249259Sdim esac 651249259Sdim 652249259Sdim case ${sshd_enable} in 653249259Sdim [Yy][Ee][Ss]) 654249259Sdim if [ ! -f /etc/ssh/ssh_host_key ]; then 655249259Sdim echo ' creating ssh RSA host key'; 656249259Sdim /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 657249259Sdim fi 658249259Sdim if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 659249259Sdim echo ' creating ssh DSA host key'; 660249259Sdim /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 661249259Sdim fi 662249259Sdim ;; 663249259Sdim esac 664249259Sdim 665249259Sdim echo '.' 666249259Sdim network_pass3_done=YES 667249259Sdim} 668249259Sdim 669249259Sdimnetwork_pass4() { 670249259Sdim echo -n 'Additional TCP options:' 671249259Sdim case ${log_in_vain} in 672249259Sdim [Nn][Oo] | '') 673249259Sdim ;; 674249259Sdim *) 675249259Sdim echo -n ' log_in_vain=YES' 676249259Sdim sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 677249259Sdim sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 678249259Sdim ;; 679249259Sdim esac 680249259Sdim 681251662Sdim echo '.' 682249259Sdim network_pass4_done=YES 683249259Sdim} 684249259Sdim