routing revision 77651
1214501Srpaulo#!/bin/sh - 2214501Srpaulo# 3289549Srpaulo# Copyright (c) 1993 The FreeBSD Project 4214501Srpaulo# All rights reserved. 5252726Srpaulo# 6252726Srpaulo# Redistribution and use in source and binary forms, with or without 7214501Srpaulo# modification, are permitted provided that the following conditions 8214501Srpaulo# are met: 9214501Srpaulo# 1. Redistributions of source code must retain the above copyright 10214501Srpaulo# notice, this list of conditions and the following disclaimer. 11214501Srpaulo# 2. Redistributions in binary form must reproduce the above copyright 12214501Srpaulo# notice, this list of conditions and the following disclaimer in the 13214501Srpaulo# documentation and/or other materials provided with the distribution. 14214501Srpaulo# 15289549Srpaulo# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16252726Srpaulo# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17252726Srpaulo# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18289549Srpaulo# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19214501Srpaulo# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20281806Srpaulo# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21281806Srpaulo# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22281806Srpaulo# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23281806Srpaulo# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24281806Srpaulo# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25281806Srpaulo# SUCH DAMAGE. 26281806Srpaulo# 27281806Srpaulo# $FreeBSD: head/etc/rc.d/routing 77651 2001-06-03 12:26:56Z brian $ 28281806Srpaulo# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29281806Srpaulo# 30281806Srpaulo 31281806Srpaulo# Note that almost all of the user-configurable behavior is no longer in 32281806Srpaulo# this file, but rather in /etc/defaults/rc.conf. Please check that file 33281806Srpaulo# first before contemplating any changes here. If you do need to change 34281806Srpaulo# this file for some reason, we would like to know about it. 35281806Srpaulo 36289549Srpaulo# First pass startup stuff. 37289549Srpaulo# 38281806Srpaulonetwork_pass1() { 39281806Srpaulo echo -n 'Doing initial network setup:' 40281806Srpaulo 41281806Srpaulo # Convert host.conf to nsswitch.conf if necessary 42281806Srpaulo if [ -f "/etc/host.conf" ]; then 43281806Srpaulo echo '' 44281806Srpaulo echo 'Warning: /etc/host.conf is no longer used' 45281806Srpaulo if [ -f "/etc/nsswitch.conf" ]; then 46281806Srpaulo echo ' /etc/nsswitch.conf will be used instead' 47281806Srpaulo else 48214501Srpaulo echo ' /etc/nsswitch.conf will be created for you' 49214501Srpaulo convert_host_conf /etc/host.conf /etc/nsswitch.conf 50214501Srpaulo fi 51214501Srpaulo fi 52214501Srpaulo 53214501Srpaulo # Set the host name if it is not already set 54214501Srpaulo # 55214501Srpaulo if [ -z "`hostname -s`" ]; then 56214501Srpaulo hostname ${hostname} 57214501Srpaulo echo -n ' hostname' 58214501Srpaulo fi 59214501Srpaulo 60214501Srpaulo # Establish ipfilter ruleset as early as possible (best in 61214501Srpaulo # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 62214501Srpaulo # 63214501Srpaulo case "${ipfilter_enable}" in 64214501Srpaulo [Yy][Ee][Ss]) 65214501Srpaulo if [ -r "${ipfilter_rules}" ]; then 66214501Srpaulo echo -n ' ipfilter'; 67214501Srpaulo ${ipfilter_program:-/sbin/ipf -Fa -f} \ 68214501Srpaulo "${ipfilter_rules}" ${ipfilter_flags} 69214501Srpaulo case "${ipmon_enable}" in 70214501Srpaulo [Yy][Ee][Ss]) 71214501Srpaulo echo -n ' ipmon' 72214501Srpaulo ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 73214501Srpaulo ;; 74214501Srpaulo esac 75214501Srpaulo case "${ipnat_enable}" in 76281806Srpaulo [Yy][Ee][Ss]) 77281806Srpaulo if [ -r "${ipnat_rules}" ]; then 78214501Srpaulo echo -n ' ipnat'; 79214501Srpaulo eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 80214501Srpaulo "${ipnat_rules}" ${ipnat_flags} 81289549Srpaulo else 82214501Srpaulo echo -n ' NO IPNAT RULES' 83252726Srpaulo fi 84252726Srpaulo ;; 85281806Srpaulo esac 86281806Srpaulo else 87214501Srpaulo ipfilter_enable="NO" 88214501Srpaulo echo -n ' NO IPF RULES' 89214501Srpaulo fi 90214501Srpaulo ;; 91214501Srpaulo esac 92214501Srpaulo 93214501Srpaulo # Set the domainname if we're using NIS 94214501Srpaulo # 95214501Srpaulo case ${nisdomainname} in 96214501Srpaulo [Nn][Oo] | '') 97214501Srpaulo ;; 98214501Srpaulo *) 99214501Srpaulo domainname ${nisdomainname} 100214501Srpaulo echo -n ' domain' 101252726Srpaulo ;; 102252726Srpaulo esac 103252726Srpaulo 104252726Srpaulo echo '.' 105214501Srpaulo 106214501Srpaulo # Initial ATM interface configuration 107214501Srpaulo # 108214501Srpaulo case ${atm_enable} in 109214501Srpaulo [Yy][Ee][Ss]) 110214501Srpaulo if [ -r /etc/rc.atm ]; then 111214501Srpaulo . /etc/rc.atm 112214501Srpaulo atm_pass1 113214501Srpaulo fi 114214501Srpaulo ;; 115214501Srpaulo esac 116214501Srpaulo 117289549Srpaulo # Special options for sppp(4) interfaces go here. These need 118214501Srpaulo # to go _before_ the general ifconfig section, since in the case 119214501Srpaulo # of hardwired (no link1 flag) but required authentication, you 120214501Srpaulo # cannot pass auth parameters down to the already running interface. 121214501Srpaulo # 122214501Srpaulo for ifn in ${sppp_interfaces}; do 123214501Srpaulo eval spppcontrol_args=\$spppconfig_${ifn} 124214501Srpaulo if [ -n "${spppcontrol_args}" ]; then 125214501Srpaulo # The auth secrets might contain spaces; in order 126214501Srpaulo # to retain the quotation, we need to eval them 127252726Srpaulo # here. 128252726Srpaulo eval spppcontrol ${ifn} ${spppcontrol_args} 129252726Srpaulo fi 130252726Srpaulo done 131252726Srpaulo 132214501Srpaulo # gifconfig 133214501Srpaulo network_gif_setup 134214501Srpaulo 135214501Srpaulo # Set up all the network interfaces, calling startup scripts if needed 136214501Srpaulo # 137281806Srpaulo case ${network_interfaces} in 138214501Srpaulo [Aa][Uu][Tt][Oo]) 139214501Srpaulo network_interfaces="`ifconfig -l`" 140214501Srpaulo ;; 141214501Srpaulo esac 142214501Srpaulo 143214501Srpaulo dhcp_interfaces="" 144214501Srpaulo for ifn in ${network_interfaces}; do 145214501Srpaulo if [ -r /etc/start_if.${ifn} ]; then 146214501Srpaulo . /etc/start_if.${ifn} 147252726Srpaulo eval showstat_$ifn=1 148214501Srpaulo fi 149214501Srpaulo 150214501Srpaulo # Do the primary ifconfig if specified 151214501Srpaulo # 152214501Srpaulo eval ifconfig_args=\$ifconfig_${ifn} 153214501Srpaulo 154214501Srpaulo case ${ifconfig_args} in 155281806Srpaulo '') 156281806Srpaulo ;; 157214501Srpaulo [Dd][Hh][Cc][Pp]) 158281806Srpaulo # DHCP inits are done all in one go below 159214501Srpaulo dhcp_interfaces="$dhcp_interfaces $ifn" 160214501Srpaulo eval showstat_$ifn=1 161252726Srpaulo ;; 162252726Srpaulo *) 163252726Srpaulo ifconfig ${ifn} ${ifconfig_args} 164252726Srpaulo eval showstat_$ifn=1 165252726Srpaulo ;; 166214501Srpaulo esac 167214501Srpaulo done 168252726Srpaulo 169252726Srpaulo if [ ! -z "${dhcp_interfaces}" ]; then 170214501Srpaulo ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 171214501Srpaulo fi 172214501Srpaulo 173214501Srpaulo for ifn in ${network_interfaces}; do 174214501Srpaulo # Check to see if aliases need to be added 175214501Srpaulo # 176214501Srpaulo alias=0 177252726Srpaulo while : ; do 178252726Srpaulo eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 179252726Srpaulo if [ -n "${ifconfig_args}" ]; then 180252726Srpaulo ifconfig ${ifn} ${ifconfig_args} alias 181252726Srpaulo eval showstat_$ifn=1 182252726Srpaulo alias=`expr ${alias} + 1` 183214501Srpaulo else 184214501Srpaulo break; 185252726Srpaulo fi 186252726Srpaulo done 187252726Srpaulo 188252726Srpaulo # Do ipx address if specified 189252726Srpaulo # 190214501Srpaulo eval ifconfig_args=\$ifconfig_${ifn}_ipx 191252726Srpaulo if [ -n "${ifconfig_args}" ]; then 192252726Srpaulo ifconfig ${ifn} ${ifconfig_args} 193252726Srpaulo eval showstat_$ifn=1 194252726Srpaulo fi 195252726Srpaulo done 196252726Srpaulo 197252726Srpaulo for ifn in ${network_interfaces}; do 198252726Srpaulo eval showstat=\$showstat_${ifn} 199252726Srpaulo if [ ! -z ${showstat} ]; then 200252726Srpaulo ifconfig ${ifn} 201252726Srpaulo fi 202252726Srpaulo done 203252726Srpaulo 204252726Srpaulo # ISDN subsystem startup 205252726Srpaulo # 206252726Srpaulo case ${isdn_enable} in 207252726Srpaulo [Yy][Ee][Ss]) 208214501Srpaulo if [ -r /etc/rc.isdn ]; then 209214501Srpaulo . /etc/rc.isdn 210214501Srpaulo fi 211214501Srpaulo ;; 212214501Srpaulo esac 213214501Srpaulo 214281806Srpaulo # Start user ppp if required. This must happen before natd. 215252726Srpaulo # 216214501Srpaulo case ${ppp_enable} in 217214501Srpaulo [Yy][Ee][Ss]) 218214501Srpaulo # Establish ppp mode. 219214501Srpaulo # 220214501Srpaulo if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 221214501Srpaulo -a "${ppp_mode}" != "dedicated" \ 222214501Srpaulo -a "${ppp_mode}" != "background" ]; then 223214501Srpaulo ppp_mode="auto" 224214501Srpaulo fi 225281806Srpaulo 226214501Srpaulo ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 227214501Srpaulo 228214501Srpaulo # Switch on NAT mode? 229214501Srpaulo # 230214501Srpaulo case ${ppp_nat} in 231214501Srpaulo [Yy][Ee][Ss]) 232252726Srpaulo ppp_command="${ppp_command} -nat" 233214501Srpaulo ;; 234281806Srpaulo esac 235214501Srpaulo 236214501Srpaulo ppp_command="${ppp_command} ${ppp_profile}" 237214501Srpaulo 238214501Srpaulo echo -n "Starting ppp as \"${ppp_user}\"" 239252726Srpaulo su -m ${ppp_user} -c "exec ${ppp_command}" 240252726Srpaulo ;; 241252726Srpaulo esac 242252726Srpaulo 243252726Srpaulo # Initialize IP filtering using ipfw 244252726Srpaulo # 245252726Srpaulo if /sbin/ipfw -q flush > /dev/null 2>&1; then 246252726Srpaulo firewall_in_kernel=1 247252726Srpaulo else 248214501Srpaulo firewall_in_kernel=0 249214501Srpaulo fi 250214501Srpaulo 251214501Srpaulo case ${firewall_enable} in 252214501Srpaulo [Yy][Ee][Ss]) 253214501Srpaulo if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 254214501Srpaulo firewall_in_kernel=1 255214501Srpaulo echo 'Kernel firewall module loaded' 256214501Srpaulo elif [ "${firewall_in_kernel}" -eq 0 ]; then 257214501Srpaulo echo 'Warning: firewall kernel module failed to load' 258214501Srpaulo fi 259214501Srpaulo ;; 260214501Srpaulo esac 261281806Srpaulo 262281806Srpaulo # Load the filters if required 263214501Srpaulo # 264214501Srpaulo case ${firewall_in_kernel} in 265214501Srpaulo 1) 266214501Srpaulo if [ -z "${firewall_script}" ]; then 267214501Srpaulo firewall_script=/etc/rc.firewall 268214501Srpaulo fi 269214501Srpaulo 270214501Srpaulo case ${firewall_enable} in 271214501Srpaulo [Yy][Ee][Ss]) 272214501Srpaulo if [ -r "${firewall_script}" ]; then 273214501Srpaulo . "${firewall_script}" 274214501Srpaulo echo -n 'Firewall rules loaded, starting divert daemons:' 275214501Srpaulo 276214501Srpaulo # Network Address Translation daemon 277214501Srpaulo # 278252726Srpaulo case ${natd_enable} in 279281806Srpaulo [Yy][Ee][Ss]) 280214501Srpaulo if [ -n "${natd_interface}" ]; then 281214501Srpaulo if echo ${natd_interface} | \ 282214501Srpaulo grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 283214501Srpaulo natd_ifarg="-a ${natd_interface}" 284214501Srpaulo else 285214501Srpaulo natd_ifarg="-n ${natd_interface}" 286214501Srpaulo fi 287214501Srpaulo 288281806Srpaulo echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 289214501Srpaulo fi 290214501Srpaulo ;; 291214501Srpaulo esac 292214501Srpaulo 293214501Srpaulo echo '.' 294252726Srpaulo 295252726Srpaulo elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 296252726Srpaulo echo 'Warning: kernel has firewall functionality,' \ 297252726Srpaulo 'but firewall rules are not enabled.' 298252726Srpaulo echo ' All ip services are disabled.' 299214501Srpaulo fi 300214501Srpaulo 301214501Srpaulo case ${firewall_logging} in 302214501Srpaulo [Yy][Ee][Ss] | '') 303214501Srpaulo echo 'Firewall logging=YES' 304214501Srpaulo sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 305214501Srpaulo ;; 306214501Srpaulo *) 307214501Srpaulo ;; 308214501Srpaulo esac 309214501Srpaulo 310214501Srpaulo ;; 311214501Srpaulo esac 312214501Srpaulo ;; 313214501Srpaulo esac 314214501Srpaulo 315214501Srpaulo # Additional ATM interface configuration 316214501Srpaulo # 317214501Srpaulo if [ -n "${atm_pass1_done}" ]; then 318214501Srpaulo atm_pass2 319252726Srpaulo fi 320214501Srpaulo 321214501Srpaulo # Configure routing 322214501Srpaulo # 323214501Srpaulo case ${defaultrouter} in 324214501Srpaulo [Nn][Oo] | '') 325214501Srpaulo ;; 326214501Srpaulo *) 327214501Srpaulo static_routes="default ${static_routes}" 328214501Srpaulo route_default="default ${defaultrouter}" 329214501Srpaulo ;; 330214501Srpaulo esac 331214501Srpaulo 332214501Srpaulo # Set up any static routes. This should be done before router discovery. 333289549Srpaulo # 334281806Srpaulo if [ -n "${static_routes}" ]; then 335214501Srpaulo for i in ${static_routes}; do 336281806Srpaulo eval route_args=\$route_${i} 337214501Srpaulo route add ${route_args} 338214501Srpaulo done 339214501Srpaulo fi 340214501Srpaulo 341214501Srpaulo echo -n 'Additional routing options:' 342214501Srpaulo case ${tcp_extensions} in 343214501Srpaulo [Yy][Ee][Ss] | '') 344214501Srpaulo ;; 345214501Srpaulo *) 346252726Srpaulo echo -n ' tcp extensions=NO' 347252726Srpaulo sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 348214501Srpaulo ;; 349214501Srpaulo esac 350214501Srpaulo 351281806Srpaulo case ${icmp_bmcastecho} in 352214501Srpaulo [Yy][Ee][Ss]) 353214501Srpaulo echo -n ' broadcast ping responses=YES' 354214501Srpaulo sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 355214501Srpaulo ;; 356214501Srpaulo esac 357214501Srpaulo 358214501Srpaulo case ${icmp_drop_redirect} in 359214501Srpaulo [Yy][Ee][Ss]) 360214501Srpaulo echo -n ' ignore ICMP redirect=YES' 361214501Srpaulo sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 362214501Srpaulo ;; 363214501Srpaulo esac 364214501Srpaulo 365281806Srpaulo case ${icmp_log_redirect} in 366214501Srpaulo [Yy][Ee][Ss]) 367214501Srpaulo echo -n ' log ICMP redirect=YES' 368214501Srpaulo sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 369214501Srpaulo ;; 370214501Srpaulo esac 371214501Srpaulo 372214501Srpaulo case ${gateway_enable} in 373214501Srpaulo [Yy][Ee][Ss]) 374214501Srpaulo echo -n ' IP gateway=YES' 375214501Srpaulo sysctl -w net.inet.ip.forwarding=1 >/dev/null 376252726Srpaulo ;; 377214501Srpaulo esac 378214501Srpaulo 379214501Srpaulo case ${forward_sourceroute} in 380214501Srpaulo [Yy][Ee][Ss]) 381281806Srpaulo echo -n ' do source routing=YES' 382214501Srpaulo sysctl -w net.inet.ip.sourceroute=1 >/dev/null 383214501Srpaulo ;; 384214501Srpaulo esac 385214501Srpaulo 386214501Srpaulo case ${accept_sourceroute} in 387214501Srpaulo [Yy][Ee][Ss]) 388214501Srpaulo echo -n ' accept source routing=YES' 389214501Srpaulo sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 390252726Srpaulo ;; 391214501Srpaulo esac 392214501Srpaulo 393214501Srpaulo case ${tcp_keepalive} in 394214501Srpaulo [Yy][Ee][Ss]) 395214501Srpaulo echo -n ' TCP keepalive=YES' 396214501Srpaulo sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 397214501Srpaulo ;; 398281806Srpaulo esac 399214501Srpaulo 400214501Srpaulo case ${tcp_drop_synfin} in 401214501Srpaulo [Yy][Ee][Ss]) 402214501Srpaulo echo -n ' drop SYN+FIN packets=YES' 403214501Srpaulo sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 404214501Srpaulo ;; 405214501Srpaulo esac 406214501Srpaulo 407252726Srpaulo case ${ipxgateway_enable} in 408281806Srpaulo [Yy][Ee][Ss]) 409252726Srpaulo echo -n ' IPX gateway=YES' 410252726Srpaulo sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 411252726Srpaulo ;; 412252726Srpaulo esac 413214501Srpaulo 414252726Srpaulo case ${arpproxy_all} in 415281806Srpaulo [Yy][Ee][Ss]) 416252726Srpaulo echo -n ' ARP proxyall=YES' 417252726Srpaulo sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 418252726Srpaulo ;; 419252726Srpaulo esac 420252726Srpaulo 421252726Srpaulo case ${ip_portrange_first} in 422252726Srpaulo [Nn][Oo] | '') 423281806Srpaulo ;; 424281806Srpaulo *) 425281806Srpaulo echo -n " ip_portrange_first=$ip_portrange_first" 426281806Srpaulo sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 427281806Srpaulo ;; 428281806Srpaulo esac 429252726Srpaulo 430252726Srpaulo case ${ip_portrange_last} in 431252726Srpaulo [Nn][Oo] | '') 432252726Srpaulo ;; 433252726Srpaulo *) 434252726Srpaulo echo -n " ip_portrange_last=$ip_portrange_last" 435252726Srpaulo sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 436252726Srpaulo ;; 437252726Srpaulo esac 438252726Srpaulo 439252726Srpaulo echo '.' 440252726Srpaulo 441252726Srpaulo case ${ipsec_enable} in 442252726Srpaulo [Yy][Ee][Ss]) 443252726Srpaulo if [ -f ${ipsec_file} ]; then 444252726Srpaulo echo ' ipsec: enabled' 445252726Srpaulo setkey -f ${ipsec_file} 446252726Srpaulo else 447252726Srpaulo echo ' ipsec: file not found' 448252726Srpaulo fi 449252726Srpaulo ;; 450252726Srpaulo esac 451252726Srpaulo 452252726Srpaulo echo -n 'Routing daemons:' 453252726Srpaulo case ${router_enable} in 454252726Srpaulo [Yy][Ee][Ss]) 455252726Srpaulo echo -n " ${router}"; ${router} ${router_flags} 456252726Srpaulo ;; 457252726Srpaulo esac 458252726Srpaulo 459252726Srpaulo case ${ipxrouted_enable} in 460252726Srpaulo [Yy][Ee][Ss]) 461252726Srpaulo echo -n ' IPXrouted' 462252726Srpaulo IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 463252726Srpaulo ;; 464252726Srpaulo esac 465252726Srpaulo 466252726Srpaulo case ${mrouted_enable} in 467252726Srpaulo [Yy][Ee][Ss]) 468252726Srpaulo echo -n ' mrouted'; mrouted ${mrouted_flags} 469252726Srpaulo ;; 470252726Srpaulo esac 471252726Srpaulo 472252726Srpaulo case ${rarpd_enable} in 473252726Srpaulo [Yy][Ee][Ss]) 474252726Srpaulo echo -n ' rarpd'; rarpd ${rarpd_flags} 475252726Srpaulo ;; 476252726Srpaulo esac 477252726Srpaulo echo '.' 478252726Srpaulo 479252726Srpaulo # Let future generations know we made it. 480252726Srpaulo # 481252726Srpaulo network_pass1_done=YES 482252726Srpaulo} 483252726Srpaulo 484252726Srpaulonetwork_pass2() { 485252726Srpaulo echo -n 'Doing additional network setup:' 486252726Srpaulo case ${named_enable} in 487281806Srpaulo [Yy][Ee][Ss]) 488281806Srpaulo echo -n ' named'; ${named_program:-named} ${named_flags} 489281806Srpaulo ;; 490281806Srpaulo esac 491281806Srpaulo 492289549Srpaulo case ${ntpdate_enable} in 493252726Srpaulo [Yy][Ee][Ss]) 494252726Srpaulo echo -n ' ntpdate' 495252726Srpaulo ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 496281806Srpaulo ;; 497252726Srpaulo esac 498252726Srpaulo 499252726Srpaulo case ${xntpd_enable} in 500252726Srpaulo [Yy][Ee][Ss]) 501252726Srpaulo echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 502252726Srpaulo ;; 503252726Srpaulo esac 504281806Srpaulo 505281806Srpaulo case ${timed_enable} in 506281806Srpaulo [Yy][Ee][Ss]) 507281806Srpaulo echo -n ' timed'; timed ${timed_flags} 508281806Srpaulo ;; 509281806Srpaulo esac 510281806Srpaulo 511281806Srpaulo case ${portmap_enable} in 512281806Srpaulo [Yy][Ee][Ss]) 513289549Srpaulo echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 514281806Srpaulo ${portmap_flags} 515281806Srpaulo 516281806Srpaulo # Start ypserv if we're an NIS server. 517281806Srpaulo # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 518281806Srpaulo # 519281806Srpaulo case ${nis_server_enable} in 520281806Srpaulo [Yy][Ee][Ss]) 521281806Srpaulo echo -n ' ypserv'; ypserv ${nis_server_flags} 522281806Srpaulo 523281806Srpaulo case ${nis_ypxfrd_enable} in 524281806Srpaulo [Yy][Ee][Ss]) 525281806Srpaulo echo -n ' rpc.ypxfrd' 526281806Srpaulo rpc.ypxfrd ${nis_ypxfrd_flags} 527281806Srpaulo ;; 528281806Srpaulo esac 529281806Srpaulo 530252726Srpaulo case ${nis_yppasswdd_enable} in 531252726Srpaulo [Yy][Ee][Ss]) 532252726Srpaulo echo -n ' rpc.yppasswdd' 533252726Srpaulo rpc.yppasswdd ${nis_yppasswdd_flags} 534252726Srpaulo ;; 535252726Srpaulo esac 536252726Srpaulo ;; 537252726Srpaulo esac 538252726Srpaulo 539281806Srpaulo # Start ypbind if we're an NIS client 540281806Srpaulo # 541281806Srpaulo case ${nis_client_enable} in 542281806Srpaulo [Yy][Ee][Ss]) 543281806Srpaulo echo -n ' ypbind'; ypbind ${nis_client_flags} 544281806Srpaulo case ${nis_ypset_enable} in 545281806Srpaulo [Yy][Ee][Ss]) 546281806Srpaulo echo -n ' ypset'; ypset ${nis_ypset_flags} 547281806Srpaulo ;; 548289549Srpaulo esac 549281806Srpaulo ;; 550281806Srpaulo esac 551281806Srpaulo 552281806Srpaulo # Start keyserv if we are running Secure RPC 553281806Srpaulo # 554281806Srpaulo case ${keyserv_enable} in 555281806Srpaulo [Yy][Ee][Ss]) 556281806Srpaulo echo -n ' keyserv'; keyserv ${keyserv_flags} 557289549Srpaulo ;; 558289549Srpaulo esac 559289549Srpaulo 560214501Srpaulo # Start ypupdated if we are running Secure RPC 561214501Srpaulo # and we are NIS master 562214501Srpaulo # 563214501Srpaulo case ${rpc_ypupdated_enable} in 564214501Srpaulo [Yy][Ee][Ss]) 565214501Srpaulo echo -n ' rpc.ypupdated'; rpc.ypupdated 566214501Srpaulo ;; 567281806Srpaulo esac 568214501Srpaulo ;; 569214501Srpaulo esac 570214501Srpaulo 571214501Srpaulo # Start ATM daemons 572214501Srpaulo if [ -n "${atm_pass2_done}" ]; then 573214501Srpaulo atm_pass3 574214501Srpaulo fi 575289549Srpaulo 576289549Srpaulo echo '.' 577214501Srpaulo network_pass2_done=YES 578214501Srpaulo} 579214501Srpaulo 580214501Srpaulonetwork_pass3() { 581214501Srpaulo echo -n 'Starting final network daemons:' 582214501Srpaulo 583214501Srpaulo case ${portmap_enable} in 584214501Srpaulo [Yy][Ee][Ss]) 585214501Srpaulo case ${nfs_server_enable} in 586214501Srpaulo [Yy][Ee][Ss]) 587281806Srpaulo if [ -r /etc/exports ]; then 588214501Srpaulo echo -n ' mountd' 589214501Srpaulo 590214501Srpaulo case ${weak_mountd_authentication} in 591214501Srpaulo [Yy][Ee][Ss]) 592289549Srpaulo mountd_flags="${mountd_flags} -n" 593289549Srpaulo ;; 594289549Srpaulo esac 595214501Srpaulo 596214501Srpaulo mountd ${mountd_flags} 597214501Srpaulo 598214501Srpaulo case ${nfs_reserved_port_only} in 599214501Srpaulo [Yy][Ee][Ss]) 600214501Srpaulo echo -n ' NFS on reserved port only=YES' 601214501Srpaulo sysctl -w vfs.nfs.nfs_privport=1 > /dev/null 602214501Srpaulo ;; 603214501Srpaulo esac 604281806Srpaulo 605281806Srpaulo echo -n ' nfsd'; nfsd ${nfs_server_flags} 606281806Srpaulo 607281806Srpaulo if [ -n "${nfs_bufpackets}" ]; then 608281806Srpaulo sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 609281806Srpaulo fi 610281806Srpaulo 611281806Srpaulo case ${rpc_lockd_enable} in 612281806Srpaulo [Yy][Ee][Ss]) 613281806Srpaulo echo -n ' rpc.lockd'; rpc.lockd 614281806Srpaulo ;; 615281806Srpaulo esac 616214501Srpaulo 617214501Srpaulo case ${rpc_statd_enable} in 618214501Srpaulo [Yy][Ee][Ss]) 619214501Srpaulo echo -n ' rpc.statd'; rpc.statd 620214501Srpaulo ;; 621214501Srpaulo esac 622214501Srpaulo fi 623214501Srpaulo ;; 624214501Srpaulo *) 625214501Srpaulo case ${single_mountd_enable} in 626214501Srpaulo [Yy][Ee][Ss]) 627214501Srpaulo if [ -r /etc/exports ]; then 628214501Srpaulo echo -n ' mountd' 629214501Srpaulo 630214501Srpaulo case ${weak_mountd_authentication} in 631289549Srpaulo [Yy][Ee][Ss]) 632252726Srpaulo mountd_flags="-n" 633281806Srpaulo ;; 634252726Srpaulo esac 635252726Srpaulo 636252726Srpaulo mountd ${mountd_flags} 637252726Srpaulo fi 638252726Srpaulo ;; 639252726Srpaulo esac 640281806Srpaulo ;; 641289549Srpaulo esac 642289549Srpaulo 643289549Srpaulo case ${nfs_client_enable} in 644289549Srpaulo [Yy][Ee][Ss]) 645281806Srpaulo echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 646281806Srpaulo if [ -n "${nfs_access_cache}" ]; then 647281806Srpaulo echo -n " NFS access cache time=${nfs_access_cache}" 648281806Srpaulo sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 649281806Srpaulo fi 650281806Srpaulo ;; 651281806Srpaulo esac 652281806Srpaulo 653281806Srpaulo # If /var/db/mounttab exists, some nfs-server has not been 654281806Srpaulo # sucessfully notified about a previous client shutdown. 655281806Srpaulo # If there is no /var/db/mounttab, we do nothing. 656281806Srpaulo if [ -f /var/db/mounttab ]; then 657281806Srpaulo rpc.umntall -k 658281806Srpaulo fi 659281806Srpaulo 660281806Srpaulo case ${amd_enable} in 661281806Srpaulo [Yy][Ee][Ss]) 662281806Srpaulo echo -n ' amd' 663281806Srpaulo case ${amd_map_program} in 664281806Srpaulo [Nn][Oo] | '') 665214501Srpaulo ;; 666214501Srpaulo *) 667214501Srpaulo amd_flags="${amd_flags} `eval\ 668214501Srpaulo ${amd_map_program}`" 669214501Srpaulo ;; 670214501Srpaulo esac 671214501Srpaulo 672281806Srpaulo if [ -n "${amd_flags}" ]; then 673281806Srpaulo amd -p ${amd_flags}\ 674281806Srpaulo > /var/run/amd.pid 2> /dev/null 675214501Srpaulo else 676214501Srpaulo amd 2> /dev/null 677214501Srpaulo fi 678214501Srpaulo ;; 679214501Srpaulo esac 680281806Srpaulo ;; 681281806Srpaulo esac 682214501Srpaulo 683281806Srpaulo case ${rwhod_enable} in 684214501Srpaulo [Yy][Ee][Ss]) 685214501Srpaulo echo -n ' rwhod'; rwhod ${rwhod_flags} 686252726Srpaulo ;; 687252726Srpaulo esac 688281806Srpaulo 689281806Srpaulo # Kerberos runs ONLY on the Kerberos server machine 690281806Srpaulo case ${kerberos_server_enable} in 691214501Srpaulo [Yy][Ee][Ss]) 692214501Srpaulo case ${kerberos_stash} in 693 [Yy][Ee][Ss]) 694 stash_flag=-n 695 ;; 696 *) 697 stash_flag= 698 ;; 699 esac 700 701 echo -n ' kerberos' 702 kerberos ${stash_flag} >> /var/log/kerberos.log & 703 704 case ${kadmind_server_enable} in 705 [Yy][Ee][Ss]) 706 echo -n ' kadmind' 707 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 708 ;; 709 esac 710 unset stash_flag 711 ;; 712 esac 713 714 case ${pppoed_enable} in 715 [Yy][Ee][Ss]) 716 if [ -n "${pppoed_provider}" ]; then 717 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 718 fi 719 echo -n ' pppoed'; 720 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 721 ;; 722 esac 723 724 case ${sshd_enable} in 725 [Yy][Ee][Ss]) 726 if [ ! -f /etc/ssh/ssh_host_key ]; then 727 echo ' creating ssh RSA host key'; 728 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 729 fi 730 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 731 echo ' creating ssh DSA host key'; 732 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 733 fi 734 ;; 735 esac 736 737 echo '.' 738 network_pass3_done=YES 739} 740 741network_pass4() { 742 echo -n 'Additional TCP options:' 743 case ${log_in_vain} in 744 [Nn][Oo] | '') 745 ;; 746 *) 747 echo -n ' log_in_vain=YES' 748 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 749 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 750 ;; 751 esac 752 753 echo '.' 754 network_pass4_done=YES 755} 756 757network_gif_setup() { 758 case ${gif_interfaces} in 759 [Nn][Oo] | '') 760 ;; 761 *) 762 for i in ${gif_interfaces}; do 763 eval peers=\$gifconfig_$i 764 case ${peers} in 765 '') 766 continue 767 ;; 768 *) 769 gifconfig $i ${peers} 770 ;; 771 esac 772 done 773 ;; 774 esac 775} 776 777convert_host_conf() { 778 host_conf=$1; shift; 779 nsswitch_conf=$1; shift; 780 awk ' \ 781 /^[:blank:]*#/ { next } \ 782 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 783 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 784 /nis/ { nsswitch[c] = "nis"; c++; next } \ 785 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 786 END { \ 787 printf "hosts: "; \ 788 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 789 printf "\n"; \ 790 }' < $host_conf > $nsswitch_conf 791} 792 793