routing revision 77651 
1214501Srpaulo#!/bin/sh -
2214501Srpaulo#
3289549Srpaulo# Copyright (c) 1993  The FreeBSD Project
4214501Srpaulo# All rights reserved.
5252726Srpaulo#
6252726Srpaulo# Redistribution and use in source and binary forms, with or without
7214501Srpaulo# modification, are permitted provided that the following conditions
8214501Srpaulo# are met:
9214501Srpaulo# 1. Redistributions of source code must retain the above copyright
10214501Srpaulo#    notice, this list of conditions and the following disclaimer.
11214501Srpaulo# 2. Redistributions in binary form must reproduce the above copyright
12214501Srpaulo#    notice, this list of conditions and the following disclaimer in the
13214501Srpaulo#    documentation and/or other materials provided with the distribution.
14214501Srpaulo#
15289549Srpaulo# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16252726Srpaulo# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17252726Srpaulo# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18289549Srpaulo# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19214501Srpaulo# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20281806Srpaulo# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21281806Srpaulo# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22281806Srpaulo# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23281806Srpaulo# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24281806Srpaulo# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25281806Srpaulo# SUCH DAMAGE.
26281806Srpaulo#
27281806Srpaulo# $FreeBSD: head/etc/rc.d/routing 77651 2001-06-03 12:26:56Z brian $
28281806Srpaulo#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29281806Srpaulo#
30281806Srpaulo
31281806Srpaulo# Note that almost all of the user-configurable behavior is no longer in
32281806Srpaulo# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33281806Srpaulo# first before contemplating any changes here.  If you do need to change
34281806Srpaulo# this file for some reason, we would like to know about it.
35281806Srpaulo
36289549Srpaulo# First pass startup stuff.
37289549Srpaulo#
38281806Srpaulonetwork_pass1() {
39281806Srpaulo	echo -n 'Doing initial network setup:'
40281806Srpaulo
41281806Srpaulo	# Convert host.conf to nsswitch.conf if necessary
42281806Srpaulo	if [ -f "/etc/host.conf" ]; then
43281806Srpaulo		echo ''
44281806Srpaulo		echo 'Warning: /etc/host.conf is no longer used'
45281806Srpaulo		if [ -f "/etc/nsswitch.conf" ]; then
46281806Srpaulo		    echo '  /etc/nsswitch.conf will be used instead'
47281806Srpaulo		else
48214501Srpaulo		    echo '  /etc/nsswitch.conf will be created for you'
49214501Srpaulo		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50214501Srpaulo		fi
51214501Srpaulo	fi
52214501Srpaulo
53214501Srpaulo	# Set the host name if it is not already set
54214501Srpaulo	#
55214501Srpaulo	if [ -z "`hostname -s`" ]; then
56214501Srpaulo		hostname ${hostname}
57214501Srpaulo		echo -n ' hostname'
58214501Srpaulo	fi
59214501Srpaulo
60214501Srpaulo	# Establish ipfilter ruleset as early as possible (best in
61214501Srpaulo	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62214501Srpaulo	#
63214501Srpaulo	case "${ipfilter_enable}" in
64214501Srpaulo	[Yy][Ee][Ss])
65214501Srpaulo		if [ -r "${ipfilter_rules}" ]; then
66214501Srpaulo			echo -n ' ipfilter';
67214501Srpaulo			${ipfilter_program:-/sbin/ipf -Fa -f} \
68214501Srpaulo			    "${ipfilter_rules}" ${ipfilter_flags}
69214501Srpaulo			case "${ipmon_enable}" in
70214501Srpaulo			[Yy][Ee][Ss])
71214501Srpaulo				echo -n ' ipmon'
72214501Srpaulo				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
73214501Srpaulo				;;
74214501Srpaulo			esac
75214501Srpaulo			case "${ipnat_enable}" in
76281806Srpaulo			[Yy][Ee][Ss])
77281806Srpaulo				if [ -r "${ipnat_rules}" ]; then
78214501Srpaulo					echo -n ' ipnat';
79214501Srpaulo				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
80214501Srpaulo					"${ipnat_rules}" ${ipnat_flags}
81289549Srpaulo				else
82214501Srpaulo					echo -n ' NO IPNAT RULES'
83252726Srpaulo				fi
84252726Srpaulo				;;
85281806Srpaulo			esac
86281806Srpaulo		else
87214501Srpaulo			ipfilter_enable="NO"
88214501Srpaulo			echo -n ' NO IPF RULES'
89214501Srpaulo		fi
90214501Srpaulo		;;
91214501Srpaulo	esac
92214501Srpaulo
93214501Srpaulo	# Set the domainname if we're using NIS
94214501Srpaulo	#
95214501Srpaulo	case ${nisdomainname} in
96214501Srpaulo	[Nn][Oo] | '')
97214501Srpaulo		;;
98214501Srpaulo	*)
99214501Srpaulo		domainname ${nisdomainname}
100214501Srpaulo		echo -n ' domain'
101252726Srpaulo		;;
102252726Srpaulo	esac
103252726Srpaulo
104252726Srpaulo	echo '.'
105214501Srpaulo
106214501Srpaulo	# Initial ATM interface configuration
107214501Srpaulo	#
108214501Srpaulo	case ${atm_enable} in
109214501Srpaulo	[Yy][Ee][Ss])
110214501Srpaulo		if [ -r /etc/rc.atm ]; then
111214501Srpaulo			. /etc/rc.atm
112214501Srpaulo			atm_pass1
113214501Srpaulo		fi
114214501Srpaulo		;;
115214501Srpaulo	esac
116214501Srpaulo
117289549Srpaulo	# Special options for sppp(4) interfaces go here.  These need
118214501Srpaulo	# to go _before_ the general ifconfig section, since in the case
119214501Srpaulo	# of hardwired (no link1 flag) but required authentication, you
120214501Srpaulo	# cannot pass auth parameters down to the already running interface.
121214501Srpaulo	#
122214501Srpaulo	for ifn in ${sppp_interfaces}; do
123214501Srpaulo		eval spppcontrol_args=\$spppconfig_${ifn}
124214501Srpaulo		if [ -n "${spppcontrol_args}" ]; then
125214501Srpaulo			# The auth secrets might contain spaces; in order
126214501Srpaulo			# to retain the quotation, we need to eval them
127252726Srpaulo			# here.
128252726Srpaulo			eval spppcontrol ${ifn} ${spppcontrol_args}
129252726Srpaulo		fi
130252726Srpaulo	done
131252726Srpaulo
132214501Srpaulo	# gifconfig
133214501Srpaulo	network_gif_setup
134214501Srpaulo
135214501Srpaulo	# Set up all the network interfaces, calling startup scripts if needed
136214501Srpaulo	#
137281806Srpaulo	case ${network_interfaces} in
138214501Srpaulo	[Aa][Uu][Tt][Oo])
139214501Srpaulo		network_interfaces="`ifconfig -l`"
140214501Srpaulo		;;
141214501Srpaulo	esac
142214501Srpaulo
143214501Srpaulo	dhcp_interfaces=""
144214501Srpaulo	for ifn in ${network_interfaces}; do
145214501Srpaulo		if [ -r /etc/start_if.${ifn} ]; then
146214501Srpaulo			. /etc/start_if.${ifn}
147252726Srpaulo			eval showstat_$ifn=1
148214501Srpaulo		fi
149214501Srpaulo
150214501Srpaulo		# Do the primary ifconfig if specified
151214501Srpaulo		#
152214501Srpaulo		eval ifconfig_args=\$ifconfig_${ifn}
153214501Srpaulo
154214501Srpaulo		case ${ifconfig_args} in
155281806Srpaulo		'')
156281806Srpaulo			;;
157214501Srpaulo		[Dd][Hh][Cc][Pp])
158281806Srpaulo			# DHCP inits are done all in one go below
159214501Srpaulo			dhcp_interfaces="$dhcp_interfaces $ifn"
160214501Srpaulo			eval showstat_$ifn=1
161252726Srpaulo			;;
162252726Srpaulo		*)
163252726Srpaulo			ifconfig ${ifn} ${ifconfig_args}
164252726Srpaulo			eval showstat_$ifn=1
165252726Srpaulo			;;
166214501Srpaulo		esac
167214501Srpaulo	done
168252726Srpaulo
169252726Srpaulo	if [ ! -z "${dhcp_interfaces}" ]; then
170214501Srpaulo		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
171214501Srpaulo	fi
172214501Srpaulo
173214501Srpaulo	for ifn in ${network_interfaces}; do
174214501Srpaulo		# Check to see if aliases need to be added
175214501Srpaulo		#
176214501Srpaulo		alias=0
177252726Srpaulo		while : ; do
178252726Srpaulo			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
179252726Srpaulo			if [ -n "${ifconfig_args}" ]; then
180252726Srpaulo				ifconfig ${ifn} ${ifconfig_args} alias
181252726Srpaulo				eval showstat_$ifn=1
182252726Srpaulo				alias=`expr ${alias} + 1`
183214501Srpaulo			else
184214501Srpaulo				break;
185252726Srpaulo			fi
186252726Srpaulo		done
187252726Srpaulo
188252726Srpaulo		# Do ipx address if specified
189252726Srpaulo		#
190214501Srpaulo		eval ifconfig_args=\$ifconfig_${ifn}_ipx
191252726Srpaulo		if [ -n "${ifconfig_args}" ]; then
192252726Srpaulo			ifconfig ${ifn} ${ifconfig_args}
193252726Srpaulo			eval showstat_$ifn=1
194252726Srpaulo		fi
195252726Srpaulo	done
196252726Srpaulo
197252726Srpaulo	for ifn in ${network_interfaces}; do
198252726Srpaulo		eval showstat=\$showstat_${ifn}
199252726Srpaulo		if [ ! -z ${showstat} ]; then
200252726Srpaulo			ifconfig ${ifn}
201252726Srpaulo		fi
202252726Srpaulo	done
203252726Srpaulo
204252726Srpaulo	# ISDN subsystem startup
205252726Srpaulo	#
206252726Srpaulo	case ${isdn_enable} in
207252726Srpaulo	[Yy][Ee][Ss])
208214501Srpaulo		if [ -r /etc/rc.isdn ]; then
209214501Srpaulo			. /etc/rc.isdn
210214501Srpaulo		fi
211214501Srpaulo		;;
212214501Srpaulo	esac
213214501Srpaulo
214281806Srpaulo	# Start user ppp if required.  This must happen before natd.
215252726Srpaulo	#
216214501Srpaulo	case ${ppp_enable} in
217214501Srpaulo	[Yy][Ee][Ss])
218214501Srpaulo		# Establish ppp mode.
219214501Srpaulo		#
220214501Srpaulo		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
221214501Srpaulo			-a "${ppp_mode}" != "dedicated" \
222214501Srpaulo			-a "${ppp_mode}" != "background" ]; then
223214501Srpaulo			ppp_mode="auto"
224214501Srpaulo		fi
225281806Srpaulo
226214501Srpaulo		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
227214501Srpaulo
228214501Srpaulo		# Switch on NAT mode?
229214501Srpaulo		#
230214501Srpaulo		case ${ppp_nat} in
231214501Srpaulo		[Yy][Ee][Ss])
232252726Srpaulo			ppp_command="${ppp_command} -nat"
233214501Srpaulo			;;
234281806Srpaulo		esac
235214501Srpaulo
236214501Srpaulo		ppp_command="${ppp_command} ${ppp_profile}"
237214501Srpaulo
238214501Srpaulo		echo -n "Starting ppp as \"${ppp_user}\""
239252726Srpaulo		su -m ${ppp_user} -c "exec ${ppp_command}"
240252726Srpaulo		;;
241252726Srpaulo	esac
242252726Srpaulo
243252726Srpaulo	# Initialize IP filtering using ipfw
244252726Srpaulo	#
245252726Srpaulo	if /sbin/ipfw -q flush > /dev/null 2>&1; then
246252726Srpaulo		firewall_in_kernel=1
247252726Srpaulo	else
248214501Srpaulo		firewall_in_kernel=0
249214501Srpaulo	fi
250214501Srpaulo
251214501Srpaulo	case ${firewall_enable} in
252214501Srpaulo	[Yy][Ee][Ss])
253214501Srpaulo		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
254214501Srpaulo			firewall_in_kernel=1
255214501Srpaulo			echo 'Kernel firewall module loaded'
256214501Srpaulo		elif [ "${firewall_in_kernel}" -eq 0 ]; then
257214501Srpaulo			echo 'Warning: firewall kernel module failed to load'
258214501Srpaulo		fi
259214501Srpaulo		;;
260214501Srpaulo	esac
261281806Srpaulo
262281806Srpaulo	# Load the filters if required
263214501Srpaulo	#
264214501Srpaulo	case ${firewall_in_kernel} in
265214501Srpaulo	1)
266214501Srpaulo		if [ -z "${firewall_script}" ]; then
267214501Srpaulo			firewall_script=/etc/rc.firewall
268214501Srpaulo		fi
269214501Srpaulo
270214501Srpaulo		case ${firewall_enable} in
271214501Srpaulo		[Yy][Ee][Ss])
272214501Srpaulo			if [ -r "${firewall_script}" ]; then
273214501Srpaulo				. "${firewall_script}"
274214501Srpaulo				echo -n 'Firewall rules loaded, starting divert daemons:'
275214501Srpaulo
276214501Srpaulo				# Network Address Translation daemon
277214501Srpaulo				#
278252726Srpaulo				case ${natd_enable} in
279281806Srpaulo				[Yy][Ee][Ss])
280214501Srpaulo					if [ -n "${natd_interface}" ]; then
281214501Srpaulo						if echo ${natd_interface} | \
282214501Srpaulo							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
283214501Srpaulo							natd_ifarg="-a ${natd_interface}"
284214501Srpaulo						else
285214501Srpaulo							natd_ifarg="-n ${natd_interface}"
286214501Srpaulo						fi
287214501Srpaulo
288281806Srpaulo						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
289214501Srpaulo					fi
290214501Srpaulo					;;
291214501Srpaulo				esac
292214501Srpaulo
293214501Srpaulo				echo '.'
294252726Srpaulo
295252726Srpaulo			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
296252726Srpaulo				echo 'Warning: kernel has firewall functionality,' \
297252726Srpaulo				     'but firewall rules are not enabled.'
298252726Srpaulo				echo '		 All ip services are disabled.'
299214501Srpaulo			fi
300214501Srpaulo
301214501Srpaulo			case ${firewall_logging} in
302214501Srpaulo			[Yy][Ee][Ss] | '')
303214501Srpaulo				echo 'Firewall logging=YES'
304214501Srpaulo				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
305214501Srpaulo				;;
306214501Srpaulo			*)
307214501Srpaulo				;;
308214501Srpaulo			esac
309214501Srpaulo
310214501Srpaulo			;;
311214501Srpaulo		esac
312214501Srpaulo		;;
313214501Srpaulo	esac
314214501Srpaulo
315214501Srpaulo	# Additional ATM interface configuration
316214501Srpaulo	#
317214501Srpaulo	if [ -n "${atm_pass1_done}" ]; then
318214501Srpaulo		atm_pass2
319252726Srpaulo	fi
320214501Srpaulo
321214501Srpaulo	# Configure routing
322214501Srpaulo	#
323214501Srpaulo	case ${defaultrouter} in
324214501Srpaulo	[Nn][Oo] | '')
325214501Srpaulo		;;
326214501Srpaulo	*)
327214501Srpaulo		static_routes="default ${static_routes}"
328214501Srpaulo		route_default="default ${defaultrouter}"
329214501Srpaulo		;;
330214501Srpaulo	esac
331214501Srpaulo
332214501Srpaulo	# Set up any static routes.  This should be done before router discovery.
333289549Srpaulo	#
334281806Srpaulo	if [ -n "${static_routes}" ]; then
335214501Srpaulo		for i in ${static_routes}; do
336281806Srpaulo			eval route_args=\$route_${i}
337214501Srpaulo			route add ${route_args}
338214501Srpaulo		done
339214501Srpaulo	fi
340214501Srpaulo
341214501Srpaulo	echo -n 'Additional routing options:'
342214501Srpaulo	case ${tcp_extensions} in
343214501Srpaulo	[Yy][Ee][Ss] | '')
344214501Srpaulo		;;
345214501Srpaulo	*)
346252726Srpaulo		echo -n ' tcp extensions=NO'
347252726Srpaulo		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
348214501Srpaulo		;;
349214501Srpaulo	esac
350214501Srpaulo
351281806Srpaulo	case ${icmp_bmcastecho} in
352214501Srpaulo	[Yy][Ee][Ss])
353214501Srpaulo		echo -n ' broadcast ping responses=YES'
354214501Srpaulo		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
355214501Srpaulo		;;
356214501Srpaulo	esac
357214501Srpaulo
358214501Srpaulo	case ${icmp_drop_redirect} in
359214501Srpaulo	[Yy][Ee][Ss])
360214501Srpaulo		echo -n ' ignore ICMP redirect=YES'
361214501Srpaulo		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
362214501Srpaulo		;;
363214501Srpaulo	esac
364214501Srpaulo
365281806Srpaulo	case ${icmp_log_redirect} in
366214501Srpaulo	[Yy][Ee][Ss])
367214501Srpaulo		echo -n ' log ICMP redirect=YES'
368214501Srpaulo		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
369214501Srpaulo		;;
370214501Srpaulo	esac
371214501Srpaulo
372214501Srpaulo	case ${gateway_enable} in
373214501Srpaulo	[Yy][Ee][Ss])
374214501Srpaulo		echo -n ' IP gateway=YES'
375214501Srpaulo		sysctl -w net.inet.ip.forwarding=1 >/dev/null
376252726Srpaulo		;;
377214501Srpaulo	esac
378214501Srpaulo
379214501Srpaulo	case ${forward_sourceroute} in
380214501Srpaulo	[Yy][Ee][Ss])
381281806Srpaulo		echo -n ' do source routing=YES'
382214501Srpaulo		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
383214501Srpaulo		;;
384214501Srpaulo	esac
385214501Srpaulo
386214501Srpaulo	case ${accept_sourceroute} in
387214501Srpaulo	[Yy][Ee][Ss])
388214501Srpaulo		echo -n ' accept source routing=YES'
389214501Srpaulo		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
390252726Srpaulo		;;
391214501Srpaulo	esac
392214501Srpaulo
393214501Srpaulo	case ${tcp_keepalive} in
394214501Srpaulo	[Yy][Ee][Ss])
395214501Srpaulo		echo -n ' TCP keepalive=YES'
396214501Srpaulo		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
397214501Srpaulo		;;
398281806Srpaulo	esac
399214501Srpaulo
400214501Srpaulo	case ${tcp_drop_synfin} in
401214501Srpaulo	[Yy][Ee][Ss])
402214501Srpaulo		echo -n ' drop SYN+FIN packets=YES'
403214501Srpaulo		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
404214501Srpaulo		;;
405214501Srpaulo	esac
406214501Srpaulo
407252726Srpaulo	case ${ipxgateway_enable} in
408281806Srpaulo	[Yy][Ee][Ss])
409252726Srpaulo		echo -n ' IPX gateway=YES'
410252726Srpaulo		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
411252726Srpaulo		;;
412252726Srpaulo	esac
413214501Srpaulo
414252726Srpaulo	case ${arpproxy_all} in
415281806Srpaulo	[Yy][Ee][Ss])
416252726Srpaulo		echo -n ' ARP proxyall=YES'
417252726Srpaulo		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
418252726Srpaulo		;;
419252726Srpaulo	esac
420252726Srpaulo
421252726Srpaulo	case ${ip_portrange_first} in
422252726Srpaulo	[Nn][Oo] | '')
423281806Srpaulo		;;
424281806Srpaulo	*)
425281806Srpaulo		echo -n " ip_portrange_first=$ip_portrange_first"
426281806Srpaulo		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
427281806Srpaulo		;;
428281806Srpaulo	esac
429252726Srpaulo
430252726Srpaulo	case ${ip_portrange_last} in
431252726Srpaulo	[Nn][Oo] | '')
432252726Srpaulo		;;
433252726Srpaulo	*)
434252726Srpaulo		echo -n " ip_portrange_last=$ip_portrange_last"
435252726Srpaulo		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
436252726Srpaulo		;;
437252726Srpaulo	esac
438252726Srpaulo
439252726Srpaulo	echo '.'
440252726Srpaulo
441252726Srpaulo	case ${ipsec_enable} in
442252726Srpaulo	[Yy][Ee][Ss])
443252726Srpaulo		if [ -f ${ipsec_file} ]; then
444252726Srpaulo		    echo ' ipsec: enabled'
445252726Srpaulo		    setkey -f ${ipsec_file}
446252726Srpaulo		else
447252726Srpaulo		    echo ' ipsec: file not found'
448252726Srpaulo		fi
449252726Srpaulo		;;
450252726Srpaulo	esac
451252726Srpaulo
452252726Srpaulo	echo -n 'Routing daemons:'
453252726Srpaulo	case ${router_enable} in
454252726Srpaulo	[Yy][Ee][Ss])
455252726Srpaulo		echo -n " ${router}";	${router} ${router_flags}
456252726Srpaulo		;;
457252726Srpaulo	esac
458252726Srpaulo
459252726Srpaulo	case ${ipxrouted_enable} in
460252726Srpaulo	[Yy][Ee][Ss])
461252726Srpaulo		echo -n ' IPXrouted'
462252726Srpaulo		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
463252726Srpaulo		;;
464252726Srpaulo	esac
465252726Srpaulo
466252726Srpaulo	case ${mrouted_enable} in
467252726Srpaulo	[Yy][Ee][Ss])
468252726Srpaulo		echo -n ' mrouted';	mrouted ${mrouted_flags}
469252726Srpaulo		;;
470252726Srpaulo	esac
471252726Srpaulo
472252726Srpaulo	case ${rarpd_enable} in
473252726Srpaulo	[Yy][Ee][Ss])
474252726Srpaulo		echo -n ' rarpd';	rarpd ${rarpd_flags}
475252726Srpaulo		;;
476252726Srpaulo	esac
477252726Srpaulo	echo '.'
478252726Srpaulo
479252726Srpaulo	# Let future generations know we made it.
480252726Srpaulo	#
481252726Srpaulo	network_pass1_done=YES
482252726Srpaulo}
483252726Srpaulo
484252726Srpaulonetwork_pass2() {
485252726Srpaulo	echo -n 'Doing additional network setup:'
486252726Srpaulo	case ${named_enable} in
487281806Srpaulo	[Yy][Ee][Ss])
488281806Srpaulo		echo -n ' named';	${named_program:-named} ${named_flags}
489281806Srpaulo		;;
490281806Srpaulo	esac
491281806Srpaulo
492289549Srpaulo	case ${ntpdate_enable} in
493252726Srpaulo	[Yy][Ee][Ss])
494252726Srpaulo		echo -n ' ntpdate'
495252726Srpaulo		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
496281806Srpaulo		;;
497252726Srpaulo	esac
498252726Srpaulo
499252726Srpaulo	case ${xntpd_enable} in
500252726Srpaulo	[Yy][Ee][Ss])
501252726Srpaulo		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
502252726Srpaulo		;;
503252726Srpaulo	esac
504281806Srpaulo
505281806Srpaulo	case ${timed_enable} in
506281806Srpaulo	[Yy][Ee][Ss])
507281806Srpaulo		echo -n ' timed';	timed ${timed_flags}
508281806Srpaulo		;;
509281806Srpaulo	esac
510281806Srpaulo
511281806Srpaulo	case ${portmap_enable} in
512281806Srpaulo	[Yy][Ee][Ss])
513289549Srpaulo		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
514281806Srpaulo			${portmap_flags}
515281806Srpaulo
516281806Srpaulo		# Start ypserv if we're an NIS server.
517281806Srpaulo		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
518281806Srpaulo		#
519281806Srpaulo		case ${nis_server_enable} in
520281806Srpaulo		[Yy][Ee][Ss])
521281806Srpaulo			echo -n ' ypserv'; ypserv ${nis_server_flags}
522281806Srpaulo
523281806Srpaulo			case ${nis_ypxfrd_enable} in
524281806Srpaulo			[Yy][Ee][Ss])
525281806Srpaulo				echo -n ' rpc.ypxfrd'
526281806Srpaulo				rpc.ypxfrd ${nis_ypxfrd_flags}
527281806Srpaulo				;;
528281806Srpaulo			esac
529281806Srpaulo
530252726Srpaulo			case ${nis_yppasswdd_enable} in
531252726Srpaulo			[Yy][Ee][Ss])
532252726Srpaulo				echo -n ' rpc.yppasswdd'
533252726Srpaulo				rpc.yppasswdd ${nis_yppasswdd_flags}
534252726Srpaulo				;;
535252726Srpaulo			esac
536252726Srpaulo			;;
537252726Srpaulo		esac
538252726Srpaulo
539281806Srpaulo		# Start ypbind if we're an NIS client
540281806Srpaulo		#
541281806Srpaulo		case ${nis_client_enable} in
542281806Srpaulo		[Yy][Ee][Ss])
543281806Srpaulo			echo -n ' ypbind'; ypbind ${nis_client_flags}
544281806Srpaulo			case ${nis_ypset_enable} in
545281806Srpaulo			[Yy][Ee][Ss])
546281806Srpaulo				echo -n ' ypset';	ypset ${nis_ypset_flags}
547281806Srpaulo				;;
548289549Srpaulo			esac
549281806Srpaulo			;;
550281806Srpaulo		esac
551281806Srpaulo
552281806Srpaulo		# Start keyserv if we are running Secure RPC
553281806Srpaulo		#
554281806Srpaulo		case ${keyserv_enable} in
555281806Srpaulo		[Yy][Ee][Ss])
556281806Srpaulo			echo -n ' keyserv';	keyserv ${keyserv_flags}
557289549Srpaulo			;;
558289549Srpaulo		esac
559289549Srpaulo
560214501Srpaulo		# Start ypupdated if we are running Secure RPC
561214501Srpaulo		# and we are NIS master
562214501Srpaulo		#
563214501Srpaulo		case ${rpc_ypupdated_enable} in
564214501Srpaulo		[Yy][Ee][Ss])
565214501Srpaulo			echo -n ' rpc.ypupdated';	rpc.ypupdated
566214501Srpaulo			;;
567281806Srpaulo		esac
568214501Srpaulo		;;
569214501Srpaulo	esac
570214501Srpaulo
571214501Srpaulo	# Start ATM daemons
572214501Srpaulo	if [ -n "${atm_pass2_done}" ]; then
573214501Srpaulo		atm_pass3
574214501Srpaulo	fi
575289549Srpaulo
576289549Srpaulo	echo '.'
577214501Srpaulo	network_pass2_done=YES
578214501Srpaulo}
579214501Srpaulo
580214501Srpaulonetwork_pass3() {
581214501Srpaulo	echo -n 'Starting final network daemons:'
582214501Srpaulo
583214501Srpaulo	case ${portmap_enable} in
584214501Srpaulo	[Yy][Ee][Ss])
585214501Srpaulo		case ${nfs_server_enable} in
586214501Srpaulo		[Yy][Ee][Ss])
587281806Srpaulo			if [ -r /etc/exports ]; then
588214501Srpaulo				echo -n ' mountd'
589214501Srpaulo
590214501Srpaulo				case ${weak_mountd_authentication} in
591214501Srpaulo				[Yy][Ee][Ss])
592289549Srpaulo					mountd_flags="${mountd_flags} -n"
593289549Srpaulo					;;
594289549Srpaulo				esac
595214501Srpaulo
596214501Srpaulo				mountd ${mountd_flags}
597214501Srpaulo
598214501Srpaulo				case ${nfs_reserved_port_only} in
599214501Srpaulo				[Yy][Ee][Ss])
600214501Srpaulo					echo -n ' NFS on reserved port only=YES'
601214501Srpaulo					sysctl -w vfs.nfs.nfs_privport=1 > /dev/null
602214501Srpaulo					;;
603214501Srpaulo				esac
604281806Srpaulo
605281806Srpaulo				echo -n ' nfsd';	nfsd ${nfs_server_flags}
606281806Srpaulo
607281806Srpaulo				if [ -n "${nfs_bufpackets}" ]; then
608281806Srpaulo					sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
609281806Srpaulo				fi
610281806Srpaulo
611281806Srpaulo				case ${rpc_lockd_enable} in
612281806Srpaulo				[Yy][Ee][Ss])
613281806Srpaulo					echo -n ' rpc.lockd';	rpc.lockd
614281806Srpaulo					;;
615281806Srpaulo				esac
616214501Srpaulo
617214501Srpaulo				case ${rpc_statd_enable} in
618214501Srpaulo				[Yy][Ee][Ss])
619214501Srpaulo					echo -n ' rpc.statd';	rpc.statd
620214501Srpaulo					;;
621214501Srpaulo				esac
622214501Srpaulo			fi
623214501Srpaulo			;;
624214501Srpaulo		*)
625214501Srpaulo			case ${single_mountd_enable} in
626214501Srpaulo			[Yy][Ee][Ss])
627214501Srpaulo				if [ -r /etc/exports ]; then
628214501Srpaulo					echo -n ' mountd'
629214501Srpaulo
630214501Srpaulo					case ${weak_mountd_authentication} in
631289549Srpaulo					[Yy][Ee][Ss])
632252726Srpaulo						mountd_flags="-n"
633281806Srpaulo						;;
634252726Srpaulo					esac
635252726Srpaulo
636252726Srpaulo					mountd ${mountd_flags}
637252726Srpaulo				fi
638252726Srpaulo				;;
639252726Srpaulo			esac
640281806Srpaulo			;;
641289549Srpaulo		esac
642289549Srpaulo
643289549Srpaulo		case ${nfs_client_enable} in
644289549Srpaulo		[Yy][Ee][Ss])
645281806Srpaulo			echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
646281806Srpaulo				if [ -n "${nfs_access_cache}" ]; then
647281806Srpaulo			echo -n " NFS access cache time=${nfs_access_cache}"
648281806Srpaulo			sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
649281806Srpaulo			fi
650281806Srpaulo			;;
651281806Srpaulo		esac
652281806Srpaulo
653281806Srpaulo		# If /var/db/mounttab exists, some nfs-server has not been
654281806Srpaulo		# sucessfully notified about a previous client shutdown.
655281806Srpaulo		# If there is no /var/db/mounttab, we do nothing.
656281806Srpaulo		if [ -f /var/db/mounttab ]; then
657281806Srpaulo			rpc.umntall -k
658281806Srpaulo		fi
659281806Srpaulo
660281806Srpaulo		case ${amd_enable} in
661281806Srpaulo		[Yy][Ee][Ss])
662281806Srpaulo			echo -n ' amd'
663281806Srpaulo			case ${amd_map_program} in
664281806Srpaulo			[Nn][Oo] | '')
665214501Srpaulo				;;
666214501Srpaulo			*)
667214501Srpaulo				amd_flags="${amd_flags} `eval\
668214501Srpaulo					${amd_map_program}`"
669214501Srpaulo				;;
670214501Srpaulo		esac
671214501Srpaulo
672281806Srpaulo			if [ -n "${amd_flags}" ]; then
673281806Srpaulo				amd -p ${amd_flags}\
674281806Srpaulo					> /var/run/amd.pid 2> /dev/null
675214501Srpaulo			else
676214501Srpaulo				amd 2> /dev/null
677214501Srpaulo			fi
678214501Srpaulo			;;
679214501Srpaulo		esac
680281806Srpaulo		;;
681281806Srpaulo	esac
682214501Srpaulo
683281806Srpaulo	case ${rwhod_enable} in
684214501Srpaulo	[Yy][Ee][Ss])
685214501Srpaulo		echo -n ' rwhod';	rwhod ${rwhod_flags}
686252726Srpaulo		;;
687252726Srpaulo	esac
688281806Srpaulo
689281806Srpaulo	# Kerberos runs ONLY on the Kerberos server machine
690281806Srpaulo	case ${kerberos_server_enable} in
691214501Srpaulo	[Yy][Ee][Ss])
692214501Srpaulo		case ${kerberos_stash} in
693		[Yy][Ee][Ss])
694			stash_flag=-n
695			;;
696		*)
697			stash_flag=
698			;;
699		esac
700
701		echo -n ' kerberos'
702		kerberos ${stash_flag} >> /var/log/kerberos.log &
703
704		case ${kadmind_server_enable} in
705		[Yy][Ee][Ss])
706			echo -n ' kadmind'
707			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
708			;;
709		esac
710		unset stash_flag
711		;;
712	esac
713
714	case ${pppoed_enable} in
715	[Yy][Ee][Ss])
716		if [ -n "${pppoed_provider}" ]; then
717			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
718		fi
719		echo -n ' pppoed';
720		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
721		;;
722	esac
723
724	case ${sshd_enable} in
725	[Yy][Ee][Ss])
726		if [ ! -f /etc/ssh/ssh_host_key ]; then
727			echo ' creating ssh RSA host key';
728			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
729		fi
730		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
731			echo ' creating ssh DSA host key';
732			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
733		fi
734		;;
735	esac
736
737	echo '.'
738	network_pass3_done=YES
739}
740
741network_pass4() {
742	echo -n 'Additional TCP options:'
743	case ${log_in_vain} in
744	[Nn][Oo] | '')
745		;;
746	*)
747		echo -n ' log_in_vain=YES'
748		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
749		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
750		;;
751	esac
752
753	echo '.'
754	network_pass4_done=YES
755}
756
757network_gif_setup() {
758	case ${gif_interfaces} in
759	[Nn][Oo] | '')
760		;;
761	*)
762		for i in ${gif_interfaces}; do
763			eval peers=\$gifconfig_$i
764			case ${peers} in
765			'')
766				continue
767				;;
768			*)
769				gifconfig $i ${peers}
770				;;
771			esac
772		done
773		;;
774	esac
775}
776
777convert_host_conf() {
778    host_conf=$1; shift;
779    nsswitch_conf=$1; shift;
780    awk '                                                                   \
781        /^[:blank:]*#/       { next }                                       \
782        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
783        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
784        /nis/                { nsswitch[c] = "nis";   c++; next }           \
785        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
786        END {                                                               \
787                printf "hosts: ";                                           \
788                for (i in nsswitch) printf "%s ", nsswitch[i];              \
789                printf "\n";                                                \
790        }' < $host_conf > $nsswitch_conf
791}
792
793