routing revision 86851
1249259Sdim#!/bin/sh - 2249259Sdim# 3249259Sdim# Copyright (c) 1993 The FreeBSD Project 4249259Sdim# All rights reserved. 5249259Sdim# 6249259Sdim# Redistribution and use in source and binary forms, with or without 7249259Sdim# modification, are permitted provided that the following conditions 8249259Sdim# are met: 9249259Sdim# 1. Redistributions of source code must retain the above copyright 10249259Sdim# notice, this list of conditions and the following disclaimer. 11249259Sdim# 2. Redistributions in binary form must reproduce the above copyright 12249259Sdim# notice, this list of conditions and the following disclaimer in the 13249259Sdim# documentation and/or other materials provided with the distribution. 14249259Sdim# 15249259Sdim# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16249259Sdim# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17249259Sdim# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18249259Sdim# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19249259Sdim# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20249259Sdim# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21249259Sdim# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22249259Sdim# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23249259Sdim# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24249259Sdim# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25249259Sdim# SUCH DAMAGE. 26249259Sdim# 27249259Sdim# $FreeBSD: head/etc/rc.d/routing 86851 2001-11-24 13:48:30Z darrenr $ 28249259Sdim# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29251662Sdim# 30249259Sdim 31249259Sdim# Note that almost all of the user-configurable behavior is no longer in 32249259Sdim# this file, but rather in /etc/defaults/rc.conf. Please check that file 33249259Sdim# first before contemplating any changes here. If you do need to change 34249259Sdim# this file for some reason, we would like to know about it. 35249259Sdim 36249259Sdim# First pass startup stuff. 37249259Sdim# 38249259Sdimnetwork_pass1() { 39249259Sdim echo -n 'Doing initial network setup:' 40249259Sdim 41249259Sdim # Generate host.conf for compatibility 42249259Sdim # 43249259Sdim if [ -f "/etc/nsswitch.conf" ]; then 44249259Sdim echo -n ' host.conf' 45249259Sdim generate_host_conf /etc/nsswitch.conf /etc/host.conf 46249259Sdim fi 47249259Sdim 48249259Sdim # Convert host.conf to nsswitch.conf if necessary 49249259Sdim # 50249259Sdim if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 51249259Sdim echo '' 52249259Sdim echo 'Warning: /etc/host.conf is no longer used' 53249259Sdim echo ' /etc/nsswitch.conf will be created for you' 54249259Sdim convert_host_conf /etc/host.conf /etc/nsswitch.conf 55249259Sdim fi 56249259Sdim 57249259Sdim # Set the host name if it is not already set 58249259Sdim # 59249259Sdim if [ -z "`hostname -s`" ]; then 60249259Sdim hostname ${hostname} 61249259Sdim echo -n ' hostname' 62249259Sdim fi 63249259Sdim 64249259Sdim # Establish ipfilter ruleset as early as possible (best in 65249259Sdim # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 66249259Sdim 67249259Sdim # check whether ipfilter and/or ipnat is enabled 68249259Sdim ipfilter_active="NO" 69249259Sdim case ${ipfilter_enable} in 70249259Sdim [Yy][Ee][Ss]) 71249259Sdim ipfilter_active="YES" 72249259Sdim ;; 73249259Sdim esac 74249259Sdim case ${ipnat_enable} in 75249259Sdim [Yy][Ee][Ss]) 76249259Sdim ipfilter_active="YES" 77249259Sdim ;; 78249259Sdim esac 79249259Sdim case ${ipfilter_active} in 80249259Sdim [Yy][Ee][Ss]) 81249259Sdim # load ipfilter kernel module if needed 82249259Sdim if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 83249259Sdim if kldload ipl; then 84249259Sdim echo 'IP-filter module loaded.' 85249259Sdim else 86249259Sdim echo 'Warning: IP-filter module failed to load.' 87249259Sdim # avoid further errors 88249259Sdim ipmon_enable="NO" 89249259Sdim ipfilter_enable="NO" 90249259Sdim ipnat_enable="NO" 91249259Sdim ipfs_enable="NO" 92249259Sdim fi 93249259Sdim fi 94249259Sdim # start ipmon before loading any rules 95249259Sdim case "${ipmon_enable}" in 96249259Sdim [Yy][Ee][Ss]) 97249259Sdim echo -n ' ipmon' 98249259Sdim ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 99249259Sdim ;; 100249259Sdim esac 101249259Sdim case "${ipfilter_enable}" in 102249259Sdim [Yy][Ee][Ss]) 103249259Sdim if [ -r "${ipfilter_rules}" ]; then 104249259Sdim echo -n ' ipfilter' 105249259Sdim ${ipfilter_program:-/sbin/ipf} -Fa -f \ 106249259Sdim "${ipfilter_rules}" ${ipfilter_flags} 107249259Sdim else 108249259Sdim ipfilter_enable="NO" 109249259Sdim echo -n ' NO IPF RULES' 110249259Sdim fi 111249259Sdim ;; 112249259Sdim esac 113249259Sdim case "${ipnat_enable}" in 114249259Sdim [Yy][Ee][Ss]) 115249259Sdim if [ -r "${ipnat_rules}" ]; then 116249259Sdim echo -n ' ipnat' 117249259Sdim eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 118249259Sdim "${ipnat_rules}" ${ipnat_flags} 119249259Sdim else 120249259Sdim ipnat_enable="NO" 121249259Sdim echo -n ' NO IPNAT RULES' 122249259Sdim fi 123249259Sdim ;; 124249259Sdim esac 125249259Sdim # restore filter/NAT state tables after loading the rules 126249259Sdim case "${ipfs_enable}" in 127249259Sdim [Yy][Ee][Ss]) 128249259Sdim if [ -r "/var/db/ipf/ipstate.ipf" ]; then 129249259Sdim echo -n ' ipfs' 130249259Sdim ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 131249259Sdim # remove files to avoid reloading old state 132249259Sdim # after an ungraceful shutdown 133249259Sdim rm -f /var/db/ipf/ipstate.ipf 134249259Sdim rm -f /var/db/ipf/ipnat.ipf 135249259Sdim fi 136249259Sdim ;; 137249259Sdim esac 138249259Sdim ;; 139249259Sdim esac 140251662Sdim 141249259Sdim # Set the domainname if we're using NIS 142249259Sdim # 143249259Sdim case ${nisdomainname} in 144249259Sdim [Nn][Oo] | '') 145249259Sdim ;; 146249259Sdim *) 147249259Sdim domainname ${nisdomainname} 148249259Sdim echo -n ' domain' 149249259Sdim ;; 150249259Sdim esac 151249259Sdim 152249259Sdim echo '.' 153249259Sdim 154249259Sdim # Initial ATM interface configuration 155249259Sdim # 156249259Sdim case ${atm_enable} in 157249259Sdim [Yy][Ee][Ss]) 158249259Sdim if [ -r /etc/rc.atm ]; then 159249259Sdim . /etc/rc.atm 160249259Sdim atm_pass1 161249259Sdim fi 162249259Sdim ;; 163249259Sdim esac 164249259Sdim 165249259Sdim # Attempt to create cloned interfaces. 166249259Sdim for ifn in ${cloned_interfaces}; do 167249259Sdim ifconfig ${ifn} create 168249259Sdim done 169249259Sdim 170249259Sdim # Special options for sppp(4) interfaces go here. These need 171249259Sdim # to go _before_ the general ifconfig section, since in the case 172249259Sdim # of hardwired (no link1 flag) but required authentication, you 173249259Sdim # cannot pass auth parameters down to the already running interface. 174249259Sdim # 175249259Sdim for ifn in ${sppp_interfaces}; do 176249259Sdim eval spppcontrol_args=\$spppconfig_${ifn} 177249259Sdim if [ -n "${spppcontrol_args}" ]; then 178249259Sdim # The auth secrets might contain spaces; in order 179249259Sdim # to retain the quotation, we need to eval them 180249259Sdim # here. 181249259Sdim eval spppcontrol ${ifn} ${spppcontrol_args} 182249259Sdim fi 183249259Sdim done 184249259Sdim 185249259Sdim # gifconfig 186249259Sdim network_gif_setup 187249259Sdim 188249259Sdim # Set up all the network interfaces, calling startup scripts if needed 189249259Sdim # 190249259Sdim case ${network_interfaces} in 191249259Sdim [Aa][Uu][Tt][Oo]) 192249259Sdim network_interfaces="`ifconfig -l`" 193249259Sdim ;; 194249259Sdim *) 195249259Sdim network_interfaces="${network_interfaces} ${cloned_interfaces}" 196249259Sdim ;; 197249259Sdim esac 198249259Sdim 199249259Sdim dhcp_interfaces="" 200249259Sdim for ifn in ${network_interfaces}; do 201249259Sdim if [ -r /etc/start_if.${ifn} ]; then 202249259Sdim . /etc/start_if.${ifn} 203249259Sdim eval showstat_$ifn=1 204249259Sdim fi 205249259Sdim 206249259Sdim # Do the primary ifconfig if specified 207249259Sdim # 208249259Sdim eval ifconfig_args=\$ifconfig_${ifn} 209249259Sdim 210249259Sdim case ${ifconfig_args} in 211249259Sdim '') 212249259Sdim ;; 213249259Sdim [Dd][Hh][Cc][Pp]) 214249259Sdim # DHCP inits are done all in one go below 215249259Sdim dhcp_interfaces="$dhcp_interfaces $ifn" 216249259Sdim eval showstat_$ifn=1 217249259Sdim ;; 218249259Sdim *) 219249259Sdim ifconfig ${ifn} ${ifconfig_args} 220249259Sdim eval showstat_$ifn=1 221249259Sdim ;; 222249259Sdim esac 223249259Sdim done 224249259Sdim 225249259Sdim if [ ! -z "${dhcp_interfaces}" ]; then 226249259Sdim ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 227249259Sdim fi 228249259Sdim 229249259Sdim for ifn in ${network_interfaces}; do 230249259Sdim # Check to see if aliases need to be added 231249259Sdim # 232249259Sdim alias=0 233249259Sdim while : ; do 234249259Sdim eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 235249259Sdim if [ -n "${ifconfig_args}" ]; then 236249259Sdim ifconfig ${ifn} ${ifconfig_args} alias 237249259Sdim eval showstat_$ifn=1 238249259Sdim alias=$((${alias} + 1)) 239249259Sdim else 240249259Sdim break; 241249259Sdim fi 242249259Sdim done 243249259Sdim 244249259Sdim # Do ipx address if specified 245249259Sdim # 246249259Sdim eval ifconfig_args=\$ifconfig_${ifn}_ipx 247249259Sdim if [ -n "${ifconfig_args}" ]; then 248249259Sdim ifconfig ${ifn} ${ifconfig_args} 249249259Sdim eval showstat_$ifn=1 250249259Sdim fi 251249259Sdim done 252249259Sdim 253249259Sdim for ifn in ${network_interfaces}; do 254249259Sdim eval showstat=\$showstat_${ifn} 255249259Sdim if [ ! -z ${showstat} ]; then 256249259Sdim ifconfig ${ifn} 257249259Sdim fi 258249259Sdim done 259249259Sdim 260249259Sdim # ISDN subsystem startup 261249259Sdim # 262249259Sdim case ${isdn_enable} in 263249259Sdim [Yy][Ee][Ss]) 264249259Sdim if [ -r /etc/rc.isdn ]; then 265249259Sdim . /etc/rc.isdn 266249259Sdim fi 267249259Sdim ;; 268249259Sdim esac 269249259Sdim 270249259Sdim # Start user ppp if required. This must happen before natd. 271249259Sdim # 272249259Sdim case ${ppp_enable} in 273249259Sdim [Yy][Ee][Ss]) 274249259Sdim # Establish ppp mode. 275249259Sdim # 276249259Sdim if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 277249259Sdim -a "${ppp_mode}" != "dedicated" \ 278249259Sdim -a "${ppp_mode}" != "background" ]; then 279249259Sdim ppp_mode="auto" 280249259Sdim fi 281249259Sdim 282249259Sdim ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 283249259Sdim 284249259Sdim # Switch on NAT mode? 285249259Sdim # 286249259Sdim case ${ppp_nat} in 287249259Sdim [Yy][Ee][Ss]) 288249259Sdim ppp_command="${ppp_command} -nat" 289249259Sdim ;; 290249259Sdim esac 291249259Sdim 292249259Sdim ppp_command="${ppp_command} ${ppp_profile}" 293249259Sdim 294249259Sdim echo "Starting ppp as \"${ppp_user}\"" 295249259Sdim su -m ${ppp_user} -c "exec ${ppp_command}" 296249259Sdim ;; 297249259Sdim esac 298249259Sdim 299249259Sdim # Re-Sync ipfilter so it picks up any new network interfaces 300249259Sdim # 301249259Sdim case ${ipfilter_active} in 302249259Sdim [Yy][Ee][Ss]) 303249259Sdim ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 304249259Sdim ;; 305249259Sdim esac 306249259Sdim unset ipfilter_active 307249259Sdim 308249259Sdim # Initialize IP filtering using ipfw 309249259Sdim # 310249259Sdim if /sbin/ipfw -q flush > /dev/null 2>&1; then 311249259Sdim firewall_in_kernel=1 312249259Sdim else 313249259Sdim firewall_in_kernel=0 314249259Sdim fi 315249259Sdim 316249259Sdim case ${firewall_enable} in 317249259Sdim [Yy][Ee][Ss]) 318249259Sdim if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 319249259Sdim firewall_in_kernel=1 320249259Sdim echo 'Kernel firewall module loaded' 321249259Sdim elif [ "${firewall_in_kernel}" -eq 0 ]; then 322249259Sdim echo 'Warning: firewall kernel module failed to load' 323249259Sdim fi 324249259Sdim ;; 325249259Sdim esac 326249259Sdim 327249259Sdim # Load the filters if required 328249259Sdim # 329249259Sdim case ${firewall_in_kernel} in 330249259Sdim 1) 331249259Sdim if [ -z "${firewall_script}" ]; then 332249259Sdim firewall_script=/etc/rc.firewall 333249259Sdim fi 334249259Sdim 335249259Sdim case ${firewall_enable} in 336249259Sdim [Yy][Ee][Ss]) 337249259Sdim if [ -r "${firewall_script}" ]; then 338249259Sdim . "${firewall_script}" 339249259Sdim echo -n 'Firewall rules loaded, starting divert daemons:' 340249259Sdim 341249259Sdim # Network Address Translation daemon 342249259Sdim # 343249259Sdim case ${natd_enable} in 344249259Sdim [Yy][Ee][Ss]) 345249259Sdim if [ -n "${natd_interface}" ]; then 346249259Sdim if echo ${natd_interface} | \ 347249259Sdim grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 348249259Sdim natd_ifarg="-a ${natd_interface}" 349249259Sdim else 350249259Sdim natd_ifarg="-n ${natd_interface}" 351249259Sdim fi 352249259Sdim 353249259Sdim echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 354249259Sdim fi 355249259Sdim ;; 356251662Sdim esac 357249259Sdim 358249259Sdim echo '.' 359249259Sdim 360249259Sdim elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 361249259Sdim echo 'Warning: kernel has firewall functionality,' \ 362249259Sdim 'but firewall rules are not enabled.' 363249259Sdim echo ' All ip services are disabled.' 364249259Sdim fi 365249259Sdim 366249259Sdim case ${firewall_logging} in 367249259Sdim [Yy][Ee][Ss] | '') 368249259Sdim echo 'Firewall logging=YES' 369249259Sdim sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 370249259Sdim ;; 371249259Sdim *) 372249259Sdim ;; 373249259Sdim esac 374249259Sdim 375249259Sdim ;; 376249259Sdim esac 377249259Sdim ;; 378249259Sdim esac 379249259Sdim 380249259Sdim # Additional ATM interface configuration 381249259Sdim # 382249259Sdim if [ -n "${atm_pass1_done}" ]; then 383249259Sdim atm_pass2 384249259Sdim fi 385249259Sdim 386249259Sdim # Configure routing 387249259Sdim # 388249259Sdim case ${defaultrouter} in 389249259Sdim [Nn][Oo] | '') 390249259Sdim ;; 391249259Sdim *) 392249259Sdim static_routes="default ${static_routes}" 393249259Sdim route_default="default ${defaultrouter}" 394249259Sdim ;; 395249259Sdim esac 396249259Sdim 397249259Sdim # Set up any static routes. This should be done before router discovery. 398249259Sdim # 399249259Sdim if [ -n "${static_routes}" ]; then 400249259Sdim for i in ${static_routes}; do 401249259Sdim eval route_args=\$route_${i} 402249259Sdim route add ${route_args} 403249259Sdim done 404249259Sdim fi 405249259Sdim 406249259Sdim echo -n 'Additional routing options:' 407249259Sdim case ${tcp_extensions} in 408249259Sdim [Yy][Ee][Ss] | '') 409249259Sdim ;; 410249259Sdim *) 411249259Sdim echo -n ' tcp extensions=NO' 412249259Sdim sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 413249259Sdim ;; 414251662Sdim esac 415249259Sdim 416249259Sdim case ${icmp_bmcastecho} in 417249259Sdim [Yy][Ee][Ss]) 418249259Sdim echo -n ' broadcast ping responses=YES' 419249259Sdim sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 420249259Sdim ;; 421249259Sdim esac 422249259Sdim 423249259Sdim case ${icmp_drop_redirect} in 424249259Sdim [Yy][Ee][Ss]) 425249259Sdim echo -n ' ignore ICMP redirect=YES' 426249259Sdim sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 427249259Sdim ;; 428249259Sdim esac 429249259Sdim 430249259Sdim case ${icmp_log_redirect} in 431249259Sdim [Yy][Ee][Ss]) 432249259Sdim echo -n ' log ICMP redirect=YES' 433249259Sdim sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 434249259Sdim ;; 435249259Sdim esac 436249259Sdim 437249259Sdim case ${gateway_enable} in 438249259Sdim [Yy][Ee][Ss]) 439249259Sdim echo -n ' IP gateway=YES' 440249259Sdim sysctl -w net.inet.ip.forwarding=1 >/dev/null 441249259Sdim ;; 442249259Sdim esac 443249259Sdim 444249259Sdim case ${forward_sourceroute} in 445249259Sdim [Yy][Ee][Ss]) 446249259Sdim echo -n ' do source routing=YES' 447249259Sdim sysctl -w net.inet.ip.sourceroute=1 >/dev/null 448249259Sdim ;; 449249259Sdim esac 450249259Sdim 451249259Sdim case ${accept_sourceroute} in 452249259Sdim [Yy][Ee][Ss]) 453249259Sdim echo -n ' accept source routing=YES' 454249259Sdim sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 455249259Sdim ;; 456249259Sdim esac 457251662Sdim 458249259Sdim case ${tcp_keepalive} in 459249259Sdim [Yy][Ee][Ss]) 460249259Sdim echo -n ' TCP keepalive=YES' 461249259Sdim sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 462249259Sdim ;; 463249259Sdim esac 464249259Sdim 465249259Sdim case ${tcp_drop_synfin} in 466249259Sdim [Yy][Ee][Ss]) 467249259Sdim echo -n ' drop SYN+FIN packets=YES' 468249259Sdim sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 469249259Sdim ;; 470249259Sdim esac 471249259Sdim 472249259Sdim case ${ipxgateway_enable} in 473249259Sdim [Yy][Ee][Ss]) 474249259Sdim echo -n ' IPX gateway=YES' 475249259Sdim sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 476249259Sdim ;; 477249259Sdim esac 478249259Sdim 479249259Sdim case ${arpproxy_all} in 480249259Sdim [Yy][Ee][Ss]) 481249259Sdim echo -n ' ARP proxyall=YES' 482249259Sdim sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 483249259Sdim ;; 484249259Sdim esac 485249259Sdim 486249259Sdim case ${ip_portrange_first} in 487249259Sdim [Nn][Oo] | '') 488251662Sdim ;; 489249259Sdim *) 490249259Sdim echo -n " ip_portrange_first=$ip_portrange_first" 491249259Sdim sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 492249259Sdim ;; 493249259Sdim esac 494249259Sdim 495249259Sdim case ${ip_portrange_last} in 496249259Sdim [Nn][Oo] | '') 497249259Sdim ;; 498249259Sdim *) 499249259Sdim echo -n " ip_portrange_last=$ip_portrange_last" 500249259Sdim sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 501249259Sdim ;; 502249259Sdim esac 503249259Sdim 504249259Sdim echo '.' 505249259Sdim 506251662Sdim case ${ipsec_enable} in 507249259Sdim [Yy][Ee][Ss]) 508249259Sdim if [ -f ${ipsec_file} ]; then 509249259Sdim echo ' ipsec: enabled' 510249259Sdim setkey -f ${ipsec_file} 511249259Sdim else 512249259Sdim echo ' ipsec: file not found' 513249259Sdim fi 514249259Sdim ;; 515249259Sdim esac 516249259Sdim 517249259Sdim echo -n 'Routing daemons:' 518249259Sdim case ${router_enable} in 519249259Sdim [Yy][Ee][Ss]) 520249259Sdim echo -n " ${router}"; ${router} ${router_flags} 521249259Sdim ;; 522249259Sdim esac 523249259Sdim 524249259Sdim case ${ipxrouted_enable} in 525249259Sdim [Yy][Ee][Ss]) 526249259Sdim echo -n ' IPXrouted' 527249259Sdim IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 528249259Sdim ;; 529249259Sdim esac 530249259Sdim 531249259Sdim case ${mrouted_enable} in 532249259Sdim [Yy][Ee][Ss]) 533249259Sdim echo -n ' mrouted'; mrouted ${mrouted_flags} 534249259Sdim ;; 535249259Sdim esac 536249259Sdim 537249259Sdim case ${rarpd_enable} in 538249259Sdim [Yy][Ee][Ss]) 539249259Sdim echo -n ' rarpd'; rarpd ${rarpd_flags} 540249259Sdim ;; 541249259Sdim esac 542249259Sdim echo '.' 543249259Sdim 544249259Sdim # Let future generations know we made it. 545249259Sdim # 546249259Sdim network_pass1_done=YES 547249259Sdim} 548249259Sdim 549249259Sdimnetwork_pass2() { 550249259Sdim echo -n 'Doing additional network setup:' 551249259Sdim case ${named_enable} in 552249259Sdim [Yy][Ee][Ss]) 553249259Sdim echo -n ' named'; ${named_program:-named} ${named_flags} 554249259Sdim ;; 555249259Sdim esac 556249259Sdim 557249259Sdim case ${ntpdate_enable} in 558249259Sdim [Yy][Ee][Ss]) 559249259Sdim echo -n ' ntpdate' 560249259Sdim ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 561249259Sdim ;; 562249259Sdim esac 563249259Sdim 564249259Sdim case ${xntpd_enable} in 565249259Sdim [Yy][Ee][Ss]) 566249259Sdim echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 567249259Sdim ;; 568249259Sdim esac 569249259Sdim 570249259Sdim case ${timed_enable} in 571249259Sdim [Yy][Ee][Ss]) 572249259Sdim echo -n ' timed'; timed ${timed_flags} 573249259Sdim ;; 574249259Sdim esac 575249259Sdim 576249259Sdim case ${portmap_enable} in 577249259Sdim [Yy][Ee][Ss]) 578249259Sdim echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 579249259Sdim ${portmap_flags} 580249259Sdim 581249259Sdim # Start ypserv if we're an NIS server. 582251662Sdim # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 583249259Sdim # 584249259Sdim case ${nis_server_enable} in 585249259Sdim [Yy][Ee][Ss]) 586249259Sdim echo -n ' ypserv'; ypserv ${nis_server_flags} 587249259Sdim 588249259Sdim case ${nis_ypxfrd_enable} in 589249259Sdim [Yy][Ee][Ss]) 590249259Sdim echo -n ' rpc.ypxfrd' 591249259Sdim rpc.ypxfrd ${nis_ypxfrd_flags} 592249259Sdim ;; 593249259Sdim esac 594249259Sdim 595249259Sdim case ${nis_yppasswdd_enable} in 596249259Sdim [Yy][Ee][Ss]) 597249259Sdim echo -n ' rpc.yppasswdd' 598249259Sdim rpc.yppasswdd ${nis_yppasswdd_flags} 599249259Sdim ;; 600249259Sdim esac 601249259Sdim ;; 602249259Sdim esac 603249259Sdim 604249259Sdim # Start ypbind if we're an NIS client 605249259Sdim # 606249259Sdim case ${nis_client_enable} in 607249259Sdim [Yy][Ee][Ss]) 608249259Sdim echo -n ' ypbind'; ypbind ${nis_client_flags} 609249259Sdim case ${nis_ypset_enable} in 610249259Sdim [Yy][Ee][Ss]) 611249259Sdim echo -n ' ypset'; ypset ${nis_ypset_flags} 612249259Sdim ;; 613249259Sdim esac 614249259Sdim ;; 615249259Sdim esac 616249259Sdim 617249259Sdim # Start keyserv if we are running Secure RPC 618249259Sdim # 619249259Sdim case ${keyserv_enable} in 620249259Sdim [Yy][Ee][Ss]) 621249259Sdim echo -n ' keyserv'; keyserv ${keyserv_flags} 622249259Sdim ;; 623249259Sdim esac 624249259Sdim 625249259Sdim # Start ypupdated if we are running Secure RPC 626249259Sdim # and we are NIS master 627249259Sdim # 628249259Sdim case ${rpc_ypupdated_enable} in 629249259Sdim [Yy][Ee][Ss]) 630249259Sdim echo -n ' rpc.ypupdated'; rpc.ypupdated 631249259Sdim ;; 632249259Sdim esac 633249259Sdim ;; 634249259Sdim esac 635249259Sdim 636249259Sdim # Start ATM daemons 637249259Sdim if [ -n "${atm_pass2_done}" ]; then 638249259Sdim atm_pass3 639249259Sdim fi 640249259Sdim 641249259Sdim echo '.' 642249259Sdim network_pass2_done=YES 643249259Sdim} 644249259Sdim 645249259Sdimnetwork_pass3() { 646249259Sdim echo -n 'Starting final network daemons:' 647249259Sdim 648249259Sdim case ${portmap_enable} in 649249259Sdim [Yy][Ee][Ss]) 650249259Sdim case ${nfs_server_enable} in 651249259Sdim [Yy][Ee][Ss]) 652249259Sdim # Handle absent nfs server support 653249259Sdim nfsserver_in_kernel=0 654249259Sdim if sysctl vfs.nfsrv >/dev/null 2>&1; then 655249259Sdim nfsserver_in_kernel=1 656249259Sdim else 657249259Sdim kldload nfsserver && nfsserver_in_kernel=1 658249259Sdim fi 659249259Sdim 660249259Sdim if [ -r /etc/exports -a \ 661249259Sdim ${nfsserver_in_kernel} -eq 1 ]; then 662249259Sdim echo -n ' mountd' 663249259Sdim 664249259Sdim case ${weak_mountd_authentication} in 665249259Sdim [Yy][Ee][Ss]) 666249259Sdim mountd_flags="${mountd_flags} -n" 667249259Sdim ;; 668249259Sdim esac 669249259Sdim 670249259Sdim mountd ${mountd_flags} 671249259Sdim 672249259Sdim case ${nfs_reserved_port_only} in 673249259Sdim [Yy][Ee][Ss]) 674249259Sdim echo -n ' NFS on reserved port only=YES' 675249259Sdim sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 676249259Sdim ;; 677249259Sdim esac 678249259Sdim 679249259Sdim echo -n ' nfsd'; nfsd ${nfs_server_flags} 680249259Sdim 681251662Sdim case ${rpc_lockd_enable} in 682249259Sdim [Yy][Ee][Ss]) 683249259Sdim echo -n ' rpc.lockd'; rpc.lockd 684249259Sdim ;; 685249259Sdim esac 686249259Sdim 687249259Sdim case ${rpc_statd_enable} in 688249259Sdim [Yy][Ee][Ss]) 689249259Sdim echo -n ' rpc.statd'; rpc.statd 690249259Sdim ;; 691249259Sdim esac 692249259Sdim else 693249259Sdim echo -n ' Warning: nfs server failed' 694249259Sdim fi 695249259Sdim ;; 696249259Sdim *) 697249259Sdim case ${single_mountd_enable} in 698249259Sdim [Yy][Ee][Ss]) 699249259Sdim if [ -r /etc/exports ]; then 700249259Sdim echo -n ' mountd' 701249259Sdim 702249259Sdim case ${weak_mountd_authentication} in 703249259Sdim [Yy][Ee][Ss]) 704249259Sdim mountd_flags="-n" 705249259Sdim ;; 706249259Sdim esac 707249259Sdim 708249259Sdim mountd ${mountd_flags} 709249259Sdim fi 710249259Sdim ;; 711249259Sdim esac 712249259Sdim ;; 713249259Sdim esac 714249259Sdim 715249259Sdim case ${nfs_client_enable} in 716249259Sdim [Yy][Ee][Ss]) 717249259Sdim if [ -n "${nfs_access_cache}" ]; then 718249259Sdim echo -n " NFS access cache time=${nfs_access_cache}" 719249259Sdim sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 720249259Sdim fi 721249259Sdim if [ -n "${nfs_bufpackets}" ]; then 722249259Sdim sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 723249259Sdim fi 724249259Sdim ;; 725249259Sdim esac 726249259Sdim 727249259Sdim # If /var/db/mounttab exists, some nfs-server has not been 728249259Sdim # sucessfully notified about a previous client shutdown. 729249259Sdim # If there is no /var/db/mounttab, we do nothing. 730249259Sdim if [ -f /var/db/mounttab ]; then 731249259Sdim rpc.umntall -k 732249259Sdim fi 733249259Sdim 734251662Sdim case ${amd_enable} in 735249259Sdim [Yy][Ee][Ss]) 736249259Sdim echo -n ' amd' 737249259Sdim case ${amd_map_program} in 738249259Sdim [Nn][Oo] | '') 739249259Sdim ;; 740249259Sdim *) 741249259Sdim amd_flags="${amd_flags} `eval\ 742249259Sdim ${amd_map_program}`" 743249259Sdim ;; 744249259Sdim esac 745249259Sdim 746249259Sdim if [ -n "${amd_flags}" ]; then 747249259Sdim amd -p ${amd_flags}\ 748249259Sdim > /var/run/amd.pid 2> /dev/null 749249259Sdim else 750249259Sdim amd 2> /dev/null 751249259Sdim fi 752249259Sdim ;; 753249259Sdim esac 754249259Sdim ;; 755249259Sdim esac 756249259Sdim 757249259Sdim case ${rwhod_enable} in 758249259Sdim [Yy][Ee][Ss]) 759249259Sdim echo -n ' rwhod'; rwhod ${rwhod_flags} 760249259Sdim ;; 761249259Sdim esac 762249259Sdim 763249259Sdim # Kerberos servers run ONLY on the Kerberos server machine 764249259Sdim case ${kerberos4_server_enable} in 765249259Sdim [Yy][Ee][Ss]) 766249259Sdim case ${kerberos_stash} in 767249259Sdim [Yy][Ee][Ss]) 768249259Sdim stash=-n 769249259Sdim ;; 770249259Sdim *) 771249259Sdim stash= 772249259Sdim ;; 773249259Sdim esac 774249259Sdim 775249259Sdim echo -n ' kerberosIV' 776249259Sdim ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 777249259Sdim 778249259Sdim case ${kadmind4_server_enable} in 779249259Sdim [Yy][Ee][Ss]) 780249259Sdim echo -n ' kadmindIV' 781249259Sdim ( 782249259Sdim sleep 20; 783249259Sdim ${kadmind4_server} ${stash} >/dev/null 2>&1 & 784249259Sdim ) & 785249259Sdim ;; 786249259Sdim esac 787249259Sdim unset stash_flag 788249259Sdim ;; 789249259Sdim esac 790249259Sdim 791249259Sdim case ${kerberos5_server_enable} in 792249259Sdim [Yy][Ee][Ss]) 793249259Sdim echo -n ' kerberos5' 794249259Sdim ${kerberos5_server} & 795249259Sdim 796249259Sdim case ${kadmind5_server_enable} in 797249259Sdim [Yy][Ee][Ss]) 798249259Sdim echo -n ' kadmind5' 799249259Sdim ${kadmind5_server} & 800249259Sdim ;; 801249259Sdim esac 802249259Sdim ;; 803249259Sdim esac 804249259Sdim 805249259Sdim case ${pppoed_enable} in 806249259Sdim [Yy][Ee][Ss]) 807249259Sdim if [ -n "${pppoed_provider}" ]; then 808249259Sdim pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 809249259Sdim fi 810249259Sdim echo -n ' pppoed'; 811249259Sdim /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 812249259Sdim ;; 813249259Sdim esac 814249259Sdim 815249259Sdim case ${sshd_enable} in 816249259Sdim [Yy][Ee][Ss]) 817249259Sdim if [ ! -f /etc/ssh/ssh_host_key ]; then 818249259Sdim echo ' creating ssh RSA host key'; 819249259Sdim /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 820249259Sdim fi 821249259Sdim if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 822249259Sdim echo ' creating ssh DSA host key'; 823249259Sdim /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 824249259Sdim fi 825249259Sdim ;; 826249259Sdim esac 827249259Sdim 828249259Sdim echo '.' 829249259Sdim network_pass3_done=YES 830249259Sdim} 831249259Sdim 832249259Sdimnetwork_pass4() { 833249259Sdim echo -n 'Additional TCP options:' 834249259Sdim case ${log_in_vain} in 835249259Sdim [Nn][Oo] | '') 836249259Sdim ;; 837249259Sdim *) 838249259Sdim echo -n ' log_in_vain=YES' 839249259Sdim sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 840249259Sdim sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 841249259Sdim ;; 842249259Sdim esac 843249259Sdim 844249259Sdim echo '.' 845249259Sdim network_pass4_done=YES 846249259Sdim} 847249259Sdim 848249259Sdimnetwork_gif_setup() { 849249259Sdim case ${gif_interfaces} in 850249259Sdim [Nn][Oo] | '') 851249259Sdim ;; 852249259Sdim *) 853249259Sdim for i in ${gif_interfaces}; do 854249259Sdim eval peers=\$gifconfig_$i 855249259Sdim case ${peers} in 856249259Sdim '') 857249259Sdim continue 858249259Sdim ;; 859249259Sdim *) 860249259Sdim ifconfig $i create >/dev/null 2>&1 861249259Sdim ifconfig $i tunnel ${peers} 862249259Sdim ;; 863249259Sdim esac 864249259Sdim done 865263508Sdim ;; 866249259Sdim esac 867249259Sdim} 868249259Sdim 869249259Sdimconvert_host_conf() { 870249259Sdim host_conf=$1; shift; 871249259Sdim nsswitch_conf=$1; shift; 872249259Sdim awk ' \ 873249259Sdim /^[:blank:]*#/ { next } \ 874249259Sdim /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 875249259Sdim /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 876249259Sdim /nis/ { nsswitch[c] = "nis"; c++; next } \ 877249259Sdim { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 878249259Sdim END { \ 879249259Sdim printf "hosts: "; \ 880249259Sdim for (i in nsswitch) printf "%s ", nsswitch[i]; \ 881249259Sdim printf "\n"; \ 882249259Sdim }' < $host_conf > $nsswitch_conf 883249259Sdim} 884249259Sdim 885249259Sdimgenerate_host_conf() { 886249259Sdim nsswitch_conf=$1; shift; 887249259Sdim host_conf=$1; shift; 888249259Sdim 889249259Sdim awk ' 890249259SdimBEGIN { 891249259Sdim xlat["files"] = "hosts"; 892249259Sdim xlat["dns"] = "bind"; 893249259Sdim xlat["nis"] = "nis"; 894249259Sdim cont = 0; 895249259Sdim} 896249259Sdimsub(/^[\t ]*hosts:/, "") || cont { 897249259Sdim if (!cont) 898249259Sdim srcs = "" 899249259Sdim sub(/#.*/, "") 900249259Sdim gsub(/[][]/, " & ") 901249259Sdim cont = sub(/\\$/, "") 902249259Sdim srcs = srcs " " $0 903249259Sdim} 904249259SdimEND { 905249259Sdim print "# Auto-generated from nsswitch.conf, do not edit" 906249259Sdim ns = split(srcs, s) 907249259Sdim for (n = 1; n <= ns; ++n) { 908249259Sdim if (s[n] in xlat) 909249259Sdim print xlat[s[n]] 910249259Sdim } 911249259Sdim} 912249259Sdim' <$nsswitch_conf >$host_conf 913249259Sdim} 914249259Sdim