routing revision 91626
1123120Simp#!/bin/sh - 2123120Simp# 3123120Simp# Copyright (c) 1993 The FreeBSD Project 4123120Simp# All rights reserved. 5123120Simp# 6123120Simp# Redistribution and use in source and binary forms, with or without 7123120Simp# modification, are permitted provided that the following conditions 8123120Simp# are met: 9123120Simp# 1. Redistributions of source code must retain the above copyright 10123120Simp# notice, this list of conditions and the following disclaimer. 11123120Simp# 2. Redistributions in binary form must reproduce the above copyright 12123120Simp# notice, this list of conditions and the following disclaimer in the 13123120Simp# documentation and/or other materials provided with the distribution. 14123120Simp# 15123120Simp# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16123120Simp# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17123120Simp# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18123120Simp# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19123120Simp# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20123120Simp# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21123120Simp# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22123120Simp# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23123120Simp# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24123120Simp# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25123120Simp# SUCH DAMAGE. 26123120Simp# 27123120Simp# $FreeBSD: head/etc/rc.d/routing 91626 2002-03-04 10:30:24Z dd $ 28123120Simp# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29123120Simp# 30123120Simp 31123120Simp# Note that almost all of the user-configurable behavior is no longer in 32123120Simp# this file, but rather in /etc/defaults/rc.conf. Please check that file 33123120Simp# first before contemplating any changes here. If you do need to change 34123120Simp# this file for some reason, we would like to know about it. 35123120Simp 36123120Simp# First pass startup stuff. 37123120Simp# 38123120Simpnetwork_pass1() { 39123120Simp echo -n 'Doing initial network setup:' 40123120Simp 41123120Simp # Generate host.conf for compatibility 42123120Simp # 43123120Simp if [ -f "/etc/nsswitch.conf" ]; then 44123120Simp echo -n ' host.conf' 45123120Simp generate_host_conf /etc/nsswitch.conf /etc/host.conf 46123120Simp fi 47123120Simp 48123120Simp # Convert host.conf to nsswitch.conf if necessary 49123120Simp # 50123120Simp if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 51123120Simp echo '' 52123120Simp echo 'Warning: /etc/host.conf is no longer used' 53123120Simp echo ' /etc/nsswitch.conf will be created for you' 54123120Simp convert_host_conf /etc/host.conf /etc/nsswitch.conf 55123120Simp fi 56123120Simp 57123120Simp # Set the host name if it is not already set 58123120Simp # 59123120Simp if [ -z "`hostname -s`" ]; then 60123120Simp hostname ${hostname} 61123120Simp echo -n ' hostname' 62123120Simp fi 63123120Simp 64123120Simp # Establish ipfilter ruleset as early as possible (best in 65123120Simp # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 66123120Simp 67123120Simp # check whether ipfilter and/or ipnat is enabled 68123120Simp ipfilter_active="NO" 69123120Simp case ${ipfilter_enable} in 70123120Simp [Yy][Ee][Ss]) 71123120Simp ipfilter_active="YES" 72123120Simp ;; 73123120Simp esac 74123120Simp case ${ipnat_enable} in 75123120Simp [Yy][Ee][Ss]) 76123120Simp ipfilter_active="YES" 77123120Simp ;; 78123120Simp esac 79123120Simp case ${ipfilter_active} in 80123120Simp [Yy][Ee][Ss]) 81123120Simp # load ipfilter kernel module if needed 82123120Simp if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 83123120Simp if kldload ipl; then 84123120Simp echo 'IP-filter module loaded.' 85123120Simp else 86123120Simp echo 'Warning: IP-filter module failed to load.' 87123120Simp # avoid further errors 88123120Simp ipmon_enable="NO" 89123120Simp ipfilter_enable="NO" 90123120Simp ipnat_enable="NO" 91123120Simp ipfs_enable="NO" 92123120Simp fi 93123120Simp fi 94123120Simp # start ipmon before loading any rules 95123120Simp case "${ipmon_enable}" in 96123120Simp [Yy][Ee][Ss]) 97123120Simp echo -n ' ipmon' 98123120Simp ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 99123120Simp ;; 100123120Simp esac 101123120Simp case "${ipfilter_enable}" in 102123120Simp [Yy][Ee][Ss]) 103123120Simp if [ -r "${ipfilter_rules}" ]; then 104123120Simp echo -n ' ipfilter' 105123120Simp ${ipfilter_program:-/sbin/ipf} -Fa -f \ 106123120Simp "${ipfilter_rules}" ${ipfilter_flags} 107123120Simp else 108123120Simp ipfilter_enable="NO" 109123120Simp echo -n ' NO IPF RULES' 110123120Simp fi 111123120Simp ;; 112123120Simp esac 113123120Simp case "${ipnat_enable}" in 114123120Simp [Yy][Ee][Ss]) 115123120Simp if [ -r "${ipnat_rules}" ]; then 116123120Simp echo -n ' ipnat' 117123120Simp eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 118123120Simp "${ipnat_rules}" ${ipnat_flags} 119123120Simp else 120123120Simp ipnat_enable="NO" 121123120Simp echo -n ' NO IPNAT RULES' 122123120Simp fi 123123120Simp ;; 124123120Simp esac 125123120Simp # restore filter/NAT state tables after loading the rules 126123120Simp case "${ipfs_enable}" in 127123120Simp [Yy][Ee][Ss]) 128123120Simp if [ -r "/var/db/ipf/ipstate.ipf" ]; then 129123120Simp echo -n ' ipfs' 130123120Simp ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 131123120Simp # remove files to avoid reloading old state 132123120Simp # after an ungraceful shutdown 133123120Simp rm -f /var/db/ipf/ipstate.ipf 134123120Simp rm -f /var/db/ipf/ipnat.ipf 135123120Simp fi 136123120Simp ;; 137123120Simp esac 138123120Simp ;; 139123120Simp esac 140123120Simp 141123120Simp # Set the domainname if we're using NIS 142123120Simp # 143123120Simp case ${nisdomainname} in 144123120Simp [Nn][Oo] | '') 145123120Simp ;; 146123120Simp *) 147123120Simp domainname ${nisdomainname} 148123120Simp echo -n ' domain' 149123120Simp ;; 150123120Simp esac 151123120Simp 152123120Simp echo '.' 153123120Simp 154123120Simp # Initial ATM interface configuration 155123120Simp # 156123120Simp case ${atm_enable} in 157123120Simp [Yy][Ee][Ss]) 158123120Simp if [ -r /etc/rc.atm ]; then 159123120Simp . /etc/rc.atm 160123120Simp atm_pass1 161123120Simp fi 162123120Simp ;; 163123120Simp esac 164123120Simp 165123120Simp # Attempt to create cloned interfaces. 166123120Simp for ifn in ${cloned_interfaces}; do 167123120Simp ifconfig ${ifn} create 168123120Simp done 169123120Simp 170123120Simp # Special options for sppp(4) interfaces go here. These need 171123120Simp # to go _before_ the general ifconfig section, since in the case 172123120Simp # of hardwired (no link1 flag) but required authentication, you 173123120Simp # cannot pass auth parameters down to the already running interface. 174123120Simp # 175123120Simp for ifn in ${sppp_interfaces}; do 176123120Simp eval spppcontrol_args=\$spppconfig_${ifn} 177123120Simp if [ -n "${spppcontrol_args}" ]; then 178123120Simp # The auth secrets might contain spaces; in order 179123120Simp # to retain the quotation, we need to eval them 180123120Simp # here. 181123120Simp eval spppcontrol ${ifn} ${spppcontrol_args} 182123120Simp fi 183123120Simp done 184123120Simp 185123120Simp # gifconfig 186123120Simp network_gif_setup 187123120Simp 188123120Simp # Set up all the network interfaces, calling startup scripts if needed 189123120Simp # 190123120Simp case ${network_interfaces} in 191123120Simp [Aa][Uu][Tt][Oo]) 192123120Simp network_interfaces="`ifconfig -l`" 193123120Simp ;; 194123120Simp *) 195123120Simp network_interfaces="${network_interfaces} ${cloned_interfaces}" 196123120Simp ;; 197123120Simp esac 198123120Simp 199123120Simp dhcp_interfaces="" 200123120Simp for ifn in ${network_interfaces}; do 201123120Simp if [ -r /etc/start_if.${ifn} ]; then 202123120Simp . /etc/start_if.${ifn} 203123120Simp eval showstat_$ifn=1 204123120Simp fi 205123120Simp 206123120Simp # Do the primary ifconfig if specified 207123120Simp # 208123120Simp eval ifconfig_args=\$ifconfig_${ifn} 209123120Simp 210123120Simp case ${ifconfig_args} in 211123120Simp '') 212123120Simp ;; 213123120Simp [Dd][Hh][Cc][Pp]) 214123120Simp # DHCP inits are done all in one go below 215123120Simp dhcp_interfaces="$dhcp_interfaces $ifn" 216123120Simp eval showstat_$ifn=1 217123120Simp ;; 218123120Simp *) 219123120Simp ifconfig ${ifn} ${ifconfig_args} 220123120Simp eval showstat_$ifn=1 221123120Simp ;; 222123120Simp esac 223123120Simp done 224123120Simp 225123120Simp if [ ! -z "${dhcp_interfaces}" ]; then 226123120Simp ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 227123120Simp fi 228123120Simp 229123120Simp for ifn in ${network_interfaces}; do 230123120Simp # Check to see if aliases need to be added 231123120Simp # 232123120Simp alias=0 233123120Simp while : ; do 234123120Simp eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 235123120Simp if [ -n "${ifconfig_args}" ]; then 236123120Simp ifconfig ${ifn} ${ifconfig_args} alias 237123120Simp eval showstat_$ifn=1 238123120Simp alias=$((${alias} + 1)) 239123120Simp else 240123120Simp break; 241123120Simp fi 242123120Simp done 243123120Simp 244123120Simp # Do ipx address if specified 245123120Simp # 246123120Simp eval ifconfig_args=\$ifconfig_${ifn}_ipx 247123120Simp if [ -n "${ifconfig_args}" ]; then 248123120Simp ifconfig ${ifn} ${ifconfig_args} 249123120Simp eval showstat_$ifn=1 250123120Simp fi 251123120Simp done 252123120Simp 253123120Simp for ifn in ${network_interfaces}; do 254123120Simp eval showstat=\$showstat_${ifn} 255123120Simp if [ ! -z ${showstat} ]; then 256123120Simp ifconfig ${ifn} 257123120Simp fi 258123120Simp done 259123120Simp 260123120Simp # ISDN subsystem startup 261123120Simp # 262123120Simp case ${isdn_enable} in 263123120Simp [Yy][Ee][Ss]) 264123120Simp if [ -r /etc/rc.isdn ]; then 265123120Simp . /etc/rc.isdn 266123120Simp fi 267123120Simp ;; 268123120Simp esac 269123120Simp 270123120Simp # Start user ppp if required. This must happen before natd. 271123120Simp # 272123120Simp case ${ppp_enable} in 273123120Simp [Yy][Ee][Ss]) 274123120Simp # Establish ppp mode. 275123120Simp # 276123120Simp if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 277123120Simp -a "${ppp_mode}" != "dedicated" \ 278123120Simp -a "${ppp_mode}" != "background" ]; then 279123120Simp ppp_mode="auto" 280123120Simp fi 281123120Simp 282123120Simp ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 283123120Simp 284123120Simp # Switch on NAT mode? 285123120Simp # 286123120Simp case ${ppp_nat} in 287123120Simp [Yy][Ee][Ss]) 288123120Simp ppp_command="${ppp_command} -nat" 289123120Simp ;; 290123120Simp esac 291123120Simp 292123120Simp ppp_command="${ppp_command} ${ppp_profile}" 293123120Simp 294123120Simp echo "Starting ppp as \"${ppp_user}\"" 295123120Simp su -m ${ppp_user} -c "exec ${ppp_command}" 296123120Simp ;; 297123120Simp esac 298123120Simp 299123120Simp # Re-Sync ipfilter so it picks up any new network interfaces 300123120Simp # 301123120Simp case ${ipfilter_active} in 302123120Simp [Yy][Ee][Ss]) 303123120Simp ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null 304123120Simp ;; 305123120Simp esac 306123120Simp unset ipfilter_active 307123120Simp 308123120Simp # Initialize IP filtering using ipfw 309123120Simp # 310123120Simp if /sbin/ipfw -q flush > /dev/null 2>&1; then 311123120Simp firewall_in_kernel=1 312123120Simp else 313123120Simp firewall_in_kernel=0 314123120Simp fi 315123120Simp 316123120Simp case ${firewall_enable} in 317123120Simp [Yy][Ee][Ss]) 318123120Simp if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 319123120Simp firewall_in_kernel=1 320123120Simp echo 'Kernel firewall module loaded' 321123120Simp elif [ "${firewall_in_kernel}" -eq 0 ]; then 322123120Simp echo 'Warning: firewall kernel module failed to load' 323123120Simp fi 324123120Simp ;; 325123120Simp esac 326123120Simp 327123120Simp # Load the filters if required 328123120Simp # 329123120Simp case ${firewall_in_kernel} in 330123120Simp 1) 331123120Simp if [ -z "${firewall_script}" ]; then 332123120Simp firewall_script=/etc/rc.firewall 333123120Simp fi 334123120Simp 335123120Simp case ${firewall_enable} in 336123120Simp [Yy][Ee][Ss]) 337123120Simp if [ -r "${firewall_script}" ]; then 338123120Simp . "${firewall_script}" 339123120Simp echo -n 'Firewall rules loaded, starting divert daemons:' 340123120Simp 341123120Simp # Network Address Translation daemon 342123120Simp # 343123120Simp case ${natd_enable} in 344123120Simp [Yy][Ee][Ss]) 345123120Simp if [ -n "${natd_interface}" ]; then 346123120Simp if echo ${natd_interface} | \ 347123120Simp grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 348123120Simp natd_flags="$natd_flags -a ${natd_interface}" 349123120Simp else 350123120Simp natd_flags="$natd_flags -n ${natd_interface}" 351123120Simp fi 352123120Simp fi 353123120Simp echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} 354123120Simp ;; 355123120Simp esac 356123120Simp 357123120Simp echo '.' 358123120Simp 359123120Simp elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 360123120Simp echo 'Warning: kernel has firewall functionality,' \ 361123120Simp 'but firewall rules are not enabled.' 362123120Simp echo ' All ip services are disabled.' 363123120Simp fi 364123120Simp 365123120Simp case ${firewall_logging} in 366123120Simp [Yy][Ee][Ss] | '') 367123120Simp echo 'Firewall logging=YES' 368123120Simp sysctl net.inet.ip.fw.verbose=1 >/dev/null 369123120Simp ;; 370123120Simp *) 371123120Simp ;; 372123120Simp esac 373123120Simp 374123120Simp ;; 375123120Simp esac 376123120Simp ;; 377123120Simp esac 378123120Simp 379123120Simp # Additional ATM interface configuration 380123120Simp # 381123120Simp if [ -n "${atm_pass1_done}" ]; then 382123120Simp atm_pass2 383123120Simp fi 384123120Simp 385123120Simp # Configure routing 386123120Simp # 387123120Simp case ${defaultrouter} in 388123120Simp [Nn][Oo] | '') 389123120Simp ;; 390123120Simp *) 391123120Simp static_routes="default ${static_routes}" 392123120Simp route_default="default ${defaultrouter}" 393123120Simp ;; 394123120Simp esac 395123120Simp 396123120Simp # Set up any static routes. This should be done before router discovery. 397123120Simp # 398123120Simp if [ -n "${static_routes}" ]; then 399123120Simp for i in ${static_routes}; do 400123120Simp eval route_args=\$route_${i} 401123120Simp route add ${route_args} 402123120Simp done 403123120Simp fi 404123120Simp 405123120Simp echo -n 'Additional routing options:' 406123120Simp case ${tcp_extensions} in 407123120Simp [Yy][Ee][Ss] | '') 408123120Simp ;; 409123120Simp *) 410123120Simp echo -n ' tcp extensions=NO' 411123120Simp sysctl net.inet.tcp.rfc1323=0 >/dev/null 412123120Simp ;; 413123120Simp esac 414123120Simp 415123120Simp case ${icmp_bmcastecho} in 416123120Simp [Yy][Ee][Ss]) 417123120Simp echo -n ' broadcast ping responses=YES' 418123120Simp sysctl net.inet.icmp.bmcastecho=1 >/dev/null 419123120Simp ;; 420123120Simp esac 421123120Simp 422123120Simp case ${icmp_drop_redirect} in 423123120Simp [Yy][Ee][Ss]) 424123120Simp echo -n ' ignore ICMP redirect=YES' 425123120Simp sysctl net.inet.icmp.drop_redirect=1 >/dev/null 426123120Simp ;; 427123120Simp esac 428123120Simp 429123120Simp case ${icmp_log_redirect} in 430123120Simp [Yy][Ee][Ss]) 431123120Simp echo -n ' log ICMP redirect=YES' 432123120Simp sysctl net.inet.icmp.log_redirect=1 >/dev/null 433123120Simp ;; 434123120Simp esac 435123120Simp 436123120Simp case ${gateway_enable} in 437123120Simp [Yy][Ee][Ss]) 438123120Simp echo -n ' IP gateway=YES' 439123120Simp sysctl net.inet.ip.forwarding=1 >/dev/null 440123120Simp ;; 441123120Simp esac 442123120Simp 443123120Simp case ${forward_sourceroute} in 444123120Simp [Yy][Ee][Ss]) 445123120Simp echo -n ' do source routing=YES' 446123120Simp sysctl net.inet.ip.sourceroute=1 >/dev/null 447123120Simp ;; 448123120Simp esac 449123120Simp 450123120Simp case ${accept_sourceroute} in 451123120Simp [Yy][Ee][Ss]) 452123120Simp echo -n ' accept source routing=YES' 453123120Simp sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 454123120Simp ;; 455123120Simp esac 456123120Simp 457123120Simp case ${tcp_keepalive} in 458123120Simp [Nn][Oo]) 459123120Simp echo -n ' TCP keepalive=NO' 460123120Simp sysctl net.inet.tcp.always_keepalive=0 >/dev/null 461123120Simp ;; 462123120Simp esac 463123120Simp 464123120Simp case ${tcp_drop_synfin} in 465123120Simp [Yy][Ee][Ss]) 466123120Simp echo -n ' drop SYN+FIN packets=YES' 467123120Simp sysctl net.inet.tcp.drop_synfin=1 >/dev/null 468123120Simp ;; 469123120Simp esac 470123120Simp 471123120Simp case ${ipxgateway_enable} in 472123120Simp [Yy][Ee][Ss]) 473123120Simp echo -n ' IPX gateway=YES' 474123120Simp sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 475123120Simp ;; 476123120Simp esac 477123120Simp 478123120Simp case ${arpproxy_all} in 479123120Simp [Yy][Ee][Ss]) 480123120Simp echo -n ' ARP proxyall=YES' 481123120Simp sysctl net.link.ether.inet.proxyall=1 >/dev/null 482123120Simp ;; 483123120Simp esac 484123120Simp 485123120Simp case ${ip_portrange_first} in 486123120Simp [Nn][Oo] | '') 487123120Simp ;; 488123120Simp *) 489123120Simp echo -n " ip_portrange_first=$ip_portrange_first" 490123120Simp sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 491123120Simp ;; 492123120Simp esac 493123120Simp 494123120Simp case ${ip_portrange_last} in 495123120Simp [Nn][Oo] | '') 496123120Simp ;; 497123120Simp *) 498123120Simp echo -n " ip_portrange_last=$ip_portrange_last" 499123120Simp sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 500123120Simp ;; 501123120Simp esac 502123120Simp 503123120Simp echo '.' 504123120Simp 505123120Simp case ${ipsec_enable} in 506123120Simp [Yy][Ee][Ss]) 507123120Simp if [ -f ${ipsec_file} ]; then 508123120Simp echo ' ipsec: enabled' 509123120Simp setkey -f ${ipsec_file} 510123120Simp else 511123120Simp echo ' ipsec: file not found' 512123120Simp fi 513123120Simp ;; 514123120Simp esac 515123120Simp 516123120Simp echo -n 'Routing daemons:' 517123120Simp case ${router_enable} in 518123120Simp [Yy][Ee][Ss]) 519123120Simp echo -n " ${router}"; ${router} ${router_flags} 520123120Simp ;; 521123120Simp esac 522123120Simp 523123120Simp case ${ipxrouted_enable} in 524123120Simp [Yy][Ee][Ss]) 525123120Simp echo -n ' IPXrouted' 526123120Simp IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 527123120Simp ;; 528123120Simp esac 529123120Simp 530123120Simp case ${mrouted_enable} in 531123120Simp [Yy][Ee][Ss]) 532123120Simp echo -n ' mrouted'; mrouted ${mrouted_flags} 533123120Simp ;; 534123120Simp esac 535123120Simp 536123120Simp case ${rarpd_enable} in 537123120Simp [Yy][Ee][Ss]) 538123120Simp echo -n ' rarpd'; rarpd ${rarpd_flags} 539123120Simp ;; 540123120Simp esac 541123120Simp echo '.' 542123120Simp 543123120Simp # Let future generations know we made it. 544123120Simp # 545123120Simp network_pass1_done=YES 546123120Simp} 547123120Simp 548123120Simpnetwork_pass2() { 549123120Simp echo -n 'Doing additional network setup:' 550123120Simp case ${named_enable} in 551123120Simp [Yy][Ee][Ss]) 552123120Simp echo -n ' named'; ${named_program:-named} ${named_flags} 553123120Simp ;; 554123120Simp esac 555123120Simp 556123120Simp case ${ntpdate_enable} in 557123120Simp [Yy][Ee][Ss]) 558123120Simp echo -n ' ntpdate' 559123120Simp ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 560123120Simp ;; 561123120Simp esac 562123120Simp 563123120Simp case ${xntpd_enable} in 564123120Simp [Yy][Ee][Ss]) 565123120Simp echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 566123120Simp ;; 567123120Simp esac 568123120Simp 569123120Simp case ${timed_enable} in 570123120Simp [Yy][Ee][Ss]) 571123120Simp echo -n ' timed'; timed ${timed_flags} 572123120Simp ;; 573123120Simp esac 574123120Simp 575123120Simp case ${portmap_enable} in 576123120Simp [Yy][Ee][Ss]) 577123120Simp echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 578123120Simp ${portmap_flags} 579123120Simp 580123120Simp # Start ypserv if we're an NIS server. 581123120Simp # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 582123120Simp # 583123120Simp case ${nis_server_enable} in 584123120Simp [Yy][Ee][Ss]) 585123120Simp echo -n ' ypserv'; ypserv ${nis_server_flags} 586123120Simp 587123120Simp case ${nis_ypxfrd_enable} in 588123120Simp [Yy][Ee][Ss]) 589123120Simp echo -n ' rpc.ypxfrd' 590123120Simp rpc.ypxfrd ${nis_ypxfrd_flags} 591123120Simp ;; 592123120Simp esac 593123120Simp 594123120Simp case ${nis_yppasswdd_enable} in 595123120Simp [Yy][Ee][Ss]) 596123120Simp echo -n ' rpc.yppasswdd' 597123120Simp rpc.yppasswdd ${nis_yppasswdd_flags} 598123120Simp ;; 599123120Simp esac 600123120Simp ;; 601123120Simp esac 602123120Simp 603123120Simp # Start ypbind if we're an NIS client 604123120Simp # 605123120Simp case ${nis_client_enable} in 606123120Simp [Yy][Ee][Ss]) 607123120Simp echo -n ' ypbind'; ypbind ${nis_client_flags} 608123120Simp case ${nis_ypset_enable} in 609123120Simp [Yy][Ee][Ss]) 610123120Simp echo -n ' ypset'; ypset ${nis_ypset_flags} 611123120Simp ;; 612123120Simp esac 613123120Simp ;; 614123120Simp esac 615123120Simp 616123120Simp # Start keyserv if we are running Secure RPC 617123120Simp # 618123120Simp case ${keyserv_enable} in 619123120Simp [Yy][Ee][Ss]) 620123120Simp echo -n ' keyserv'; keyserv ${keyserv_flags} 621123120Simp ;; 622123120Simp esac 623123120Simp 624123120Simp # Start ypupdated if we are running Secure RPC 625123120Simp # and we are NIS master 626123120Simp # 627123120Simp case ${rpc_ypupdated_enable} in 628123120Simp [Yy][Ee][Ss]) 629123120Simp echo -n ' rpc.ypupdated'; rpc.ypupdated 630123120Simp ;; 631123120Simp esac 632123120Simp ;; 633123120Simp esac 634123120Simp 635123120Simp # Start ATM daemons 636123120Simp if [ -n "${atm_pass2_done}" ]; then 637123120Simp atm_pass3 638123120Simp fi 639123120Simp 640123120Simp echo '.' 641123120Simp network_pass2_done=YES 642123120Simp} 643123120Simp 644123120Simpnetwork_pass3() { 645123120Simp echo -n 'Starting final network daemons:' 646123120Simp 647123120Simp case ${portmap_enable} in 648123120Simp [Yy][Ee][Ss]) 649123120Simp case ${nfs_server_enable} in 650123120Simp [Yy][Ee][Ss]) 651123120Simp # Handle absent nfs server support 652123120Simp nfsserver_in_kernel=0 653123120Simp if sysctl vfs.nfsrv >/dev/null 2>&1; then 654123120Simp nfsserver_in_kernel=1 655123120Simp else 656123120Simp kldload nfsserver && nfsserver_in_kernel=1 657123120Simp fi 658123120Simp 659123120Simp if [ -r /etc/exports -a \ 660123120Simp ${nfsserver_in_kernel} -eq 1 ]; then 661123120Simp echo -n ' mountd' 662123120Simp 663123120Simp case ${weak_mountd_authentication} in 664123120Simp [Yy][Ee][Ss]) 665123120Simp mountd_flags="${mountd_flags} -n" 666123120Simp ;; 667123120Simp esac 668123120Simp 669123120Simp mountd ${mountd_flags} 670123120Simp 671123120Simp case ${nfs_reserved_port_only} in 672123120Simp [Yy][Ee][Ss]) 673123120Simp echo -n ' NFS on reserved port only=YES' 674123120Simp sysctl vfs.nfsrv.nfs_privport=1 > /dev/null 675123120Simp ;; 676123120Simp esac 677123120Simp 678123120Simp echo -n ' nfsd'; nfsd ${nfs_server_flags} 679123120Simp 680123120Simp case ${rpc_statd_enable} in 681123120Simp [Yy][Ee][Ss]) 682123120Simp echo -n ' rpc.statd'; rpc.statd 683123120Simp ;; 684123120Simp esac 685123120Simp 686123120Simp case ${rpc_lockd_enable} in 687123120Simp [Yy][Ee][Ss]) 688123120Simp echo -n ' rpc.lockd'; rpc.lockd 689123120Simp ;; 690123120Simp esac 691123120Simp else 692123120Simp echo -n ' Warning: nfs server failed' 693123120Simp fi 694123120Simp ;; 695123120Simp *) 696123120Simp case ${single_mountd_enable} in 697123120Simp [Yy][Ee][Ss]) 698123120Simp if [ -r /etc/exports ]; then 699123120Simp echo -n ' mountd' 700123120Simp 701123120Simp case ${weak_mountd_authentication} in 702123120Simp [Yy][Ee][Ss]) 703123120Simp mountd_flags="-n" 704123120Simp ;; 705123120Simp esac 706123120Simp 707123120Simp mountd ${mountd_flags} 708123120Simp fi 709123120Simp ;; 710123120Simp esac 711123120Simp ;; 712123120Simp esac 713123120Simp 714123120Simp case ${nfs_client_enable} in 715123120Simp [Yy][Ee][Ss]) 716123120Simp nfsclient_in_kernel=0 717123120Simp # Handle absent nfs client support 718123120Simp if sysctl vfs.nfs >/dev/null 2>&1; then 719123120Simp nfsclient_in_kernel=1 720123120Simp else 721123120Simp kldload nfsclient && nfsclient_in_kernel=1 722123120Simp fi 723123120Simp 724123120Simp if [ ${nfsclient_in_kernel} -eq 1 ] 725123120Simp then 726123120Simp if [ -n "${nfs_access_cache}" ]; then 727123120Simp echo -n " NFS access cache time=${nfs_access_cache}" 728123120Simp sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 729123120Simp fi 730123120Simp if [ -n "${nfs_bufpackets}" ]; then 731123120Simp sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 732123120Simp fi 733123120Simp case ${rpc_statd_enable} in 734123120Simp [Yy][Ee][Ss]) 735123120Simp echo -n ' rpc.statd'; rpc.statd 736123120Simp ;; 737123120Simp esac 738123120Simp 739123120Simp case ${rpc_lockd_enable} in 740123120Simp [Yy][Ee][Ss]) 741123120Simp echo -n ' rpc.lockd'; rpc.lockd 742123120Simp ;; 743123120Simp esac 744123120Simp 745123120Simp case ${amd_enable} in 746123120Simp [Yy][Ee][Ss]) 747123120Simp echo -n ' amd' 748123120Simp case ${amd_map_program} in 749123120Simp [Nn][Oo] | '') 750123120Simp ;; 751123120Simp *) 752123120Simp amd_flags="${amd_flags} `eval\ 753123120Simp ${amd_map_program}`" 754123120Simp ;; 755123120Simp esac 756123120Simp 757123120Simp if [ -n "${amd_flags}" ]; then 758123120Simp amd -p ${amd_flags}\ 759123120Simp > /var/run/amd.pid 2> /dev/null 760123120Simp else 761123120Simp amd 2> /dev/null 762123120Simp fi 763123120Simp ;; 764123120Simp esac 765123120Simp else 766123120Simp echo 'Warning: NFS client kernel module failed to load' 767123120Simp nfs_client_enable=NO 768123120Simp fi 769123120Simp ;; 770123120Simp esac 771123120Simp 772123120Simp # If /var/db/mounttab exists, some nfs-server has not been 773123120Simp # successfully notified about a previous client shutdown. 774123120Simp # If there is no /var/db/mounttab, we do nothing. 775123120Simp if [ -f /var/db/mounttab ]; then 776123120Simp rpc.umntall -k 777123120Simp fi 778123120Simp 779123120Simp ;; 780123120Simp esac 781123120Simp 782123120Simp case ${rwhod_enable} in 783123120Simp [Yy][Ee][Ss]) 784123120Simp echo -n ' rwhod'; rwhod ${rwhod_flags} 785123120Simp ;; 786123120Simp esac 787123120Simp 788123120Simp # Kerberos servers run ONLY on the Kerberos server machine 789123120Simp case ${kerberos4_server_enable} in 790123120Simp [Yy][Ee][Ss]) 791123120Simp case ${kerberos_stash} in 792123120Simp [Yy][Ee][Ss]) 793123120Simp stash=-n 794123120Simp ;; 795123120Simp *) 796123120Simp stash= 797123120Simp ;; 798123120Simp esac 799123120Simp 800123120Simp echo -n ' kerberosIV' 801123120Simp ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 802123120Simp 803123120Simp case ${kadmind4_server_enable} in 804123120Simp [Yy][Ee][Ss]) 805123120Simp echo -n ' kadmindIV' 806123120Simp ( 807123120Simp sleep 20; 808123120Simp ${kadmind4_server} ${stash} >/dev/null 2>&1 & 809123120Simp ) & 810123120Simp ;; 811123120Simp esac 812123120Simp unset stash_flag 813123120Simp ;; 814123120Simp esac 815123120Simp 816123120Simp case ${kerberos5_server_enable} in 817123120Simp [Yy][Ee][Ss]) 818123120Simp echo -n ' kerberos5' 819123120Simp ${kerberos5_server} & 820123120Simp 821123120Simp case ${kadmind5_server_enable} in 822123120Simp [Yy][Ee][Ss]) 823123120Simp echo -n ' kadmind5' 824123120Simp ${kadmind5_server} & 825123120Simp ;; 826123120Simp esac 827123120Simp ;; 828123120Simp esac 829123120Simp 830123120Simp case ${pppoed_enable} in 831123120Simp [Yy][Ee][Ss]) 832123120Simp if [ -n "${pppoed_provider}" ]; then 833123120Simp pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 834123120Simp fi 835123120Simp echo -n ' pppoed'; 836123120Simp _opts=$-; set -f 837123120Simp /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 838123120Simp set +f; set -${_opts} 839123120Simp ;; 840123120Simp esac 841123120Simp 842123120Simp case ${sshd_enable} in 843123120Simp [Yy][Ee][Ss]) 844123120Simp if [ ! -f /etc/ssh/ssh_host_key ]; then 845123120Simp echo ' creating ssh RSA host key'; 846123120Simp /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 847123120Simp fi 848123120Simp if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 849123120Simp echo ' creating ssh DSA host key'; 850123120Simp /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 851123120Simp fi 852123120Simp ;; 853 esac 854 855 echo '.' 856 network_pass3_done=YES 857} 858 859network_pass4() { 860 echo -n 'Additional TCP options:' 861 case ${log_in_vain} in 862 [Nn][Oo] | '') 863 log_in_vain=0 864 ;; 865 [Yy][Ee][Ss]) 866 log_in_vain=1 867 ;; 868 [0-9]*) 869 ;; 870 *) 871 echo " invalid log_in_vain setting: ${log_in_vain}" 872 log_in_vain=0 873 ;; 874 esac 875 876 [ "${log_in_vain}" -ne 0 ] && ( 877 echo -n " log_in_vain=${log_in_vain}" 878 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null 879 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null 880 ) 881 echo '.' 882 network_pass4_done=YES 883} 884 885network_gif_setup() { 886 case ${gif_interfaces} in 887 [Nn][Oo] | '') 888 ;; 889 *) 890 for i in ${gif_interfaces}; do 891 eval peers=\$gifconfig_$i 892 case ${peers} in 893 '') 894 continue 895 ;; 896 *) 897 ifconfig $i create >/dev/null 2>&1 898 ifconfig $i tunnel ${peers} 899 ;; 900 esac 901 done 902 ;; 903 esac 904} 905 906convert_host_conf() { 907 host_conf=$1; shift; 908 nsswitch_conf=$1; shift; 909 awk ' \ 910 /^[:blank:]*#/ { next } \ 911 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 912 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 913 /nis/ { nsswitch[c] = "nis"; c++; next } \ 914 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 915 END { \ 916 printf "hosts: "; \ 917 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 918 printf "\n"; \ 919 }' < $host_conf > $nsswitch_conf 920} 921 922generate_host_conf() { 923 nsswitch_conf=$1; shift; 924 host_conf=$1; shift; 925 926 awk ' 927BEGIN { 928 xlat["files"] = "hosts"; 929 xlat["dns"] = "bind"; 930 xlat["nis"] = "nis"; 931 cont = 0; 932} 933sub(/^[\t ]*hosts:/, "") || cont { 934 if (!cont) 935 srcs = "" 936 sub(/#.*/, "") 937 gsub(/[][]/, " & ") 938 cont = sub(/\\$/, "") 939 srcs = srcs " " $0 940} 941END { 942 print "# Auto-generated from nsswitch.conf, do not edit" 943 ns = split(srcs, s) 944 for (n = 1; n <= ns; ++n) { 945 if (s[n] in xlat) 946 print xlat[s[n]] 947 } 948} 949' <$nsswitch_conf >$host_conf 950} 951