netoptions revision 50357
1139823Simp#!/bin/sh - 21541Srgrimes# 31541Srgrimes# $Id: rc.network,v 1.55 1999/08/22 23:26:03 brian Exp $ 41541Srgrimes# From: @(#)netstart 5.9 (Berkeley) 3/30/91 51541Srgrimes 61541Srgrimes# Note that almost all the user-configurable behavior is no longer in 71541Srgrimes# this file, but rather in /etc/rc.conf. Please check that file 81541Srgrimes# first before contemplating any changes here. If you do need to change 91541Srgrimes# this file for some reason, we would like to know about it. 101541Srgrimes 111541Srgrimes# First pass startup stuff. 121541Srgrimes 131541Srgrimesnetwork_pass1() { 141541Srgrimes echo -n 'Doing initial network setup:' 151541Srgrimes # Set the host name if it is not already set 161541Srgrimes if [ -z "`hostname -s`" ] ; then 171541Srgrimes hostname ${hostname} 181541Srgrimes echo -n ' hostname' 191541Srgrimes fi 201541Srgrimes 211541Srgrimes # Set the domainname if we're using NIS 221541Srgrimes if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then 231541Srgrimes domainname ${nisdomainname} 241541Srgrimes echo -n ' domain' 251541Srgrimes fi 261541Srgrimes echo '.' 271541Srgrimes 281541Srgrimes # Initial ATM interface configuration 2985052Sru if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then 3050477Speter . /etc/rc.atm 311541Srgrimes atm_pass1 321541Srgrimes fi 332168Spaul 342168Spaul # ISDN subsystem startup 352168Spaul if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then 361541Srgrimes . /etc/rc.isdn 371541Srgrimes fi 388876Srgrimes 391541Srgrimes # Special options for sppp(4) interfaces go here. These need 401541Srgrimes # to go _before_ the general ifconfig section, since in the case 411541Srgrimes # of hardwired (no link1 flag) but required authentication, you 421541Srgrimes # cannot pass auth parameters down to the already running interface. 431541Srgrimes for ifn in ${sppp_interfaces}; do 44191148Skmacy eval spppcontrol_args=\$spppconfig_${ifn} 45191148Skmacy if [ -n "${spppcontrol_args}" ] ; then 46191148Skmacy # The auth secrets might contain spaces; in order 47191148Skmacy # to retain the quotation, we need to eval them 481541Srgrimes # here. 491541Srgrimes eval spppcontrol ${ifn} ${spppcontrol_args} 501541Srgrimes fi 51191117Skmacy done 521541Srgrimes 531541Srgrimes # Set up all the network interfaces, calling startup scripts if needed 541541Srgrimes if [ "${network_interfaces}" = "auto" ]; then 551541Srgrimes network_interfaces="`ifconfig -l`" 561541Srgrimes fi 571541Srgrimes for ifn in ${network_interfaces}; do 581541Srgrimes showstat=false 59122922Sandre if [ -e /etc/start_if.${ifn} ]; then 60122922Sandre . /etc/start_if.${ifn} 61122922Sandre showstat=true 62122922Sandre fi 63191080Skmacy # Do the primary ifconfig if specified 64122922Sandre eval ifconfig_args=\$ifconfig_${ifn} 65122922Sandre if [ -n "${ifconfig_args}" ] ; then 661541Srgrimes # See if we are using DHCP 671541Srgrimes if [ "${ifconfig_args}" = "XDHCP" ]; then 681541Srgrimes ${dhcp_program} ${dhcp_flags} ${ifn} 691541Srgrimes else 701541Srgrimes ifconfig ${ifn} ${ifconfig_args} 7113765Smpp fi 7213765Smpp showstat=true 731541Srgrimes fi 741541Srgrimes # Check to see if aliases need to be added 751541Srgrimes alias=0 761541Srgrimes while : 77191080Skmacy do 78191080Skmacy eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 791541Srgrimes if [ -n "${ifconfig_args}" ]; then 801541Srgrimes ifconfig ${ifn} ${ifconfig_args} alias 811541Srgrimes showstat=true 821541Srgrimes alias=`expr ${alias} + 1` 831541Srgrimes else 841541Srgrimes break; 851541Srgrimes fi 861541Srgrimes done 871541Srgrimes # Do ipx address if specified 881541Srgrimes eval ifconfig_args=\$ifconfig_${ifn}_ipx 89183200Szec if [ -n "${ifconfig_args}" ]; then 90183200Szec ifconfig ${ifn} ${ifconfig_args} 91183200Szec showstat=true 92183200Szec fi 93183200Szec if [ "${showstat}" = "true" ] 94183200Szec then 95183200Szec ifconfig ${ifn} 96183200Szec fi 97183200Szec done 98183200Szec 99183200Szec # Warm up user ppp if required, must happen before natd. 100183200Szec if [ "${ppp_enable}" = "YES" ]; then 101183200Szec # Establish ppp mode. 102183200Szec if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 103183200Szec -a "${ppp_mode}" != "dedicated" ]; then \ 104183200Szec ppp_mode="auto"; 105183200Szec fi 106183200Szec ppp_command="-${ppp_mode} "; 107183200Szec 108183200Szec # Switch on alias mode? 109183200Szec if [ "${ppp_nat}" = "YES" ]; then 110178888Sjulian ppp_command="${ppp_command} -nat"; 111178888Sjulian fi 112178888Sjulian 1131541Srgrimes echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 1145833Sbde fi 1155833Sbde 1165833Sbde # Initialize IP filtering using ipfw 1175833Sbde echo "" 1185833Sbde /sbin/ipfw -q flush > /dev/null 2>&1 1191541Srgrimes if [ $? = 0 ] ; then 1201541Srgrimes firewall_in_kernel=1 1211541Srgrimes else 1221541Srgrimes firewall_in_kernel=0 1231541Srgrimes fi 1241541Srgrimes 1251541Srgrimes if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then 1261541Srgrimes if kldload ipfw; then 1271541Srgrimes firewall_in_kernel=1 # module loaded successfully 128178167Sqingli echo "Kernel firewall module loaded." 129178167Sqingli else 1301541Srgrimes echo "Warning: firewall kernel module failed to load." 131178167Sqingli fi 1321541Srgrimes fi 1331541Srgrimes 134128454Sluigi # Load the filters if required 135128454Sluigi if [ ${firewall_in_kernel} = 1 ]; then 136128454Sluigi if [ -z "${firewall_script}" ] ; then 137128454Sluigi firewall_script="/etc/rc.firewall" 138128454Sluigi fi 139132780Skan if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then 140132780Skan . ${firewall_script} 1411541Srgrimes echo -n 'Firewall rules loaded, starting divert daemons:' 142186119Sqingli 143186119Sqingli # Network Address Translation daemon 1441541Srgrimes if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then 145122922Sandre if echo ${natd_interface} | \ 146127828Sluigi grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 147178888Sjulian natd_ifarg="-a ${natd_interface}" 148120727Ssam else 149120727Ssam natd_ifarg="-n ${natd_interface}" 150120727Ssam fi 151120727Ssam echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} 1521541Srgrimes fi 1531541Srgrimes echo '.' 1541541Srgrimes else 1551541Srgrimes IPFW_DEFAULT=`ipfw l 65535` 1561541Srgrimes if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then 1571541Srgrimes echo -n "Warning: kernel has firewall functionality, " 1581541Srgrimes echo "but firewall rules are not enabled." 1591541Srgrimes echo " All ip services are disabled." 1601541Srgrimes fi 1611541Srgrimes fi 1621541Srgrimes fi 1631541Srgrimes 1641541Srgrimes # Additional ATM interface configuration 1651541Srgrimes if [ -n "${atm_pass1_done}" ]; then 1661541Srgrimes atm_pass2 1671541Srgrimes fi 1684104Swollman 1694104Swollman # Configure routing 1701541Srgrimes 1711541Srgrimes if [ "${defaultrouter}" != "NO" ] ; then 1721541Srgrimes static_routes="default ${static_routes}" 1731541Srgrimes route_default="default ${defaultrouter}" 1741541Srgrimes fi 1751541Srgrimes 1761541Srgrimes # Set up any static routes. This should be done before router discovery. 17786764Sjlemon if [ -n "${static_routes}" ]; then 178186119Sqingli for i in ${static_routes}; do 1791541Srgrimes eval route_args=\$route_${i} 180187094Sqingli route add ${route_args} 181187094Sqingli done 182186500Sqingli fi 1831541Srgrimes 1841541Srgrimes echo -n 'Additional routing options:' 1851541Srgrimes if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then 1861541Srgrimes echo -n ' tcp extensions=NO' 1871541Srgrimes sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 188122921Sandre fi 189122921Sandre 190122921Sandre if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then 191122921Sandre echo -n ' log_in_vain=YES' 192122921Sandre sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 193186119Sqingli sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 1945099Swollman fi 19518839Swollman 1966245Swollman if [ "${icmp_bmcastecho}" = "YES" ]; then 19715652Swollman echo -n ' broadcast ping responses=YES' 19815652Swollman sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 19915652Swollman fi 200191080Skmacy 201191080Skmacy if [ "${icmp_drop_redirect}" = "YES" ]; then 2021541Srgrimes echo -n ' ignore ICMP redirect=YES' 203191080Skmacy sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 204191080Skmacy fi 205156750Sandre 206156750Sandre if [ "${icmp_log_redirect}" = "YES" ]; then 207156750Sandre echo -n ' log ICMP redirect=YES' 208191080Skmacy sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 209156750Sandre fi 2101541Srgrimes 2111541Srgrimes if [ "${gateway_enable}" = "YES" ]; then 2121541Srgrimes echo -n ' IP gateway=YES' 2131541Srgrimes sysctl -w net.inet.ip.forwarding=1 >/dev/null 2141541Srgrimes fi 2151541Srgrimes 2161541Srgrimes if [ "${forward_sourceroute}" = "YES" ]; then 2171541Srgrimes echo -n ' do source routing=YES' 2181541Srgrimes sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2191541Srgrimes fi 2201541Srgrimes 2211541Srgrimes if [ "${accept_sourceroute}" = "YES" ]; then 2221541Srgrimes echo -n ' accept source routing=YES' 2231541Srgrimes sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2241541Srgrimes fi 2251541Srgrimes 2261541Srgrimes if [ "${tcp_keepalive}" = "YES" ]; then 2271541Srgrimes echo -n ' TCP keepalive=YES' 2281541Srgrimes sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 2291541Srgrimes fi 2301541Srgrimes 2311541Srgrimes if [ "${ipxgateway_enable}" = "YES" ]; then 2321541Srgrimes echo -n ' IPX gateway=YES' 233156750Sandre sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2341541Srgrimes fi 2351541Srgrimes 2361541Srgrimes if [ "${arpproxy_all}" = "YES" ]; then 2371541Srgrimes echo -n ' ARP proxyall=YES' 238191124Skmacy sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 2391541Srgrimes fi 24051252Sru echo '.' 24151252Sru 24251252Sru echo -n 'routing daemons:' 2431541Srgrimes if [ "${router_enable}" = "YES" ]; then 2441541Srgrimes echo -n " ${router}"; ${router} ${router_flags} 2451541Srgrimes fi 2461541Srgrimes 2471541Srgrimes if [ "${ipxrouted_enable}" = "YES" ]; then 2481541Srgrimes echo -n ' IPXrouted' 2491541Srgrimes IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 2501541Srgrimes fi 2511541Srgrimes 2521541Srgrimes if [ "${mrouted_enable}" = "YES" ]; then 2531541Srgrimes echo -n ' mrouted'; mrouted ${mrouted_flags} 2541541Srgrimes fi 2551541Srgrimes 2561541Srgrimes if [ "${rarpd_enable}" = "YES" ]; then 25721666Swollman echo -n ' rarpd'; rarpd ${rarpd_flags} 25821666Swollman fi 25989498Sru echo '.' 260136155Ssam network_pass1_done=YES # Let future generations know we made it. 2611541Srgrimes} 26251252Sru 26351252Srunetwork_pass2() { 26451252Sru echo -n 'Doing additional network setup:' 2651541Srgrimes if [ "${named_enable}" = "YES" ]; then 2661541Srgrimes echo -n ' named'; ${named_program-"named"} ${named_flags} 26751252Sru fi 2681541Srgrimes 2691541Srgrimes if [ "${ntpdate_enable}" = "YES" ]; then 2701541Srgrimes echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 2711541Srgrimes fi 2721541Srgrimes 273191080Skmacy if [ "${xntpd_enable}" = "YES" ]; then 2741541Srgrimes echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} 2751541Srgrimes fi 27651252Sru 2771541Srgrimes if [ "${timed_enable}" = "YES" ]; then 2781541Srgrimes echo -n ' timed'; timed ${timed_flags} 2791541Srgrimes fi 2801541Srgrimes 2811541Srgrimes if [ "${portmap_enable}" = "YES" ]; then 2821541Srgrimes echo -n ' portmap'; ${portmap_program} ${portmap_flags} 2831541Srgrimes fi 2841541Srgrimes 2851541Srgrimes # Start ypserv if we're an NIS server. 2861541Srgrimes # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 2871541Srgrimes if [ "${nis_server_enable}" = "YES" ]; then 2881541Srgrimes echo -n ' ypserv'; ypserv ${nis_server_flags} 2891541Srgrimes 2901541Srgrimes if [ "${nis_ypxfrd_enable}" = "YES" ]; then 2911541Srgrimes echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} 2921541Srgrimes fi 2931541Srgrimes 2941541Srgrimes if [ "${nis_yppasswdd_enable}" = "YES" ]; then 2951541Srgrimes echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} 2961541Srgrimes fi 2971541Srgrimes fi 2981541Srgrimes 2991541Srgrimes # Start ypbind if we're an NIS client 3001541Srgrimes if [ "${nis_client_enable}" = "YES" ]; then 3011541Srgrimes echo -n ' ypbind'; ypbind ${nis_client_flags} 3021541Srgrimes if [ "${nis_ypset_enable}" = "YES" ]; then 30385074Sru echo -n ' ypset'; ypset ${nis_ypset_flags} 30485074Sru fi 30585074Sru fi 3061541Srgrimes 3071541Srgrimes # Start keyserv if we are running Secure RPC 308128185Sluigi if [ "${keyserv_enable}" = "YES" ]; then 309128185Sluigi echo -n ' keyserv'; keyserv ${keyserv_flags} 310128185Sluigi fi 311128185Sluigi # Start ypupdated if we are running Secure RPC and we are NIS master 312128185Sluigi if [ "${rpc_ypupdated_enable}" = "YES" ]; then 313128185Sluigi echo -n ' rpc.ypupdated'; rpc.ypupdated 314128185Sluigi fi 315128185Sluigi 316128185Sluigi # Start ATM daemons 317128185Sluigi if [ -n "${atm_pass2_done}" ]; then 318128185Sluigi atm_pass3 319128185Sluigi fi 32055205Speter 321117752Shsu echo '.' 322120727Ssam network_pass2_done=YES 323120727Ssam} 324120727Ssam 325174934Smuxnetwork_pass3() { 326120727Ssam echo -n 'Starting final network daemons:' 327120727Ssam 328120727Ssam if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then 329117752Shsu echo -n ' mountd' 330122334Ssam if [ "${weak_mountd_authentication}" = "YES" ]; then 331122334Ssam mountd_flags="-n" 332122334Ssam fi 333186119Sqingli mountd ${mountd_flags} 334122334Ssam if [ "${nfs_reserved_port_only}" = "YES" ]; then 335150130Sandre echo -n ' NFS on reserved port only=YES' 336182801Sjulian sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 337122334Ssam fi 338122334Ssam echo -n ' nfsd'; nfsd ${nfs_server_flags} 339122334Ssam if [ "${rpc_lockd_enable}" = "YES" ]; then 340186119Sqingli echo -n ' rpc.lockd'; rpc.lockd 341122334Ssam fi 342150130Sandre if [ "${rpc_statd_enable}" = "YES" ]; then 343122334Ssam echo -n ' rpc.statd'; rpc.statd 344122334Ssam fi 345183017Sjulian fi 346183017Sjulian 347183017Sjulian if [ "${nfs_client_enable}" = "YES" ]; then 348183017Sjulian echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 349183017Sjulian if [ "${nfs_access_cache}" != "X" ]; then 350183017Sjulian echo -n " NFS access cache time=${nfs_access_cache}" 351183017Sjulian sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 352183017Sjulian >/dev/null 353183017Sjulian fi 354182801Sjulian fi 355122334Ssam 356183017Sjulian if [ "${amd_enable}" = "YES" ]; then 357183017Sjulian echo -n ' amd' 358183017Sjulian if [ "${amd_map_program}" != "NO" ]; then 3591541Srgrimes amd_flags="${amd_flags} `eval ${amd_map_program}`" 360183017Sjulian fi 361183017Sjulian if [ -n "${amd_flags}" ] 362183017Sjulian then 363183017Sjulian amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 364183017Sjulian else 365183017Sjulian amd 2> /dev/null 366183017Sjulian fi 367183017Sjulian fi 368183017Sjulian 369183017Sjulian if [ "${rwhod_enable}" = "YES" ]; then 370183017Sjulian echo -n ' rwhod'; rwhod ${rwhod_flags} 371183017Sjulian fi 372183017Sjulian 373183017Sjulian # Kerberos runs ONLY on the Kerberos server machine 374183017Sjulian if [ "${kerberos_server_enable}" = "YES" ]; then 375183017Sjulian if [ "${kerberos_stash}" = "YES" ]; then 376193232Sbz stash_flag=-n 377193232Sbz else 3781541Srgrimes stash_flag= 37921666Swollman fi 38021666Swollman echo -n ' kerberos'; \ 381136155Ssam kerberos ${stash_flag} >> /var/log/kerberos.log & 38292725Salfred if [ "${kadmind_server_enable}" = "YES" ]; then 38392725Salfred echo -n ' kadmind'; \ 38492725Salfred (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 38592725Salfred fi 38692725Salfred unset stash_flag 38792725Salfred fi 388128621Sluigi 389128621Sluigi echo '.' 390128621Sluigi network_pass3_done=YES 391128621Sluigi} 392128621Sluigi