netoptions revision 50472
125184Sjkh#!/bin/sh - 225184Sjkh# 350472Speter# $FreeBSD: head/etc/rc.d/netoptions 50472 1999-08-27 23:37:10Z peter $ 425184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 525184Sjkh 625184Sjkh# Note that almost all the user-configurable behavior is no longer in 725184Sjkh# this file, but rather in /etc/rc.conf. Please check that file 825184Sjkh# first before contemplating any changes here. If you do need to change 925184Sjkh# this file for some reason, we would like to know about it. 1025184Sjkh 1125184Sjkh# First pass startup stuff. 1225184Sjkh 1325184Sjkhnetwork_pass1() { 1425184Sjkh echo -n 'Doing initial network setup:' 1525184Sjkh # Set the host name if it is not already set 1625184Sjkh if [ -z "`hostname -s`" ] ; then 1750357Ssheldonh hostname ${hostname} 1825184Sjkh echo -n ' hostname' 1925184Sjkh fi 2025184Sjkh 2125184Sjkh # Set the domainname if we're using NIS 2250357Ssheldonh if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then 2350357Ssheldonh domainname ${nisdomainname} 2425184Sjkh echo -n ' domain' 2525184Sjkh fi 2625184Sjkh echo '.' 2725184Sjkh 2840006Sphk # Initial ATM interface configuration 2950357Ssheldonh if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then 3040006Sphk . /etc/rc.atm 3140006Sphk atm_pass1 3240006Sphk fi 3340006Sphk 3442621Shm # ISDN subsystem startup 3550357Ssheldonh if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then 3642621Shm . /etc/rc.isdn 3742621Shm fi 3842621Shm 3942627Sjoerg # Special options for sppp(4) interfaces go here. These need 4042627Sjoerg # to go _before_ the general ifconfig section, since in the case 4142627Sjoerg # of hardwired (no link1 flag) but required authentication, you 4242627Sjoerg # cannot pass auth parameters down to the already running interface. 4342627Sjoerg for ifn in ${sppp_interfaces}; do 4442627Sjoerg eval spppcontrol_args=\$spppconfig_${ifn} 4542627Sjoerg if [ -n "${spppcontrol_args}" ] ; then 4642627Sjoerg # The auth secrets might contain spaces; in order 4742627Sjoerg # to retain the quotation, we need to eval them 4842627Sjoerg # here. 4942627Sjoerg eval spppcontrol ${ifn} ${spppcontrol_args} 5042627Sjoerg fi 5142627Sjoerg done 5242627Sjoerg 5325184Sjkh # Set up all the network interfaces, calling startup scripts if needed 5450357Ssheldonh if [ "${network_interfaces}" = "auto" ]; then 5548687Speter network_interfaces="`ifconfig -l`" 5648687Speter fi 5748687Speter for ifn in ${network_interfaces}; do 5848662Speter showstat=false 5925184Sjkh if [ -e /etc/start_if.${ifn} ]; then 6033682Sbrian . /etc/start_if.${ifn} 6148662Speter showstat=true 6225184Sjkh fi 6325184Sjkh # Do the primary ifconfig if specified 6425184Sjkh eval ifconfig_args=\$ifconfig_${ifn} 6525184Sjkh if [ -n "${ifconfig_args}" ] ; then 6648842Sjkh # See if we are using DHCP 6750470Sjkh if [ "${ifconfig_args}" = "DHCP" ]; then 6848842Sjkh ${dhcp_program} ${dhcp_flags} ${ifn} 6948842Sjkh else 7048842Sjkh ifconfig ${ifn} ${ifconfig_args} 7148842Sjkh fi 7248662Speter showstat=true 7325184Sjkh fi 7425184Sjkh # Check to see if aliases need to be added 7525184Sjkh alias=0 7625184Sjkh while : 7725184Sjkh do 7825184Sjkh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 7925184Sjkh if [ -n "${ifconfig_args}" ]; then 8025184Sjkh ifconfig ${ifn} ${ifconfig_args} alias 8148662Speter showstat=true 8225184Sjkh alias=`expr ${alias} + 1` 8325184Sjkh else 8425184Sjkh break; 8525184Sjkh fi 8625184Sjkh done 8725184Sjkh # Do ipx address if specified 8825184Sjkh eval ifconfig_args=\$ifconfig_${ifn}_ipx 8925184Sjkh if [ -n "${ifconfig_args}" ]; then 9025184Sjkh ifconfig ${ifn} ${ifconfig_args} 9148662Speter showstat=true 9225184Sjkh fi 9348662Speter if [ "${showstat}" = "true" ] 9448662Speter then 9548662Speter ifconfig ${ifn} 9648662Speter fi 9725184Sjkh done 9829300Sdanny 9949122Sbrian # Warm up user ppp if required, must happen before natd. 10050357Ssheldonh if [ "${ppp_enable}" = "YES" ]; then 10149122Sbrian # Establish ppp mode. 10250357Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 10350357Ssheldonh -a "${ppp_mode}" != "dedicated" ]; then \ 10449122Sbrian ppp_mode="auto"; 10549122Sbrian fi 10649122Sbrian ppp_command="-${ppp_mode} "; 10749122Sbrian 10849122Sbrian # Switch on alias mode? 10950357Ssheldonh if [ "${ppp_nat}" = "YES" ]; then 11050193Sbrian ppp_command="${ppp_command} -nat"; 11149122Sbrian fi 11249122Sbrian 11350063Sbrian echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 11449122Sbrian fi 11549122Sbrian 11629300Sdanny # Initialize IP filtering using ipfw 11729300Sdanny echo "" 11829300Sdanny /sbin/ipfw -q flush > /dev/null 2>&1 11932382Salex if [ $? = 0 ] ; then 12032382Salex firewall_in_kernel=1 12132382Salex else 12229300Sdanny firewall_in_kernel=0 12329300Sdanny fi 12429300Sdanny 12550357Ssheldonh if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then 12641077Speter if kldload ipfw; then 12729300Sdanny firewall_in_kernel=1 # module loaded successfully 12829300Sdanny echo "Kernel firewall module loaded." 12929300Sdanny else 13029300Sdanny echo "Warning: firewall kernel module failed to load." 13129300Sdanny fi 13229300Sdanny fi 13329300Sdanny 13429300Sdanny # Load the filters if required 13550357Ssheldonh if [ ${firewall_in_kernel} = 1 ]; then 13645542Sdes if [ -z "${firewall_script}" ] ; then 13745542Sdes firewall_script="/etc/rc.firewall" 13845542Sdes fi 13950357Ssheldonh if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then 14045542Sdes . ${firewall_script} 14145622Sbrian echo -n 'Firewall rules loaded, starting divert daemons:' 14244992Sbrian 14344992Sbrian # Network Address Translation daemon 14450357Ssheldonh if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then 14544992Sbrian if echo ${natd_interface} | \ 14644992Sbrian grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 14744992Sbrian natd_ifarg="-a ${natd_interface}" 14844992Sbrian else 14944992Sbrian natd_ifarg="-n ${natd_interface}" 15044992Sbrian fi 15144992Sbrian echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} 15244992Sbrian fi 15344992Sbrian echo '.' 15429300Sdanny else 15533337Salex IPFW_DEFAULT=`ipfw l 65535` 15650357Ssheldonh if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then 15733149Salex echo -n "Warning: kernel has firewall functionality, " 15833149Salex echo "but firewall rules are not enabled." 15933149Salex echo " All ip services are disabled." 16033149Salex fi 16129300Sdanny fi 16225184Sjkh fi 16325184Sjkh 16440006Sphk # Additional ATM interface configuration 16540006Sphk if [ -n "${atm_pass1_done}" ]; then 16640006Sphk atm_pass2 16740006Sphk fi 16840006Sphk 16929300Sdanny # Configure routing 17029300Sdanny 17150357Ssheldonh if [ "${defaultrouter}" != "NO" ] ; then 17225184Sjkh static_routes="default ${static_routes}" 17325184Sjkh route_default="default ${defaultrouter}" 17425184Sjkh fi 17525184Sjkh 17625184Sjkh # Set up any static routes. This should be done before router discovery. 17750357Ssheldonh if [ -n "${static_routes}" ]; then 17825184Sjkh for i in ${static_routes}; do 17925184Sjkh eval route_args=\$route_${i} 18025184Sjkh route add ${route_args} 18125184Sjkh done 18225184Sjkh fi 18325184Sjkh 18425184Sjkh echo -n 'Additional routing options:' 18550357Ssheldonh if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then 18627218Spst echo -n ' tcp extensions=NO' 18747755Sbde sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 18827218Spst fi 18927218Spst 19050357Ssheldonh if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then 19145096Simp echo -n ' log_in_vain=YES' 19247755Sbde sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 19347755Sbde sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 19445096Simp fi 19545096Simp 19650357Ssheldonh if [ "${icmp_bmcastecho}" = "YES" ]; then 19739267Sjkoshy echo -n ' broadcast ping responses=YES' 19847755Sbde sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 19939267Sjkoshy fi 20049603Sdes 20150357Ssheldonh if [ "${icmp_drop_redirect}" = "YES" ]; then 20249603Sdes echo -n ' ignore ICMP redirect=YES' 20349603Sdes sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 20449603Sdes fi 20549603Sdes 20650357Ssheldonh if [ "${icmp_log_redirect}" = "YES" ]; then 20749603Sdes echo -n ' log ICMP redirect=YES' 20849603Sdes sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 20949603Sdes fi 21039267Sjkoshy 21150357Ssheldonh if [ "${gateway_enable}" = "YES" ]; then 21225365Sjkh echo -n ' IP gateway=YES' 21347755Sbde sysctl -w net.inet.ip.forwarding=1 >/dev/null 21425184Sjkh fi 21525184Sjkh 21650357Ssheldonh if [ "${forward_sourceroute}" = "YES" ]; then 21733439Sguido echo -n ' do source routing=YES' 21847755Sbde sysctl -w net.inet.ip.sourceroute=1 >/dev/null 21933439Sguido fi 22033439Sguido 22150357Ssheldonh if [ "${accept_sourceroute}" = "YES" ]; then 22233439Sguido echo -n ' accept source routing=YES' 22347755Sbde sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 22433439Sguido fi 22533439Sguido 22650357Ssheldonh if [ "${tcp_keepalive}" = "YES" ]; then 22747752Sphk echo -n ' TCP keepalive=YES' 22847755Sbde sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 22947752Sphk fi 23047752Sphk 23150357Ssheldonh if [ "${ipxgateway_enable}" = "YES" ]; then 23225365Sjkh echo -n ' IPX gateway=YES' 23347755Sbde sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 23425184Sjkh fi 23525184Sjkh 23650357Ssheldonh if [ "${arpproxy_all}" = "YES" ]; then 23747755Sbde echo -n ' ARP proxyall=YES' 23847755Sbde sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 23936174Sjkh fi 24036174Sjkh echo '.' 24136174Sjkh 24236174Sjkh echo -n 'routing daemons:' 24350357Ssheldonh if [ "${router_enable}" = "YES" ]; then 24436174Sjkh echo -n " ${router}"; ${router} ${router_flags} 24536174Sjkh fi 24636174Sjkh 24750357Ssheldonh if [ "${ipxrouted_enable}" = "YES" ]; then 24836174Sjkh echo -n ' IPXrouted' 24925184Sjkh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 25025184Sjkh fi 25125765Sjkh 25250357Ssheldonh if [ "${mrouted_enable}" = "YES" ]; then 25336174Sjkh echo -n ' mrouted'; mrouted ${mrouted_flags} 25425765Sjkh fi 25536174Sjkh 25650357Ssheldonh if [ "${rarpd_enable}" = "YES" ]; then 25734395Sjkh echo -n ' rarpd'; rarpd ${rarpd_flags} 25834395Sjkh fi 25925184Sjkh echo '.' 26025184Sjkh network_pass1_done=YES # Let future generations know we made it. 26125184Sjkh} 26225184Sjkh 26325184Sjkhnetwork_pass2() { 26425184Sjkh echo -n 'Doing additional network setup:' 26550357Ssheldonh if [ "${named_enable}" = "YES" ]; then 26632949Swollman echo -n ' named'; ${named_program-"named"} ${named_flags} 26725184Sjkh fi 26825184Sjkh 26950357Ssheldonh if [ "${ntpdate_enable}" = "YES" ]; then 27035787Sandreas echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 27131472Sobrien fi 27225184Sjkh 27350357Ssheldonh if [ "${xntpd_enable}" = "YES" ]; then 27435787Sandreas echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} 27525184Sjkh fi 27625184Sjkh 27750357Ssheldonh if [ "${timed_enable}" = "YES" ]; then 27825184Sjkh echo -n ' timed'; timed ${timed_flags} 27925184Sjkh fi 28025184Sjkh 28150357Ssheldonh if [ "${portmap_enable}" = "YES" ]; then 28244668Sjfitz echo -n ' portmap'; ${portmap_program} ${portmap_flags} 28325184Sjkh fi 28425184Sjkh 28525184Sjkh # Start ypserv if we're an NIS server. 28625184Sjkh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 28750357Ssheldonh if [ "${nis_server_enable}" = "YES" ]; then 28825184Sjkh echo -n ' ypserv'; ypserv ${nis_server_flags} 28925184Sjkh 29050357Ssheldonh if [ "${nis_ypxfrd_enable}" = "YES" ]; then 29125184Sjkh echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} 29225184Sjkh fi 29325184Sjkh 29450357Ssheldonh if [ "${nis_yppasswdd_enable}" = "YES" ]; then 29525184Sjkh echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} 29625184Sjkh fi 29725184Sjkh fi 29825184Sjkh 29925184Sjkh # Start ypbind if we're an NIS client 30050357Ssheldonh if [ "${nis_client_enable}" = "YES" ]; then 30125184Sjkh echo -n ' ypbind'; ypbind ${nis_client_flags} 30250357Ssheldonh if [ "${nis_ypset_enable}" = "YES" ]; then 30325184Sjkh echo -n ' ypset'; ypset ${nis_ypset_flags} 30425184Sjkh fi 30525184Sjkh fi 30625184Sjkh 30735149Smarkm # Start keyserv if we are running Secure RPC 30850357Ssheldonh if [ "${keyserv_enable}" = "YES" ]; then 30935149Smarkm echo -n ' keyserv'; keyserv ${keyserv_flags} 31035149Smarkm fi 31135149Smarkm # Start ypupdated if we are running Secure RPC and we are NIS master 31250357Ssheldonh if [ "${rpc_ypupdated_enable}" = "YES" ]; then 31335149Smarkm echo -n ' rpc.ypupdated'; rpc.ypupdated 31435149Smarkm fi 31535149Smarkm 31640006Sphk # Start ATM daemons 31740006Sphk if [ -n "${atm_pass2_done}" ]; then 31840006Sphk atm_pass3 31940006Sphk fi 32040006Sphk 32125184Sjkh echo '.' 32225184Sjkh network_pass2_done=YES 32325184Sjkh} 32425184Sjkh 32525184Sjkhnetwork_pass3() { 32625184Sjkh echo -n 'Starting final network daemons:' 32725184Sjkh 32850357Ssheldonh if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then 32925184Sjkh echo -n ' mountd' 33050357Ssheldonh if [ "${weak_mountd_authentication}" = "YES" ]; then 33125184Sjkh mountd_flags="-n" 33225184Sjkh fi 33325184Sjkh mountd ${mountd_flags} 33450357Ssheldonh if [ "${nfs_reserved_port_only}" = "YES" ]; then 33547755Sbde echo -n ' NFS on reserved port only=YES' 33647755Sbde sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 33725184Sjkh fi 33825916Sjkh echo -n ' nfsd'; nfsd ${nfs_server_flags} 33950357Ssheldonh if [ "${rpc_lockd_enable}" = "YES" ]; then 34025184Sjkh echo -n ' rpc.lockd'; rpc.lockd 34125184Sjkh fi 34250357Ssheldonh if [ "${rpc_statd_enable}" = "YES" ]; then 34325184Sjkh echo -n ' rpc.statd'; rpc.statd 34425184Sjkh fi 34525184Sjkh fi 34625184Sjkh 34750357Ssheldonh if [ "${nfs_client_enable}" = "YES" ]; then 34825916Sjkh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 34950357Ssheldonh if [ "${nfs_access_cache}" != "X" ]; then 35047755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 35141371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 35247755Sbde >/dev/null 35341185Smsmith fi 35425184Sjkh fi 35525184Sjkh 35650357Ssheldonh if [ "${amd_enable}" = "YES" ]; then 35725184Sjkh echo -n ' amd' 35850357Ssheldonh if [ "${amd_map_program}" != "NO" ]; then 35939380Scracauer amd_flags="${amd_flags} `eval ${amd_map_program}`" 36035459Sphk fi 36150357Ssheldonh if [ -n "${amd_flags}" ] 36247838Sbrian then 36347838Sbrian amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 36447838Sbrian else 36547838Sbrian amd 2> /dev/null 36647838Sbrian fi 36725184Sjkh fi 36825184Sjkh 36950357Ssheldonh if [ "${rwhod_enable}" = "YES" ]; then 37042270Sjkh echo -n ' rwhod'; rwhod ${rwhod_flags} 37125184Sjkh fi 37225184Sjkh 37325184Sjkh # Kerberos runs ONLY on the Kerberos server machine 37450357Ssheldonh if [ "${kerberos_server_enable}" = "YES" ]; then 37550357Ssheldonh if [ "${kerberos_stash}" = "YES" ]; then 37631033Ssef stash_flag=-n 37731033Ssef else 37831033Ssef stash_flag= 37931033Ssef fi 38031033Ssef echo -n ' kerberos'; \ 38138316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 38250357Ssheldonh if [ "${kadmind_server_enable}" = "YES" ]; then 38331033Ssef echo -n ' kadmind'; \ 38438316Sphk (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 38531033Ssef fi 38631033Ssef unset stash_flag 38725184Sjkh fi 38825184Sjkh 38925184Sjkh echo '.' 39025184Sjkh network_pass3_done=YES 39125184Sjkh} 392