netoptions revision 85831 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/netoptions 85831 2001-11-01 12:39:01Z des $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Generate host.conf for compatibility
42	#
43	if [ -f "/etc/nsswitch.conf" ]; then
44	        echo ''
45		echo 'Generating /etc/host.conf for compatibility'
46		generate_host_conf /etc/nsswitch.conf /etc/host.conf
47	fi
48
49	# Convert host.conf to nsswitch.conf if necessary
50	#
51	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
52		echo ''
53		echo 'Warning: /etc/host.conf is no longer used'
54		echo '  /etc/nsswitch.conf will be created for you'
55		convert_host_conf /etc/host.conf /etc/nsswitch.conf
56	fi
57
58	# Set the host name if it is not already set
59	#
60	if [ -z "`hostname -s`" ]; then
61		hostname ${hostname}
62		echo -n ' hostname'
63	fi
64
65	# Establish ipfilter ruleset as early as possible (best in
66	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
67	#
68	if /sbin/ipfstat -i > /dev/null 2>&1; then
69		ipfilter_in_kernel=1
70	else
71		ipfilter_in_kernel=0
72	fi
73
74	case "${ipfilter_enable}" in
75	[Yy][Ee][Ss])
76		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
77			ipfilter_in_kernel=1
78			echo "Kernel ipfilter module loaded."
79		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
80			echo "Warning: ipfilter kernel module failed to load."
81		fi
82
83		if [ -r "${ipfilter_rules}" ]; then
84			echo -n ' ipfilter';
85			${ipfilter_program:-/sbin/ipf -Fa -f} \
86			    "${ipfilter_rules}" ${ipfilter_flags}
87			case "${ipmon_enable}" in
88			[Yy][Ee][Ss])
89				echo -n ' ipmon'
90				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
91				;;
92			esac
93			case "${ipfs_enable}" in
94			[Yy][Ee][Ss])
95				if [ -r "/var/db/ipf/ipstate.ipf" ]; then
96					echo -n ' ipfs';
97					eval ${ipfs_program:-/sbin/ipfs -R} \
98						${ipfs_flags}
99				fi
100				;;
101			esac
102		else
103			ipfilter_enable="NO"
104			echo -n ' NO IPF RULES'
105		fi
106	esac
107	case "${ipnat_enable}" in
108	[Yy][Ee][Ss])
109		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
110			ipfilter_in_kernel=1
111			echo "Kernel ipfilter module loaded."
112		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
113			echo "Warning: ipfilter kernel module failed to load."
114		fi
115		if [ -r "${ipnat_rules}" ]; then
116			echo -n ' ipnat';
117		eval ${ipnat_program:-/sbin/ipnat -CF -f} \
118			"${ipnat_rules}" ${ipnat_flags}
119		else
120			echo -n ' NO IPNAT RULES'
121		fi
122		;;
123	esac
124
125	# Set the domainname if we're using NIS
126	#
127	case ${nisdomainname} in
128	[Nn][Oo] | '')
129		;;
130	*)
131		domainname ${nisdomainname}
132		echo -n ' domain'
133		;;
134	esac
135
136	echo '.'
137
138	# Initial ATM interface configuration
139	#
140	case ${atm_enable} in
141	[Yy][Ee][Ss])
142		if [ -r /etc/rc.atm ]; then
143			. /etc/rc.atm
144			atm_pass1
145		fi
146		;;
147	esac
148
149	# Attempt to create cloned interfaces.
150	for ifn in ${cloned_interfaces}; do
151		ifconfig ${ifn} create
152	done
153
154	# Special options for sppp(4) interfaces go here.  These need
155	# to go _before_ the general ifconfig section, since in the case
156	# of hardwired (no link1 flag) but required authentication, you
157	# cannot pass auth parameters down to the already running interface.
158	#
159	for ifn in ${sppp_interfaces}; do
160		eval spppcontrol_args=\$spppconfig_${ifn}
161		if [ -n "${spppcontrol_args}" ]; then
162			# The auth secrets might contain spaces; in order
163			# to retain the quotation, we need to eval them
164			# here.
165			eval spppcontrol ${ifn} ${spppcontrol_args}
166		fi
167	done
168
169	# gifconfig
170	network_gif_setup
171
172	# Set up all the network interfaces, calling startup scripts if needed
173	#
174	case ${network_interfaces} in
175	[Aa][Uu][Tt][Oo])
176		network_interfaces="`ifconfig -l`"
177		;;
178	*)
179		network_interfaces="${network_interfaces} ${cloned_interfaces}"
180		;;
181	esac
182
183	dhcp_interfaces=""
184	for ifn in ${network_interfaces}; do
185		if [ -r /etc/start_if.${ifn} ]; then
186			. /etc/start_if.${ifn}
187			eval showstat_$ifn=1
188		fi
189
190		# Do the primary ifconfig if specified
191		#
192		eval ifconfig_args=\$ifconfig_${ifn}
193
194		case ${ifconfig_args} in
195		'')
196			;;
197		[Dd][Hh][Cc][Pp])
198			# DHCP inits are done all in one go below
199			dhcp_interfaces="$dhcp_interfaces $ifn"
200			eval showstat_$ifn=1
201			;;
202		*)
203			ifconfig ${ifn} ${ifconfig_args}
204			eval showstat_$ifn=1
205			;;
206		esac
207	done
208
209	if [ ! -z "${dhcp_interfaces}" ]; then
210		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
211	fi
212
213	for ifn in ${network_interfaces}; do
214		# Check to see if aliases need to be added
215		#
216		alias=0
217		while : ; do
218			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
219			if [ -n "${ifconfig_args}" ]; then
220				ifconfig ${ifn} ${ifconfig_args} alias
221				eval showstat_$ifn=1
222				alias=`expr ${alias} + 1`
223			else
224				break;
225			fi
226		done
227
228		# Do ipx address if specified
229		#
230		eval ifconfig_args=\$ifconfig_${ifn}_ipx
231		if [ -n "${ifconfig_args}" ]; then
232			ifconfig ${ifn} ${ifconfig_args}
233			eval showstat_$ifn=1
234		fi
235	done
236
237	for ifn in ${network_interfaces}; do
238		eval showstat=\$showstat_${ifn}
239		if [ ! -z ${showstat} ]; then
240			ifconfig ${ifn}
241		fi
242	done
243
244	# ISDN subsystem startup
245	#
246	case ${isdn_enable} in
247	[Yy][Ee][Ss])
248		if [ -r /etc/rc.isdn ]; then
249			. /etc/rc.isdn
250		fi
251		;;
252	esac
253
254	# Start user ppp if required.  This must happen before natd.
255	#
256	case ${ppp_enable} in
257	[Yy][Ee][Ss])
258		# Establish ppp mode.
259		#
260		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
261			-a "${ppp_mode}" != "dedicated" \
262			-a "${ppp_mode}" != "background" ]; then
263			ppp_mode="auto"
264		fi
265
266		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
267
268		# Switch on NAT mode?
269		#
270		case ${ppp_nat} in
271		[Yy][Ee][Ss])
272			ppp_command="${ppp_command} -nat"
273			;;
274		esac
275
276		ppp_command="${ppp_command} ${ppp_profile}"
277
278		echo "Starting ppp as \"${ppp_user}\""
279		su -m ${ppp_user} -c "exec ${ppp_command}"
280		;;
281	esac
282
283	# Re-Sync ipfilter
284	#
285	case ${ipfilter_enable} in
286	[Yy][Ee][Ss])
287		${ipfilter_program:-/sbin/ipf -y}
288		;;
289	*)
290		case ${ipnat_enable} in
291		[Yy][Ee][Ss])
292			${ipfilter_program:-/sbin/ipf -y}
293			;;
294		esac
295	esac
296
297	# Initialize IP filtering using ipfw
298	#
299	if /sbin/ipfw -q flush > /dev/null 2>&1; then
300		firewall_in_kernel=1
301	else
302		firewall_in_kernel=0
303	fi
304
305	case ${firewall_enable} in
306	[Yy][Ee][Ss])
307		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
308			firewall_in_kernel=1
309			echo 'Kernel firewall module loaded'
310		elif [ "${firewall_in_kernel}" -eq 0 ]; then
311			echo 'Warning: firewall kernel module failed to load'
312		fi
313		;;
314	esac
315
316	# Load the filters if required
317	#
318	case ${firewall_in_kernel} in
319	1)
320		if [ -z "${firewall_script}" ]; then
321			firewall_script=/etc/rc.firewall
322		fi
323
324		case ${firewall_enable} in
325		[Yy][Ee][Ss])
326			if [ -r "${firewall_script}" ]; then
327				. "${firewall_script}"
328				echo -n 'Firewall rules loaded, starting divert daemons:'
329
330				# Network Address Translation daemon
331				#
332				case ${natd_enable} in
333				[Yy][Ee][Ss])
334					if [ -n "${natd_interface}" ]; then
335						if echo ${natd_interface} | \
336							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
337							natd_ifarg="-a ${natd_interface}"
338						else
339							natd_ifarg="-n ${natd_interface}"
340						fi
341
342						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
343					fi
344					;;
345				esac
346
347				echo '.'
348
349			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
350				echo 'Warning: kernel has firewall functionality,' \
351				     'but firewall rules are not enabled.'
352				echo '		 All ip services are disabled.'
353			fi
354
355			case ${firewall_logging} in
356			[Yy][Ee][Ss] | '')
357				echo 'Firewall logging=YES'
358				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
359				;;
360			*)
361				;;
362			esac
363
364			;;
365		esac
366		;;
367	esac
368
369	# Additional ATM interface configuration
370	#
371	if [ -n "${atm_pass1_done}" ]; then
372		atm_pass2
373	fi
374
375	# Configure routing
376	#
377	case ${defaultrouter} in
378	[Nn][Oo] | '')
379		;;
380	*)
381		static_routes="default ${static_routes}"
382		route_default="default ${defaultrouter}"
383		;;
384	esac
385
386	# Set up any static routes.  This should be done before router discovery.
387	#
388	if [ -n "${static_routes}" ]; then
389		for i in ${static_routes}; do
390			eval route_args=\$route_${i}
391			route add ${route_args}
392		done
393	fi
394
395	echo -n 'Additional routing options:'
396	case ${tcp_extensions} in
397	[Yy][Ee][Ss] | '')
398		;;
399	*)
400		echo -n ' tcp extensions=NO'
401		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
402		;;
403	esac
404
405	case ${icmp_bmcastecho} in
406	[Yy][Ee][Ss])
407		echo -n ' broadcast ping responses=YES'
408		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
409		;;
410	esac
411
412	case ${icmp_drop_redirect} in
413	[Yy][Ee][Ss])
414		echo -n ' ignore ICMP redirect=YES'
415		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
416		;;
417	esac
418
419	case ${icmp_log_redirect} in
420	[Yy][Ee][Ss])
421		echo -n ' log ICMP redirect=YES'
422		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
423		;;
424	esac
425
426	case ${gateway_enable} in
427	[Yy][Ee][Ss])
428		echo -n ' IP gateway=YES'
429		sysctl -w net.inet.ip.forwarding=1 >/dev/null
430		;;
431	esac
432
433	case ${forward_sourceroute} in
434	[Yy][Ee][Ss])
435		echo -n ' do source routing=YES'
436		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
437		;;
438	esac
439
440	case ${accept_sourceroute} in
441	[Yy][Ee][Ss])
442		echo -n ' accept source routing=YES'
443		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
444		;;
445	esac
446
447	case ${tcp_keepalive} in
448	[Yy][Ee][Ss])
449		echo -n ' TCP keepalive=YES'
450		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
451		;;
452	esac
453
454	case ${tcp_drop_synfin} in
455	[Yy][Ee][Ss])
456		echo -n ' drop SYN+FIN packets=YES'
457		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
458		;;
459	esac
460
461	case ${ipxgateway_enable} in
462	[Yy][Ee][Ss])
463		echo -n ' IPX gateway=YES'
464		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
465		;;
466	esac
467
468	case ${arpproxy_all} in
469	[Yy][Ee][Ss])
470		echo -n ' ARP proxyall=YES'
471		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
472		;;
473	esac
474
475	case ${ip_portrange_first} in
476	[Nn][Oo] | '')
477		;;
478	*)
479		echo -n " ip_portrange_first=$ip_portrange_first"
480		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
481		;;
482	esac
483
484	case ${ip_portrange_last} in
485	[Nn][Oo] | '')
486		;;
487	*)
488		echo -n " ip_portrange_last=$ip_portrange_last"
489		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
490		;;
491	esac
492
493	echo '.'
494
495	case ${ipsec_enable} in
496	[Yy][Ee][Ss])
497		if [ -f ${ipsec_file} ]; then
498		    echo ' ipsec: enabled'
499		    setkey -f ${ipsec_file}
500		else
501		    echo ' ipsec: file not found'
502		fi
503		;;
504	esac
505
506	echo -n 'Routing daemons:'
507	case ${router_enable} in
508	[Yy][Ee][Ss])
509		echo -n " ${router}";	${router} ${router_flags}
510		;;
511	esac
512
513	case ${ipxrouted_enable} in
514	[Yy][Ee][Ss])
515		echo -n ' IPXrouted'
516		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
517		;;
518	esac
519
520	case ${mrouted_enable} in
521	[Yy][Ee][Ss])
522		echo -n ' mrouted';	mrouted ${mrouted_flags}
523		;;
524	esac
525
526	case ${rarpd_enable} in
527	[Yy][Ee][Ss])
528		echo -n ' rarpd';	rarpd ${rarpd_flags}
529		;;
530	esac
531	echo '.'
532
533	# Let future generations know we made it.
534	#
535	network_pass1_done=YES
536}
537
538network_pass2() {
539	echo -n 'Doing additional network setup:'
540	case ${named_enable} in
541	[Yy][Ee][Ss])
542		echo -n ' named';	${named_program:-named} ${named_flags}
543		;;
544	esac
545
546	case ${ntpdate_enable} in
547	[Yy][Ee][Ss])
548		echo -n ' ntpdate'
549		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
550		;;
551	esac
552
553	case ${xntpd_enable} in
554	[Yy][Ee][Ss])
555		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
556		;;
557	esac
558
559	case ${timed_enable} in
560	[Yy][Ee][Ss])
561		echo -n ' timed';	timed ${timed_flags}
562		;;
563	esac
564
565	case ${portmap_enable} in
566	[Yy][Ee][Ss])
567		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
568			${portmap_flags}
569
570		# Start ypserv if we're an NIS server.
571		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
572		#
573		case ${nis_server_enable} in
574		[Yy][Ee][Ss])
575			echo -n ' ypserv'; ypserv ${nis_server_flags}
576
577			case ${nis_ypxfrd_enable} in
578			[Yy][Ee][Ss])
579				echo -n ' rpc.ypxfrd'
580				rpc.ypxfrd ${nis_ypxfrd_flags}
581				;;
582			esac
583
584			case ${nis_yppasswdd_enable} in
585			[Yy][Ee][Ss])
586				echo -n ' rpc.yppasswdd'
587				rpc.yppasswdd ${nis_yppasswdd_flags}
588				;;
589			esac
590			;;
591		esac
592
593		# Start ypbind if we're an NIS client
594		#
595		case ${nis_client_enable} in
596		[Yy][Ee][Ss])
597			echo -n ' ypbind'; ypbind ${nis_client_flags}
598			case ${nis_ypset_enable} in
599			[Yy][Ee][Ss])
600				echo -n ' ypset';	ypset ${nis_ypset_flags}
601				;;
602			esac
603			;;
604		esac
605
606		# Start keyserv if we are running Secure RPC
607		#
608		case ${keyserv_enable} in
609		[Yy][Ee][Ss])
610			echo -n ' keyserv';	keyserv ${keyserv_flags}
611			;;
612		esac
613
614		# Start ypupdated if we are running Secure RPC
615		# and we are NIS master
616		#
617		case ${rpc_ypupdated_enable} in
618		[Yy][Ee][Ss])
619			echo -n ' rpc.ypupdated';	rpc.ypupdated
620			;;
621		esac
622		;;
623	esac
624
625	# Start ATM daemons
626	if [ -n "${atm_pass2_done}" ]; then
627		atm_pass3
628	fi
629
630	echo '.'
631	network_pass2_done=YES
632}
633
634network_pass3() {
635	echo -n 'Starting final network daemons:'
636
637	case ${portmap_enable} in
638	[Yy][Ee][Ss])
639		case ${nfs_server_enable} in
640		[Yy][Ee][Ss])
641			# Handle absent nfs server support
642			nfsserver_in_kernel=0
643			if sysctl vfs.nfsrv >/dev/null 2>&1; then
644				nfsserver_in_kernel=1
645			else
646				kldload nfsserver && nfsserver_in_kernel=1
647			fi
648
649			if [ -r /etc/exports -a \
650			    ${nfsserver_in_kernel} -eq 1 ]; then
651				echo -n ' mountd'
652
653				case ${weak_mountd_authentication} in
654				[Yy][Ee][Ss])
655					mountd_flags="${mountd_flags} -n"
656					;;
657				esac
658
659				mountd ${mountd_flags}
660
661				case ${nfs_reserved_port_only} in
662				[Yy][Ee][Ss])
663					echo -n ' NFS on reserved port only=YES'
664					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
665					;;
666				esac
667
668				echo -n ' nfsd';	nfsd ${nfs_server_flags}
669
670				case ${rpc_lockd_enable} in
671				[Yy][Ee][Ss])
672					echo -n ' rpc.lockd';	rpc.lockd
673					;;
674				esac
675
676				case ${rpc_statd_enable} in
677				[Yy][Ee][Ss])
678					echo -n ' rpc.statd';	rpc.statd
679					;;
680				esac
681			else
682				echo -n ' Warning: nfs server failed'
683			fi
684			;;
685		*)
686			case ${single_mountd_enable} in
687			[Yy][Ee][Ss])
688				if [ -r /etc/exports ]; then
689					echo -n ' mountd'
690
691					case ${weak_mountd_authentication} in
692					[Yy][Ee][Ss])
693						mountd_flags="-n"
694						;;
695					esac
696
697					mountd ${mountd_flags}
698				fi
699				;;
700			esac
701			;;
702		esac
703
704		case ${nfs_client_enable} in
705		[Yy][Ee][Ss])
706			if [ -n "${nfs_access_cache}" ]; then
707				echo -n " NFS access cache time=${nfs_access_cache}"
708				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
709			fi
710			if [ -n "${nfs_bufpackets}" ]; then
711				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
712			fi
713			;;
714		esac
715
716		# If /var/db/mounttab exists, some nfs-server has not been
717		# sucessfully notified about a previous client shutdown.
718		# If there is no /var/db/mounttab, we do nothing.
719		if [ -f /var/db/mounttab ]; then
720			rpc.umntall -k
721		fi
722
723		case ${amd_enable} in
724		[Yy][Ee][Ss])
725			echo -n ' amd'
726			case ${amd_map_program} in
727			[Nn][Oo] | '')
728				;;
729			*)
730				amd_flags="${amd_flags} `eval\
731					${amd_map_program}`"
732				;;
733			esac
734
735			if [ -n "${amd_flags}" ]; then
736				amd -p ${amd_flags}\
737					> /var/run/amd.pid 2> /dev/null
738			else
739				amd 2> /dev/null
740			fi
741			;;
742		esac
743		;;
744	esac
745
746	case ${rwhod_enable} in
747	[Yy][Ee][Ss])
748		echo -n ' rwhod';	rwhod ${rwhod_flags}
749		;;
750	esac
751
752	# Kerberos servers run ONLY on the Kerberos server machine
753	case ${kerberos4_server_enable} in
754	[Yy][Ee][Ss])
755		case ${kerberos_stash} in
756		[Yy][Ee][Ss])
757			stash=-n
758			;;
759		*)
760			stash=
761			;;
762		esac
763
764		echo -n ' kerberosIV'
765		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
766
767		case ${kadmind4_server_enable} in
768		[Yy][Ee][Ss])
769			echo -n ' kadmindIV'
770			(
771				sleep 20;
772				${kadmind4_server} ${stash} >/dev/null 2>&1 &
773			) &
774			;;
775		esac
776		unset stash_flag
777		;;
778	esac
779
780	case ${kerberos5_server_enable} in
781	[Yy][Ee][Ss])
782		echo -n ' kerberos5'
783		${kerberos5_server} &
784
785		case ${kadmind5_server_enable} in
786		[Yy][Ee][Ss])
787			echo -n ' kadmind5'
788			${kadmind5_server} &
789			;;
790		esac
791		;;
792	esac
793
794	case ${pppoed_enable} in
795	[Yy][Ee][Ss])
796		if [ -n "${pppoed_provider}" ]; then
797			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
798		fi
799		echo -n ' pppoed';
800		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
801		;;
802	esac
803
804	case ${sshd_enable} in
805	[Yy][Ee][Ss])
806		if [ ! -f /etc/ssh/ssh_host_key ]; then
807			echo ' creating ssh RSA host key';
808			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
809		fi
810		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
811			echo ' creating ssh DSA host key';
812			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
813		fi
814		;;
815	esac
816
817	echo '.'
818	network_pass3_done=YES
819}
820
821network_pass4() {
822	echo -n 'Additional TCP options:'
823	case ${log_in_vain} in
824	[Nn][Oo] | '')
825		;;
826	*)
827		echo -n ' log_in_vain=YES'
828		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
829		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
830		;;
831	esac
832
833	echo '.'
834	network_pass4_done=YES
835}
836
837network_gif_setup() {
838	case ${gif_interfaces} in
839	[Nn][Oo] | '')
840		;;
841	*)
842		for i in ${gif_interfaces}; do
843			eval peers=\$gifconfig_$i
844			case ${peers} in
845			'')
846				continue
847				;;
848			*)
849				ifconfig $i create >/dev/null 2>&1
850				ifconfig $i tunnel ${peers}
851				;;
852			esac
853		done
854		;;
855	esac
856}
857
858convert_host_conf() {
859    host_conf=$1; shift;
860    nsswitch_conf=$1; shift;
861    awk '                                                                   \
862        /^[:blank:]*#/       { next }                                       \
863        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
864        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
865        /nis/                { nsswitch[c] = "nis";   c++; next }           \
866        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
867        END {                                                               \
868                printf "hosts: ";                                           \
869                for (i in nsswitch) printf "%s ", nsswitch[i];              \
870                printf "\n";                                                \
871        }' < $host_conf > $nsswitch_conf
872}
873
874generate_host_conf() {
875    nsswitch_conf=$1; shift;
876    host_conf=$1; shift;
877    
878    awk '
879BEGIN {
880    xlat["files"] = "hosts";
881    xlat["dns"] = "bind";
882    xlat["nis"] = "nis";
883}
884/^hosts:/ {
885    print "# Auto-generated, do not edit";
886    for (n = 2; n <= NF; ++n)
887        if ($n in xlat)
888            print xlat[$n];
889    quit;
890}
891// {
892    next;
893}
894' <$nsswitch_conf >$host_conf
895}
896