netoptions revision 84780 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/netoptions 84780 2001-10-10 20:36:51Z jhb $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	if /sbin/ipfstat -i > /dev/null 2>&1; then
64		ipfilter_in_kernel=1
65	else
66		ipfilter_in_kernel=0
67	fi
68
69	case "${ipfilter_enable}" in
70	[Yy][Ee][Ss])
71		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
72			ipfilter_in_kernel=1
73			echo "Kernel ipfilter module loaded."
74		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
75			echo "Warning: ipfilter kernel module failed to load."
76		fi
77
78		if [ -r "${ipfilter_rules}" ]; then
79			echo -n ' ipfilter';
80			${ipfilter_program:-/sbin/ipf -Fa -f} \
81			    "${ipfilter_rules}" ${ipfilter_flags}
82			case "${ipmon_enable}" in
83			[Yy][Ee][Ss])
84				echo -n ' ipmon'
85				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
86				;;
87			esac
88			case "${ipnat_enable}" in
89			[Yy][Ee][Ss])
90				if [ -r "${ipnat_rules}" ]; then
91					echo -n ' ipnat';
92				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
93					"${ipnat_rules}" ${ipnat_flags}
94				else
95					echo -n ' NO IPNAT RULES'
96				fi
97				;;
98			esac
99		else
100			ipfilter_enable="NO"
101			echo -n ' NO IPF RULES'
102		fi
103		;;
104	esac
105
106	# Set the domainname if we're using NIS
107	#
108	case ${nisdomainname} in
109	[Nn][Oo] | '')
110		;;
111	*)
112		domainname ${nisdomainname}
113		echo -n ' domain'
114		;;
115	esac
116
117	echo '.'
118
119	# Initial ATM interface configuration
120	#
121	case ${atm_enable} in
122	[Yy][Ee][Ss])
123		if [ -r /etc/rc.atm ]; then
124			. /etc/rc.atm
125			atm_pass1
126		fi
127		;;
128	esac
129
130	# Attempt to create cloned interfaces.
131	for ifn in ${cloned_interfaces}; do
132		ifconfig ${ifn} create
133	done
134
135	# Special options for sppp(4) interfaces go here.  These need
136	# to go _before_ the general ifconfig section, since in the case
137	# of hardwired (no link1 flag) but required authentication, you
138	# cannot pass auth parameters down to the already running interface.
139	#
140	for ifn in ${sppp_interfaces}; do
141		eval spppcontrol_args=\$spppconfig_${ifn}
142		if [ -n "${spppcontrol_args}" ]; then
143			# The auth secrets might contain spaces; in order
144			# to retain the quotation, we need to eval them
145			# here.
146			eval spppcontrol ${ifn} ${spppcontrol_args}
147		fi
148	done
149
150	# gifconfig
151	network_gif_setup
152
153	# Set up all the network interfaces, calling startup scripts if needed
154	#
155	case ${network_interfaces} in
156	[Aa][Uu][Tt][Oo])
157		network_interfaces="`ifconfig -l`"
158		;;
159	*)
160		network_interfaces="${network_interfaces} ${cloned_interfaces}"
161		;;
162	esac
163
164	dhcp_interfaces=""
165	for ifn in ${network_interfaces}; do
166		if [ -r /etc/start_if.${ifn} ]; then
167			. /etc/start_if.${ifn}
168			eval showstat_$ifn=1
169		fi
170
171		# Do the primary ifconfig if specified
172		#
173		eval ifconfig_args=\$ifconfig_${ifn}
174
175		case ${ifconfig_args} in
176		'')
177			;;
178		[Dd][Hh][Cc][Pp])
179			# DHCP inits are done all in one go below
180			dhcp_interfaces="$dhcp_interfaces $ifn"
181			eval showstat_$ifn=1
182			;;
183		*)
184			ifconfig ${ifn} ${ifconfig_args}
185			eval showstat_$ifn=1
186			;;
187		esac
188	done
189
190	if [ ! -z "${dhcp_interfaces}" ]; then
191		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
192	fi
193
194	for ifn in ${network_interfaces}; do
195		# Check to see if aliases need to be added
196		#
197		alias=0
198		while : ; do
199			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
200			if [ -n "${ifconfig_args}" ]; then
201				ifconfig ${ifn} ${ifconfig_args} alias
202				eval showstat_$ifn=1
203				alias=`expr ${alias} + 1`
204			else
205				break;
206			fi
207		done
208
209		# Do ipx address if specified
210		#
211		eval ifconfig_args=\$ifconfig_${ifn}_ipx
212		if [ -n "${ifconfig_args}" ]; then
213			ifconfig ${ifn} ${ifconfig_args}
214			eval showstat_$ifn=1
215		fi
216	done
217
218	for ifn in ${network_interfaces}; do
219		eval showstat=\$showstat_${ifn}
220		if [ ! -z ${showstat} ]; then
221			ifconfig ${ifn}
222		fi
223	done
224
225	# ISDN subsystem startup
226	#
227	case ${isdn_enable} in
228	[Yy][Ee][Ss])
229		if [ -r /etc/rc.isdn ]; then
230			. /etc/rc.isdn
231		fi
232		;;
233	esac
234
235	# Start user ppp if required.  This must happen before natd.
236	#
237	case ${ppp_enable} in
238	[Yy][Ee][Ss])
239		# Establish ppp mode.
240		#
241		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
242			-a "${ppp_mode}" != "dedicated" \
243			-a "${ppp_mode}" != "background" ]; then
244			ppp_mode="auto"
245		fi
246
247		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
248
249		# Switch on NAT mode?
250		#
251		case ${ppp_nat} in
252		[Yy][Ee][Ss])
253			ppp_command="${ppp_command} -nat"
254			;;
255		esac
256
257		ppp_command="${ppp_command} ${ppp_profile}"
258
259		echo "Starting ppp as \"${ppp_user}\""
260		su -m ${ppp_user} -c "exec ${ppp_command}"
261		;;
262	esac
263
264	# Initialize IP filtering using ipfw
265	#
266	if /sbin/ipfw -q flush > /dev/null 2>&1; then
267		firewall_in_kernel=1
268	else
269		firewall_in_kernel=0
270	fi
271
272	case ${firewall_enable} in
273	[Yy][Ee][Ss])
274		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
275			firewall_in_kernel=1
276			echo 'Kernel firewall module loaded'
277		elif [ "${firewall_in_kernel}" -eq 0 ]; then
278			echo 'Warning: firewall kernel module failed to load'
279		fi
280		;;
281	esac
282
283	# Load the filters if required
284	#
285	case ${firewall_in_kernel} in
286	1)
287		if [ -z "${firewall_script}" ]; then
288			firewall_script=/etc/rc.firewall
289		fi
290
291		case ${firewall_enable} in
292		[Yy][Ee][Ss])
293			if [ -r "${firewall_script}" ]; then
294				. "${firewall_script}"
295				echo -n 'Firewall rules loaded, starting divert daemons:'
296
297				# Network Address Translation daemon
298				#
299				case ${natd_enable} in
300				[Yy][Ee][Ss])
301					if [ -n "${natd_interface}" ]; then
302						if echo ${natd_interface} | \
303							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
304							natd_ifarg="-a ${natd_interface}"
305						else
306							natd_ifarg="-n ${natd_interface}"
307						fi
308
309						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
310					fi
311					;;
312				esac
313
314				echo '.'
315
316			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
317				echo 'Warning: kernel has firewall functionality,' \
318				     'but firewall rules are not enabled.'
319				echo '		 All ip services are disabled.'
320			fi
321
322			case ${firewall_logging} in
323			[Yy][Ee][Ss] | '')
324				echo 'Firewall logging=YES'
325				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
326				;;
327			*)
328				;;
329			esac
330
331			;;
332		esac
333		;;
334	esac
335
336	# Additional ATM interface configuration
337	#
338	if [ -n "${atm_pass1_done}" ]; then
339		atm_pass2
340	fi
341
342	# Configure routing
343	#
344	case ${defaultrouter} in
345	[Nn][Oo] | '')
346		;;
347	*)
348		static_routes="default ${static_routes}"
349		route_default="default ${defaultrouter}"
350		;;
351	esac
352
353	# Set up any static routes.  This should be done before router discovery.
354	#
355	if [ -n "${static_routes}" ]; then
356		for i in ${static_routes}; do
357			eval route_args=\$route_${i}
358			route add ${route_args}
359		done
360	fi
361
362	echo -n 'Additional routing options:'
363	case ${tcp_extensions} in
364	[Yy][Ee][Ss] | '')
365		;;
366	*)
367		echo -n ' tcp extensions=NO'
368		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
369		;;
370	esac
371
372	case ${icmp_bmcastecho} in
373	[Yy][Ee][Ss])
374		echo -n ' broadcast ping responses=YES'
375		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
376		;;
377	esac
378
379	case ${icmp_drop_redirect} in
380	[Yy][Ee][Ss])
381		echo -n ' ignore ICMP redirect=YES'
382		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
383		;;
384	esac
385
386	case ${icmp_log_redirect} in
387	[Yy][Ee][Ss])
388		echo -n ' log ICMP redirect=YES'
389		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
390		;;
391	esac
392
393	case ${gateway_enable} in
394	[Yy][Ee][Ss])
395		echo -n ' IP gateway=YES'
396		sysctl -w net.inet.ip.forwarding=1 >/dev/null
397		;;
398	esac
399
400	case ${forward_sourceroute} in
401	[Yy][Ee][Ss])
402		echo -n ' do source routing=YES'
403		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
404		;;
405	esac
406
407	case ${accept_sourceroute} in
408	[Yy][Ee][Ss])
409		echo -n ' accept source routing=YES'
410		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
411		;;
412	esac
413
414	case ${tcp_keepalive} in
415	[Yy][Ee][Ss])
416		echo -n ' TCP keepalive=YES'
417		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
418		;;
419	esac
420
421	case ${tcp_drop_synfin} in
422	[Yy][Ee][Ss])
423		echo -n ' drop SYN+FIN packets=YES'
424		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
425		;;
426	esac
427
428	case ${ipxgateway_enable} in
429	[Yy][Ee][Ss])
430		echo -n ' IPX gateway=YES'
431		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
432		;;
433	esac
434
435	case ${arpproxy_all} in
436	[Yy][Ee][Ss])
437		echo -n ' ARP proxyall=YES'
438		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
439		;;
440	esac
441
442	case ${ip_portrange_first} in
443	[Nn][Oo] | '')
444		;;
445	*)
446		echo -n " ip_portrange_first=$ip_portrange_first"
447		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
448		;;
449	esac
450
451	case ${ip_portrange_last} in
452	[Nn][Oo] | '')
453		;;
454	*)
455		echo -n " ip_portrange_last=$ip_portrange_last"
456		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
457		;;
458	esac
459
460	echo '.'
461
462	case ${ipsec_enable} in
463	[Yy][Ee][Ss])
464		if [ -f ${ipsec_file} ]; then
465		    echo ' ipsec: enabled'
466		    setkey -f ${ipsec_file}
467		else
468		    echo ' ipsec: file not found'
469		fi
470		;;
471	esac
472
473	echo -n 'Routing daemons:'
474	case ${router_enable} in
475	[Yy][Ee][Ss])
476		echo -n " ${router}";	${router} ${router_flags}
477		;;
478	esac
479
480	case ${ipxrouted_enable} in
481	[Yy][Ee][Ss])
482		echo -n ' IPXrouted'
483		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
484		;;
485	esac
486
487	case ${mrouted_enable} in
488	[Yy][Ee][Ss])
489		echo -n ' mrouted';	mrouted ${mrouted_flags}
490		;;
491	esac
492
493	case ${rarpd_enable} in
494	[Yy][Ee][Ss])
495		echo -n ' rarpd';	rarpd ${rarpd_flags}
496		;;
497	esac
498	echo '.'
499
500	# Let future generations know we made it.
501	#
502	network_pass1_done=YES
503}
504
505network_pass2() {
506	echo -n 'Doing additional network setup:'
507	case ${named_enable} in
508	[Yy][Ee][Ss])
509		echo -n ' named';	${named_program:-named} ${named_flags}
510		;;
511	esac
512
513	case ${ntpdate_enable} in
514	[Yy][Ee][Ss])
515		echo -n ' ntpdate'
516		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
517		;;
518	esac
519
520	case ${xntpd_enable} in
521	[Yy][Ee][Ss])
522		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
523		;;
524	esac
525
526	case ${timed_enable} in
527	[Yy][Ee][Ss])
528		echo -n ' timed';	timed ${timed_flags}
529		;;
530	esac
531
532	case ${portmap_enable} in
533	[Yy][Ee][Ss])
534		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
535			${portmap_flags}
536
537		# Start ypserv if we're an NIS server.
538		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
539		#
540		case ${nis_server_enable} in
541		[Yy][Ee][Ss])
542			echo -n ' ypserv'; ypserv ${nis_server_flags}
543
544			case ${nis_ypxfrd_enable} in
545			[Yy][Ee][Ss])
546				echo -n ' rpc.ypxfrd'
547				rpc.ypxfrd ${nis_ypxfrd_flags}
548				;;
549			esac
550
551			case ${nis_yppasswdd_enable} in
552			[Yy][Ee][Ss])
553				echo -n ' rpc.yppasswdd'
554				rpc.yppasswdd ${nis_yppasswdd_flags}
555				;;
556			esac
557			;;
558		esac
559
560		# Start ypbind if we're an NIS client
561		#
562		case ${nis_client_enable} in
563		[Yy][Ee][Ss])
564			echo -n ' ypbind'; ypbind ${nis_client_flags}
565			case ${nis_ypset_enable} in
566			[Yy][Ee][Ss])
567				echo -n ' ypset';	ypset ${nis_ypset_flags}
568				;;
569			esac
570			;;
571		esac
572
573		# Start keyserv if we are running Secure RPC
574		#
575		case ${keyserv_enable} in
576		[Yy][Ee][Ss])
577			echo -n ' keyserv';	keyserv ${keyserv_flags}
578			;;
579		esac
580
581		# Start ypupdated if we are running Secure RPC
582		# and we are NIS master
583		#
584		case ${rpc_ypupdated_enable} in
585		[Yy][Ee][Ss])
586			echo -n ' rpc.ypupdated';	rpc.ypupdated
587			;;
588		esac
589		;;
590	esac
591
592	# Start ATM daemons
593	if [ -n "${atm_pass2_done}" ]; then
594		atm_pass3
595	fi
596
597	echo '.'
598	network_pass2_done=YES
599}
600
601network_pass3() {
602	echo -n 'Starting final network daemons:'
603
604	case ${portmap_enable} in
605	[Yy][Ee][Ss])
606		case ${nfs_server_enable} in
607		[Yy][Ee][Ss])
608			if [ -r /etc/exports ]; then
609				echo -n ' mountd'
610
611				case ${weak_mountd_authentication} in
612				[Yy][Ee][Ss])
613					mountd_flags="${mountd_flags} -n"
614					;;
615				esac
616
617				mountd ${mountd_flags}
618
619				case ${nfs_reserved_port_only} in
620				[Yy][Ee][Ss])
621					echo -n ' NFS on reserved port only=YES'
622					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
623					;;
624				esac
625
626				echo -n ' nfsd';	nfsd ${nfs_server_flags}
627
628				case ${rpc_lockd_enable} in
629				[Yy][Ee][Ss])
630					echo -n ' rpc.lockd';	rpc.lockd
631					;;
632				esac
633
634				case ${rpc_statd_enable} in
635				[Yy][Ee][Ss])
636					echo -n ' rpc.statd';	rpc.statd
637					;;
638				esac
639			fi
640			;;
641		*)
642			case ${single_mountd_enable} in
643			[Yy][Ee][Ss])
644				if [ -r /etc/exports ]; then
645					echo -n ' mountd'
646
647					case ${weak_mountd_authentication} in
648					[Yy][Ee][Ss])
649						mountd_flags="-n"
650						;;
651					esac
652
653					mountd ${mountd_flags}
654				fi
655				;;
656			esac
657			;;
658		esac
659
660		case ${nfs_client_enable} in
661		[Yy][Ee][Ss])
662			if [ -n "${nfs_access_cache}" ]; then
663				echo -n " NFS access cache time=${nfs_access_cache}"
664				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
665			fi
666			if [ -n "${nfs_bufpackets}" ]; then
667				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
668			fi
669			;;
670		esac
671
672		# If /var/db/mounttab exists, some nfs-server has not been
673		# sucessfully notified about a previous client shutdown.
674		# If there is no /var/db/mounttab, we do nothing.
675		if [ -f /var/db/mounttab ]; then
676			rpc.umntall -k
677		fi
678
679		case ${amd_enable} in
680		[Yy][Ee][Ss])
681			echo -n ' amd'
682			case ${amd_map_program} in
683			[Nn][Oo] | '')
684				;;
685			*)
686				amd_flags="${amd_flags} `eval\
687					${amd_map_program}`"
688				;;
689			esac
690
691			if [ -n "${amd_flags}" ]; then
692				amd -p ${amd_flags}\
693					> /var/run/amd.pid 2> /dev/null
694			else
695				amd 2> /dev/null
696			fi
697			;;
698		esac
699		;;
700	esac
701
702	case ${rwhod_enable} in
703	[Yy][Ee][Ss])
704		echo -n ' rwhod';	rwhod ${rwhod_flags}
705		;;
706	esac
707
708	# Kerberos servers run ONLY on the Kerberos server machine
709	case ${kerberos4_server_enable} in
710	[Yy][Ee][Ss])
711		case ${kerberos_stash} in
712		[Yy][Ee][Ss])
713			stash=-n
714			;;
715		*)
716			stash=
717			;;
718		esac
719
720		echo -n ' kerberosIV'
721		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
722
723		case ${kadmind4_server_enable} in
724		[Yy][Ee][Ss])
725			echo -n ' kadmindIV'
726			(
727				sleep 20;
728				${kadmind4_server} ${stash} >/dev/null 2>&1 &
729			) &
730			;;
731		esac
732		unset stash_flag
733		;;
734	esac
735
736	case ${kerberos5_server_enable} in
737	[Yy][Ee][Ss])
738		echo -n ' kerberos5'
739		${kerberos5_server} &
740
741		case ${kadmind5_server_enable} in
742		[Yy][Ee][Ss])
743			echo -n ' kadmind5'
744			${kadmind5_server} &
745			;;
746		esac
747		;;
748	esac
749
750	case ${pppoed_enable} in
751	[Yy][Ee][Ss])
752		if [ -n "${pppoed_provider}" ]; then
753			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
754		fi
755		echo -n ' pppoed';
756		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
757		;;
758	esac
759
760	case ${sshd_enable} in
761	[Yy][Ee][Ss])
762		if [ ! -f /etc/ssh/ssh_host_key ]; then
763			echo ' creating ssh RSA host key';
764			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
765		fi
766		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
767			echo ' creating ssh DSA host key';
768			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
769		fi
770		;;
771	esac
772
773	echo '.'
774	network_pass3_done=YES
775}
776
777network_pass4() {
778	echo -n 'Additional TCP options:'
779	case ${log_in_vain} in
780	[Nn][Oo] | '')
781		;;
782	*)
783		echo -n ' log_in_vain=YES'
784		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
785		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
786		;;
787	esac
788
789	echo '.'
790	network_pass4_done=YES
791}
792
793network_gif_setup() {
794	case ${gif_interfaces} in
795	[Nn][Oo] | '')
796		;;
797	*)
798		for i in ${gif_interfaces}; do
799			eval peers=\$gifconfig_$i
800			case ${peers} in
801			'')
802				continue
803				;;
804			*)
805				ifconfig $i create >/dev/null 2>&1
806				ifconfig $i tunnel ${peers}
807				;;
808			esac
809		done
810		;;
811	esac
812}
813
814convert_host_conf() {
815    host_conf=$1; shift;
816    nsswitch_conf=$1; shift;
817    awk '                                                                   \
818        /^[:blank:]*#/       { next }                                       \
819        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
820        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
821        /nis/                { nsswitch[c] = "nis";   c++; next }           \
822        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
823        END {                                                               \
824                printf "hosts: ";                                           \
825                for (i in nsswitch) printf "%s ", nsswitch[i];              \
826                printf "\n";                                                \
827        }' < $host_conf > $nsswitch_conf
828}
829
830