netoptions revision 84780
1#!/bin/sh - 2# 3# Copyright (c) 1993 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: head/etc/rc.d/netoptions 84780 2001-10-10 20:36:51Z jhb $ 28# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29# 30 31# Note that almost all of the user-configurable behavior is no longer in 32# this file, but rather in /etc/defaults/rc.conf. Please check that file 33# first before contemplating any changes here. If you do need to change 34# this file for some reason, we would like to know about it. 35 36# First pass startup stuff. 37# 38network_pass1() { 39 echo -n 'Doing initial network setup:' 40 41 # Convert host.conf to nsswitch.conf if necessary 42 if [ -f "/etc/host.conf" ]; then 43 echo '' 44 echo 'Warning: /etc/host.conf is no longer used' 45 if [ -f "/etc/nsswitch.conf" ]; then 46 echo ' /etc/nsswitch.conf will be used instead' 47 else 48 echo ' /etc/nsswitch.conf will be created for you' 49 convert_host_conf /etc/host.conf /etc/nsswitch.conf 50 fi 51 fi 52 53 # Set the host name if it is not already set 54 # 55 if [ -z "`hostname -s`" ]; then 56 hostname ${hostname} 57 echo -n ' hostname' 58 fi 59 60 # Establish ipfilter ruleset as early as possible (best in 61 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 62 # 63 if /sbin/ipfstat -i > /dev/null 2>&1; then 64 ipfilter_in_kernel=1 65 else 66 ipfilter_in_kernel=0 67 fi 68 69 case "${ipfilter_enable}" in 70 [Yy][Ee][Ss]) 71 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 72 ipfilter_in_kernel=1 73 echo "Kernel ipfilter module loaded." 74 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 75 echo "Warning: ipfilter kernel module failed to load." 76 fi 77 78 if [ -r "${ipfilter_rules}" ]; then 79 echo -n ' ipfilter'; 80 ${ipfilter_program:-/sbin/ipf -Fa -f} \ 81 "${ipfilter_rules}" ${ipfilter_flags} 82 case "${ipmon_enable}" in 83 [Yy][Ee][Ss]) 84 echo -n ' ipmon' 85 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 86 ;; 87 esac 88 case "${ipnat_enable}" in 89 [Yy][Ee][Ss]) 90 if [ -r "${ipnat_rules}" ]; then 91 echo -n ' ipnat'; 92 eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 93 "${ipnat_rules}" ${ipnat_flags} 94 else 95 echo -n ' NO IPNAT RULES' 96 fi 97 ;; 98 esac 99 else 100 ipfilter_enable="NO" 101 echo -n ' NO IPF RULES' 102 fi 103 ;; 104 esac 105 106 # Set the domainname if we're using NIS 107 # 108 case ${nisdomainname} in 109 [Nn][Oo] | '') 110 ;; 111 *) 112 domainname ${nisdomainname} 113 echo -n ' domain' 114 ;; 115 esac 116 117 echo '.' 118 119 # Initial ATM interface configuration 120 # 121 case ${atm_enable} in 122 [Yy][Ee][Ss]) 123 if [ -r /etc/rc.atm ]; then 124 . /etc/rc.atm 125 atm_pass1 126 fi 127 ;; 128 esac 129 130 # Attempt to create cloned interfaces. 131 for ifn in ${cloned_interfaces}; do 132 ifconfig ${ifn} create 133 done 134 135 # Special options for sppp(4) interfaces go here. These need 136 # to go _before_ the general ifconfig section, since in the case 137 # of hardwired (no link1 flag) but required authentication, you 138 # cannot pass auth parameters down to the already running interface. 139 # 140 for ifn in ${sppp_interfaces}; do 141 eval spppcontrol_args=\$spppconfig_${ifn} 142 if [ -n "${spppcontrol_args}" ]; then 143 # The auth secrets might contain spaces; in order 144 # to retain the quotation, we need to eval them 145 # here. 146 eval spppcontrol ${ifn} ${spppcontrol_args} 147 fi 148 done 149 150 # gifconfig 151 network_gif_setup 152 153 # Set up all the network interfaces, calling startup scripts if needed 154 # 155 case ${network_interfaces} in 156 [Aa][Uu][Tt][Oo]) 157 network_interfaces="`ifconfig -l`" 158 ;; 159 *) 160 network_interfaces="${network_interfaces} ${cloned_interfaces}" 161 ;; 162 esac 163 164 dhcp_interfaces="" 165 for ifn in ${network_interfaces}; do 166 if [ -r /etc/start_if.${ifn} ]; then 167 . /etc/start_if.${ifn} 168 eval showstat_$ifn=1 169 fi 170 171 # Do the primary ifconfig if specified 172 # 173 eval ifconfig_args=\$ifconfig_${ifn} 174 175 case ${ifconfig_args} in 176 '') 177 ;; 178 [Dd][Hh][Cc][Pp]) 179 # DHCP inits are done all in one go below 180 dhcp_interfaces="$dhcp_interfaces $ifn" 181 eval showstat_$ifn=1 182 ;; 183 *) 184 ifconfig ${ifn} ${ifconfig_args} 185 eval showstat_$ifn=1 186 ;; 187 esac 188 done 189 190 if [ ! -z "${dhcp_interfaces}" ]; then 191 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 192 fi 193 194 for ifn in ${network_interfaces}; do 195 # Check to see if aliases need to be added 196 # 197 alias=0 198 while : ; do 199 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 200 if [ -n "${ifconfig_args}" ]; then 201 ifconfig ${ifn} ${ifconfig_args} alias 202 eval showstat_$ifn=1 203 alias=`expr ${alias} + 1` 204 else 205 break; 206 fi 207 done 208 209 # Do ipx address if specified 210 # 211 eval ifconfig_args=\$ifconfig_${ifn}_ipx 212 if [ -n "${ifconfig_args}" ]; then 213 ifconfig ${ifn} ${ifconfig_args} 214 eval showstat_$ifn=1 215 fi 216 done 217 218 for ifn in ${network_interfaces}; do 219 eval showstat=\$showstat_${ifn} 220 if [ ! -z ${showstat} ]; then 221 ifconfig ${ifn} 222 fi 223 done 224 225 # ISDN subsystem startup 226 # 227 case ${isdn_enable} in 228 [Yy][Ee][Ss]) 229 if [ -r /etc/rc.isdn ]; then 230 . /etc/rc.isdn 231 fi 232 ;; 233 esac 234 235 # Start user ppp if required. This must happen before natd. 236 # 237 case ${ppp_enable} in 238 [Yy][Ee][Ss]) 239 # Establish ppp mode. 240 # 241 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 242 -a "${ppp_mode}" != "dedicated" \ 243 -a "${ppp_mode}" != "background" ]; then 244 ppp_mode="auto" 245 fi 246 247 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 248 249 # Switch on NAT mode? 250 # 251 case ${ppp_nat} in 252 [Yy][Ee][Ss]) 253 ppp_command="${ppp_command} -nat" 254 ;; 255 esac 256 257 ppp_command="${ppp_command} ${ppp_profile}" 258 259 echo "Starting ppp as \"${ppp_user}\"" 260 su -m ${ppp_user} -c "exec ${ppp_command}" 261 ;; 262 esac 263 264 # Initialize IP filtering using ipfw 265 # 266 if /sbin/ipfw -q flush > /dev/null 2>&1; then 267 firewall_in_kernel=1 268 else 269 firewall_in_kernel=0 270 fi 271 272 case ${firewall_enable} in 273 [Yy][Ee][Ss]) 274 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 275 firewall_in_kernel=1 276 echo 'Kernel firewall module loaded' 277 elif [ "${firewall_in_kernel}" -eq 0 ]; then 278 echo 'Warning: firewall kernel module failed to load' 279 fi 280 ;; 281 esac 282 283 # Load the filters if required 284 # 285 case ${firewall_in_kernel} in 286 1) 287 if [ -z "${firewall_script}" ]; then 288 firewall_script=/etc/rc.firewall 289 fi 290 291 case ${firewall_enable} in 292 [Yy][Ee][Ss]) 293 if [ -r "${firewall_script}" ]; then 294 . "${firewall_script}" 295 echo -n 'Firewall rules loaded, starting divert daemons:' 296 297 # Network Address Translation daemon 298 # 299 case ${natd_enable} in 300 [Yy][Ee][Ss]) 301 if [ -n "${natd_interface}" ]; then 302 if echo ${natd_interface} | \ 303 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 304 natd_ifarg="-a ${natd_interface}" 305 else 306 natd_ifarg="-n ${natd_interface}" 307 fi 308 309 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 310 fi 311 ;; 312 esac 313 314 echo '.' 315 316 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 317 echo 'Warning: kernel has firewall functionality,' \ 318 'but firewall rules are not enabled.' 319 echo ' All ip services are disabled.' 320 fi 321 322 case ${firewall_logging} in 323 [Yy][Ee][Ss] | '') 324 echo 'Firewall logging=YES' 325 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 326 ;; 327 *) 328 ;; 329 esac 330 331 ;; 332 esac 333 ;; 334 esac 335 336 # Additional ATM interface configuration 337 # 338 if [ -n "${atm_pass1_done}" ]; then 339 atm_pass2 340 fi 341 342 # Configure routing 343 # 344 case ${defaultrouter} in 345 [Nn][Oo] | '') 346 ;; 347 *) 348 static_routes="default ${static_routes}" 349 route_default="default ${defaultrouter}" 350 ;; 351 esac 352 353 # Set up any static routes. This should be done before router discovery. 354 # 355 if [ -n "${static_routes}" ]; then 356 for i in ${static_routes}; do 357 eval route_args=\$route_${i} 358 route add ${route_args} 359 done 360 fi 361 362 echo -n 'Additional routing options:' 363 case ${tcp_extensions} in 364 [Yy][Ee][Ss] | '') 365 ;; 366 *) 367 echo -n ' tcp extensions=NO' 368 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 369 ;; 370 esac 371 372 case ${icmp_bmcastecho} in 373 [Yy][Ee][Ss]) 374 echo -n ' broadcast ping responses=YES' 375 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 376 ;; 377 esac 378 379 case ${icmp_drop_redirect} in 380 [Yy][Ee][Ss]) 381 echo -n ' ignore ICMP redirect=YES' 382 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 383 ;; 384 esac 385 386 case ${icmp_log_redirect} in 387 [Yy][Ee][Ss]) 388 echo -n ' log ICMP redirect=YES' 389 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 390 ;; 391 esac 392 393 case ${gateway_enable} in 394 [Yy][Ee][Ss]) 395 echo -n ' IP gateway=YES' 396 sysctl -w net.inet.ip.forwarding=1 >/dev/null 397 ;; 398 esac 399 400 case ${forward_sourceroute} in 401 [Yy][Ee][Ss]) 402 echo -n ' do source routing=YES' 403 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 404 ;; 405 esac 406 407 case ${accept_sourceroute} in 408 [Yy][Ee][Ss]) 409 echo -n ' accept source routing=YES' 410 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 411 ;; 412 esac 413 414 case ${tcp_keepalive} in 415 [Yy][Ee][Ss]) 416 echo -n ' TCP keepalive=YES' 417 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 418 ;; 419 esac 420 421 case ${tcp_drop_synfin} in 422 [Yy][Ee][Ss]) 423 echo -n ' drop SYN+FIN packets=YES' 424 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 425 ;; 426 esac 427 428 case ${ipxgateway_enable} in 429 [Yy][Ee][Ss]) 430 echo -n ' IPX gateway=YES' 431 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 432 ;; 433 esac 434 435 case ${arpproxy_all} in 436 [Yy][Ee][Ss]) 437 echo -n ' ARP proxyall=YES' 438 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 439 ;; 440 esac 441 442 case ${ip_portrange_first} in 443 [Nn][Oo] | '') 444 ;; 445 *) 446 echo -n " ip_portrange_first=$ip_portrange_first" 447 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 448 ;; 449 esac 450 451 case ${ip_portrange_last} in 452 [Nn][Oo] | '') 453 ;; 454 *) 455 echo -n " ip_portrange_last=$ip_portrange_last" 456 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 457 ;; 458 esac 459 460 echo '.' 461 462 case ${ipsec_enable} in 463 [Yy][Ee][Ss]) 464 if [ -f ${ipsec_file} ]; then 465 echo ' ipsec: enabled' 466 setkey -f ${ipsec_file} 467 else 468 echo ' ipsec: file not found' 469 fi 470 ;; 471 esac 472 473 echo -n 'Routing daemons:' 474 case ${router_enable} in 475 [Yy][Ee][Ss]) 476 echo -n " ${router}"; ${router} ${router_flags} 477 ;; 478 esac 479 480 case ${ipxrouted_enable} in 481 [Yy][Ee][Ss]) 482 echo -n ' IPXrouted' 483 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 484 ;; 485 esac 486 487 case ${mrouted_enable} in 488 [Yy][Ee][Ss]) 489 echo -n ' mrouted'; mrouted ${mrouted_flags} 490 ;; 491 esac 492 493 case ${rarpd_enable} in 494 [Yy][Ee][Ss]) 495 echo -n ' rarpd'; rarpd ${rarpd_flags} 496 ;; 497 esac 498 echo '.' 499 500 # Let future generations know we made it. 501 # 502 network_pass1_done=YES 503} 504 505network_pass2() { 506 echo -n 'Doing additional network setup:' 507 case ${named_enable} in 508 [Yy][Ee][Ss]) 509 echo -n ' named'; ${named_program:-named} ${named_flags} 510 ;; 511 esac 512 513 case ${ntpdate_enable} in 514 [Yy][Ee][Ss]) 515 echo -n ' ntpdate' 516 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 517 ;; 518 esac 519 520 case ${xntpd_enable} in 521 [Yy][Ee][Ss]) 522 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 523 ;; 524 esac 525 526 case ${timed_enable} in 527 [Yy][Ee][Ss]) 528 echo -n ' timed'; timed ${timed_flags} 529 ;; 530 esac 531 532 case ${portmap_enable} in 533 [Yy][Ee][Ss]) 534 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 535 ${portmap_flags} 536 537 # Start ypserv if we're an NIS server. 538 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 539 # 540 case ${nis_server_enable} in 541 [Yy][Ee][Ss]) 542 echo -n ' ypserv'; ypserv ${nis_server_flags} 543 544 case ${nis_ypxfrd_enable} in 545 [Yy][Ee][Ss]) 546 echo -n ' rpc.ypxfrd' 547 rpc.ypxfrd ${nis_ypxfrd_flags} 548 ;; 549 esac 550 551 case ${nis_yppasswdd_enable} in 552 [Yy][Ee][Ss]) 553 echo -n ' rpc.yppasswdd' 554 rpc.yppasswdd ${nis_yppasswdd_flags} 555 ;; 556 esac 557 ;; 558 esac 559 560 # Start ypbind if we're an NIS client 561 # 562 case ${nis_client_enable} in 563 [Yy][Ee][Ss]) 564 echo -n ' ypbind'; ypbind ${nis_client_flags} 565 case ${nis_ypset_enable} in 566 [Yy][Ee][Ss]) 567 echo -n ' ypset'; ypset ${nis_ypset_flags} 568 ;; 569 esac 570 ;; 571 esac 572 573 # Start keyserv if we are running Secure RPC 574 # 575 case ${keyserv_enable} in 576 [Yy][Ee][Ss]) 577 echo -n ' keyserv'; keyserv ${keyserv_flags} 578 ;; 579 esac 580 581 # Start ypupdated if we are running Secure RPC 582 # and we are NIS master 583 # 584 case ${rpc_ypupdated_enable} in 585 [Yy][Ee][Ss]) 586 echo -n ' rpc.ypupdated'; rpc.ypupdated 587 ;; 588 esac 589 ;; 590 esac 591 592 # Start ATM daemons 593 if [ -n "${atm_pass2_done}" ]; then 594 atm_pass3 595 fi 596 597 echo '.' 598 network_pass2_done=YES 599} 600 601network_pass3() { 602 echo -n 'Starting final network daemons:' 603 604 case ${portmap_enable} in 605 [Yy][Ee][Ss]) 606 case ${nfs_server_enable} in 607 [Yy][Ee][Ss]) 608 if [ -r /etc/exports ]; then 609 echo -n ' mountd' 610 611 case ${weak_mountd_authentication} in 612 [Yy][Ee][Ss]) 613 mountd_flags="${mountd_flags} -n" 614 ;; 615 esac 616 617 mountd ${mountd_flags} 618 619 case ${nfs_reserved_port_only} in 620 [Yy][Ee][Ss]) 621 echo -n ' NFS on reserved port only=YES' 622 sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 623 ;; 624 esac 625 626 echo -n ' nfsd'; nfsd ${nfs_server_flags} 627 628 case ${rpc_lockd_enable} in 629 [Yy][Ee][Ss]) 630 echo -n ' rpc.lockd'; rpc.lockd 631 ;; 632 esac 633 634 case ${rpc_statd_enable} in 635 [Yy][Ee][Ss]) 636 echo -n ' rpc.statd'; rpc.statd 637 ;; 638 esac 639 fi 640 ;; 641 *) 642 case ${single_mountd_enable} in 643 [Yy][Ee][Ss]) 644 if [ -r /etc/exports ]; then 645 echo -n ' mountd' 646 647 case ${weak_mountd_authentication} in 648 [Yy][Ee][Ss]) 649 mountd_flags="-n" 650 ;; 651 esac 652 653 mountd ${mountd_flags} 654 fi 655 ;; 656 esac 657 ;; 658 esac 659 660 case ${nfs_client_enable} in 661 [Yy][Ee][Ss]) 662 if [ -n "${nfs_access_cache}" ]; then 663 echo -n " NFS access cache time=${nfs_access_cache}" 664 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 665 fi 666 if [ -n "${nfs_bufpackets}" ]; then 667 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 668 fi 669 ;; 670 esac 671 672 # If /var/db/mounttab exists, some nfs-server has not been 673 # sucessfully notified about a previous client shutdown. 674 # If there is no /var/db/mounttab, we do nothing. 675 if [ -f /var/db/mounttab ]; then 676 rpc.umntall -k 677 fi 678 679 case ${amd_enable} in 680 [Yy][Ee][Ss]) 681 echo -n ' amd' 682 case ${amd_map_program} in 683 [Nn][Oo] | '') 684 ;; 685 *) 686 amd_flags="${amd_flags} `eval\ 687 ${amd_map_program}`" 688 ;; 689 esac 690 691 if [ -n "${amd_flags}" ]; then 692 amd -p ${amd_flags}\ 693 > /var/run/amd.pid 2> /dev/null 694 else 695 amd 2> /dev/null 696 fi 697 ;; 698 esac 699 ;; 700 esac 701 702 case ${rwhod_enable} in 703 [Yy][Ee][Ss]) 704 echo -n ' rwhod'; rwhod ${rwhod_flags} 705 ;; 706 esac 707 708 # Kerberos servers run ONLY on the Kerberos server machine 709 case ${kerberos4_server_enable} in 710 [Yy][Ee][Ss]) 711 case ${kerberos_stash} in 712 [Yy][Ee][Ss]) 713 stash=-n 714 ;; 715 *) 716 stash= 717 ;; 718 esac 719 720 echo -n ' kerberosIV' 721 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 722 723 case ${kadmind4_server_enable} in 724 [Yy][Ee][Ss]) 725 echo -n ' kadmindIV' 726 ( 727 sleep 20; 728 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 729 ) & 730 ;; 731 esac 732 unset stash_flag 733 ;; 734 esac 735 736 case ${kerberos5_server_enable} in 737 [Yy][Ee][Ss]) 738 echo -n ' kerberos5' 739 ${kerberos5_server} & 740 741 case ${kadmind5_server_enable} in 742 [Yy][Ee][Ss]) 743 echo -n ' kadmind5' 744 ${kadmind5_server} & 745 ;; 746 esac 747 ;; 748 esac 749 750 case ${pppoed_enable} in 751 [Yy][Ee][Ss]) 752 if [ -n "${pppoed_provider}" ]; then 753 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 754 fi 755 echo -n ' pppoed'; 756 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 757 ;; 758 esac 759 760 case ${sshd_enable} in 761 [Yy][Ee][Ss]) 762 if [ ! -f /etc/ssh/ssh_host_key ]; then 763 echo ' creating ssh RSA host key'; 764 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 765 fi 766 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 767 echo ' creating ssh DSA host key'; 768 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 769 fi 770 ;; 771 esac 772 773 echo '.' 774 network_pass3_done=YES 775} 776 777network_pass4() { 778 echo -n 'Additional TCP options:' 779 case ${log_in_vain} in 780 [Nn][Oo] | '') 781 ;; 782 *) 783 echo -n ' log_in_vain=YES' 784 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 785 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 786 ;; 787 esac 788 789 echo '.' 790 network_pass4_done=YES 791} 792 793network_gif_setup() { 794 case ${gif_interfaces} in 795 [Nn][Oo] | '') 796 ;; 797 *) 798 for i in ${gif_interfaces}; do 799 eval peers=\$gifconfig_$i 800 case ${peers} in 801 '') 802 continue 803 ;; 804 *) 805 ifconfig $i create >/dev/null 2>&1 806 ifconfig $i tunnel ${peers} 807 ;; 808 esac 809 done 810 ;; 811 esac 812} 813 814convert_host_conf() { 815 host_conf=$1; shift; 816 nsswitch_conf=$1; shift; 817 awk ' \ 818 /^[:blank:]*#/ { next } \ 819 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 820 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 821 /nis/ { nsswitch[c] = "nis"; c++; next } \ 822 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 823 END { \ 824 printf "hosts: "; \ 825 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 826 printf "\n"; \ 827 }' < $host_conf > $nsswitch_conf 828} 829 830