netoptions revision 85222 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/netoptions 85222 2001-10-20 04:46:32Z darrenr $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	if /sbin/ipfstat -i > /dev/null 2>&1; then
64		ipfilter_in_kernel=1
65	else
66		ipfilter_in_kernel=0
67	fi
68
69	case "${ipfilter_enable}" in
70	[Yy][Ee][Ss])
71		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
72			ipfilter_in_kernel=1
73			echo "Kernel ipfilter module loaded."
74		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
75			echo "Warning: ipfilter kernel module failed to load."
76		fi
77
78		if [ -r "${ipfilter_rules}" ]; then
79			echo -n ' ipfilter';
80			${ipfilter_program:-/sbin/ipf -Fa -f} \
81			    "${ipfilter_rules}" ${ipfilter_flags}
82			case "${ipmon_enable}" in
83			[Yy][Ee][Ss])
84				echo -n ' ipmon'
85				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
86				;;
87			esac
88			case "${ipfs_enable}" in
89			[Yy][Ee][Ss])
90				if [ -r "/var/db/ipf/ipstate.ipf" ]; then
91					echo -n ' ipfs';
92					eval ${ipfs_program:-/sbin/ipfs -R} \
93						${ipfs_flags}
94				fi
95				;;
96			esac
97		else
98			ipfilter_enable="NO"
99			echo -n ' NO IPF RULES'
100		fi
101	esac
102	case "${ipnat_enable}" in
103	[Yy][Ee][Ss])
104		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
105			ipfilter_in_kernel=1
106			echo "Kernel ipfilter module loaded."
107		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
108			echo "Warning: ipfilter kernel module failed to load."
109		fi
110		if [ -r "${ipnat_rules}" ]; then
111			echo -n ' ipnat';
112		eval ${ipnat_program:-/sbin/ipnat -CF -f} \
113			"${ipnat_rules}" ${ipnat_flags}
114		else
115			echo -n ' NO IPNAT RULES'
116		fi
117		;;
118	esac
119
120	# Set the domainname if we're using NIS
121	#
122	case ${nisdomainname} in
123	[Nn][Oo] | '')
124		;;
125	*)
126		domainname ${nisdomainname}
127		echo -n ' domain'
128		;;
129	esac
130
131	echo '.'
132
133	# Initial ATM interface configuration
134	#
135	case ${atm_enable} in
136	[Yy][Ee][Ss])
137		if [ -r /etc/rc.atm ]; then
138			. /etc/rc.atm
139			atm_pass1
140		fi
141		;;
142	esac
143
144	# Attempt to create cloned interfaces.
145	for ifn in ${cloned_interfaces}; do
146		ifconfig ${ifn} create
147	done
148
149	# Special options for sppp(4) interfaces go here.  These need
150	# to go _before_ the general ifconfig section, since in the case
151	# of hardwired (no link1 flag) but required authentication, you
152	# cannot pass auth parameters down to the already running interface.
153	#
154	for ifn in ${sppp_interfaces}; do
155		eval spppcontrol_args=\$spppconfig_${ifn}
156		if [ -n "${spppcontrol_args}" ]; then
157			# The auth secrets might contain spaces; in order
158			# to retain the quotation, we need to eval them
159			# here.
160			eval spppcontrol ${ifn} ${spppcontrol_args}
161		fi
162	done
163
164	# gifconfig
165	network_gif_setup
166
167	# Set up all the network interfaces, calling startup scripts if needed
168	#
169	case ${network_interfaces} in
170	[Aa][Uu][Tt][Oo])
171		network_interfaces="`ifconfig -l`"
172		;;
173	*)
174		network_interfaces="${network_interfaces} ${cloned_interfaces}"
175		;;
176	esac
177
178	dhcp_interfaces=""
179	for ifn in ${network_interfaces}; do
180		if [ -r /etc/start_if.${ifn} ]; then
181			. /etc/start_if.${ifn}
182			eval showstat_$ifn=1
183		fi
184
185		# Do the primary ifconfig if specified
186		#
187		eval ifconfig_args=\$ifconfig_${ifn}
188
189		case ${ifconfig_args} in
190		'')
191			;;
192		[Dd][Hh][Cc][Pp])
193			# DHCP inits are done all in one go below
194			dhcp_interfaces="$dhcp_interfaces $ifn"
195			eval showstat_$ifn=1
196			;;
197		*)
198			ifconfig ${ifn} ${ifconfig_args}
199			eval showstat_$ifn=1
200			;;
201		esac
202	done
203
204	if [ ! -z "${dhcp_interfaces}" ]; then
205		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
206	fi
207
208	for ifn in ${network_interfaces}; do
209		# Check to see if aliases need to be added
210		#
211		alias=0
212		while : ; do
213			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
214			if [ -n "${ifconfig_args}" ]; then
215				ifconfig ${ifn} ${ifconfig_args} alias
216				eval showstat_$ifn=1
217				alias=`expr ${alias} + 1`
218			else
219				break;
220			fi
221		done
222
223		# Do ipx address if specified
224		#
225		eval ifconfig_args=\$ifconfig_${ifn}_ipx
226		if [ -n "${ifconfig_args}" ]; then
227			ifconfig ${ifn} ${ifconfig_args}
228			eval showstat_$ifn=1
229		fi
230	done
231
232	for ifn in ${network_interfaces}; do
233		eval showstat=\$showstat_${ifn}
234		if [ ! -z ${showstat} ]; then
235			ifconfig ${ifn}
236		fi
237	done
238
239	# ISDN subsystem startup
240	#
241	case ${isdn_enable} in
242	[Yy][Ee][Ss])
243		if [ -r /etc/rc.isdn ]; then
244			. /etc/rc.isdn
245		fi
246		;;
247	esac
248
249	# Start user ppp if required.  This must happen before natd.
250	#
251	case ${ppp_enable} in
252	[Yy][Ee][Ss])
253		# Establish ppp mode.
254		#
255		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
256			-a "${ppp_mode}" != "dedicated" \
257			-a "${ppp_mode}" != "background" ]; then
258			ppp_mode="auto"
259		fi
260
261		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
262
263		# Switch on NAT mode?
264		#
265		case ${ppp_nat} in
266		[Yy][Ee][Ss])
267			ppp_command="${ppp_command} -nat"
268			;;
269		esac
270
271		ppp_command="${ppp_command} ${ppp_profile}"
272
273		echo "Starting ppp as \"${ppp_user}\""
274		su -m ${ppp_user} -c "exec ${ppp_command}"
275		;;
276	esac
277
278	# Re-Sync ipfilter
279	#
280	case ${ipfilter_enable} in
281	[Yy][Ee][Ss])
282		${ipfilter_program:-/sbin/ipf -y}
283		;;
284	*)
285		case ${ipnat_enable} in
286		[Yy][Ee][Ss])
287			${ipfilter_program:-/sbin/ipf -y}
288			;;
289		esac
290	esac
291
292	# Initialize IP filtering using ipfw
293	#
294	if /sbin/ipfw -q flush > /dev/null 2>&1; then
295		firewall_in_kernel=1
296	else
297		firewall_in_kernel=0
298	fi
299
300	case ${firewall_enable} in
301	[Yy][Ee][Ss])
302		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
303			firewall_in_kernel=1
304			echo 'Kernel firewall module loaded'
305		elif [ "${firewall_in_kernel}" -eq 0 ]; then
306			echo 'Warning: firewall kernel module failed to load'
307		fi
308		;;
309	esac
310
311	# Load the filters if required
312	#
313	case ${firewall_in_kernel} in
314	1)
315		if [ -z "${firewall_script}" ]; then
316			firewall_script=/etc/rc.firewall
317		fi
318
319		case ${firewall_enable} in
320		[Yy][Ee][Ss])
321			if [ -r "${firewall_script}" ]; then
322				. "${firewall_script}"
323				echo -n 'Firewall rules loaded, starting divert daemons:'
324
325				# Network Address Translation daemon
326				#
327				case ${natd_enable} in
328				[Yy][Ee][Ss])
329					if [ -n "${natd_interface}" ]; then
330						if echo ${natd_interface} | \
331							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
332							natd_ifarg="-a ${natd_interface}"
333						else
334							natd_ifarg="-n ${natd_interface}"
335						fi
336
337						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
338					fi
339					;;
340				esac
341
342				echo '.'
343
344			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
345				echo 'Warning: kernel has firewall functionality,' \
346				     'but firewall rules are not enabled.'
347				echo '		 All ip services are disabled.'
348			fi
349
350			case ${firewall_logging} in
351			[Yy][Ee][Ss] | '')
352				echo 'Firewall logging=YES'
353				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
354				;;
355			*)
356				;;
357			esac
358
359			;;
360		esac
361		;;
362	esac
363
364	# Additional ATM interface configuration
365	#
366	if [ -n "${atm_pass1_done}" ]; then
367		atm_pass2
368	fi
369
370	# Configure routing
371	#
372	case ${defaultrouter} in
373	[Nn][Oo] | '')
374		;;
375	*)
376		static_routes="default ${static_routes}"
377		route_default="default ${defaultrouter}"
378		;;
379	esac
380
381	# Set up any static routes.  This should be done before router discovery.
382	#
383	if [ -n "${static_routes}" ]; then
384		for i in ${static_routes}; do
385			eval route_args=\$route_${i}
386			route add ${route_args}
387		done
388	fi
389
390	echo -n 'Additional routing options:'
391	case ${tcp_extensions} in
392	[Yy][Ee][Ss] | '')
393		;;
394	*)
395		echo -n ' tcp extensions=NO'
396		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
397		;;
398	esac
399
400	case ${icmp_bmcastecho} in
401	[Yy][Ee][Ss])
402		echo -n ' broadcast ping responses=YES'
403		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
404		;;
405	esac
406
407	case ${icmp_drop_redirect} in
408	[Yy][Ee][Ss])
409		echo -n ' ignore ICMP redirect=YES'
410		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
411		;;
412	esac
413
414	case ${icmp_log_redirect} in
415	[Yy][Ee][Ss])
416		echo -n ' log ICMP redirect=YES'
417		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
418		;;
419	esac
420
421	case ${gateway_enable} in
422	[Yy][Ee][Ss])
423		echo -n ' IP gateway=YES'
424		sysctl -w net.inet.ip.forwarding=1 >/dev/null
425		;;
426	esac
427
428	case ${forward_sourceroute} in
429	[Yy][Ee][Ss])
430		echo -n ' do source routing=YES'
431		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
432		;;
433	esac
434
435	case ${accept_sourceroute} in
436	[Yy][Ee][Ss])
437		echo -n ' accept source routing=YES'
438		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
439		;;
440	esac
441
442	case ${tcp_keepalive} in
443	[Yy][Ee][Ss])
444		echo -n ' TCP keepalive=YES'
445		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
446		;;
447	esac
448
449	case ${tcp_drop_synfin} in
450	[Yy][Ee][Ss])
451		echo -n ' drop SYN+FIN packets=YES'
452		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
453		;;
454	esac
455
456	case ${ipxgateway_enable} in
457	[Yy][Ee][Ss])
458		echo -n ' IPX gateway=YES'
459		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
460		;;
461	esac
462
463	case ${arpproxy_all} in
464	[Yy][Ee][Ss])
465		echo -n ' ARP proxyall=YES'
466		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
467		;;
468	esac
469
470	case ${ip_portrange_first} in
471	[Nn][Oo] | '')
472		;;
473	*)
474		echo -n " ip_portrange_first=$ip_portrange_first"
475		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
476		;;
477	esac
478
479	case ${ip_portrange_last} in
480	[Nn][Oo] | '')
481		;;
482	*)
483		echo -n " ip_portrange_last=$ip_portrange_last"
484		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
485		;;
486	esac
487
488	echo '.'
489
490	case ${ipsec_enable} in
491	[Yy][Ee][Ss])
492		if [ -f ${ipsec_file} ]; then
493		    echo ' ipsec: enabled'
494		    setkey -f ${ipsec_file}
495		else
496		    echo ' ipsec: file not found'
497		fi
498		;;
499	esac
500
501	echo -n 'Routing daemons:'
502	case ${router_enable} in
503	[Yy][Ee][Ss])
504		echo -n " ${router}";	${router} ${router_flags}
505		;;
506	esac
507
508	case ${ipxrouted_enable} in
509	[Yy][Ee][Ss])
510		echo -n ' IPXrouted'
511		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
512		;;
513	esac
514
515	case ${mrouted_enable} in
516	[Yy][Ee][Ss])
517		echo -n ' mrouted';	mrouted ${mrouted_flags}
518		;;
519	esac
520
521	case ${rarpd_enable} in
522	[Yy][Ee][Ss])
523		echo -n ' rarpd';	rarpd ${rarpd_flags}
524		;;
525	esac
526	echo '.'
527
528	# Let future generations know we made it.
529	#
530	network_pass1_done=YES
531}
532
533network_pass2() {
534	echo -n 'Doing additional network setup:'
535	case ${named_enable} in
536	[Yy][Ee][Ss])
537		echo -n ' named';	${named_program:-named} ${named_flags}
538		;;
539	esac
540
541	case ${ntpdate_enable} in
542	[Yy][Ee][Ss])
543		echo -n ' ntpdate'
544		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
545		;;
546	esac
547
548	case ${xntpd_enable} in
549	[Yy][Ee][Ss])
550		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
551		;;
552	esac
553
554	case ${timed_enable} in
555	[Yy][Ee][Ss])
556		echo -n ' timed';	timed ${timed_flags}
557		;;
558	esac
559
560	case ${portmap_enable} in
561	[Yy][Ee][Ss])
562		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
563			${portmap_flags}
564
565		# Start ypserv if we're an NIS server.
566		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
567		#
568		case ${nis_server_enable} in
569		[Yy][Ee][Ss])
570			echo -n ' ypserv'; ypserv ${nis_server_flags}
571
572			case ${nis_ypxfrd_enable} in
573			[Yy][Ee][Ss])
574				echo -n ' rpc.ypxfrd'
575				rpc.ypxfrd ${nis_ypxfrd_flags}
576				;;
577			esac
578
579			case ${nis_yppasswdd_enable} in
580			[Yy][Ee][Ss])
581				echo -n ' rpc.yppasswdd'
582				rpc.yppasswdd ${nis_yppasswdd_flags}
583				;;
584			esac
585			;;
586		esac
587
588		# Start ypbind if we're an NIS client
589		#
590		case ${nis_client_enable} in
591		[Yy][Ee][Ss])
592			echo -n ' ypbind'; ypbind ${nis_client_flags}
593			case ${nis_ypset_enable} in
594			[Yy][Ee][Ss])
595				echo -n ' ypset';	ypset ${nis_ypset_flags}
596				;;
597			esac
598			;;
599		esac
600
601		# Start keyserv if we are running Secure RPC
602		#
603		case ${keyserv_enable} in
604		[Yy][Ee][Ss])
605			echo -n ' keyserv';	keyserv ${keyserv_flags}
606			;;
607		esac
608
609		# Start ypupdated if we are running Secure RPC
610		# and we are NIS master
611		#
612		case ${rpc_ypupdated_enable} in
613		[Yy][Ee][Ss])
614			echo -n ' rpc.ypupdated';	rpc.ypupdated
615			;;
616		esac
617		;;
618	esac
619
620	# Start ATM daemons
621	if [ -n "${atm_pass2_done}" ]; then
622		atm_pass3
623	fi
624
625	echo '.'
626	network_pass2_done=YES
627}
628
629network_pass3() {
630	echo -n 'Starting final network daemons:'
631
632	case ${portmap_enable} in
633	[Yy][Ee][Ss])
634		case ${nfs_server_enable} in
635		[Yy][Ee][Ss])
636			# Handle absent nfs server support
637			nfsserver_in_kernel=0
638			if sysctl vfs.nfsrv >/dev/null 2>&1; then
639				nfsserver_in_kernel=1
640			else
641				kldload nfsserver && nfsserver_in_kernel=1
642			fi
643
644			if [ -r /etc/exports -a \
645			    ${nfsserver_in_kernel} -eq 1 ]; then
646				echo -n ' mountd'
647
648				case ${weak_mountd_authentication} in
649				[Yy][Ee][Ss])
650					mountd_flags="${mountd_flags} -n"
651					;;
652				esac
653
654				mountd ${mountd_flags}
655
656				case ${nfs_reserved_port_only} in
657				[Yy][Ee][Ss])
658					echo -n ' NFS on reserved port only=YES'
659					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
660					;;
661				esac
662
663				echo -n ' nfsd';	nfsd ${nfs_server_flags}
664
665				case ${rpc_lockd_enable} in
666				[Yy][Ee][Ss])
667					echo -n ' rpc.lockd';	rpc.lockd
668					;;
669				esac
670
671				case ${rpc_statd_enable} in
672				[Yy][Ee][Ss])
673					echo -n ' rpc.statd';	rpc.statd
674					;;
675				esac
676			else
677				echo -n ' Warning: nfs server failed'
678			fi
679			;;
680		*)
681			case ${single_mountd_enable} in
682			[Yy][Ee][Ss])
683				if [ -r /etc/exports ]; then
684					echo -n ' mountd'
685
686					case ${weak_mountd_authentication} in
687					[Yy][Ee][Ss])
688						mountd_flags="-n"
689						;;
690					esac
691
692					mountd ${mountd_flags}
693				fi
694				;;
695			esac
696			;;
697		esac
698
699		case ${nfs_client_enable} in
700		[Yy][Ee][Ss])
701			if [ -n "${nfs_access_cache}" ]; then
702				echo -n " NFS access cache time=${nfs_access_cache}"
703				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
704			fi
705			if [ -n "${nfs_bufpackets}" ]; then
706				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
707			fi
708			;;
709		esac
710
711		# If /var/db/mounttab exists, some nfs-server has not been
712		# sucessfully notified about a previous client shutdown.
713		# If there is no /var/db/mounttab, we do nothing.
714		if [ -f /var/db/mounttab ]; then
715			rpc.umntall -k
716		fi
717
718		case ${amd_enable} in
719		[Yy][Ee][Ss])
720			echo -n ' amd'
721			case ${amd_map_program} in
722			[Nn][Oo] | '')
723				;;
724			*)
725				amd_flags="${amd_flags} `eval\
726					${amd_map_program}`"
727				;;
728			esac
729
730			if [ -n "${amd_flags}" ]; then
731				amd -p ${amd_flags}\
732					> /var/run/amd.pid 2> /dev/null
733			else
734				amd 2> /dev/null
735			fi
736			;;
737		esac
738		;;
739	esac
740
741	case ${rwhod_enable} in
742	[Yy][Ee][Ss])
743		echo -n ' rwhod';	rwhod ${rwhod_flags}
744		;;
745	esac
746
747	# Kerberos servers run ONLY on the Kerberos server machine
748	case ${kerberos4_server_enable} in
749	[Yy][Ee][Ss])
750		case ${kerberos_stash} in
751		[Yy][Ee][Ss])
752			stash=-n
753			;;
754		*)
755			stash=
756			;;
757		esac
758
759		echo -n ' kerberosIV'
760		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
761
762		case ${kadmind4_server_enable} in
763		[Yy][Ee][Ss])
764			echo -n ' kadmindIV'
765			(
766				sleep 20;
767				${kadmind4_server} ${stash} >/dev/null 2>&1 &
768			) &
769			;;
770		esac
771		unset stash_flag
772		;;
773	esac
774
775	case ${kerberos5_server_enable} in
776	[Yy][Ee][Ss])
777		echo -n ' kerberos5'
778		${kerberos5_server} &
779
780		case ${kadmind5_server_enable} in
781		[Yy][Ee][Ss])
782			echo -n ' kadmind5'
783			${kadmind5_server} &
784			;;
785		esac
786		;;
787	esac
788
789	case ${pppoed_enable} in
790	[Yy][Ee][Ss])
791		if [ -n "${pppoed_provider}" ]; then
792			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
793		fi
794		echo -n ' pppoed';
795		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
796		;;
797	esac
798
799	case ${sshd_enable} in
800	[Yy][Ee][Ss])
801		if [ ! -f /etc/ssh/ssh_host_key ]; then
802			echo ' creating ssh RSA host key';
803			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
804		fi
805		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
806			echo ' creating ssh DSA host key';
807			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
808		fi
809		;;
810	esac
811
812	echo '.'
813	network_pass3_done=YES
814}
815
816network_pass4() {
817	echo -n 'Additional TCP options:'
818	case ${log_in_vain} in
819	[Nn][Oo] | '')
820		;;
821	*)
822		echo -n ' log_in_vain=YES'
823		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
824		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
825		;;
826	esac
827
828	echo '.'
829	network_pass4_done=YES
830}
831
832network_gif_setup() {
833	case ${gif_interfaces} in
834	[Nn][Oo] | '')
835		;;
836	*)
837		for i in ${gif_interfaces}; do
838			eval peers=\$gifconfig_$i
839			case ${peers} in
840			'')
841				continue
842				;;
843			*)
844				ifconfig $i create >/dev/null 2>&1
845				ifconfig $i tunnel ${peers}
846				;;
847			esac
848		done
849		;;
850	esac
851}
852
853convert_host_conf() {
854    host_conf=$1; shift;
855    nsswitch_conf=$1; shift;
856    awk '                                                                   \
857        /^[:blank:]*#/       { next }                                       \
858        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
859        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
860        /nis/                { nsswitch[c] = "nis";   c++; next }           \
861        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
862        END {                                                               \
863                printf "hosts: ";                                           \
864                for (i in nsswitch) printf "%s ", nsswitch[i];              \
865                printf "\n";                                                \
866        }' < $host_conf > $nsswitch_conf
867}
868
869