routing revision 61961
125184Sjkh#!/bin/sh - 225184Sjkh# 350472Speter# $FreeBSD: head/etc/rc.d/routing 61961 2000-06-22 17:40:53Z dillon $ 425184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 525184Sjkh 651231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 751231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 825184Sjkh# first before contemplating any changes here. If you do need to change 925184Sjkh# this file for some reason, we would like to know about it. 1025184Sjkh 1125184Sjkh# First pass startup stuff. 1251231Ssheldonh# 1325184Sjkhnetwork_pass1() { 1451231Ssheldonh echo -n 'Doing initial network setup:' 1525184Sjkh 1651231Ssheldonh # Set the host name if it is not already set 1751231Ssheldonh # 1851231Ssheldonh if [ -z "`hostname -s`" ]; then 1951231Ssheldonh hostname ${hostname} 2051231Ssheldonh echo -n ' hostname' 2151231Ssheldonh fi 2225184Sjkh 2351231Ssheldonh # Set the domainname if we're using NIS 2451231Ssheldonh # 2551231Ssheldonh case ${nisdomainname} in 2651231Ssheldonh [Nn][Oo] | '') 2751231Ssheldonh ;; 2851231Ssheldonh *) 2951231Ssheldonh domainname ${nisdomainname} 3051231Ssheldonh echo -n ' domain' 3151231Ssheldonh ;; 3251231Ssheldonh esac 3340006Sphk 3451231Ssheldonh echo '.' 3542621Shm 3651231Ssheldonh # Initial ATM interface configuration 3751231Ssheldonh # 3851231Ssheldonh case ${atm_enable} in 3951231Ssheldonh [Yy][Ee][Ss]) 4051231Ssheldonh if [ -r /etc/rc.atm ]; then 4151231Ssheldonh . /etc/rc.atm 4251231Ssheldonh atm_pass1 4351231Ssheldonh fi 4451231Ssheldonh ;; 4551231Ssheldonh esac 4642627Sjoerg 4751231Ssheldonh # Special options for sppp(4) interfaces go here. These need 4851231Ssheldonh # to go _before_ the general ifconfig section, since in the case 4951231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 5051231Ssheldonh # cannot pass auth parameters down to the already running interface. 5151231Ssheldonh # 5251231Ssheldonh for ifn in ${sppp_interfaces}; do 5351231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 5451231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 5551231Ssheldonh # The auth secrets might contain spaces; in order 5651231Ssheldonh # to retain the quotation, we need to eval them 5751231Ssheldonh # here. 5851231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 5951231Ssheldonh fi 6051231Ssheldonh done 6149122Sbrian 6251231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 6351231Ssheldonh # 6451231Ssheldonh case ${network_interfaces} in 6551231Ssheldonh [Aa][Uu][Tt][Oo]) 6651231Ssheldonh network_interfaces="`ifconfig -l`" 6751231Ssheldonh ;; 6851231Ssheldonh esac 6949122Sbrian 7054458Sobrien dhcp_interfaces="" 7151231Ssheldonh for ifn in ${network_interfaces}; do 7251231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 7351231Ssheldonh . /etc/start_if.${ifn} 7454458Sobrien eval showstat_$ifn=1 7551231Ssheldonh fi 7649122Sbrian 7751231Ssheldonh # Do the primary ifconfig if specified 7851231Ssheldonh # 7951231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 8029300Sdanny 8151231Ssheldonh case ${ifconfig_args} in 8251231Ssheldonh '') 8351231Ssheldonh ;; 8451231Ssheldonh [Dd][Hh][Cc][Pp]) 8554458Sobrien # DHCP inits are done all in one go below 8654458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 8754458Sobrien eval showstat_$ifn=1 8851231Ssheldonh ;; 8951231Ssheldonh *) 9051231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 9154458Sobrien eval showstat_$ifn=1 9251231Ssheldonh ;; 9351231Ssheldonh esac 9454458Sobrien done 9551231Ssheldonh 9654458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 9754458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 9854458Sobrien fi 9954458Sobrien 10054458Sobrien for ifn in ${network_interfaces}; do 10151231Ssheldonh # Check to see if aliases need to be added 10251231Ssheldonh # 10351231Ssheldonh alias=0 10451231Ssheldonh while : ; do 10551231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 10651231Ssheldonh if [ -n "${ifconfig_args}" ]; then 10751231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 10854458Sobrien eval showstat_$ifn=1 10951231Ssheldonh alias=`expr ${alias} + 1` 11051231Ssheldonh else 11151231Ssheldonh break; 11251231Ssheldonh fi 11351231Ssheldonh done 11451231Ssheldonh 11551231Ssheldonh # Do ipx address if specified 11651231Ssheldonh # 11751231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 11851231Ssheldonh if [ -n "${ifconfig_args}" ]; then 11951231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 12054458Sobrien eval showstat_$ifn=1 12151231Ssheldonh fi 12254458Sobrien done 12351231Ssheldonh 12454458Sobrien for ifn in ${network_interfaces}; do 12554458Sobrien eval showstat=\$showstat_${ifn} 12654458Sobrien if [ ! -z ${showstat} ]; then 12751231Ssheldonh ifconfig ${ifn} 12854458Sobrien fi 12951231Ssheldonh done 13051231Ssheldonh 13157012Shm # ISDN subsystem startup 13257012Shm # 13357012Shm case ${isdn_enable} in 13457012Shm [Yy][Ee][Ss]) 13557012Shm if [ -r /etc/rc.isdn ]; then 13657012Shm . /etc/rc.isdn 13757012Shm fi 13857012Shm ;; 13957012Shm esac 14057012Shm 14151231Ssheldonh # Warm up user ppp if required, must happen before natd. 14251231Ssheldonh # 14351231Ssheldonh case ${ppp_enable} in 14451231Ssheldonh [Yy][Ee][Ss]) 14551231Ssheldonh # Establish ppp mode. 14651231Ssheldonh # 14751231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 14851231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 14951231Ssheldonh -a "${ppp_mode}" != "background" ]; then 15051231Ssheldonh ppp_mode="auto"; 15151231Ssheldonh fi 15251231Ssheldonh 15351231Ssheldonh ppp_command="-${ppp_mode} "; 15451231Ssheldonh 15551231Ssheldonh # Switch on alias mode? 15651231Ssheldonh # 15751231Ssheldonh case ${ppp_nat} in 15851231Ssheldonh [Yy][Ee][Ss]) 15951231Ssheldonh ppp_command="${ppp_command} -nat"; 16051231Ssheldonh ;; 16151231Ssheldonh esac 16251231Ssheldonh 16351231Ssheldonh echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 16451231Ssheldonh ;; 16551231Ssheldonh esac 16651231Ssheldonh 16751231Ssheldonh # Initialize IP filtering using ipfw 16851231Ssheldonh # 16951231Ssheldonh echo '' 17051231Ssheldonh 17151231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 17251231Ssheldonh firewall_in_kernel=1 17329300Sdanny else 17451231Ssheldonh firewall_in_kernel=0 17529300Sdanny fi 17629300Sdanny 17751231Ssheldonh case ${firewall_enable} in 17851231Ssheldonh [Yy][Ee][Ss]) 17951231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 18051231Ssheldonh firewall_in_kernel=1 18151231Ssheldonh echo "Kernel firewall module loaded." 18251231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 18351231Ssheldonh echo "Warning: firewall kernel module failed to load." 18451231Ssheldonh fi 18551231Ssheldonh ;; 18651231Ssheldonh esac 18744992Sbrian 18851231Ssheldonh # Load the filters if required 18951231Ssheldonh # 19051231Ssheldonh case ${firewall_in_kernel} in 19151231Ssheldonh 1) 19251231Ssheldonh if [ -z "${firewall_script}" ]; then 19351231Ssheldonh firewall_script=/etc/rc.firewall 19444992Sbrian fi 19551231Ssheldonh 19651231Ssheldonh case ${firewall_enable} in 19751231Ssheldonh [Yy][Ee][Ss]) 19851426Sgreen if [ -r "${firewall_script}" ]; then 19951426Sgreen . "${firewall_script}" 20051231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 20151231Ssheldonh 20251231Ssheldonh # Network Address Translation daemon 20351231Ssheldonh # 20451231Ssheldonh case ${natd_enable} in 20551231Ssheldonh [Yy][Ee][Ss]) 20651231Ssheldonh if [ -n "${natd_interface}" ]; then 20751231Ssheldonh if echo ${natd_interface} | \ 20851231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 20951231Ssheldonh natd_ifarg="-a ${natd_interface}" 21051231Ssheldonh else 21151231Ssheldonh natd_ifarg="-n ${natd_interface}" 21251231Ssheldonh fi 21351231Ssheldonh 21451231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 21551231Ssheldonh fi 21651231Ssheldonh ;; 21751231Ssheldonh esac 21851231Ssheldonh 21951231Ssheldonh echo '.' 22051231Ssheldonh 22151231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 22251231Ssheldonh echo -n "Warning: kernel has firewall functionality, " 22351231Ssheldonh echo "but firewall rules are not enabled." 22451231Ssheldonh echo " All ip services are disabled." 22551231Ssheldonh fi 22660103Sache 22760103Sache case ${firewall_logging} in 22860103Sache [Yy][Ee][Ss] | '') 22960103Sache echo 'Firewall logging=YES' 23060103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 23160103Sache ;; 23260103Sache *) 23360103Sache ;; 23460103Sache esac 23560103Sache 23651231Ssheldonh ;; 23751231Ssheldonh esac 23851231Ssheldonh ;; 23951231Ssheldonh esac 24051231Ssheldonh 24151231Ssheldonh # Additional ATM interface configuration 24251231Ssheldonh # 24351231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 24451231Ssheldonh atm_pass2 24529300Sdanny fi 24625184Sjkh 24751231Ssheldonh # Configure routing 24851231Ssheldonh # 24951231Ssheldonh case ${defaultrouter} in 25051231Ssheldonh [Nn][Oo] | '') 25151231Ssheldonh ;; 25251231Ssheldonh *) 25351231Ssheldonh static_routes="default ${static_routes}" 25451231Ssheldonh route_default="default ${defaultrouter}" 25551231Ssheldonh ;; 25651231Ssheldonh esac 25740006Sphk 25851231Ssheldonh # Set up any static routes. This should be done before router discovery. 25951231Ssheldonh # 26051231Ssheldonh if [ -n "${static_routes}" ]; then 26151231Ssheldonh for i in ${static_routes}; do 26251231Ssheldonh eval route_args=\$route_${i} 26351231Ssheldonh route add ${route_args} 26451231Ssheldonh done 26551231Ssheldonh fi 26629300Sdanny 26751231Ssheldonh echo -n 'Additional routing options:' 26851231Ssheldonh case ${tcp_extensions} in 26951231Ssheldonh [Yy][Ee][Ss] | '') 27051231Ssheldonh ;; 27151231Ssheldonh *) 27251231Ssheldonh echo -n ' tcp extensions=NO' 27351231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 27451231Ssheldonh ;; 27551231Ssheldonh esac 27625184Sjkh 27751231Ssheldonh case ${icmp_bmcastecho} in 27851231Ssheldonh [Yy][Ee][Ss]) 27951231Ssheldonh echo -n ' broadcast ping responses=YES' 28051231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 28151231Ssheldonh ;; 28251231Ssheldonh esac 28345096Simp 28451231Ssheldonh case ${icmp_drop_redirect} in 28551231Ssheldonh [Yy][Ee][Ss]) 28651231Ssheldonh echo -n ' ignore ICMP redirect=YES' 28751231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 28851231Ssheldonh ;; 28951231Ssheldonh esac 29039267Sjkoshy 29151231Ssheldonh case ${icmp_log_redirect} in 29251231Ssheldonh [Yy][Ee][Ss]) 29351231Ssheldonh echo -n ' log ICMP redirect=YES' 29451231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 29551231Ssheldonh ;; 29651231Ssheldonh esac 29733439Sguido 29851231Ssheldonh case ${gateway_enable} in 29951231Ssheldonh [Yy][Ee][Ss]) 30051231Ssheldonh echo -n ' IP gateway=YES' 30151231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 30251231Ssheldonh ;; 30351231Ssheldonh esac 30433439Sguido 30551231Ssheldonh case ${forward_sourceroute} in 30651231Ssheldonh [Yy][Ee][Ss]) 30751231Ssheldonh echo -n ' do source routing=YES' 30851231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 30951231Ssheldonh ;; 31051231Ssheldonh esac 31147752Sphk 31251231Ssheldonh case ${accept_sourceroute} in 31351231Ssheldonh [Yy][Ee][Ss]) 31451231Ssheldonh echo -n ' accept source routing=YES' 31551231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 31651231Ssheldonh ;; 31751231Ssheldonh esac 31851209Sdes 31951231Ssheldonh case ${tcp_keepalive} in 32051231Ssheldonh [Yy][Ee][Ss]) 32151231Ssheldonh echo -n ' TCP keepalive=YES' 32251231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 32351231Ssheldonh ;; 32451231Ssheldonh esac 32551209Sdes 32651231Ssheldonh case ${tcp_restrict_rst} in 32751231Ssheldonh [Yy][Ee][Ss]) 32851231Ssheldonh echo -n ' restrict TCP reset=YES' 32951231Ssheldonh sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 33051231Ssheldonh ;; 33151231Ssheldonh esac 33236174Sjkh 33351231Ssheldonh case ${tcp_drop_synfin} in 33451231Ssheldonh [Yy][Ee][Ss]) 33551231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 33651231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 33751231Ssheldonh ;; 33851231Ssheldonh esac 33936174Sjkh 34051231Ssheldonh case ${ipxgateway_enable} in 34151231Ssheldonh [Yy][Ee][Ss]) 34251231Ssheldonh echo -n ' IPX gateway=YES' 34351231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 34451231Ssheldonh ;; 34551231Ssheldonh esac 34651231Ssheldonh 34751231Ssheldonh case ${arpproxy_all} in 34851231Ssheldonh [Yy][Ee][Ss]) 34951231Ssheldonh echo -n ' ARP proxyall=YES' 35051231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 35151231Ssheldonh ;; 35251231Ssheldonh esac 35361961Sdillon 35461961Sdillon case ${ip_portrange_first} in 35561961Sdillon [Nn][Oo] | '') 35661961Sdillon ;; 35761961Sdillon *) 35861961Sdillon echo -n ' ip_portrange_first=$ip_portrange_first' 35961961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 36061961Sdillon ;; 36161961Sdillon esac 36261961Sdillon 36361961Sdillon case ${ip_portrange_last} in 36461961Sdillon [Nn][Oo] | '') 36561961Sdillon ;; 36661961Sdillon *) 36761961Sdillon echo -n ' ip_portrange_last=$ip_portrange_last' 36861961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 36961961Sdillon ;; 37061961Sdillon esac 37161961Sdillon 37251231Ssheldonh echo '.' 37351231Ssheldonh 37460628Sdillon case ${ipsec_enable} in 37560628Sdillon [Yy][Ee][Ss]) 37660628Sdillon if [ -f ${ipsec_file} ]; then 37760628Sdillon echo ' ipsec: enabled' 37860628Sdillon setkey -f ${ipsec_file} 37960628Sdillon else 38060628Sdillon echo ' ipsec: file not found' 38160628Sdillon fi 38260628Sdillon ;; 38360628Sdillon esac 38460628Sdillon 38551231Ssheldonh echo -n 'routing daemons:' 38651231Ssheldonh case ${router_enable} in 38751231Ssheldonh [Yy][Ee][Ss]) 38851231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 38951231Ssheldonh ;; 39051231Ssheldonh esac 39151231Ssheldonh 39251231Ssheldonh case ${ipxrouted_enable} in 39351231Ssheldonh [Yy][Ee][Ss]) 39451231Ssheldonh echo -n ' IPXrouted' 39551231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 39651231Ssheldonh ;; 39751231Ssheldonh esac 39851231Ssheldonh 39951231Ssheldonh case ${mrouted_enable} in 40051231Ssheldonh [Yy][Ee][Ss]) 40151231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 40251231Ssheldonh ;; 40351231Ssheldonh esac 40451231Ssheldonh 40551231Ssheldonh case ${rarpd_enable} in 40651231Ssheldonh [Yy][Ee][Ss]) 40751231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 40851231Ssheldonh ;; 40951231Ssheldonh esac 41051231Ssheldonh echo '.' 41151231Ssheldonh 41251231Ssheldonh # Let future generations know we made it. 41351231Ssheldonh # 41451231Ssheldonh network_pass1_done=YES 41525184Sjkh} 41625184Sjkh 41725184Sjkhnetwork_pass2() { 41851231Ssheldonh echo -n 'Doing additional network setup:' 41951231Ssheldonh case ${named_enable} in 42051231Ssheldonh [Yy][Ee][Ss]) 42151231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 42251231Ssheldonh ;; 42351231Ssheldonh esac 42425184Sjkh 42551231Ssheldonh case ${ntpdate_enable} in 42651231Ssheldonh [Yy][Ee][Ss]) 42751231Ssheldonh echo -n ' ntpdate' 42851231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 42951231Ssheldonh ;; 43051231Ssheldonh esac 43125184Sjkh 43251231Ssheldonh case ${xntpd_enable} in 43351231Ssheldonh [Yy][Ee][Ss]) 43454739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 43551231Ssheldonh ;; 43651231Ssheldonh esac 43725184Sjkh 43851231Ssheldonh case ${timed_enable} in 43951231Ssheldonh [Yy][Ee][Ss]) 44051231Ssheldonh echo -n ' timed'; timed ${timed_flags} 44151231Ssheldonh ;; 44251231Ssheldonh esac 44325184Sjkh 44451231Ssheldonh case ${portmap_enable} in 44551231Ssheldonh [Yy][Ee][Ss]) 44651231Ssheldonh echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 44751231Ssheldonh ;; 44851231Ssheldonh esac 44925184Sjkh 45051231Ssheldonh # Start ypserv if we're an NIS server. 45151231Ssheldonh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 45251231Ssheldonh # 45351231Ssheldonh case ${nis_server_enable} in 45451231Ssheldonh [Yy][Ee][Ss]) 45551231Ssheldonh echo -n ' ypserv'; ypserv ${nis_server_flags} 45625184Sjkh 45751231Ssheldonh case ${nis_ypxfrd_enable} in 45851231Ssheldonh [Yy][Ee][Ss]) 45951231Ssheldonh echo -n ' rpc.ypxfrd' 46051231Ssheldonh rpc.ypxfrd ${nis_ypxfrd_flags} 46151231Ssheldonh ;; 46251231Ssheldonh esac 46325184Sjkh 46451231Ssheldonh case ${nis_yppasswdd_enable} in 46551231Ssheldonh [Yy][Ee][Ss]) 46651231Ssheldonh echo -n ' rpc.yppasswdd' 46751231Ssheldonh rpc.yppasswdd ${nis_yppasswdd_flags} 46851231Ssheldonh ;; 46951231Ssheldonh esac 47051231Ssheldonh ;; 47151231Ssheldonh esac 47235149Smarkm 47351231Ssheldonh # Start ypbind if we're an NIS client 47451231Ssheldonh # 47551231Ssheldonh case ${nis_client_enable} in 47651231Ssheldonh [Yy][Ee][Ss]) 47751231Ssheldonh echo -n ' ypbind'; ypbind ${nis_client_flags} 47851231Ssheldonh case ${nis_ypset_enable} in 47951231Ssheldonh [Yy][Ee][Ss]) 48051231Ssheldonh echo -n ' ypset'; ypset ${nis_ypset_flags} 48151231Ssheldonh ;; 48251231Ssheldonh esac 48351231Ssheldonh ;; 48451231Ssheldonh esac 48540006Sphk 48651231Ssheldonh # Start keyserv if we are running Secure RPC 48751231Ssheldonh # 48851231Ssheldonh case ${keyserv_enable} in 48951231Ssheldonh [Yy][Ee][Ss]) 49051231Ssheldonh echo -n ' keyserv'; keyserv ${keyserv_flags} 49151231Ssheldonh ;; 49251231Ssheldonh esac 49351231Ssheldonh 49451231Ssheldonh # Start ypupdated if we are running Secure RPC and we are NIS master 49551231Ssheldonh # 49651231Ssheldonh case ${rpc_ypupdated_enable} in 49751231Ssheldonh [Yy][Ee][Ss]) 49851231Ssheldonh echo -n ' rpc.ypupdated'; rpc.ypupdated 49951231Ssheldonh ;; 50051231Ssheldonh esac 50151231Ssheldonh 50251231Ssheldonh # Start ATM daemons 50351231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 50451231Ssheldonh atm_pass3 50551231Ssheldonh fi 50651231Ssheldonh 50751231Ssheldonh echo '.' 50851231Ssheldonh network_pass2_done=YES 50925184Sjkh} 51025184Sjkh 51125184Sjkhnetwork_pass3() { 51251231Ssheldonh echo -n 'Starting final network daemons:' 51325184Sjkh 51451231Ssheldonh case ${nfs_server_enable} in 51551231Ssheldonh [Yy][Ee][Ss]) 51651231Ssheldonh if [ -r /etc/exports ]; then 51751231Ssheldonh echo -n ' mountd' 51851231Ssheldonh 51951231Ssheldonh case ${weak_mountd_authentication} in 52051231Ssheldonh [Yy][Ee][Ss]) 52151231Ssheldonh mountd_flags="-n" 52251231Ssheldonh ;; 52351231Ssheldonh esac 52451231Ssheldonh 52551231Ssheldonh mountd ${mountd_flags} 52651231Ssheldonh 52751231Ssheldonh case ${nfs_reserved_port_only} in 52851231Ssheldonh [Yy][Ee][Ss]) 52951231Ssheldonh echo -n ' NFS on reserved port only=YES' 53051231Ssheldonh sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 53151231Ssheldonh ;; 53251231Ssheldonh esac 53351231Ssheldonh 53451231Ssheldonh echo -n ' nfsd'; nfsd ${nfs_server_flags} 53551231Ssheldonh 53658710Sdillon if [ -n "${nfs_bufpackets}" ]; then 53758710Sdillon sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 53858710Sdillon > /dev/null 53958710Sdillon fi 54058710Sdillon 54151231Ssheldonh case ${rpc_lockd_enable} in 54251231Ssheldonh [Yy][Ee][Ss]) 54351231Ssheldonh echo -n ' rpc.lockd'; rpc.lockd 54451231Ssheldonh ;; 54551231Ssheldonh esac 54651231Ssheldonh 54751231Ssheldonh case ${rpc_statd_enable} in 54851231Ssheldonh [Yy][Ee][Ss]) 54951231Ssheldonh echo -n ' rpc.statd'; rpc.statd 55051231Ssheldonh ;; 55151231Ssheldonh esac 55251231Ssheldonh fi 55351231Ssheldonh ;; 55453158Sache *) 55553158Sache case ${single_mountd_enable} in 55653158Sache [Yy][Ee][Ss]) 55753158Sache if [ -r /etc/exports ]; then 55853158Sache echo -n ' mountd' 55953158Sache 56053158Sache case ${weak_mountd_authentication} in 56153158Sache [Yy][Ee][Ss]) 56253158Sache mountd_flags="-n" 56353158Sache ;; 56453158Sache esac 56553158Sache 56653158Sache mountd ${mountd_flags} 56753158Sache fi 56853158Sache ;; 56953158Sache esac 57053158Sache ;; 57151231Ssheldonh esac 57251231Ssheldonh 57351231Ssheldonh case ${nfs_client_enable} in 57451231Ssheldonh [Yy][Ee][Ss]) 57551231Ssheldonh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 57651231Ssheldonh if [ -n "${nfs_access_cache}" ]; then 57747755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 57841371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 57951231Ssheldonh >/dev/null 58051231Ssheldonh fi 58151231Ssheldonh ;; 58251231Ssheldonh esac 58325184Sjkh 58456038Sgreen # If /var/db/mounttab exists, some nfs-server has not been 58556038Sgreen # sucessfully notified about a previous client shutdown. 58656038Sgreen # If there is no /var/db/mounttab, we do nothing. 58756038Sgreen if [ -f /var/db/mounttab ]; then 58856038Sgreen rpc.umntall -k 58956038Sgreen fi 59056038Sgreen 59151231Ssheldonh case ${amd_enable} in 59251231Ssheldonh [Yy][Ee][Ss]) 59351231Ssheldonh echo -n ' amd' 59451231Ssheldonh case ${amd_map_program} in 59551231Ssheldonh [Nn][Oo] | '') 59651231Ssheldonh ;; 59751231Ssheldonh *) 59851231Ssheldonh amd_flags="${amd_flags} `eval ${amd_map_program}`" 59951231Ssheldonh ;; 60051231Ssheldonh esac 60125184Sjkh 60251231Ssheldonh if [ -n "${amd_flags}" ]; then 60351231Ssheldonh amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 60451231Ssheldonh else 60551231Ssheldonh amd 2> /dev/null 60651231Ssheldonh fi 60751231Ssheldonh ;; 60851231Ssheldonh esac 60925184Sjkh 61051231Ssheldonh case ${rwhod_enable} in 61151231Ssheldonh [Yy][Ee][Ss]) 61251231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 61351231Ssheldonh ;; 61451231Ssheldonh esac 61551231Ssheldonh 61651231Ssheldonh # Kerberos runs ONLY on the Kerberos server machine 61751231Ssheldonh case ${kerberos_server_enable} in 61851231Ssheldonh [Yy][Ee][Ss]) 61951231Ssheldonh case ${kerberos_stash} in 62051231Ssheldonh [Yy][Ee][Ss]) 62151231Ssheldonh stash_flag=-n 62251231Ssheldonh ;; 62351231Ssheldonh *) 62451231Ssheldonh stash_flag= 62551231Ssheldonh ;; 62651231Ssheldonh esac 62751231Ssheldonh 62851231Ssheldonh echo -n ' kerberos' 62938316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 63051231Ssheldonh 63151231Ssheldonh case ${kadmind_server_enable} in 63251231Ssheldonh [Yy][Ee][Ss]) 63351231Ssheldonh echo -n ' kadmind' 63451231Ssheldonh (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 63551231Ssheldonh ;; 63651231Ssheldonh esac 63751231Ssheldonh unset stash_flag 63851231Ssheldonh ;; 63951231Ssheldonh esac 64051231Ssheldonh 64153611Sbrian case ${pppoed_enable} in 64253611Sbrian [Yy][Ee][Ss]) 64353613Sbrian if [ -n "${pppoed_provider}" ]; then 64453611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 64553611Sbrian fi 64653611Sbrian echo -n ' pppoed'; 64753611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 64853611Sbrian ;; 64953611Sbrian esac 65053611Sbrian 65157459Smarkm case ${sshd_enable} in 65257459Smarkm [Yy][Ee][Ss]) 65357567Sjkh if [ ! -f /etc/ssh/ssh_host_key ]; then 65460578Skris echo ' creating ssh RSA host key'; 65557567Sjkh /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 65657567Sjkh fi 65760578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 65860578Skris echo ' creating ssh DSA host key'; 65960578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 66060578Skris fi 66160578Skris ;; 66257459Smarkm esac 66357459Smarkm 66451231Ssheldonh echo '.' 66551231Ssheldonh network_pass3_done=YES 66625184Sjkh} 66753314Sache 66853314Sachenetwork_pass4() { 66953314Sache echo -n 'Additional TCP options:' 67053314Sache case ${log_in_vain} in 67153314Sache [Nn][Oo] | '') 67253314Sache ;; 67353314Sache *) 67453314Sache echo -n ' log_in_vain=YES' 67553314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 67653314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 67753314Sache ;; 67853314Sache esac 67953314Sache 68053314Sache echo '.' 68153314Sache network_pass4_done=YES 68253314Sache} 683