routing revision 66830
125184Sjkh#!/bin/sh - 225184Sjkh# 366830Sobrien# Copyright (c) 1993 The FreeBSD Project 466830Sobrien# All rights reserved. 566830Sobrien# 666830Sobrien# Redistribution and use in source and binary forms, with or without 766830Sobrien# modification, are permitted provided that the following conditions 866830Sobrien# are met: 966830Sobrien# 1. Redistributions of source code must retain the above copyright 1066830Sobrien# notice, this list of conditions and the following disclaimer. 1166830Sobrien# 2. Redistributions in binary form must reproduce the above copyright 1266830Sobrien# notice, this list of conditions and the following disclaimer in the 1366830Sobrien# documentation and/or other materials provided with the distribution. 1466830Sobrien# 1566830Sobrien# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1666830Sobrien# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1766830Sobrien# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1866830Sobrien# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1966830Sobrien# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2066830Sobrien# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2166830Sobrien# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2266830Sobrien# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2366830Sobrien# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2466830Sobrien# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2566830Sobrien# SUCH DAMAGE. 2666830Sobrien# 2750472Speter# $FreeBSD: head/etc/rc.d/routing 66830 2000-10-08 19:20:36Z obrien $ 2825184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2966830Sobrien# 3025184Sjkh 3151231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 3251231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 3325184Sjkh# first before contemplating any changes here. If you do need to change 3425184Sjkh# this file for some reason, we would like to know about it. 3525184Sjkh 3625184Sjkh# First pass startup stuff. 3751231Ssheldonh# 3825184Sjkhnetwork_pass1() { 3951231Ssheldonh echo -n 'Doing initial network setup:' 4025184Sjkh 4165532Snectar # Convert host.conf to nsswitch.conf if necessary 4265532Snectar if [ -f "/etc/host.conf" ]; then 4365532Snectar echo "" 4465532Snectar echo "Warning: /etc/host.conf is no longer used" 4565532Snectar if [ -f "/etc/nsswitch.conf" ]; then 4665532Snectar echo " /etc/nsswitch.conf will be used instead" 4765532Snectar else 4865532Snectar echo " /etc/nsswitch.conf will be created for you" 4965532Snectar convert_host_conf /etc/host.conf /etc/nsswitch.conf 5065532Snectar fi 5165532Snectar fi 5265532Snectar 5351231Ssheldonh # Set the host name if it is not already set 5451231Ssheldonh # 5551231Ssheldonh if [ -z "`hostname -s`" ]; then 5651231Ssheldonh hostname ${hostname} 5751231Ssheldonh echo -n ' hostname' 5851231Ssheldonh fi 5925184Sjkh 6066745Sdarrenr # Establish ipfilter ruleset as early as possible (best in 6166745Sdarrenr # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6266745Sdarrenr # 6366745Sdarrenr case "${ipfilter_enable}" in 6466745Sdarrenr [Yy][Ee][Ss]) 6566745Sdarrenr if [ -r "${ipfilter_rules}" ]; then 6666745Sdarrenr echo -n ' ipfilter'; 6766745Sdarrenr ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags} 6866745Sdarrenr case "${ipmon_enable}" in 6966745Sdarrenr [Yy][Ee][Ss]) 7066745Sdarrenr echo -n ' ipmon' 7166745Sdarrenr ${ipmon_program:-ipmon} ${ipmon_flags} 7266745Sdarrenr ;; 7366745Sdarrenr esac 7466745Sdarrenr case "${ipnat_enable}" in 7566745Sdarrenr [Yy][Ee][Ss]) 7666745Sdarrenr if [ -r "${ipnat_rules}" ]; then 7766745Sdarrenr echo -n ' ipnat'; 7866745Sdarrenr ${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags} 7966745Sdarrenr else 8066745Sdarrenr echo -n ' NO IPNAT RULES' 8166745Sdarrenr fi 8266745Sdarrenr ;; 8366745Sdarrenr esac 8466745Sdarrenr else 8566745Sdarrenr ipfilter_enable="NO" 8666745Sdarrenr echo -n ' NO IPF RULES' 8766745Sdarrenr fi 8866745Sdarrenr ;; 8966745Sdarrenr esac 9066745Sdarrenr 9151231Ssheldonh # Set the domainname if we're using NIS 9251231Ssheldonh # 9351231Ssheldonh case ${nisdomainname} in 9451231Ssheldonh [Nn][Oo] | '') 9551231Ssheldonh ;; 9651231Ssheldonh *) 9751231Ssheldonh domainname ${nisdomainname} 9851231Ssheldonh echo -n ' domain' 9951231Ssheldonh ;; 10051231Ssheldonh esac 10140006Sphk 10251231Ssheldonh echo '.' 10342621Shm 10451231Ssheldonh # Initial ATM interface configuration 10551231Ssheldonh # 10651231Ssheldonh case ${atm_enable} in 10751231Ssheldonh [Yy][Ee][Ss]) 10851231Ssheldonh if [ -r /etc/rc.atm ]; then 10951231Ssheldonh . /etc/rc.atm 11051231Ssheldonh atm_pass1 11151231Ssheldonh fi 11251231Ssheldonh ;; 11351231Ssheldonh esac 11442627Sjoerg 11551231Ssheldonh # Special options for sppp(4) interfaces go here. These need 11651231Ssheldonh # to go _before_ the general ifconfig section, since in the case 11751231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 11851231Ssheldonh # cannot pass auth parameters down to the already running interface. 11951231Ssheldonh # 12051231Ssheldonh for ifn in ${sppp_interfaces}; do 12151231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 12251231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 12351231Ssheldonh # The auth secrets might contain spaces; in order 12451231Ssheldonh # to retain the quotation, we need to eval them 12551231Ssheldonh # here. 12651231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 12751231Ssheldonh fi 12851231Ssheldonh done 12949122Sbrian 13051231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 13151231Ssheldonh # 13251231Ssheldonh case ${network_interfaces} in 13351231Ssheldonh [Aa][Uu][Tt][Oo]) 13451231Ssheldonh network_interfaces="`ifconfig -l`" 13551231Ssheldonh ;; 13651231Ssheldonh esac 13749122Sbrian 13854458Sobrien dhcp_interfaces="" 13951231Ssheldonh for ifn in ${network_interfaces}; do 14051231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 14151231Ssheldonh . /etc/start_if.${ifn} 14254458Sobrien eval showstat_$ifn=1 14351231Ssheldonh fi 14449122Sbrian 14551231Ssheldonh # Do the primary ifconfig if specified 14651231Ssheldonh # 14751231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 14829300Sdanny 14951231Ssheldonh case ${ifconfig_args} in 15051231Ssheldonh '') 15151231Ssheldonh ;; 15251231Ssheldonh [Dd][Hh][Cc][Pp]) 15354458Sobrien # DHCP inits are done all in one go below 15454458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 15554458Sobrien eval showstat_$ifn=1 15651231Ssheldonh ;; 15751231Ssheldonh *) 15851231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 15954458Sobrien eval showstat_$ifn=1 16051231Ssheldonh ;; 16151231Ssheldonh esac 16254458Sobrien done 16351231Ssheldonh 16454458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 16554458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 16654458Sobrien fi 16754458Sobrien 16854458Sobrien for ifn in ${network_interfaces}; do 16951231Ssheldonh # Check to see if aliases need to be added 17051231Ssheldonh # 17151231Ssheldonh alias=0 17251231Ssheldonh while : ; do 17351231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 17451231Ssheldonh if [ -n "${ifconfig_args}" ]; then 17551231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 17654458Sobrien eval showstat_$ifn=1 17751231Ssheldonh alias=`expr ${alias} + 1` 17851231Ssheldonh else 17951231Ssheldonh break; 18051231Ssheldonh fi 18151231Ssheldonh done 18251231Ssheldonh 18351231Ssheldonh # Do ipx address if specified 18451231Ssheldonh # 18551231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 18651231Ssheldonh if [ -n "${ifconfig_args}" ]; then 18751231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 18854458Sobrien eval showstat_$ifn=1 18951231Ssheldonh fi 19054458Sobrien done 19151231Ssheldonh 19254458Sobrien for ifn in ${network_interfaces}; do 19354458Sobrien eval showstat=\$showstat_${ifn} 19454458Sobrien if [ ! -z ${showstat} ]; then 19551231Ssheldonh ifconfig ${ifn} 19654458Sobrien fi 19751231Ssheldonh done 19851231Ssheldonh 19957012Shm # ISDN subsystem startup 20057012Shm # 20157012Shm case ${isdn_enable} in 20257012Shm [Yy][Ee][Ss]) 20357012Shm if [ -r /etc/rc.isdn ]; then 20457012Shm . /etc/rc.isdn 20557012Shm fi 20657012Shm ;; 20757012Shm esac 20857012Shm 20964471Sbrian # Start user ppp if required. This must happen before natd. 21051231Ssheldonh # 21151231Ssheldonh case ${ppp_enable} in 21251231Ssheldonh [Yy][Ee][Ss]) 21351231Ssheldonh # Establish ppp mode. 21451231Ssheldonh # 21551231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 21651231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 21751231Ssheldonh -a "${ppp_mode}" != "background" ]; then 21864471Sbrian ppp_mode="auto" 21951231Ssheldonh fi 22051231Ssheldonh 22164471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 22251231Ssheldonh 22364471Sbrian # Switch on NAT mode? 22451231Ssheldonh # 22551231Ssheldonh case ${ppp_nat} in 22651231Ssheldonh [Yy][Ee][Ss]) 22764471Sbrian ppp_command="${ppp_command} -nat" 22851231Ssheldonh ;; 22951231Ssheldonh esac 23051231Ssheldonh 23164471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 23264471Sbrian 23364471Sbrian echo -n "Starting ppp as \"${ppp_user}\"" 23466422Sbrian su -m ${ppp_user} -c "exec ${ppp_command}" 23551231Ssheldonh ;; 23651231Ssheldonh esac 23751231Ssheldonh 23851231Ssheldonh # Initialize IP filtering using ipfw 23951231Ssheldonh # 24051231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 24151231Ssheldonh firewall_in_kernel=1 24229300Sdanny else 24351231Ssheldonh firewall_in_kernel=0 24429300Sdanny fi 24529300Sdanny 24651231Ssheldonh case ${firewall_enable} in 24751231Ssheldonh [Yy][Ee][Ss]) 24851231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 24951231Ssheldonh firewall_in_kernel=1 25051231Ssheldonh echo "Kernel firewall module loaded." 25151231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 25251231Ssheldonh echo "Warning: firewall kernel module failed to load." 25351231Ssheldonh fi 25451231Ssheldonh ;; 25551231Ssheldonh esac 25644992Sbrian 25751231Ssheldonh # Load the filters if required 25851231Ssheldonh # 25951231Ssheldonh case ${firewall_in_kernel} in 26051231Ssheldonh 1) 26151231Ssheldonh if [ -z "${firewall_script}" ]; then 26251231Ssheldonh firewall_script=/etc/rc.firewall 26344992Sbrian fi 26451231Ssheldonh 26551231Ssheldonh case ${firewall_enable} in 26651231Ssheldonh [Yy][Ee][Ss]) 26751426Sgreen if [ -r "${firewall_script}" ]; then 26851426Sgreen . "${firewall_script}" 26951231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 27051231Ssheldonh 27151231Ssheldonh # Network Address Translation daemon 27251231Ssheldonh # 27351231Ssheldonh case ${natd_enable} in 27451231Ssheldonh [Yy][Ee][Ss]) 27551231Ssheldonh if [ -n "${natd_interface}" ]; then 27651231Ssheldonh if echo ${natd_interface} | \ 27751231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 27851231Ssheldonh natd_ifarg="-a ${natd_interface}" 27951231Ssheldonh else 28051231Ssheldonh natd_ifarg="-n ${natd_interface}" 28151231Ssheldonh fi 28251231Ssheldonh 28351231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 28451231Ssheldonh fi 28551231Ssheldonh ;; 28651231Ssheldonh esac 28751231Ssheldonh 28851231Ssheldonh echo '.' 28951231Ssheldonh 29051231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 29151231Ssheldonh echo -n "Warning: kernel has firewall functionality, " 29251231Ssheldonh echo "but firewall rules are not enabled." 29351231Ssheldonh echo " All ip services are disabled." 29451231Ssheldonh fi 29560103Sache 29660103Sache case ${firewall_logging} in 29760103Sache [Yy][Ee][Ss] | '') 29860103Sache echo 'Firewall logging=YES' 29960103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 30060103Sache ;; 30160103Sache *) 30260103Sache ;; 30360103Sache esac 30460103Sache 30551231Ssheldonh ;; 30651231Ssheldonh esac 30751231Ssheldonh ;; 30851231Ssheldonh esac 30951231Ssheldonh 31051231Ssheldonh # Additional ATM interface configuration 31151231Ssheldonh # 31251231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 31351231Ssheldonh atm_pass2 31429300Sdanny fi 31525184Sjkh 31651231Ssheldonh # Configure routing 31751231Ssheldonh # 31851231Ssheldonh case ${defaultrouter} in 31951231Ssheldonh [Nn][Oo] | '') 32051231Ssheldonh ;; 32151231Ssheldonh *) 32251231Ssheldonh static_routes="default ${static_routes}" 32351231Ssheldonh route_default="default ${defaultrouter}" 32451231Ssheldonh ;; 32551231Ssheldonh esac 32640006Sphk 32751231Ssheldonh # Set up any static routes. This should be done before router discovery. 32851231Ssheldonh # 32951231Ssheldonh if [ -n "${static_routes}" ]; then 33051231Ssheldonh for i in ${static_routes}; do 33151231Ssheldonh eval route_args=\$route_${i} 33251231Ssheldonh route add ${route_args} 33351231Ssheldonh done 33451231Ssheldonh fi 33529300Sdanny 33651231Ssheldonh echo -n 'Additional routing options:' 33751231Ssheldonh case ${tcp_extensions} in 33851231Ssheldonh [Yy][Ee][Ss] | '') 33951231Ssheldonh ;; 34051231Ssheldonh *) 34151231Ssheldonh echo -n ' tcp extensions=NO' 34251231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 34351231Ssheldonh ;; 34451231Ssheldonh esac 34525184Sjkh 34651231Ssheldonh case ${icmp_bmcastecho} in 34751231Ssheldonh [Yy][Ee][Ss]) 34851231Ssheldonh echo -n ' broadcast ping responses=YES' 34951231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 35051231Ssheldonh ;; 35151231Ssheldonh esac 35245096Simp 35351231Ssheldonh case ${icmp_drop_redirect} in 35451231Ssheldonh [Yy][Ee][Ss]) 35551231Ssheldonh echo -n ' ignore ICMP redirect=YES' 35651231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 35751231Ssheldonh ;; 35851231Ssheldonh esac 35939267Sjkoshy 36051231Ssheldonh case ${icmp_log_redirect} in 36151231Ssheldonh [Yy][Ee][Ss]) 36251231Ssheldonh echo -n ' log ICMP redirect=YES' 36351231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 36451231Ssheldonh ;; 36551231Ssheldonh esac 36633439Sguido 36751231Ssheldonh case ${gateway_enable} in 36851231Ssheldonh [Yy][Ee][Ss]) 36951231Ssheldonh echo -n ' IP gateway=YES' 37051231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 37151231Ssheldonh ;; 37251231Ssheldonh esac 37333439Sguido 37451231Ssheldonh case ${forward_sourceroute} in 37551231Ssheldonh [Yy][Ee][Ss]) 37651231Ssheldonh echo -n ' do source routing=YES' 37751231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 37851231Ssheldonh ;; 37951231Ssheldonh esac 38047752Sphk 38151231Ssheldonh case ${accept_sourceroute} in 38251231Ssheldonh [Yy][Ee][Ss]) 38351231Ssheldonh echo -n ' accept source routing=YES' 38451231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 38551231Ssheldonh ;; 38651231Ssheldonh esac 38751209Sdes 38851231Ssheldonh case ${tcp_keepalive} in 38951231Ssheldonh [Yy][Ee][Ss]) 39051231Ssheldonh echo -n ' TCP keepalive=YES' 39151231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 39251231Ssheldonh ;; 39351231Ssheldonh esac 39451209Sdes 39551231Ssheldonh case ${tcp_restrict_rst} in 39651231Ssheldonh [Yy][Ee][Ss]) 39751231Ssheldonh echo -n ' restrict TCP reset=YES' 39851231Ssheldonh sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 39951231Ssheldonh ;; 40051231Ssheldonh esac 40136174Sjkh 40251231Ssheldonh case ${tcp_drop_synfin} in 40351231Ssheldonh [Yy][Ee][Ss]) 40451231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 40551231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 40651231Ssheldonh ;; 40751231Ssheldonh esac 40836174Sjkh 40951231Ssheldonh case ${ipxgateway_enable} in 41051231Ssheldonh [Yy][Ee][Ss]) 41151231Ssheldonh echo -n ' IPX gateway=YES' 41251231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 41351231Ssheldonh ;; 41451231Ssheldonh esac 41551231Ssheldonh 41651231Ssheldonh case ${arpproxy_all} in 41751231Ssheldonh [Yy][Ee][Ss]) 41851231Ssheldonh echo -n ' ARP proxyall=YES' 41951231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 42051231Ssheldonh ;; 42151231Ssheldonh esac 42261961Sdillon 42361961Sdillon case ${ip_portrange_first} in 42461961Sdillon [Nn][Oo] | '') 42561961Sdillon ;; 42661961Sdillon *) 42761961Sdillon echo -n ' ip_portrange_first=$ip_portrange_first' 42861961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 42961961Sdillon ;; 43061961Sdillon esac 43161961Sdillon 43261961Sdillon case ${ip_portrange_last} in 43361961Sdillon [Nn][Oo] | '') 43464731Sjhb ;; 43561961Sdillon *) 43661961Sdillon echo -n ' ip_portrange_last=$ip_portrange_last' 43761961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 43861961Sdillon ;; 43961961Sdillon esac 44061961Sdillon 44151231Ssheldonh echo '.' 44251231Ssheldonh 44360628Sdillon case ${ipsec_enable} in 44460628Sdillon [Yy][Ee][Ss]) 44560628Sdillon if [ -f ${ipsec_file} ]; then 44660628Sdillon echo ' ipsec: enabled' 44760628Sdillon setkey -f ${ipsec_file} 44860628Sdillon else 44960628Sdillon echo ' ipsec: file not found' 45060628Sdillon fi 45160628Sdillon ;; 45260628Sdillon esac 45360628Sdillon 45451231Ssheldonh echo -n 'routing daemons:' 45551231Ssheldonh case ${router_enable} in 45651231Ssheldonh [Yy][Ee][Ss]) 45751231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 45851231Ssheldonh ;; 45951231Ssheldonh esac 46051231Ssheldonh 46151231Ssheldonh case ${ipxrouted_enable} in 46251231Ssheldonh [Yy][Ee][Ss]) 46351231Ssheldonh echo -n ' IPXrouted' 46451231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 46551231Ssheldonh ;; 46651231Ssheldonh esac 46751231Ssheldonh 46851231Ssheldonh case ${mrouted_enable} in 46951231Ssheldonh [Yy][Ee][Ss]) 47051231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 47151231Ssheldonh ;; 47251231Ssheldonh esac 47351231Ssheldonh 47451231Ssheldonh case ${rarpd_enable} in 47551231Ssheldonh [Yy][Ee][Ss]) 47651231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 47751231Ssheldonh ;; 47851231Ssheldonh esac 47951231Ssheldonh echo '.' 48051231Ssheldonh 48151231Ssheldonh # Let future generations know we made it. 48251231Ssheldonh # 48351231Ssheldonh network_pass1_done=YES 48425184Sjkh} 48525184Sjkh 48625184Sjkhnetwork_pass2() { 48751231Ssheldonh echo -n 'Doing additional network setup:' 48851231Ssheldonh case ${named_enable} in 48951231Ssheldonh [Yy][Ee][Ss]) 49051231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 49151231Ssheldonh ;; 49251231Ssheldonh esac 49325184Sjkh 49451231Ssheldonh case ${ntpdate_enable} in 49551231Ssheldonh [Yy][Ee][Ss]) 49651231Ssheldonh echo -n ' ntpdate' 49751231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 49851231Ssheldonh ;; 49951231Ssheldonh esac 50025184Sjkh 50151231Ssheldonh case ${xntpd_enable} in 50251231Ssheldonh [Yy][Ee][Ss]) 50354739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 50451231Ssheldonh ;; 50551231Ssheldonh esac 50625184Sjkh 50751231Ssheldonh case ${timed_enable} in 50851231Ssheldonh [Yy][Ee][Ss]) 50951231Ssheldonh echo -n ' timed'; timed ${timed_flags} 51051231Ssheldonh ;; 51151231Ssheldonh esac 51225184Sjkh 51351231Ssheldonh case ${portmap_enable} in 51451231Ssheldonh [Yy][Ee][Ss]) 51551231Ssheldonh echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 51651231Ssheldonh ;; 51751231Ssheldonh esac 51825184Sjkh 51951231Ssheldonh # Start ypserv if we're an NIS server. 52051231Ssheldonh # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 52151231Ssheldonh # 52251231Ssheldonh case ${nis_server_enable} in 52351231Ssheldonh [Yy][Ee][Ss]) 52451231Ssheldonh echo -n ' ypserv'; ypserv ${nis_server_flags} 52525184Sjkh 52651231Ssheldonh case ${nis_ypxfrd_enable} in 52751231Ssheldonh [Yy][Ee][Ss]) 52851231Ssheldonh echo -n ' rpc.ypxfrd' 52951231Ssheldonh rpc.ypxfrd ${nis_ypxfrd_flags} 53051231Ssheldonh ;; 53151231Ssheldonh esac 53225184Sjkh 53351231Ssheldonh case ${nis_yppasswdd_enable} in 53451231Ssheldonh [Yy][Ee][Ss]) 53551231Ssheldonh echo -n ' rpc.yppasswdd' 53651231Ssheldonh rpc.yppasswdd ${nis_yppasswdd_flags} 53751231Ssheldonh ;; 53851231Ssheldonh esac 53951231Ssheldonh ;; 54051231Ssheldonh esac 54135149Smarkm 54251231Ssheldonh # Start ypbind if we're an NIS client 54351231Ssheldonh # 54451231Ssheldonh case ${nis_client_enable} in 54551231Ssheldonh [Yy][Ee][Ss]) 54651231Ssheldonh echo -n ' ypbind'; ypbind ${nis_client_flags} 54751231Ssheldonh case ${nis_ypset_enable} in 54851231Ssheldonh [Yy][Ee][Ss]) 54951231Ssheldonh echo -n ' ypset'; ypset ${nis_ypset_flags} 55051231Ssheldonh ;; 55151231Ssheldonh esac 55251231Ssheldonh ;; 55351231Ssheldonh esac 55440006Sphk 55551231Ssheldonh # Start keyserv if we are running Secure RPC 55651231Ssheldonh # 55751231Ssheldonh case ${keyserv_enable} in 55851231Ssheldonh [Yy][Ee][Ss]) 55951231Ssheldonh echo -n ' keyserv'; keyserv ${keyserv_flags} 56051231Ssheldonh ;; 56151231Ssheldonh esac 56251231Ssheldonh 56351231Ssheldonh # Start ypupdated if we are running Secure RPC and we are NIS master 56451231Ssheldonh # 56551231Ssheldonh case ${rpc_ypupdated_enable} in 56651231Ssheldonh [Yy][Ee][Ss]) 56751231Ssheldonh echo -n ' rpc.ypupdated'; rpc.ypupdated 56851231Ssheldonh ;; 56951231Ssheldonh esac 57051231Ssheldonh 57151231Ssheldonh # Start ATM daemons 57251231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 57351231Ssheldonh atm_pass3 57451231Ssheldonh fi 57551231Ssheldonh 57651231Ssheldonh echo '.' 57751231Ssheldonh network_pass2_done=YES 57825184Sjkh} 57925184Sjkh 58025184Sjkhnetwork_pass3() { 58151231Ssheldonh echo -n 'Starting final network daemons:' 58225184Sjkh 58351231Ssheldonh case ${nfs_server_enable} in 58451231Ssheldonh [Yy][Ee][Ss]) 58551231Ssheldonh if [ -r /etc/exports ]; then 58651231Ssheldonh echo -n ' mountd' 58751231Ssheldonh 58851231Ssheldonh case ${weak_mountd_authentication} in 58951231Ssheldonh [Yy][Ee][Ss]) 59063147Snbm mountd_flags="${mountd_flags} -n" 59151231Ssheldonh ;; 59251231Ssheldonh esac 59351231Ssheldonh 59451231Ssheldonh mountd ${mountd_flags} 59551231Ssheldonh 59651231Ssheldonh case ${nfs_reserved_port_only} in 59751231Ssheldonh [Yy][Ee][Ss]) 59851231Ssheldonh echo -n ' NFS on reserved port only=YES' 59951231Ssheldonh sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 60051231Ssheldonh ;; 60151231Ssheldonh esac 60251231Ssheldonh 60351231Ssheldonh echo -n ' nfsd'; nfsd ${nfs_server_flags} 60451231Ssheldonh 60558710Sdillon if [ -n "${nfs_bufpackets}" ]; then 60658710Sdillon sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 60758710Sdillon > /dev/null 60858710Sdillon fi 60958710Sdillon 61051231Ssheldonh case ${rpc_lockd_enable} in 61151231Ssheldonh [Yy][Ee][Ss]) 61251231Ssheldonh echo -n ' rpc.lockd'; rpc.lockd 61351231Ssheldonh ;; 61451231Ssheldonh esac 61551231Ssheldonh 61651231Ssheldonh case ${rpc_statd_enable} in 61751231Ssheldonh [Yy][Ee][Ss]) 61851231Ssheldonh echo -n ' rpc.statd'; rpc.statd 61951231Ssheldonh ;; 62051231Ssheldonh esac 62151231Ssheldonh fi 62251231Ssheldonh ;; 62353158Sache *) 62453158Sache case ${single_mountd_enable} in 62553158Sache [Yy][Ee][Ss]) 62653158Sache if [ -r /etc/exports ]; then 62753158Sache echo -n ' mountd' 62853158Sache 62953158Sache case ${weak_mountd_authentication} in 63053158Sache [Yy][Ee][Ss]) 63153158Sache mountd_flags="-n" 63253158Sache ;; 63353158Sache esac 63453158Sache 63553158Sache mountd ${mountd_flags} 63653158Sache fi 63753158Sache ;; 63853158Sache esac 63953158Sache ;; 64051231Ssheldonh esac 64151231Ssheldonh 64251231Ssheldonh case ${nfs_client_enable} in 64351231Ssheldonh [Yy][Ee][Ss]) 64451231Ssheldonh echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 64551231Ssheldonh if [ -n "${nfs_access_cache}" ]; then 64647755Sbde echo -n " NFS access cache time=${nfs_access_cache}" 64741371Sjkoshy sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 64851231Ssheldonh >/dev/null 64951231Ssheldonh fi 65051231Ssheldonh ;; 65151231Ssheldonh esac 65225184Sjkh 65356038Sgreen # If /var/db/mounttab exists, some nfs-server has not been 65456038Sgreen # sucessfully notified about a previous client shutdown. 65556038Sgreen # If there is no /var/db/mounttab, we do nothing. 65656038Sgreen if [ -f /var/db/mounttab ]; then 65756038Sgreen rpc.umntall -k 65856038Sgreen fi 65956038Sgreen 66051231Ssheldonh case ${amd_enable} in 66151231Ssheldonh [Yy][Ee][Ss]) 66251231Ssheldonh echo -n ' amd' 66351231Ssheldonh case ${amd_map_program} in 66451231Ssheldonh [Nn][Oo] | '') 66551231Ssheldonh ;; 66651231Ssheldonh *) 66751231Ssheldonh amd_flags="${amd_flags} `eval ${amd_map_program}`" 66851231Ssheldonh ;; 66951231Ssheldonh esac 67025184Sjkh 67151231Ssheldonh if [ -n "${amd_flags}" ]; then 67251231Ssheldonh amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 67351231Ssheldonh else 67451231Ssheldonh amd 2> /dev/null 67551231Ssheldonh fi 67651231Ssheldonh ;; 67751231Ssheldonh esac 67825184Sjkh 67951231Ssheldonh case ${rwhod_enable} in 68051231Ssheldonh [Yy][Ee][Ss]) 68151231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 68251231Ssheldonh ;; 68351231Ssheldonh esac 68451231Ssheldonh 68551231Ssheldonh # Kerberos runs ONLY on the Kerberos server machine 68651231Ssheldonh case ${kerberos_server_enable} in 68751231Ssheldonh [Yy][Ee][Ss]) 68851231Ssheldonh case ${kerberos_stash} in 68951231Ssheldonh [Yy][Ee][Ss]) 69051231Ssheldonh stash_flag=-n 69151231Ssheldonh ;; 69251231Ssheldonh *) 69351231Ssheldonh stash_flag= 69451231Ssheldonh ;; 69551231Ssheldonh esac 69651231Ssheldonh 69751231Ssheldonh echo -n ' kerberos' 69838316Sphk kerberos ${stash_flag} >> /var/log/kerberos.log & 69951231Ssheldonh 70051231Ssheldonh case ${kadmind_server_enable} in 70151231Ssheldonh [Yy][Ee][Ss]) 70251231Ssheldonh echo -n ' kadmind' 70351231Ssheldonh (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 70451231Ssheldonh ;; 70551231Ssheldonh esac 70651231Ssheldonh unset stash_flag 70751231Ssheldonh ;; 70851231Ssheldonh esac 70951231Ssheldonh 71053611Sbrian case ${pppoed_enable} in 71153611Sbrian [Yy][Ee][Ss]) 71253613Sbrian if [ -n "${pppoed_provider}" ]; then 71353611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 71453611Sbrian fi 71553611Sbrian echo -n ' pppoed'; 71653611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 71753611Sbrian ;; 71853611Sbrian esac 71953611Sbrian 72057459Smarkm case ${sshd_enable} in 72157459Smarkm [Yy][Ee][Ss]) 72257567Sjkh if [ ! -f /etc/ssh/ssh_host_key ]; then 72360578Skris echo ' creating ssh RSA host key'; 72457567Sjkh /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 72557567Sjkh fi 72660578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 72760578Skris echo ' creating ssh DSA host key'; 72860578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 72960578Skris fi 73060578Skris ;; 73157459Smarkm esac 73257459Smarkm 73351231Ssheldonh echo '.' 73451231Ssheldonh network_pass3_done=YES 73525184Sjkh} 73653314Sache 73753314Sachenetwork_pass4() { 73853314Sache echo -n 'Additional TCP options:' 73953314Sache case ${log_in_vain} in 74053314Sache [Nn][Oo] | '') 74153314Sache ;; 74253314Sache *) 74353314Sache echo -n ' log_in_vain=YES' 74453314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 74553314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 74653314Sache ;; 74753314Sache esac 74853314Sache 74953314Sache echo '.' 75053314Sache network_pass4_done=YES 75153314Sache} 75265532Snectar 75365532Snectarconvert_host_conf() { 75465532Snectar host_conf=$1; shift; 75565532Snectar nsswitch_conf=$1; shift; 75665532Snectar awk ' \ 75765532Snectar /^[:blank:]*#/ { next } \ 75865532Snectar /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 75965532Snectar /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 76065532Snectar /nis/ { nsswitch[c] = "nis"; c++; next } \ 76165532Snectar { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 76265532Snectar END { \ 76365532Snectar printf "hosts: "; \ 76465532Snectar for (i in nsswitch) printf "%s ", nsswitch[i]; \ 76565532Snectar printf "\n"; \ 76665532Snectar }' < $host_conf > $nsswitch_conf 76765532Snectar} 76865532Snectar 769