defaultroute revision 83656 
1139804Simp#!/bin/sh -
21541Srgrimes#
31541Srgrimes# Copyright (c) 1993  The FreeBSD Project
41541Srgrimes# All rights reserved.
51541Srgrimes#
61541Srgrimes# Redistribution and use in source and binary forms, with or without
71541Srgrimes# modification, are permitted provided that the following conditions
81541Srgrimes# are met:
91541Srgrimes# 1. Redistributions of source code must retain the above copyright
101541Srgrimes#    notice, this list of conditions and the following disclaimer.
111541Srgrimes# 2. Redistributions in binary form must reproduce the above copyright
121541Srgrimes#    notice, this list of conditions and the following disclaimer in the
131541Srgrimes#    documentation and/or other materials provided with the distribution.
141541Srgrimes#
151541Srgrimes# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
161541Srgrimes# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
171541Srgrimes# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
181541Srgrimes# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
191541Srgrimes# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
201541Srgrimes# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
211541Srgrimes# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
221541Srgrimes# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
231541Srgrimes# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
241541Srgrimes# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
251541Srgrimes# SUCH DAMAGE.
261541Srgrimes#
271541Srgrimes# $FreeBSD: head/etc/rc.d/routing 83656 2001-09-19 00:22:26Z peter $
281541Srgrimes#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
291541Srgrimes#
301541Srgrimes
311541Srgrimes# Note that almost all of the user-configurable behavior is no longer in
321541Srgrimes# this file, but rather in /etc/defaults/rc.conf.  Please check that file
331541Srgrimes# first before contemplating any changes here.  If you do need to change
341541Srgrimes# this file for some reason, we would like to know about it.
351541Srgrimes
36116182Sobrien# First pass startup stuff.
37116182Sobrien#
38116182Sobriennetwork_pass1() {
391541Srgrimes	echo -n 'Doing initial network setup:'
401541Srgrimes
4112577Sbde	# Convert host.conf to nsswitch.conf if necessary
421541Srgrimes	if [ -f "/etc/host.conf" ]; then
431541Srgrimes		echo ''
4424206Sbde		echo 'Warning: /etc/host.conf is no longer used'
4524206Sbde		if [ -f "/etc/nsswitch.conf" ]; then
461541Srgrimes		    echo '  /etc/nsswitch.conf will be used instead'
473308Sphk		else
4812517Sjulian		    echo '  /etc/nsswitch.conf will be created for you'
4929357Speter		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
5041086Struckman		fi
5170069Sjhb	fi
5212517Sjulian
531541Srgrimes	# Set the host name if it is not already set
541541Srgrimes	#
551541Srgrimes	if [ -z "`hostname -s`" ]; then
561541Srgrimes		hostname ${hostname}
5712675Sjulian		echo -n ' hostname'
5812675Sjulian	fi
5912675Sjulian
6012675Sjulian	# Establish ipfilter ruleset as early as possible (best in
6129357Speter	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
6212675Sjulian	#
6370069Sjhb	if /sbin/ipfstat -i > /dev/null 2>&1; then
6470069Sjhb		ipfilter_in_kernel=1
6547625Sphk	else
66126080Sphk		ipfilter_in_kernel=0
67111815Sphk	fi
68111815Sphk
69111815Sphk	case "${ipfilter_enable}" in
70111815Sphk	[Yy][Ee][Ss])
71111815Sphk		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
72111815Sphk			ipfilter_in_kernel=1
7347625Sphk			echo "Kernel ipfilter module loaded."
7412675Sjulian		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
7512819Sphk			echo "Warning: ipfilter kernel module failed to load."
761541Srgrimes		fi
771541Srgrimes
7841087Struckman		if [ -r "${ipfilter_rules}" ]; then
7970069Sjhb			echo -n ' ipfilter';
801541Srgrimes			${ipfilter_program:-/sbin/ipf -Fa -f} \
811541Srgrimes			    "${ipfilter_rules}" ${ipfilter_flags}
82198860Sed			case "${ipmon_enable}" in
83198860Sed			[Yy][Ee][Ss])
84198860Sed				echo -n ' ipmon'
85198860Sed				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
861541Srgrimes				;;
8770069Sjhb			esac
8870069Sjhb			case "${ipnat_enable}" in
8970069Sjhb			[Yy][Ee][Ss])
9070069Sjhb				if [ -r "${ipnat_rules}" ]; then
9170069Sjhb					echo -n ' ipnat';
921541Srgrimes				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
9312675Sjulian					"${ipnat_rules}" ${ipnat_flags}
94130585Sphk				else
951541Srgrimes					echo -n ' NO IPNAT RULES'
96198860Sed				fi
97116634Sbmilekic				;;
98116634Sbmilekic			esac
99116634Sbmilekic		else
100116634Sbmilekic			ipfilter_enable="NO"
101198860Sed			echo -n ' NO IPF RULES'
102198860Sed		fi
103198860Sed		;;
104198860Sed	esac
105198860Sed
106198860Sed	# Set the domainname if we're using NIS
107198860Sed	#
10870069Sjhb	case ${nisdomainname} in
10970069Sjhb	[Nn][Oo] | '')
110198860Sed		;;
111198860Sed	*)
112198860Sed		domainname ${nisdomainname}
1131541Srgrimes		echo -n ' domain'
1141541Srgrimes		;;
1151541Srgrimes	esac
1161541Srgrimes
11712675Sjulian	echo '.'
118130585Sphk
1191541Srgrimes	# Initial ATM interface configuration
1201541Srgrimes	#
121198860Sed	case ${atm_enable} in
122198860Sed	[Yy][Ee][Ss])
123198860Sed		if [ -r /etc/rc.atm ]; then
12470069Sjhb			. /etc/rc.atm
1251541Srgrimes			atm_pass1
126198860Sed		fi
127198860Sed		;;
128198860Sed	esac
1291541Srgrimes
1301541Srgrimes	# Special options for sppp(4) interfaces go here.  These need
1311541Srgrimes	# to go _before_ the general ifconfig section, since in the case
1321541Srgrimes	# of hardwired (no link1 flag) but required authentication, you
13312675Sjulian	# cannot pass auth parameters down to the already running interface.
134130585Sphk	#
1351541Srgrimes	for ifn in ${sppp_interfaces}; do
136116660Siedowse		eval spppcontrol_args=\$spppconfig_${ifn}
13769741Sphk		if [ -n "${spppcontrol_args}" ]; then
138198860Sed			# The auth secrets might contain spaces; in order
1391541Srgrimes			# to retain the quotation, we need to eval them
140198860Sed			# here.
141116660Siedowse			eval spppcontrol ${ifn} ${spppcontrol_args}
1421541Srgrimes		fi
143198860Sed	done
1441541Srgrimes
1451541Srgrimes	# gifconfig
146198860Sed	network_gif_setup
147198860Sed
1481541Srgrimes	# Set up all the network interfaces, calling startup scripts if needed
1491541Srgrimes	#
1501541Srgrimes	case ${network_interfaces} in
1511541Srgrimes	[Aa][Uu][Tt][Oo])
1521541Srgrimes		network_interfaces="`ifconfig -l`"
153116660Siedowse		;;
154116660Siedowse	esac
1551541Srgrimes
1561541Srgrimes	dhcp_interfaces=""
157198860Sed	for ifn in ${network_interfaces}; do
158116660Siedowse		if [ -r /etc/start_if.${ifn} ]; then
159198860Sed			. /etc/start_if.${ifn}
160198860Sed			eval showstat_$ifn=1
161198860Sed		fi
1621541Srgrimes
163198860Sed		# Do the primary ifconfig if specified
1641541Srgrimes		#
1651541Srgrimes		eval ifconfig_args=\$ifconfig_${ifn}
1661541Srgrimes
1671541Srgrimes		case ${ifconfig_args} in
16812675Sjulian		'')
169130585Sphk			;;
1701541Srgrimes		[Dd][Hh][Cc][Pp])
17129357Speter			# DHCP inits are done all in one go below
1721541Srgrimes			dhcp_interfaces="$dhcp_interfaces $ifn"
17346568Speter			eval showstat_$ifn=1
174198860Sed			;;
175116660Siedowse		*)
17629357Speter			ifconfig ${ifn} ${ifconfig_args}
17729357Speter			eval showstat_$ifn=1
17883805Sjhb			;;
179198860Sed		esac
18046568Speter	done
18129357Speter
1821541Srgrimes	if [ ! -z "${dhcp_interfaces}" ]; then
1831541Srgrimes		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
18470069Sjhb	fi
18570069Sjhb
18670069Sjhb	for ifn in ${network_interfaces}; do
18770069Sjhb		# Check to see if aliases need to be added
18877057Sphk		#
18970069Sjhb		alias=0
190116634Sbmilekic		while : ; do
191116634Sbmilekic			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
192116634Sbmilekic			if [ -n "${ifconfig_args}" ]; then
193116634Sbmilekic				ifconfig ${ifn} ${ifconfig_args} alias
19477057Sphk				eval showstat_$ifn=1
195198860Sed				alias=`expr ${alias} + 1`
196198860Sed			else
19777057Sphk				break;
19877057Sphk			fi
19970239Sphk		done
200122352Stanimura
20141086Struckman		# Do ipx address if specified
20295883Salfred		#
203198860Sed		eval ifconfig_args=\$ifconfig_${ifn}_ipx
204198860Sed		if [ -n "${ifconfig_args}" ]; then
2051541Srgrimes			ifconfig ${ifn} ${ifconfig_args}
2061541Srgrimes			eval showstat_$ifn=1
2071541Srgrimes		fi
20812675Sjulian	done
209130585Sphk
2101541Srgrimes	for ifn in ${network_interfaces}; do
2111541Srgrimes		eval showstat=\$showstat_${ifn}
2121541Srgrimes		if [ ! -z ${showstat} ]; then
2131541Srgrimes			ifconfig ${ifn}
2141541Srgrimes		fi
2151541Srgrimes	done
216116660Siedowse
2171541Srgrimes	# ISDN subsystem startup
2181541Srgrimes	#
2191541Srgrimes	case ${isdn_enable} in
2201541Srgrimes	[Yy][Ee][Ss])
2211541Srgrimes		if [ -r /etc/rc.isdn ]; then
2221541Srgrimes			. /etc/rc.isdn
223198860Sed		fi
2241541Srgrimes		;;
2251541Srgrimes	esac
2261541Srgrimes
2271541Srgrimes	# Start user ppp if required.  This must happen before natd.
228198860Sed	#
2291541Srgrimes	case ${ppp_enable} in
2301541Srgrimes	[Yy][Ee][Ss])
23141086Struckman		# Establish ppp mode.
23241086Struckman		#
23341086Struckman		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
23441086Struckman			-a "${ppp_mode}" != "dedicated" \
235104393Struckman			-a "${ppp_mode}" != "background" ]; then
2361541Srgrimes			ppp_mode="auto"
2371541Srgrimes		fi
23841086Struckman
23941086Struckman		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
24041086Struckman
24141086Struckman		# Switch on NAT mode?
24241086Struckman		#
2431541Srgrimes		case ${ppp_nat} in
244104393Struckman		[Yy][Ee][Ss])
2451541Srgrimes			ppp_command="${ppp_command} -nat"
2461541Srgrimes			;;
2471541Srgrimes		esac
2488161Sjkh
2491541Srgrimes		ppp_command="${ppp_command} ${ppp_profile}"
2501541Srgrimes
2511541Srgrimes		echo "Starting ppp as \"${ppp_user}\""
25212517Sjulian		su -m ${ppp_user} -c "exec ${ppp_command}"
25312675Sjulian		;;
25469741Sphk	esac
25512517Sjulian
25669741Sphk	# Initialize IP filtering using ipfw
257198860Sed	#
258198860Sed	if /sbin/ipfw -q flush > /dev/null 2>&1; then
25950254Sphk		firewall_in_kernel=1
26012517Sjulian	else
26112517Sjulian		firewall_in_kernel=0
262177253Srwatson	fi
263
264	case ${firewall_enable} in
265	[Yy][Ee][Ss])
266		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
267			firewall_in_kernel=1
268			echo 'Kernel firewall module loaded'
269		elif [ "${firewall_in_kernel}" -eq 0 ]; then
270			echo 'Warning: firewall kernel module failed to load'
271		fi
272		;;
273	esac
274
275	# Load the filters if required
276	#
277	case ${firewall_in_kernel} in
278	1)
279		if [ -z "${firewall_script}" ]; then
280			firewall_script=/etc/rc.firewall
281		fi
282
283		case ${firewall_enable} in
284		[Yy][Ee][Ss])
285			if [ -r "${firewall_script}" ]; then
286				. "${firewall_script}"
287				echo -n 'Firewall rules loaded, starting divert daemons:'
288
289				# Network Address Translation daemon
290				#
291				case ${natd_enable} in
292				[Yy][Ee][Ss])
293					if [ -n "${natd_interface}" ]; then
294						if echo ${natd_interface} | \
295							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
296							natd_ifarg="-a ${natd_interface}"
297						else
298							natd_ifarg="-n ${natd_interface}"
299						fi
300
301						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
302					fi
303					;;
304				esac
305
306				echo '.'
307
308			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
309				echo 'Warning: kernel has firewall functionality,' \
310				     'but firewall rules are not enabled.'
311				echo '		 All ip services are disabled.'
312			fi
313
314			case ${firewall_logging} in
315			[Yy][Ee][Ss] | '')
316				echo 'Firewall logging=YES'
317				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
318				;;
319			*)
320				;;
321			esac
322
323			;;
324		esac
325		;;
326	esac
327
328	# Additional ATM interface configuration
329	#
330	if [ -n "${atm_pass1_done}" ]; then
331		atm_pass2
332	fi
333
334	# Configure routing
335	#
336	case ${defaultrouter} in
337	[Nn][Oo] | '')
338		;;
339	*)
340		static_routes="default ${static_routes}"
341		route_default="default ${defaultrouter}"
342		;;
343	esac
344
345	# Set up any static routes.  This should be done before router discovery.
346	#
347	if [ -n "${static_routes}" ]; then
348		for i in ${static_routes}; do
349			eval route_args=\$route_${i}
350			route add ${route_args}
351		done
352	fi
353
354	echo -n 'Additional routing options:'
355	case ${tcp_extensions} in
356	[Yy][Ee][Ss] | '')
357		;;
358	*)
359		echo -n ' tcp extensions=NO'
360		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
361		;;
362	esac
363
364	case ${icmp_bmcastecho} in
365	[Yy][Ee][Ss])
366		echo -n ' broadcast ping responses=YES'
367		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
368		;;
369	esac
370
371	case ${icmp_drop_redirect} in
372	[Yy][Ee][Ss])
373		echo -n ' ignore ICMP redirect=YES'
374		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
375		;;
376	esac
377
378	case ${icmp_log_redirect} in
379	[Yy][Ee][Ss])
380		echo -n ' log ICMP redirect=YES'
381		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
382		;;
383	esac
384
385	case ${gateway_enable} in
386	[Yy][Ee][Ss])
387		echo -n ' IP gateway=YES'
388		sysctl -w net.inet.ip.forwarding=1 >/dev/null
389		;;
390	esac
391
392	case ${forward_sourceroute} in
393	[Yy][Ee][Ss])
394		echo -n ' do source routing=YES'
395		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
396		;;
397	esac
398
399	case ${accept_sourceroute} in
400	[Yy][Ee][Ss])
401		echo -n ' accept source routing=YES'
402		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
403		;;
404	esac
405
406	case ${tcp_keepalive} in
407	[Yy][Ee][Ss])
408		echo -n ' TCP keepalive=YES'
409		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
410		;;
411	esac
412
413	case ${tcp_drop_synfin} in
414	[Yy][Ee][Ss])
415		echo -n ' drop SYN+FIN packets=YES'
416		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
417		;;
418	esac
419
420	case ${ipxgateway_enable} in
421	[Yy][Ee][Ss])
422		echo -n ' IPX gateway=YES'
423		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
424		;;
425	esac
426
427	case ${arpproxy_all} in
428	[Yy][Ee][Ss])
429		echo -n ' ARP proxyall=YES'
430		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
431		;;
432	esac
433
434	case ${ip_portrange_first} in
435	[Nn][Oo] | '')
436		;;
437	*)
438		echo -n " ip_portrange_first=$ip_portrange_first"
439		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
440		;;
441	esac
442
443	case ${ip_portrange_last} in
444	[Nn][Oo] | '')
445		;;
446	*)
447		echo -n " ip_portrange_last=$ip_portrange_last"
448		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
449		;;
450	esac
451
452	echo '.'
453
454	case ${ipsec_enable} in
455	[Yy][Ee][Ss])
456		if [ -f ${ipsec_file} ]; then
457		    echo ' ipsec: enabled'
458		    setkey -f ${ipsec_file}
459		else
460		    echo ' ipsec: file not found'
461		fi
462		;;
463	esac
464
465	echo -n 'Routing daemons:'
466	case ${router_enable} in
467	[Yy][Ee][Ss])
468		echo -n " ${router}";	${router} ${router_flags}
469		;;
470	esac
471
472	case ${ipxrouted_enable} in
473	[Yy][Ee][Ss])
474		echo -n ' IPXrouted'
475		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
476		;;
477	esac
478
479	case ${mrouted_enable} in
480	[Yy][Ee][Ss])
481		echo -n ' mrouted';	mrouted ${mrouted_flags}
482		;;
483	esac
484
485	case ${rarpd_enable} in
486	[Yy][Ee][Ss])
487		echo -n ' rarpd';	rarpd ${rarpd_flags}
488		;;
489	esac
490	echo '.'
491
492	# Let future generations know we made it.
493	#
494	network_pass1_done=YES
495}
496
497network_pass2() {
498	echo -n 'Doing additional network setup:'
499	case ${named_enable} in
500	[Yy][Ee][Ss])
501		echo -n ' named';	${named_program:-named} ${named_flags}
502		;;
503	esac
504
505	case ${ntpdate_enable} in
506	[Yy][Ee][Ss])
507		echo -n ' ntpdate'
508		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
509		;;
510	esac
511
512	case ${xntpd_enable} in
513	[Yy][Ee][Ss])
514		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
515		;;
516	esac
517
518	case ${timed_enable} in
519	[Yy][Ee][Ss])
520		echo -n ' timed';	timed ${timed_flags}
521		;;
522	esac
523
524	case ${portmap_enable} in
525	[Yy][Ee][Ss])
526		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
527			${portmap_flags}
528
529		# Start ypserv if we're an NIS server.
530		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
531		#
532		case ${nis_server_enable} in
533		[Yy][Ee][Ss])
534			echo -n ' ypserv'; ypserv ${nis_server_flags}
535
536			case ${nis_ypxfrd_enable} in
537			[Yy][Ee][Ss])
538				echo -n ' rpc.ypxfrd'
539				rpc.ypxfrd ${nis_ypxfrd_flags}
540				;;
541			esac
542
543			case ${nis_yppasswdd_enable} in
544			[Yy][Ee][Ss])
545				echo -n ' rpc.yppasswdd'
546				rpc.yppasswdd ${nis_yppasswdd_flags}
547				;;
548			esac
549			;;
550		esac
551
552		# Start ypbind if we're an NIS client
553		#
554		case ${nis_client_enable} in
555		[Yy][Ee][Ss])
556			echo -n ' ypbind'; ypbind ${nis_client_flags}
557			case ${nis_ypset_enable} in
558			[Yy][Ee][Ss])
559				echo -n ' ypset';	ypset ${nis_ypset_flags}
560				;;
561			esac
562			;;
563		esac
564
565		# Start keyserv if we are running Secure RPC
566		#
567		case ${keyserv_enable} in
568		[Yy][Ee][Ss])
569			echo -n ' keyserv';	keyserv ${keyserv_flags}
570			;;
571		esac
572
573		# Start ypupdated if we are running Secure RPC
574		# and we are NIS master
575		#
576		case ${rpc_ypupdated_enable} in
577		[Yy][Ee][Ss])
578			echo -n ' rpc.ypupdated';	rpc.ypupdated
579			;;
580		esac
581		;;
582	esac
583
584	# Start ATM daemons
585	if [ -n "${atm_pass2_done}" ]; then
586		atm_pass3
587	fi
588
589	echo '.'
590	network_pass2_done=YES
591}
592
593network_pass3() {
594	echo -n 'Starting final network daemons:'
595
596	case ${portmap_enable} in
597	[Yy][Ee][Ss])
598		case ${nfs_server_enable} in
599		[Yy][Ee][Ss])
600			if [ -r /etc/exports ]; then
601				echo -n ' mountd'
602
603				case ${weak_mountd_authentication} in
604				[Yy][Ee][Ss])
605					mountd_flags="${mountd_flags} -n"
606					;;
607				esac
608
609				mountd ${mountd_flags}
610
611				case ${nfs_reserved_port_only} in
612				[Yy][Ee][Ss])
613					echo -n ' NFS on reserved port only=YES'
614					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
615					;;
616				esac
617
618				echo -n ' nfsd';	nfsd ${nfs_server_flags}
619
620				case ${rpc_lockd_enable} in
621				[Yy][Ee][Ss])
622					echo -n ' rpc.lockd';	rpc.lockd
623					;;
624				esac
625
626				case ${rpc_statd_enable} in
627				[Yy][Ee][Ss])
628					echo -n ' rpc.statd';	rpc.statd
629					;;
630				esac
631			fi
632			;;
633		*)
634			case ${single_mountd_enable} in
635			[Yy][Ee][Ss])
636				if [ -r /etc/exports ]; then
637					echo -n ' mountd'
638
639					case ${weak_mountd_authentication} in
640					[Yy][Ee][Ss])
641						mountd_flags="-n"
642						;;
643					esac
644
645					mountd ${mountd_flags}
646				fi
647				;;
648			esac
649			;;
650		esac
651
652		case ${nfs_client_enable} in
653		[Yy][Ee][Ss])
654			#echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
655			if [ -n "${nfs_access_cache}" ]; then
656				echo -n " NFS access cache time=${nfs_access_cache}"
657				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
658			fi
659			if [ -n "${nfs_bufpackets}" ]; then
660				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
661			fi
662			;;
663		esac
664
665		# If /var/db/mounttab exists, some nfs-server has not been
666		# sucessfully notified about a previous client shutdown.
667		# If there is no /var/db/mounttab, we do nothing.
668		if [ -f /var/db/mounttab ]; then
669			rpc.umntall -k
670		fi
671
672		case ${amd_enable} in
673		[Yy][Ee][Ss])
674			echo -n ' amd'
675			case ${amd_map_program} in
676			[Nn][Oo] | '')
677				;;
678			*)
679				amd_flags="${amd_flags} `eval\
680					${amd_map_program}`"
681				;;
682			esac
683
684			if [ -n "${amd_flags}" ]; then
685				amd -p ${amd_flags}\
686					> /var/run/amd.pid 2> /dev/null
687			else
688				amd 2> /dev/null
689			fi
690			;;
691		esac
692		;;
693	esac
694
695	case ${rwhod_enable} in
696	[Yy][Ee][Ss])
697		echo -n ' rwhod';	rwhod ${rwhod_flags}
698		;;
699	esac
700
701	# Kerberos servers run ONLY on the Kerberos server machine
702	case ${kerberos4_server_enable} in
703	[Yy][Ee][Ss])
704		case ${kerberos_stash} in
705		[Yy][Ee][Ss])
706			stash=-n
707			;;
708		*)
709			stash=
710			;;
711		esac
712
713		echo -n ' kerberosIV'
714		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
715
716		case ${kadmind4_server_enable} in
717		[Yy][Ee][Ss])
718			echo -n ' kadmindIV'
719			(
720				sleep 20;
721				${kadmind4_server} ${stash} >/dev/null 2>&1 &
722			) &
723			;;
724		esac
725		unset stash_flag
726		;;
727	esac
728
729	case ${kerberos5_server_enable} in
730	[Yy][Ee][Ss])
731		echo -n ' kerberos5'
732		${kerberos5_server} &
733
734		case ${kadmind5_server_enable} in
735		[Yy][Ee][Ss])
736			echo -n ' kadmind5'
737			${kadmind5_server} &
738			;;
739		esac
740		;;
741	esac
742
743	case ${pppoed_enable} in
744	[Yy][Ee][Ss])
745		if [ -n "${pppoed_provider}" ]; then
746			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
747		fi
748		echo -n ' pppoed';
749		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
750		;;
751	esac
752
753	case ${sshd_enable} in
754	[Yy][Ee][Ss])
755		if [ ! -f /etc/ssh/ssh_host_key ]; then
756			echo ' creating ssh RSA host key';
757			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
758		fi
759		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
760			echo ' creating ssh DSA host key';
761			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
762		fi
763		;;
764	esac
765
766	echo '.'
767	network_pass3_done=YES
768}
769
770network_pass4() {
771	echo -n 'Additional TCP options:'
772	case ${log_in_vain} in
773	[Nn][Oo] | '')
774		;;
775	*)
776		echo -n ' log_in_vain=YES'
777		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
778		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
779		;;
780	esac
781
782	echo '.'
783	network_pass4_done=YES
784}
785
786network_gif_setup() {
787	case ${gif_interfaces} in
788	[Nn][Oo] | '')
789		;;
790	*)
791		for i in ${gif_interfaces}; do
792			eval peers=\$gifconfig_$i
793			case ${peers} in
794			'')
795				continue
796				;;
797			*)
798				ifconfig $i create tunnel ${peers}
799				;;
800			esac
801		done
802		;;
803	esac
804}
805
806convert_host_conf() {
807    host_conf=$1; shift;
808    nsswitch_conf=$1; shift;
809    awk '                                                                   \
810        /^[:blank:]*#/       { next }                                       \
811        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
812        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
813        /nis/                { nsswitch[c] = "nis";   c++; next }           \
814        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
815        END {                                                               \
816                printf "hosts: ";                                           \
817                for (i in nsswitch) printf "%s ", nsswitch[i];              \
818                printf "\n";                                                \
819        }' < $host_conf > $nsswitch_conf
820}
821
822