defaultroute revision 83656
1139804Simp#!/bin/sh - 21541Srgrimes# 31541Srgrimes# Copyright (c) 1993 The FreeBSD Project 41541Srgrimes# All rights reserved. 51541Srgrimes# 61541Srgrimes# Redistribution and use in source and binary forms, with or without 71541Srgrimes# modification, are permitted provided that the following conditions 81541Srgrimes# are met: 91541Srgrimes# 1. Redistributions of source code must retain the above copyright 101541Srgrimes# notice, this list of conditions and the following disclaimer. 111541Srgrimes# 2. Redistributions in binary form must reproduce the above copyright 121541Srgrimes# notice, this list of conditions and the following disclaimer in the 131541Srgrimes# documentation and/or other materials provided with the distribution. 141541Srgrimes# 151541Srgrimes# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 161541Srgrimes# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 171541Srgrimes# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 181541Srgrimes# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 191541Srgrimes# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 201541Srgrimes# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 211541Srgrimes# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 221541Srgrimes# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 231541Srgrimes# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 241541Srgrimes# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 251541Srgrimes# SUCH DAMAGE. 261541Srgrimes# 271541Srgrimes# $FreeBSD: head/etc/rc.d/routing 83656 2001-09-19 00:22:26Z peter $ 281541Srgrimes# From: @(#)netstart 5.9 (Berkeley) 3/30/91 291541Srgrimes# 301541Srgrimes 311541Srgrimes# Note that almost all of the user-configurable behavior is no longer in 321541Srgrimes# this file, but rather in /etc/defaults/rc.conf. Please check that file 331541Srgrimes# first before contemplating any changes here. If you do need to change 341541Srgrimes# this file for some reason, we would like to know about it. 351541Srgrimes 36116182Sobrien# First pass startup stuff. 37116182Sobrien# 38116182Sobriennetwork_pass1() { 391541Srgrimes echo -n 'Doing initial network setup:' 401541Srgrimes 4112577Sbde # Convert host.conf to nsswitch.conf if necessary 421541Srgrimes if [ -f "/etc/host.conf" ]; then 431541Srgrimes echo '' 4424206Sbde echo 'Warning: /etc/host.conf is no longer used' 4524206Sbde if [ -f "/etc/nsswitch.conf" ]; then 461541Srgrimes echo ' /etc/nsswitch.conf will be used instead' 473308Sphk else 4812517Sjulian echo ' /etc/nsswitch.conf will be created for you' 4929357Speter convert_host_conf /etc/host.conf /etc/nsswitch.conf 5041086Struckman fi 5170069Sjhb fi 5212517Sjulian 531541Srgrimes # Set the host name if it is not already set 541541Srgrimes # 551541Srgrimes if [ -z "`hostname -s`" ]; then 561541Srgrimes hostname ${hostname} 5712675Sjulian echo -n ' hostname' 5812675Sjulian fi 5912675Sjulian 6012675Sjulian # Establish ipfilter ruleset as early as possible (best in 6129357Speter # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6212675Sjulian # 6370069Sjhb if /sbin/ipfstat -i > /dev/null 2>&1; then 6470069Sjhb ipfilter_in_kernel=1 6547625Sphk else 66126080Sphk ipfilter_in_kernel=0 67111815Sphk fi 68111815Sphk 69111815Sphk case "${ipfilter_enable}" in 70111815Sphk [Yy][Ee][Ss]) 71111815Sphk if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 72111815Sphk ipfilter_in_kernel=1 7347625Sphk echo "Kernel ipfilter module loaded." 7412675Sjulian elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 7512819Sphk echo "Warning: ipfilter kernel module failed to load." 761541Srgrimes fi 771541Srgrimes 7841087Struckman if [ -r "${ipfilter_rules}" ]; then 7970069Sjhb echo -n ' ipfilter'; 801541Srgrimes ${ipfilter_program:-/sbin/ipf -Fa -f} \ 811541Srgrimes "${ipfilter_rules}" ${ipfilter_flags} 82198860Sed case "${ipmon_enable}" in 83198860Sed [Yy][Ee][Ss]) 84198860Sed echo -n ' ipmon' 85198860Sed ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 861541Srgrimes ;; 8770069Sjhb esac 8870069Sjhb case "${ipnat_enable}" in 8970069Sjhb [Yy][Ee][Ss]) 9070069Sjhb if [ -r "${ipnat_rules}" ]; then 9170069Sjhb echo -n ' ipnat'; 921541Srgrimes eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 9312675Sjulian "${ipnat_rules}" ${ipnat_flags} 94130585Sphk else 951541Srgrimes echo -n ' NO IPNAT RULES' 96198860Sed fi 97116634Sbmilekic ;; 98116634Sbmilekic esac 99116634Sbmilekic else 100116634Sbmilekic ipfilter_enable="NO" 101198860Sed echo -n ' NO IPF RULES' 102198860Sed fi 103198860Sed ;; 104198860Sed esac 105198860Sed 106198860Sed # Set the domainname if we're using NIS 107198860Sed # 10870069Sjhb case ${nisdomainname} in 10970069Sjhb [Nn][Oo] | '') 110198860Sed ;; 111198860Sed *) 112198860Sed domainname ${nisdomainname} 1131541Srgrimes echo -n ' domain' 1141541Srgrimes ;; 1151541Srgrimes esac 1161541Srgrimes 11712675Sjulian echo '.' 118130585Sphk 1191541Srgrimes # Initial ATM interface configuration 1201541Srgrimes # 121198860Sed case ${atm_enable} in 122198860Sed [Yy][Ee][Ss]) 123198860Sed if [ -r /etc/rc.atm ]; then 12470069Sjhb . /etc/rc.atm 1251541Srgrimes atm_pass1 126198860Sed fi 127198860Sed ;; 128198860Sed esac 1291541Srgrimes 1301541Srgrimes # Special options for sppp(4) interfaces go here. These need 1311541Srgrimes # to go _before_ the general ifconfig section, since in the case 1321541Srgrimes # of hardwired (no link1 flag) but required authentication, you 13312675Sjulian # cannot pass auth parameters down to the already running interface. 134130585Sphk # 1351541Srgrimes for ifn in ${sppp_interfaces}; do 136116660Siedowse eval spppcontrol_args=\$spppconfig_${ifn} 13769741Sphk if [ -n "${spppcontrol_args}" ]; then 138198860Sed # The auth secrets might contain spaces; in order 1391541Srgrimes # to retain the quotation, we need to eval them 140198860Sed # here. 141116660Siedowse eval spppcontrol ${ifn} ${spppcontrol_args} 1421541Srgrimes fi 143198860Sed done 1441541Srgrimes 1451541Srgrimes # gifconfig 146198860Sed network_gif_setup 147198860Sed 1481541Srgrimes # Set up all the network interfaces, calling startup scripts if needed 1491541Srgrimes # 1501541Srgrimes case ${network_interfaces} in 1511541Srgrimes [Aa][Uu][Tt][Oo]) 1521541Srgrimes network_interfaces="`ifconfig -l`" 153116660Siedowse ;; 154116660Siedowse esac 1551541Srgrimes 1561541Srgrimes dhcp_interfaces="" 157198860Sed for ifn in ${network_interfaces}; do 158116660Siedowse if [ -r /etc/start_if.${ifn} ]; then 159198860Sed . /etc/start_if.${ifn} 160198860Sed eval showstat_$ifn=1 161198860Sed fi 1621541Srgrimes 163198860Sed # Do the primary ifconfig if specified 1641541Srgrimes # 1651541Srgrimes eval ifconfig_args=\$ifconfig_${ifn} 1661541Srgrimes 1671541Srgrimes case ${ifconfig_args} in 16812675Sjulian '') 169130585Sphk ;; 1701541Srgrimes [Dd][Hh][Cc][Pp]) 17129357Speter # DHCP inits are done all in one go below 1721541Srgrimes dhcp_interfaces="$dhcp_interfaces $ifn" 17346568Speter eval showstat_$ifn=1 174198860Sed ;; 175116660Siedowse *) 17629357Speter ifconfig ${ifn} ${ifconfig_args} 17729357Speter eval showstat_$ifn=1 17883805Sjhb ;; 179198860Sed esac 18046568Speter done 18129357Speter 1821541Srgrimes if [ ! -z "${dhcp_interfaces}" ]; then 1831541Srgrimes ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 18470069Sjhb fi 18570069Sjhb 18670069Sjhb for ifn in ${network_interfaces}; do 18770069Sjhb # Check to see if aliases need to be added 18877057Sphk # 18970069Sjhb alias=0 190116634Sbmilekic while : ; do 191116634Sbmilekic eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 192116634Sbmilekic if [ -n "${ifconfig_args}" ]; then 193116634Sbmilekic ifconfig ${ifn} ${ifconfig_args} alias 19477057Sphk eval showstat_$ifn=1 195198860Sed alias=`expr ${alias} + 1` 196198860Sed else 19777057Sphk break; 19877057Sphk fi 19970239Sphk done 200122352Stanimura 20141086Struckman # Do ipx address if specified 20295883Salfred # 203198860Sed eval ifconfig_args=\$ifconfig_${ifn}_ipx 204198860Sed if [ -n "${ifconfig_args}" ]; then 2051541Srgrimes ifconfig ${ifn} ${ifconfig_args} 2061541Srgrimes eval showstat_$ifn=1 2071541Srgrimes fi 20812675Sjulian done 209130585Sphk 2101541Srgrimes for ifn in ${network_interfaces}; do 2111541Srgrimes eval showstat=\$showstat_${ifn} 2121541Srgrimes if [ ! -z ${showstat} ]; then 2131541Srgrimes ifconfig ${ifn} 2141541Srgrimes fi 2151541Srgrimes done 216116660Siedowse 2171541Srgrimes # ISDN subsystem startup 2181541Srgrimes # 2191541Srgrimes case ${isdn_enable} in 2201541Srgrimes [Yy][Ee][Ss]) 2211541Srgrimes if [ -r /etc/rc.isdn ]; then 2221541Srgrimes . /etc/rc.isdn 223198860Sed fi 2241541Srgrimes ;; 2251541Srgrimes esac 2261541Srgrimes 2271541Srgrimes # Start user ppp if required. This must happen before natd. 228198860Sed # 2291541Srgrimes case ${ppp_enable} in 2301541Srgrimes [Yy][Ee][Ss]) 23141086Struckman # Establish ppp mode. 23241086Struckman # 23341086Struckman if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 23441086Struckman -a "${ppp_mode}" != "dedicated" \ 235104393Struckman -a "${ppp_mode}" != "background" ]; then 2361541Srgrimes ppp_mode="auto" 2371541Srgrimes fi 23841086Struckman 23941086Struckman ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 24041086Struckman 24141086Struckman # Switch on NAT mode? 24241086Struckman # 2431541Srgrimes case ${ppp_nat} in 244104393Struckman [Yy][Ee][Ss]) 2451541Srgrimes ppp_command="${ppp_command} -nat" 2461541Srgrimes ;; 2471541Srgrimes esac 2488161Sjkh 2491541Srgrimes ppp_command="${ppp_command} ${ppp_profile}" 2501541Srgrimes 2511541Srgrimes echo "Starting ppp as \"${ppp_user}\"" 25212517Sjulian su -m ${ppp_user} -c "exec ${ppp_command}" 25312675Sjulian ;; 25469741Sphk esac 25512517Sjulian 25669741Sphk # Initialize IP filtering using ipfw 257198860Sed # 258198860Sed if /sbin/ipfw -q flush > /dev/null 2>&1; then 25950254Sphk firewall_in_kernel=1 26012517Sjulian else 26112517Sjulian firewall_in_kernel=0 262177253Srwatson fi 263 264 case ${firewall_enable} in 265 [Yy][Ee][Ss]) 266 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 267 firewall_in_kernel=1 268 echo 'Kernel firewall module loaded' 269 elif [ "${firewall_in_kernel}" -eq 0 ]; then 270 echo 'Warning: firewall kernel module failed to load' 271 fi 272 ;; 273 esac 274 275 # Load the filters if required 276 # 277 case ${firewall_in_kernel} in 278 1) 279 if [ -z "${firewall_script}" ]; then 280 firewall_script=/etc/rc.firewall 281 fi 282 283 case ${firewall_enable} in 284 [Yy][Ee][Ss]) 285 if [ -r "${firewall_script}" ]; then 286 . "${firewall_script}" 287 echo -n 'Firewall rules loaded, starting divert daemons:' 288 289 # Network Address Translation daemon 290 # 291 case ${natd_enable} in 292 [Yy][Ee][Ss]) 293 if [ -n "${natd_interface}" ]; then 294 if echo ${natd_interface} | \ 295 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 296 natd_ifarg="-a ${natd_interface}" 297 else 298 natd_ifarg="-n ${natd_interface}" 299 fi 300 301 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 302 fi 303 ;; 304 esac 305 306 echo '.' 307 308 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 309 echo 'Warning: kernel has firewall functionality,' \ 310 'but firewall rules are not enabled.' 311 echo ' All ip services are disabled.' 312 fi 313 314 case ${firewall_logging} in 315 [Yy][Ee][Ss] | '') 316 echo 'Firewall logging=YES' 317 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 318 ;; 319 *) 320 ;; 321 esac 322 323 ;; 324 esac 325 ;; 326 esac 327 328 # Additional ATM interface configuration 329 # 330 if [ -n "${atm_pass1_done}" ]; then 331 atm_pass2 332 fi 333 334 # Configure routing 335 # 336 case ${defaultrouter} in 337 [Nn][Oo] | '') 338 ;; 339 *) 340 static_routes="default ${static_routes}" 341 route_default="default ${defaultrouter}" 342 ;; 343 esac 344 345 # Set up any static routes. This should be done before router discovery. 346 # 347 if [ -n "${static_routes}" ]; then 348 for i in ${static_routes}; do 349 eval route_args=\$route_${i} 350 route add ${route_args} 351 done 352 fi 353 354 echo -n 'Additional routing options:' 355 case ${tcp_extensions} in 356 [Yy][Ee][Ss] | '') 357 ;; 358 *) 359 echo -n ' tcp extensions=NO' 360 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 361 ;; 362 esac 363 364 case ${icmp_bmcastecho} in 365 [Yy][Ee][Ss]) 366 echo -n ' broadcast ping responses=YES' 367 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 368 ;; 369 esac 370 371 case ${icmp_drop_redirect} in 372 [Yy][Ee][Ss]) 373 echo -n ' ignore ICMP redirect=YES' 374 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 375 ;; 376 esac 377 378 case ${icmp_log_redirect} in 379 [Yy][Ee][Ss]) 380 echo -n ' log ICMP redirect=YES' 381 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 382 ;; 383 esac 384 385 case ${gateway_enable} in 386 [Yy][Ee][Ss]) 387 echo -n ' IP gateway=YES' 388 sysctl -w net.inet.ip.forwarding=1 >/dev/null 389 ;; 390 esac 391 392 case ${forward_sourceroute} in 393 [Yy][Ee][Ss]) 394 echo -n ' do source routing=YES' 395 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 396 ;; 397 esac 398 399 case ${accept_sourceroute} in 400 [Yy][Ee][Ss]) 401 echo -n ' accept source routing=YES' 402 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 403 ;; 404 esac 405 406 case ${tcp_keepalive} in 407 [Yy][Ee][Ss]) 408 echo -n ' TCP keepalive=YES' 409 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 410 ;; 411 esac 412 413 case ${tcp_drop_synfin} in 414 [Yy][Ee][Ss]) 415 echo -n ' drop SYN+FIN packets=YES' 416 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 417 ;; 418 esac 419 420 case ${ipxgateway_enable} in 421 [Yy][Ee][Ss]) 422 echo -n ' IPX gateway=YES' 423 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 424 ;; 425 esac 426 427 case ${arpproxy_all} in 428 [Yy][Ee][Ss]) 429 echo -n ' ARP proxyall=YES' 430 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 431 ;; 432 esac 433 434 case ${ip_portrange_first} in 435 [Nn][Oo] | '') 436 ;; 437 *) 438 echo -n " ip_portrange_first=$ip_portrange_first" 439 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 440 ;; 441 esac 442 443 case ${ip_portrange_last} in 444 [Nn][Oo] | '') 445 ;; 446 *) 447 echo -n " ip_portrange_last=$ip_portrange_last" 448 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 449 ;; 450 esac 451 452 echo '.' 453 454 case ${ipsec_enable} in 455 [Yy][Ee][Ss]) 456 if [ -f ${ipsec_file} ]; then 457 echo ' ipsec: enabled' 458 setkey -f ${ipsec_file} 459 else 460 echo ' ipsec: file not found' 461 fi 462 ;; 463 esac 464 465 echo -n 'Routing daemons:' 466 case ${router_enable} in 467 [Yy][Ee][Ss]) 468 echo -n " ${router}"; ${router} ${router_flags} 469 ;; 470 esac 471 472 case ${ipxrouted_enable} in 473 [Yy][Ee][Ss]) 474 echo -n ' IPXrouted' 475 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 476 ;; 477 esac 478 479 case ${mrouted_enable} in 480 [Yy][Ee][Ss]) 481 echo -n ' mrouted'; mrouted ${mrouted_flags} 482 ;; 483 esac 484 485 case ${rarpd_enable} in 486 [Yy][Ee][Ss]) 487 echo -n ' rarpd'; rarpd ${rarpd_flags} 488 ;; 489 esac 490 echo '.' 491 492 # Let future generations know we made it. 493 # 494 network_pass1_done=YES 495} 496 497network_pass2() { 498 echo -n 'Doing additional network setup:' 499 case ${named_enable} in 500 [Yy][Ee][Ss]) 501 echo -n ' named'; ${named_program:-named} ${named_flags} 502 ;; 503 esac 504 505 case ${ntpdate_enable} in 506 [Yy][Ee][Ss]) 507 echo -n ' ntpdate' 508 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 509 ;; 510 esac 511 512 case ${xntpd_enable} in 513 [Yy][Ee][Ss]) 514 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 515 ;; 516 esac 517 518 case ${timed_enable} in 519 [Yy][Ee][Ss]) 520 echo -n ' timed'; timed ${timed_flags} 521 ;; 522 esac 523 524 case ${portmap_enable} in 525 [Yy][Ee][Ss]) 526 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 527 ${portmap_flags} 528 529 # Start ypserv if we're an NIS server. 530 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 531 # 532 case ${nis_server_enable} in 533 [Yy][Ee][Ss]) 534 echo -n ' ypserv'; ypserv ${nis_server_flags} 535 536 case ${nis_ypxfrd_enable} in 537 [Yy][Ee][Ss]) 538 echo -n ' rpc.ypxfrd' 539 rpc.ypxfrd ${nis_ypxfrd_flags} 540 ;; 541 esac 542 543 case ${nis_yppasswdd_enable} in 544 [Yy][Ee][Ss]) 545 echo -n ' rpc.yppasswdd' 546 rpc.yppasswdd ${nis_yppasswdd_flags} 547 ;; 548 esac 549 ;; 550 esac 551 552 # Start ypbind if we're an NIS client 553 # 554 case ${nis_client_enable} in 555 [Yy][Ee][Ss]) 556 echo -n ' ypbind'; ypbind ${nis_client_flags} 557 case ${nis_ypset_enable} in 558 [Yy][Ee][Ss]) 559 echo -n ' ypset'; ypset ${nis_ypset_flags} 560 ;; 561 esac 562 ;; 563 esac 564 565 # Start keyserv if we are running Secure RPC 566 # 567 case ${keyserv_enable} in 568 [Yy][Ee][Ss]) 569 echo -n ' keyserv'; keyserv ${keyserv_flags} 570 ;; 571 esac 572 573 # Start ypupdated if we are running Secure RPC 574 # and we are NIS master 575 # 576 case ${rpc_ypupdated_enable} in 577 [Yy][Ee][Ss]) 578 echo -n ' rpc.ypupdated'; rpc.ypupdated 579 ;; 580 esac 581 ;; 582 esac 583 584 # Start ATM daemons 585 if [ -n "${atm_pass2_done}" ]; then 586 atm_pass3 587 fi 588 589 echo '.' 590 network_pass2_done=YES 591} 592 593network_pass3() { 594 echo -n 'Starting final network daemons:' 595 596 case ${portmap_enable} in 597 [Yy][Ee][Ss]) 598 case ${nfs_server_enable} in 599 [Yy][Ee][Ss]) 600 if [ -r /etc/exports ]; then 601 echo -n ' mountd' 602 603 case ${weak_mountd_authentication} in 604 [Yy][Ee][Ss]) 605 mountd_flags="${mountd_flags} -n" 606 ;; 607 esac 608 609 mountd ${mountd_flags} 610 611 case ${nfs_reserved_port_only} in 612 [Yy][Ee][Ss]) 613 echo -n ' NFS on reserved port only=YES' 614 sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 615 ;; 616 esac 617 618 echo -n ' nfsd'; nfsd ${nfs_server_flags} 619 620 case ${rpc_lockd_enable} in 621 [Yy][Ee][Ss]) 622 echo -n ' rpc.lockd'; rpc.lockd 623 ;; 624 esac 625 626 case ${rpc_statd_enable} in 627 [Yy][Ee][Ss]) 628 echo -n ' rpc.statd'; rpc.statd 629 ;; 630 esac 631 fi 632 ;; 633 *) 634 case ${single_mountd_enable} in 635 [Yy][Ee][Ss]) 636 if [ -r /etc/exports ]; then 637 echo -n ' mountd' 638 639 case ${weak_mountd_authentication} in 640 [Yy][Ee][Ss]) 641 mountd_flags="-n" 642 ;; 643 esac 644 645 mountd ${mountd_flags} 646 fi 647 ;; 648 esac 649 ;; 650 esac 651 652 case ${nfs_client_enable} in 653 [Yy][Ee][Ss]) 654 #echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 655 if [ -n "${nfs_access_cache}" ]; then 656 echo -n " NFS access cache time=${nfs_access_cache}" 657 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 658 fi 659 if [ -n "${nfs_bufpackets}" ]; then 660 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 661 fi 662 ;; 663 esac 664 665 # If /var/db/mounttab exists, some nfs-server has not been 666 # sucessfully notified about a previous client shutdown. 667 # If there is no /var/db/mounttab, we do nothing. 668 if [ -f /var/db/mounttab ]; then 669 rpc.umntall -k 670 fi 671 672 case ${amd_enable} in 673 [Yy][Ee][Ss]) 674 echo -n ' amd' 675 case ${amd_map_program} in 676 [Nn][Oo] | '') 677 ;; 678 *) 679 amd_flags="${amd_flags} `eval\ 680 ${amd_map_program}`" 681 ;; 682 esac 683 684 if [ -n "${amd_flags}" ]; then 685 amd -p ${amd_flags}\ 686 > /var/run/amd.pid 2> /dev/null 687 else 688 amd 2> /dev/null 689 fi 690 ;; 691 esac 692 ;; 693 esac 694 695 case ${rwhod_enable} in 696 [Yy][Ee][Ss]) 697 echo -n ' rwhod'; rwhod ${rwhod_flags} 698 ;; 699 esac 700 701 # Kerberos servers run ONLY on the Kerberos server machine 702 case ${kerberos4_server_enable} in 703 [Yy][Ee][Ss]) 704 case ${kerberos_stash} in 705 [Yy][Ee][Ss]) 706 stash=-n 707 ;; 708 *) 709 stash= 710 ;; 711 esac 712 713 echo -n ' kerberosIV' 714 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 715 716 case ${kadmind4_server_enable} in 717 [Yy][Ee][Ss]) 718 echo -n ' kadmindIV' 719 ( 720 sleep 20; 721 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 722 ) & 723 ;; 724 esac 725 unset stash_flag 726 ;; 727 esac 728 729 case ${kerberos5_server_enable} in 730 [Yy][Ee][Ss]) 731 echo -n ' kerberos5' 732 ${kerberos5_server} & 733 734 case ${kadmind5_server_enable} in 735 [Yy][Ee][Ss]) 736 echo -n ' kadmind5' 737 ${kadmind5_server} & 738 ;; 739 esac 740 ;; 741 esac 742 743 case ${pppoed_enable} in 744 [Yy][Ee][Ss]) 745 if [ -n "${pppoed_provider}" ]; then 746 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 747 fi 748 echo -n ' pppoed'; 749 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 750 ;; 751 esac 752 753 case ${sshd_enable} in 754 [Yy][Ee][Ss]) 755 if [ ! -f /etc/ssh/ssh_host_key ]; then 756 echo ' creating ssh RSA host key'; 757 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 758 fi 759 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 760 echo ' creating ssh DSA host key'; 761 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 762 fi 763 ;; 764 esac 765 766 echo '.' 767 network_pass3_done=YES 768} 769 770network_pass4() { 771 echo -n 'Additional TCP options:' 772 case ${log_in_vain} in 773 [Nn][Oo] | '') 774 ;; 775 *) 776 echo -n ' log_in_vain=YES' 777 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 778 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 779 ;; 780 esac 781 782 echo '.' 783 network_pass4_done=YES 784} 785 786network_gif_setup() { 787 case ${gif_interfaces} in 788 [Nn][Oo] | '') 789 ;; 790 *) 791 for i in ${gif_interfaces}; do 792 eval peers=\$gifconfig_$i 793 case ${peers} in 794 '') 795 continue 796 ;; 797 *) 798 ifconfig $i create tunnel ${peers} 799 ;; 800 esac 801 done 802 ;; 803 esac 804} 805 806convert_host_conf() { 807 host_conf=$1; shift; 808 nsswitch_conf=$1; shift; 809 awk ' \ 810 /^[:blank:]*#/ { next } \ 811 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 812 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 813 /nis/ { nsswitch[c] = "nis"; c++; next } \ 814 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 815 END { \ 816 printf "hosts: "; \ 817 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 818 printf "\n"; \ 819 }' < $host_conf > $nsswitch_conf 820} 821 822