defaultroute revision 85219 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/routing 85219 2001-10-20 04:33:02Z darrenr $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	if /sbin/ipfstat -i > /dev/null 2>&1; then
64		ipfilter_in_kernel=1
65	else
66		ipfilter_in_kernel=0
67	fi
68
69	case "${ipfilter_enable}" in
70	[Yy][Ee][Ss])
71		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
72			ipfilter_in_kernel=1
73			echo "Kernel ipfilter module loaded."
74		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
75			echo "Warning: ipfilter kernel module failed to load."
76		fi
77
78		if [ -r "${ipfilter_rules}" ]; then
79			echo -n ' ipfilter';
80			${ipfilter_program:-/sbin/ipf -Fa -f} \
81			    "${ipfilter_rules}" ${ipfilter_flags}
82			case "${ipmon_enable}" in
83			[Yy][Ee][Ss])
84				echo -n ' ipmon'
85				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
86				;;
87			esac
88			case "${ipnat_enable}" in
89			[Yy][Ee][Ss])
90				if [ -r "${ipnat_rules}" ]; then
91					echo -n ' ipnat';
92				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
93					"${ipnat_rules}" ${ipnat_flags}
94				else
95					echo -n ' NO IPNAT RULES'
96				fi
97				;;
98			esac
99			case "${ipfs_enable}" in
100			[Yy][Ee][Ss])
101				if [ -r "/var/db/ipf/ipstate.ipf" ]; then
102					echo -n ' ipfs';
103					eval ${ipfs_program:-/sbin/ipfs -R} \
104						${ipfs_flags}
105				fi
106				;;
107			esac
108		else
109			ipfilter_enable="NO"
110			echo -n ' NO IPF RULES'
111		fi
112		;;
113	esac
114
115	# Set the domainname if we're using NIS
116	#
117	case ${nisdomainname} in
118	[Nn][Oo] | '')
119		;;
120	*)
121		domainname ${nisdomainname}
122		echo -n ' domain'
123		;;
124	esac
125
126	echo '.'
127
128	# Initial ATM interface configuration
129	#
130	case ${atm_enable} in
131	[Yy][Ee][Ss])
132		if [ -r /etc/rc.atm ]; then
133			. /etc/rc.atm
134			atm_pass1
135		fi
136		;;
137	esac
138
139	# Attempt to create cloned interfaces.
140	for ifn in ${cloned_interfaces}; do
141		ifconfig ${ifn} create
142	done
143
144	# Special options for sppp(4) interfaces go here.  These need
145	# to go _before_ the general ifconfig section, since in the case
146	# of hardwired (no link1 flag) but required authentication, you
147	# cannot pass auth parameters down to the already running interface.
148	#
149	for ifn in ${sppp_interfaces}; do
150		eval spppcontrol_args=\$spppconfig_${ifn}
151		if [ -n "${spppcontrol_args}" ]; then
152			# The auth secrets might contain spaces; in order
153			# to retain the quotation, we need to eval them
154			# here.
155			eval spppcontrol ${ifn} ${spppcontrol_args}
156		fi
157	done
158
159	# gifconfig
160	network_gif_setup
161
162	# Set up all the network interfaces, calling startup scripts if needed
163	#
164	case ${network_interfaces} in
165	[Aa][Uu][Tt][Oo])
166		network_interfaces="`ifconfig -l`"
167		;;
168	*)
169		network_interfaces="${network_interfaces} ${cloned_interfaces}"
170		;;
171	esac
172
173	dhcp_interfaces=""
174	for ifn in ${network_interfaces}; do
175		if [ -r /etc/start_if.${ifn} ]; then
176			. /etc/start_if.${ifn}
177			eval showstat_$ifn=1
178		fi
179
180		# Do the primary ifconfig if specified
181		#
182		eval ifconfig_args=\$ifconfig_${ifn}
183
184		case ${ifconfig_args} in
185		'')
186			;;
187		[Dd][Hh][Cc][Pp])
188			# DHCP inits are done all in one go below
189			dhcp_interfaces="$dhcp_interfaces $ifn"
190			eval showstat_$ifn=1
191			;;
192		*)
193			ifconfig ${ifn} ${ifconfig_args}
194			eval showstat_$ifn=1
195			;;
196		esac
197	done
198
199	if [ ! -z "${dhcp_interfaces}" ]; then
200		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
201	fi
202
203	for ifn in ${network_interfaces}; do
204		# Check to see if aliases need to be added
205		#
206		alias=0
207		while : ; do
208			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
209			if [ -n "${ifconfig_args}" ]; then
210				ifconfig ${ifn} ${ifconfig_args} alias
211				eval showstat_$ifn=1
212				alias=`expr ${alias} + 1`
213			else
214				break;
215			fi
216		done
217
218		# Do ipx address if specified
219		#
220		eval ifconfig_args=\$ifconfig_${ifn}_ipx
221		if [ -n "${ifconfig_args}" ]; then
222			ifconfig ${ifn} ${ifconfig_args}
223			eval showstat_$ifn=1
224		fi
225	done
226
227	for ifn in ${network_interfaces}; do
228		eval showstat=\$showstat_${ifn}
229		if [ ! -z ${showstat} ]; then
230			ifconfig ${ifn}
231		fi
232	done
233
234	# ISDN subsystem startup
235	#
236	case ${isdn_enable} in
237	[Yy][Ee][Ss])
238		if [ -r /etc/rc.isdn ]; then
239			. /etc/rc.isdn
240		fi
241		;;
242	esac
243
244	# Start user ppp if required.  This must happen before natd.
245	#
246	case ${ppp_enable} in
247	[Yy][Ee][Ss])
248		# Establish ppp mode.
249		#
250		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
251			-a "${ppp_mode}" != "dedicated" \
252			-a "${ppp_mode}" != "background" ]; then
253			ppp_mode="auto"
254		fi
255
256		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
257
258		# Switch on NAT mode?
259		#
260		case ${ppp_nat} in
261		[Yy][Ee][Ss])
262			ppp_command="${ppp_command} -nat"
263			;;
264		esac
265
266		ppp_command="${ppp_command} ${ppp_profile}"
267
268		echo "Starting ppp as \"${ppp_user}\""
269		su -m ${ppp_user} -c "exec ${ppp_command}"
270		;;
271	esac
272
273	# Initialize IP filtering using ipfw
274	#
275	if /sbin/ipfw -q flush > /dev/null 2>&1; then
276		firewall_in_kernel=1
277	else
278		firewall_in_kernel=0
279	fi
280
281	case ${firewall_enable} in
282	[Yy][Ee][Ss])
283		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
284			firewall_in_kernel=1
285			echo 'Kernel firewall module loaded'
286		elif [ "${firewall_in_kernel}" -eq 0 ]; then
287			echo 'Warning: firewall kernel module failed to load'
288		fi
289		;;
290	esac
291
292	# Load the filters if required
293	#
294	case ${firewall_in_kernel} in
295	1)
296		if [ -z "${firewall_script}" ]; then
297			firewall_script=/etc/rc.firewall
298		fi
299
300		case ${firewall_enable} in
301		[Yy][Ee][Ss])
302			if [ -r "${firewall_script}" ]; then
303				. "${firewall_script}"
304				echo -n 'Firewall rules loaded, starting divert daemons:'
305
306				# Network Address Translation daemon
307				#
308				case ${natd_enable} in
309				[Yy][Ee][Ss])
310					if [ -n "${natd_interface}" ]; then
311						if echo ${natd_interface} | \
312							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
313							natd_ifarg="-a ${natd_interface}"
314						else
315							natd_ifarg="-n ${natd_interface}"
316						fi
317
318						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
319					fi
320					;;
321				esac
322
323				echo '.'
324
325			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
326				echo 'Warning: kernel has firewall functionality,' \
327				     'but firewall rules are not enabled.'
328				echo '		 All ip services are disabled.'
329			fi
330
331			case ${firewall_logging} in
332			[Yy][Ee][Ss] | '')
333				echo 'Firewall logging=YES'
334				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
335				;;
336			*)
337				;;
338			esac
339
340			;;
341		esac
342		;;
343	esac
344
345	# Additional ATM interface configuration
346	#
347	if [ -n "${atm_pass1_done}" ]; then
348		atm_pass2
349	fi
350
351	# Configure routing
352	#
353	case ${defaultrouter} in
354	[Nn][Oo] | '')
355		;;
356	*)
357		static_routes="default ${static_routes}"
358		route_default="default ${defaultrouter}"
359		;;
360	esac
361
362	# Set up any static routes.  This should be done before router discovery.
363	#
364	if [ -n "${static_routes}" ]; then
365		for i in ${static_routes}; do
366			eval route_args=\$route_${i}
367			route add ${route_args}
368		done
369	fi
370
371	echo -n 'Additional routing options:'
372	case ${tcp_extensions} in
373	[Yy][Ee][Ss] | '')
374		;;
375	*)
376		echo -n ' tcp extensions=NO'
377		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
378		;;
379	esac
380
381	case ${icmp_bmcastecho} in
382	[Yy][Ee][Ss])
383		echo -n ' broadcast ping responses=YES'
384		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
385		;;
386	esac
387
388	case ${icmp_drop_redirect} in
389	[Yy][Ee][Ss])
390		echo -n ' ignore ICMP redirect=YES'
391		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
392		;;
393	esac
394
395	case ${icmp_log_redirect} in
396	[Yy][Ee][Ss])
397		echo -n ' log ICMP redirect=YES'
398		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
399		;;
400	esac
401
402	case ${gateway_enable} in
403	[Yy][Ee][Ss])
404		echo -n ' IP gateway=YES'
405		sysctl -w net.inet.ip.forwarding=1 >/dev/null
406		;;
407	esac
408
409	case ${forward_sourceroute} in
410	[Yy][Ee][Ss])
411		echo -n ' do source routing=YES'
412		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
413		;;
414	esac
415
416	case ${accept_sourceroute} in
417	[Yy][Ee][Ss])
418		echo -n ' accept source routing=YES'
419		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
420		;;
421	esac
422
423	case ${tcp_keepalive} in
424	[Yy][Ee][Ss])
425		echo -n ' TCP keepalive=YES'
426		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
427		;;
428	esac
429
430	case ${tcp_drop_synfin} in
431	[Yy][Ee][Ss])
432		echo -n ' drop SYN+FIN packets=YES'
433		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
434		;;
435	esac
436
437	case ${ipxgateway_enable} in
438	[Yy][Ee][Ss])
439		echo -n ' IPX gateway=YES'
440		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
441		;;
442	esac
443
444	case ${arpproxy_all} in
445	[Yy][Ee][Ss])
446		echo -n ' ARP proxyall=YES'
447		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
448		;;
449	esac
450
451	case ${ip_portrange_first} in
452	[Nn][Oo] | '')
453		;;
454	*)
455		echo -n " ip_portrange_first=$ip_portrange_first"
456		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
457		;;
458	esac
459
460	case ${ip_portrange_last} in
461	[Nn][Oo] | '')
462		;;
463	*)
464		echo -n " ip_portrange_last=$ip_portrange_last"
465		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
466		;;
467	esac
468
469	echo '.'
470
471	case ${ipsec_enable} in
472	[Yy][Ee][Ss])
473		if [ -f ${ipsec_file} ]; then
474		    echo ' ipsec: enabled'
475		    setkey -f ${ipsec_file}
476		else
477		    echo ' ipsec: file not found'
478		fi
479		;;
480	esac
481
482	echo -n 'Routing daemons:'
483	case ${router_enable} in
484	[Yy][Ee][Ss])
485		echo -n " ${router}";	${router} ${router_flags}
486		;;
487	esac
488
489	case ${ipxrouted_enable} in
490	[Yy][Ee][Ss])
491		echo -n ' IPXrouted'
492		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
493		;;
494	esac
495
496	case ${mrouted_enable} in
497	[Yy][Ee][Ss])
498		echo -n ' mrouted';	mrouted ${mrouted_flags}
499		;;
500	esac
501
502	case ${rarpd_enable} in
503	[Yy][Ee][Ss])
504		echo -n ' rarpd';	rarpd ${rarpd_flags}
505		;;
506	esac
507	echo '.'
508
509	# Let future generations know we made it.
510	#
511	network_pass1_done=YES
512}
513
514network_pass2() {
515	echo -n 'Doing additional network setup:'
516	case ${named_enable} in
517	[Yy][Ee][Ss])
518		echo -n ' named';	${named_program:-named} ${named_flags}
519		;;
520	esac
521
522	case ${ntpdate_enable} in
523	[Yy][Ee][Ss])
524		echo -n ' ntpdate'
525		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
526		;;
527	esac
528
529	case ${xntpd_enable} in
530	[Yy][Ee][Ss])
531		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
532		;;
533	esac
534
535	case ${timed_enable} in
536	[Yy][Ee][Ss])
537		echo -n ' timed';	timed ${timed_flags}
538		;;
539	esac
540
541	case ${portmap_enable} in
542	[Yy][Ee][Ss])
543		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
544			${portmap_flags}
545
546		# Start ypserv if we're an NIS server.
547		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
548		#
549		case ${nis_server_enable} in
550		[Yy][Ee][Ss])
551			echo -n ' ypserv'; ypserv ${nis_server_flags}
552
553			case ${nis_ypxfrd_enable} in
554			[Yy][Ee][Ss])
555				echo -n ' rpc.ypxfrd'
556				rpc.ypxfrd ${nis_ypxfrd_flags}
557				;;
558			esac
559
560			case ${nis_yppasswdd_enable} in
561			[Yy][Ee][Ss])
562				echo -n ' rpc.yppasswdd'
563				rpc.yppasswdd ${nis_yppasswdd_flags}
564				;;
565			esac
566			;;
567		esac
568
569		# Start ypbind if we're an NIS client
570		#
571		case ${nis_client_enable} in
572		[Yy][Ee][Ss])
573			echo -n ' ypbind'; ypbind ${nis_client_flags}
574			case ${nis_ypset_enable} in
575			[Yy][Ee][Ss])
576				echo -n ' ypset';	ypset ${nis_ypset_flags}
577				;;
578			esac
579			;;
580		esac
581
582		# Start keyserv if we are running Secure RPC
583		#
584		case ${keyserv_enable} in
585		[Yy][Ee][Ss])
586			echo -n ' keyserv';	keyserv ${keyserv_flags}
587			;;
588		esac
589
590		# Start ypupdated if we are running Secure RPC
591		# and we are NIS master
592		#
593		case ${rpc_ypupdated_enable} in
594		[Yy][Ee][Ss])
595			echo -n ' rpc.ypupdated';	rpc.ypupdated
596			;;
597		esac
598		;;
599	esac
600
601	# Start ATM daemons
602	if [ -n "${atm_pass2_done}" ]; then
603		atm_pass3
604	fi
605
606	echo '.'
607	network_pass2_done=YES
608}
609
610network_pass3() {
611	echo -n 'Starting final network daemons:'
612
613	case ${portmap_enable} in
614	[Yy][Ee][Ss])
615		case ${nfs_server_enable} in
616		[Yy][Ee][Ss])
617			# Handle absent nfs server support
618			nfsserver_in_kernel=0
619			if sysctl vfs.nfsrv >/dev/null 2>&1; then
620				nfsserver_in_kernel=1
621			else
622				kldload nfsserver && nfsserver_in_kernel=1
623			fi
624
625			if [ -r /etc/exports -a \
626			    ${nfsserver_in_kernel} -eq 1 ]; then
627				echo -n ' mountd'
628
629				case ${weak_mountd_authentication} in
630				[Yy][Ee][Ss])
631					mountd_flags="${mountd_flags} -n"
632					;;
633				esac
634
635				mountd ${mountd_flags}
636
637				case ${nfs_reserved_port_only} in
638				[Yy][Ee][Ss])
639					echo -n ' NFS on reserved port only=YES'
640					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
641					;;
642				esac
643
644				echo -n ' nfsd';	nfsd ${nfs_server_flags}
645
646				case ${rpc_lockd_enable} in
647				[Yy][Ee][Ss])
648					echo -n ' rpc.lockd';	rpc.lockd
649					;;
650				esac
651
652				case ${rpc_statd_enable} in
653				[Yy][Ee][Ss])
654					echo -n ' rpc.statd';	rpc.statd
655					;;
656				esac
657			else
658				echo -n ' Warning: nfs server failed'
659			fi
660			;;
661		*)
662			case ${single_mountd_enable} in
663			[Yy][Ee][Ss])
664				if [ -r /etc/exports ]; then
665					echo -n ' mountd'
666
667					case ${weak_mountd_authentication} in
668					[Yy][Ee][Ss])
669						mountd_flags="-n"
670						;;
671					esac
672
673					mountd ${mountd_flags}
674				fi
675				;;
676			esac
677			;;
678		esac
679
680		case ${nfs_client_enable} in
681		[Yy][Ee][Ss])
682			if [ -n "${nfs_access_cache}" ]; then
683				echo -n " NFS access cache time=${nfs_access_cache}"
684				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
685			fi
686			if [ -n "${nfs_bufpackets}" ]; then
687				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
688			fi
689			;;
690		esac
691
692		# If /var/db/mounttab exists, some nfs-server has not been
693		# sucessfully notified about a previous client shutdown.
694		# If there is no /var/db/mounttab, we do nothing.
695		if [ -f /var/db/mounttab ]; then
696			rpc.umntall -k
697		fi
698
699		case ${amd_enable} in
700		[Yy][Ee][Ss])
701			echo -n ' amd'
702			case ${amd_map_program} in
703			[Nn][Oo] | '')
704				;;
705			*)
706				amd_flags="${amd_flags} `eval\
707					${amd_map_program}`"
708				;;
709			esac
710
711			if [ -n "${amd_flags}" ]; then
712				amd -p ${amd_flags}\
713					> /var/run/amd.pid 2> /dev/null
714			else
715				amd 2> /dev/null
716			fi
717			;;
718		esac
719		;;
720	esac
721
722	case ${rwhod_enable} in
723	[Yy][Ee][Ss])
724		echo -n ' rwhod';	rwhod ${rwhod_flags}
725		;;
726	esac
727
728	# Kerberos servers run ONLY on the Kerberos server machine
729	case ${kerberos4_server_enable} in
730	[Yy][Ee][Ss])
731		case ${kerberos_stash} in
732		[Yy][Ee][Ss])
733			stash=-n
734			;;
735		*)
736			stash=
737			;;
738		esac
739
740		echo -n ' kerberosIV'
741		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
742
743		case ${kadmind4_server_enable} in
744		[Yy][Ee][Ss])
745			echo -n ' kadmindIV'
746			(
747				sleep 20;
748				${kadmind4_server} ${stash} >/dev/null 2>&1 &
749			) &
750			;;
751		esac
752		unset stash_flag
753		;;
754	esac
755
756	case ${kerberos5_server_enable} in
757	[Yy][Ee][Ss])
758		echo -n ' kerberos5'
759		${kerberos5_server} &
760
761		case ${kadmind5_server_enable} in
762		[Yy][Ee][Ss])
763			echo -n ' kadmind5'
764			${kadmind5_server} &
765			;;
766		esac
767		;;
768	esac
769
770	case ${pppoed_enable} in
771	[Yy][Ee][Ss])
772		if [ -n "${pppoed_provider}" ]; then
773			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
774		fi
775		echo -n ' pppoed';
776		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
777		;;
778	esac
779
780	case ${sshd_enable} in
781	[Yy][Ee][Ss])
782		if [ ! -f /etc/ssh/ssh_host_key ]; then
783			echo ' creating ssh RSA host key';
784			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
785		fi
786		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
787			echo ' creating ssh DSA host key';
788			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
789		fi
790		;;
791	esac
792
793	echo '.'
794	network_pass3_done=YES
795}
796
797network_pass4() {
798	echo -n 'Additional TCP options:'
799	case ${log_in_vain} in
800	[Nn][Oo] | '')
801		;;
802	*)
803		echo -n ' log_in_vain=YES'
804		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
805		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
806		;;
807	esac
808
809	echo '.'
810	network_pass4_done=YES
811}
812
813network_gif_setup() {
814	case ${gif_interfaces} in
815	[Nn][Oo] | '')
816		;;
817	*)
818		for i in ${gif_interfaces}; do
819			eval peers=\$gifconfig_$i
820			case ${peers} in
821			'')
822				continue
823				;;
824			*)
825				ifconfig $i create >/dev/null 2>&1
826				ifconfig $i tunnel ${peers}
827				;;
828			esac
829		done
830		;;
831	esac
832}
833
834convert_host_conf() {
835    host_conf=$1; shift;
836    nsswitch_conf=$1; shift;
837    awk '                                                                   \
838        /^[:blank:]*#/       { next }                                       \
839        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
840        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
841        /nis/                { nsswitch[c] = "nis";   c++; next }           \
842        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
843        END {                                                               \
844                printf "hosts: ";                                           \
845                for (i in nsswitch) printf "%s ", nsswitch[i];              \
846                printf "\n";                                                \
847        }' < $host_conf > $nsswitch_conf
848}
849
850