defaultroute revision 85219
1#!/bin/sh - 2# 3# Copyright (c) 1993 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: head/etc/rc.d/routing 85219 2001-10-20 04:33:02Z darrenr $ 28# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29# 30 31# Note that almost all of the user-configurable behavior is no longer in 32# this file, but rather in /etc/defaults/rc.conf. Please check that file 33# first before contemplating any changes here. If you do need to change 34# this file for some reason, we would like to know about it. 35 36# First pass startup stuff. 37# 38network_pass1() { 39 echo -n 'Doing initial network setup:' 40 41 # Convert host.conf to nsswitch.conf if necessary 42 if [ -f "/etc/host.conf" ]; then 43 echo '' 44 echo 'Warning: /etc/host.conf is no longer used' 45 if [ -f "/etc/nsswitch.conf" ]; then 46 echo ' /etc/nsswitch.conf will be used instead' 47 else 48 echo ' /etc/nsswitch.conf will be created for you' 49 convert_host_conf /etc/host.conf /etc/nsswitch.conf 50 fi 51 fi 52 53 # Set the host name if it is not already set 54 # 55 if [ -z "`hostname -s`" ]; then 56 hostname ${hostname} 57 echo -n ' hostname' 58 fi 59 60 # Establish ipfilter ruleset as early as possible (best in 61 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 62 # 63 if /sbin/ipfstat -i > /dev/null 2>&1; then 64 ipfilter_in_kernel=1 65 else 66 ipfilter_in_kernel=0 67 fi 68 69 case "${ipfilter_enable}" in 70 [Yy][Ee][Ss]) 71 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 72 ipfilter_in_kernel=1 73 echo "Kernel ipfilter module loaded." 74 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 75 echo "Warning: ipfilter kernel module failed to load." 76 fi 77 78 if [ -r "${ipfilter_rules}" ]; then 79 echo -n ' ipfilter'; 80 ${ipfilter_program:-/sbin/ipf -Fa -f} \ 81 "${ipfilter_rules}" ${ipfilter_flags} 82 case "${ipmon_enable}" in 83 [Yy][Ee][Ss]) 84 echo -n ' ipmon' 85 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 86 ;; 87 esac 88 case "${ipnat_enable}" in 89 [Yy][Ee][Ss]) 90 if [ -r "${ipnat_rules}" ]; then 91 echo -n ' ipnat'; 92 eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 93 "${ipnat_rules}" ${ipnat_flags} 94 else 95 echo -n ' NO IPNAT RULES' 96 fi 97 ;; 98 esac 99 case "${ipfs_enable}" in 100 [Yy][Ee][Ss]) 101 if [ -r "/var/db/ipf/ipstate.ipf" ]; then 102 echo -n ' ipfs'; 103 eval ${ipfs_program:-/sbin/ipfs -R} \ 104 ${ipfs_flags} 105 fi 106 ;; 107 esac 108 else 109 ipfilter_enable="NO" 110 echo -n ' NO IPF RULES' 111 fi 112 ;; 113 esac 114 115 # Set the domainname if we're using NIS 116 # 117 case ${nisdomainname} in 118 [Nn][Oo] | '') 119 ;; 120 *) 121 domainname ${nisdomainname} 122 echo -n ' domain' 123 ;; 124 esac 125 126 echo '.' 127 128 # Initial ATM interface configuration 129 # 130 case ${atm_enable} in 131 [Yy][Ee][Ss]) 132 if [ -r /etc/rc.atm ]; then 133 . /etc/rc.atm 134 atm_pass1 135 fi 136 ;; 137 esac 138 139 # Attempt to create cloned interfaces. 140 for ifn in ${cloned_interfaces}; do 141 ifconfig ${ifn} create 142 done 143 144 # Special options for sppp(4) interfaces go here. These need 145 # to go _before_ the general ifconfig section, since in the case 146 # of hardwired (no link1 flag) but required authentication, you 147 # cannot pass auth parameters down to the already running interface. 148 # 149 for ifn in ${sppp_interfaces}; do 150 eval spppcontrol_args=\$spppconfig_${ifn} 151 if [ -n "${spppcontrol_args}" ]; then 152 # The auth secrets might contain spaces; in order 153 # to retain the quotation, we need to eval them 154 # here. 155 eval spppcontrol ${ifn} ${spppcontrol_args} 156 fi 157 done 158 159 # gifconfig 160 network_gif_setup 161 162 # Set up all the network interfaces, calling startup scripts if needed 163 # 164 case ${network_interfaces} in 165 [Aa][Uu][Tt][Oo]) 166 network_interfaces="`ifconfig -l`" 167 ;; 168 *) 169 network_interfaces="${network_interfaces} ${cloned_interfaces}" 170 ;; 171 esac 172 173 dhcp_interfaces="" 174 for ifn in ${network_interfaces}; do 175 if [ -r /etc/start_if.${ifn} ]; then 176 . /etc/start_if.${ifn} 177 eval showstat_$ifn=1 178 fi 179 180 # Do the primary ifconfig if specified 181 # 182 eval ifconfig_args=\$ifconfig_${ifn} 183 184 case ${ifconfig_args} in 185 '') 186 ;; 187 [Dd][Hh][Cc][Pp]) 188 # DHCP inits are done all in one go below 189 dhcp_interfaces="$dhcp_interfaces $ifn" 190 eval showstat_$ifn=1 191 ;; 192 *) 193 ifconfig ${ifn} ${ifconfig_args} 194 eval showstat_$ifn=1 195 ;; 196 esac 197 done 198 199 if [ ! -z "${dhcp_interfaces}" ]; then 200 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 201 fi 202 203 for ifn in ${network_interfaces}; do 204 # Check to see if aliases need to be added 205 # 206 alias=0 207 while : ; do 208 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 209 if [ -n "${ifconfig_args}" ]; then 210 ifconfig ${ifn} ${ifconfig_args} alias 211 eval showstat_$ifn=1 212 alias=`expr ${alias} + 1` 213 else 214 break; 215 fi 216 done 217 218 # Do ipx address if specified 219 # 220 eval ifconfig_args=\$ifconfig_${ifn}_ipx 221 if [ -n "${ifconfig_args}" ]; then 222 ifconfig ${ifn} ${ifconfig_args} 223 eval showstat_$ifn=1 224 fi 225 done 226 227 for ifn in ${network_interfaces}; do 228 eval showstat=\$showstat_${ifn} 229 if [ ! -z ${showstat} ]; then 230 ifconfig ${ifn} 231 fi 232 done 233 234 # ISDN subsystem startup 235 # 236 case ${isdn_enable} in 237 [Yy][Ee][Ss]) 238 if [ -r /etc/rc.isdn ]; then 239 . /etc/rc.isdn 240 fi 241 ;; 242 esac 243 244 # Start user ppp if required. This must happen before natd. 245 # 246 case ${ppp_enable} in 247 [Yy][Ee][Ss]) 248 # Establish ppp mode. 249 # 250 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 251 -a "${ppp_mode}" != "dedicated" \ 252 -a "${ppp_mode}" != "background" ]; then 253 ppp_mode="auto" 254 fi 255 256 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 257 258 # Switch on NAT mode? 259 # 260 case ${ppp_nat} in 261 [Yy][Ee][Ss]) 262 ppp_command="${ppp_command} -nat" 263 ;; 264 esac 265 266 ppp_command="${ppp_command} ${ppp_profile}" 267 268 echo "Starting ppp as \"${ppp_user}\"" 269 su -m ${ppp_user} -c "exec ${ppp_command}" 270 ;; 271 esac 272 273 # Initialize IP filtering using ipfw 274 # 275 if /sbin/ipfw -q flush > /dev/null 2>&1; then 276 firewall_in_kernel=1 277 else 278 firewall_in_kernel=0 279 fi 280 281 case ${firewall_enable} in 282 [Yy][Ee][Ss]) 283 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 284 firewall_in_kernel=1 285 echo 'Kernel firewall module loaded' 286 elif [ "${firewall_in_kernel}" -eq 0 ]; then 287 echo 'Warning: firewall kernel module failed to load' 288 fi 289 ;; 290 esac 291 292 # Load the filters if required 293 # 294 case ${firewall_in_kernel} in 295 1) 296 if [ -z "${firewall_script}" ]; then 297 firewall_script=/etc/rc.firewall 298 fi 299 300 case ${firewall_enable} in 301 [Yy][Ee][Ss]) 302 if [ -r "${firewall_script}" ]; then 303 . "${firewall_script}" 304 echo -n 'Firewall rules loaded, starting divert daemons:' 305 306 # Network Address Translation daemon 307 # 308 case ${natd_enable} in 309 [Yy][Ee][Ss]) 310 if [ -n "${natd_interface}" ]; then 311 if echo ${natd_interface} | \ 312 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 313 natd_ifarg="-a ${natd_interface}" 314 else 315 natd_ifarg="-n ${natd_interface}" 316 fi 317 318 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 319 fi 320 ;; 321 esac 322 323 echo '.' 324 325 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 326 echo 'Warning: kernel has firewall functionality,' \ 327 'but firewall rules are not enabled.' 328 echo ' All ip services are disabled.' 329 fi 330 331 case ${firewall_logging} in 332 [Yy][Ee][Ss] | '') 333 echo 'Firewall logging=YES' 334 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 335 ;; 336 *) 337 ;; 338 esac 339 340 ;; 341 esac 342 ;; 343 esac 344 345 # Additional ATM interface configuration 346 # 347 if [ -n "${atm_pass1_done}" ]; then 348 atm_pass2 349 fi 350 351 # Configure routing 352 # 353 case ${defaultrouter} in 354 [Nn][Oo] | '') 355 ;; 356 *) 357 static_routes="default ${static_routes}" 358 route_default="default ${defaultrouter}" 359 ;; 360 esac 361 362 # Set up any static routes. This should be done before router discovery. 363 # 364 if [ -n "${static_routes}" ]; then 365 for i in ${static_routes}; do 366 eval route_args=\$route_${i} 367 route add ${route_args} 368 done 369 fi 370 371 echo -n 'Additional routing options:' 372 case ${tcp_extensions} in 373 [Yy][Ee][Ss] | '') 374 ;; 375 *) 376 echo -n ' tcp extensions=NO' 377 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 378 ;; 379 esac 380 381 case ${icmp_bmcastecho} in 382 [Yy][Ee][Ss]) 383 echo -n ' broadcast ping responses=YES' 384 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 385 ;; 386 esac 387 388 case ${icmp_drop_redirect} in 389 [Yy][Ee][Ss]) 390 echo -n ' ignore ICMP redirect=YES' 391 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 392 ;; 393 esac 394 395 case ${icmp_log_redirect} in 396 [Yy][Ee][Ss]) 397 echo -n ' log ICMP redirect=YES' 398 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 399 ;; 400 esac 401 402 case ${gateway_enable} in 403 [Yy][Ee][Ss]) 404 echo -n ' IP gateway=YES' 405 sysctl -w net.inet.ip.forwarding=1 >/dev/null 406 ;; 407 esac 408 409 case ${forward_sourceroute} in 410 [Yy][Ee][Ss]) 411 echo -n ' do source routing=YES' 412 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 413 ;; 414 esac 415 416 case ${accept_sourceroute} in 417 [Yy][Ee][Ss]) 418 echo -n ' accept source routing=YES' 419 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 420 ;; 421 esac 422 423 case ${tcp_keepalive} in 424 [Yy][Ee][Ss]) 425 echo -n ' TCP keepalive=YES' 426 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 427 ;; 428 esac 429 430 case ${tcp_drop_synfin} in 431 [Yy][Ee][Ss]) 432 echo -n ' drop SYN+FIN packets=YES' 433 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 434 ;; 435 esac 436 437 case ${ipxgateway_enable} in 438 [Yy][Ee][Ss]) 439 echo -n ' IPX gateway=YES' 440 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 441 ;; 442 esac 443 444 case ${arpproxy_all} in 445 [Yy][Ee][Ss]) 446 echo -n ' ARP proxyall=YES' 447 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 448 ;; 449 esac 450 451 case ${ip_portrange_first} in 452 [Nn][Oo] | '') 453 ;; 454 *) 455 echo -n " ip_portrange_first=$ip_portrange_first" 456 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 457 ;; 458 esac 459 460 case ${ip_portrange_last} in 461 [Nn][Oo] | '') 462 ;; 463 *) 464 echo -n " ip_portrange_last=$ip_portrange_last" 465 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 466 ;; 467 esac 468 469 echo '.' 470 471 case ${ipsec_enable} in 472 [Yy][Ee][Ss]) 473 if [ -f ${ipsec_file} ]; then 474 echo ' ipsec: enabled' 475 setkey -f ${ipsec_file} 476 else 477 echo ' ipsec: file not found' 478 fi 479 ;; 480 esac 481 482 echo -n 'Routing daemons:' 483 case ${router_enable} in 484 [Yy][Ee][Ss]) 485 echo -n " ${router}"; ${router} ${router_flags} 486 ;; 487 esac 488 489 case ${ipxrouted_enable} in 490 [Yy][Ee][Ss]) 491 echo -n ' IPXrouted' 492 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 493 ;; 494 esac 495 496 case ${mrouted_enable} in 497 [Yy][Ee][Ss]) 498 echo -n ' mrouted'; mrouted ${mrouted_flags} 499 ;; 500 esac 501 502 case ${rarpd_enable} in 503 [Yy][Ee][Ss]) 504 echo -n ' rarpd'; rarpd ${rarpd_flags} 505 ;; 506 esac 507 echo '.' 508 509 # Let future generations know we made it. 510 # 511 network_pass1_done=YES 512} 513 514network_pass2() { 515 echo -n 'Doing additional network setup:' 516 case ${named_enable} in 517 [Yy][Ee][Ss]) 518 echo -n ' named'; ${named_program:-named} ${named_flags} 519 ;; 520 esac 521 522 case ${ntpdate_enable} in 523 [Yy][Ee][Ss]) 524 echo -n ' ntpdate' 525 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 526 ;; 527 esac 528 529 case ${xntpd_enable} in 530 [Yy][Ee][Ss]) 531 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 532 ;; 533 esac 534 535 case ${timed_enable} in 536 [Yy][Ee][Ss]) 537 echo -n ' timed'; timed ${timed_flags} 538 ;; 539 esac 540 541 case ${portmap_enable} in 542 [Yy][Ee][Ss]) 543 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 544 ${portmap_flags} 545 546 # Start ypserv if we're an NIS server. 547 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 548 # 549 case ${nis_server_enable} in 550 [Yy][Ee][Ss]) 551 echo -n ' ypserv'; ypserv ${nis_server_flags} 552 553 case ${nis_ypxfrd_enable} in 554 [Yy][Ee][Ss]) 555 echo -n ' rpc.ypxfrd' 556 rpc.ypxfrd ${nis_ypxfrd_flags} 557 ;; 558 esac 559 560 case ${nis_yppasswdd_enable} in 561 [Yy][Ee][Ss]) 562 echo -n ' rpc.yppasswdd' 563 rpc.yppasswdd ${nis_yppasswdd_flags} 564 ;; 565 esac 566 ;; 567 esac 568 569 # Start ypbind if we're an NIS client 570 # 571 case ${nis_client_enable} in 572 [Yy][Ee][Ss]) 573 echo -n ' ypbind'; ypbind ${nis_client_flags} 574 case ${nis_ypset_enable} in 575 [Yy][Ee][Ss]) 576 echo -n ' ypset'; ypset ${nis_ypset_flags} 577 ;; 578 esac 579 ;; 580 esac 581 582 # Start keyserv if we are running Secure RPC 583 # 584 case ${keyserv_enable} in 585 [Yy][Ee][Ss]) 586 echo -n ' keyserv'; keyserv ${keyserv_flags} 587 ;; 588 esac 589 590 # Start ypupdated if we are running Secure RPC 591 # and we are NIS master 592 # 593 case ${rpc_ypupdated_enable} in 594 [Yy][Ee][Ss]) 595 echo -n ' rpc.ypupdated'; rpc.ypupdated 596 ;; 597 esac 598 ;; 599 esac 600 601 # Start ATM daemons 602 if [ -n "${atm_pass2_done}" ]; then 603 atm_pass3 604 fi 605 606 echo '.' 607 network_pass2_done=YES 608} 609 610network_pass3() { 611 echo -n 'Starting final network daemons:' 612 613 case ${portmap_enable} in 614 [Yy][Ee][Ss]) 615 case ${nfs_server_enable} in 616 [Yy][Ee][Ss]) 617 # Handle absent nfs server support 618 nfsserver_in_kernel=0 619 if sysctl vfs.nfsrv >/dev/null 2>&1; then 620 nfsserver_in_kernel=1 621 else 622 kldload nfsserver && nfsserver_in_kernel=1 623 fi 624 625 if [ -r /etc/exports -a \ 626 ${nfsserver_in_kernel} -eq 1 ]; then 627 echo -n ' mountd' 628 629 case ${weak_mountd_authentication} in 630 [Yy][Ee][Ss]) 631 mountd_flags="${mountd_flags} -n" 632 ;; 633 esac 634 635 mountd ${mountd_flags} 636 637 case ${nfs_reserved_port_only} in 638 [Yy][Ee][Ss]) 639 echo -n ' NFS on reserved port only=YES' 640 sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 641 ;; 642 esac 643 644 echo -n ' nfsd'; nfsd ${nfs_server_flags} 645 646 case ${rpc_lockd_enable} in 647 [Yy][Ee][Ss]) 648 echo -n ' rpc.lockd'; rpc.lockd 649 ;; 650 esac 651 652 case ${rpc_statd_enable} in 653 [Yy][Ee][Ss]) 654 echo -n ' rpc.statd'; rpc.statd 655 ;; 656 esac 657 else 658 echo -n ' Warning: nfs server failed' 659 fi 660 ;; 661 *) 662 case ${single_mountd_enable} in 663 [Yy][Ee][Ss]) 664 if [ -r /etc/exports ]; then 665 echo -n ' mountd' 666 667 case ${weak_mountd_authentication} in 668 [Yy][Ee][Ss]) 669 mountd_flags="-n" 670 ;; 671 esac 672 673 mountd ${mountd_flags} 674 fi 675 ;; 676 esac 677 ;; 678 esac 679 680 case ${nfs_client_enable} in 681 [Yy][Ee][Ss]) 682 if [ -n "${nfs_access_cache}" ]; then 683 echo -n " NFS access cache time=${nfs_access_cache}" 684 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 685 fi 686 if [ -n "${nfs_bufpackets}" ]; then 687 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 688 fi 689 ;; 690 esac 691 692 # If /var/db/mounttab exists, some nfs-server has not been 693 # sucessfully notified about a previous client shutdown. 694 # If there is no /var/db/mounttab, we do nothing. 695 if [ -f /var/db/mounttab ]; then 696 rpc.umntall -k 697 fi 698 699 case ${amd_enable} in 700 [Yy][Ee][Ss]) 701 echo -n ' amd' 702 case ${amd_map_program} in 703 [Nn][Oo] | '') 704 ;; 705 *) 706 amd_flags="${amd_flags} `eval\ 707 ${amd_map_program}`" 708 ;; 709 esac 710 711 if [ -n "${amd_flags}" ]; then 712 amd -p ${amd_flags}\ 713 > /var/run/amd.pid 2> /dev/null 714 else 715 amd 2> /dev/null 716 fi 717 ;; 718 esac 719 ;; 720 esac 721 722 case ${rwhod_enable} in 723 [Yy][Ee][Ss]) 724 echo -n ' rwhod'; rwhod ${rwhod_flags} 725 ;; 726 esac 727 728 # Kerberos servers run ONLY on the Kerberos server machine 729 case ${kerberos4_server_enable} in 730 [Yy][Ee][Ss]) 731 case ${kerberos_stash} in 732 [Yy][Ee][Ss]) 733 stash=-n 734 ;; 735 *) 736 stash= 737 ;; 738 esac 739 740 echo -n ' kerberosIV' 741 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 742 743 case ${kadmind4_server_enable} in 744 [Yy][Ee][Ss]) 745 echo -n ' kadmindIV' 746 ( 747 sleep 20; 748 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 749 ) & 750 ;; 751 esac 752 unset stash_flag 753 ;; 754 esac 755 756 case ${kerberos5_server_enable} in 757 [Yy][Ee][Ss]) 758 echo -n ' kerberos5' 759 ${kerberos5_server} & 760 761 case ${kadmind5_server_enable} in 762 [Yy][Ee][Ss]) 763 echo -n ' kadmind5' 764 ${kadmind5_server} & 765 ;; 766 esac 767 ;; 768 esac 769 770 case ${pppoed_enable} in 771 [Yy][Ee][Ss]) 772 if [ -n "${pppoed_provider}" ]; then 773 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 774 fi 775 echo -n ' pppoed'; 776 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 777 ;; 778 esac 779 780 case ${sshd_enable} in 781 [Yy][Ee][Ss]) 782 if [ ! -f /etc/ssh/ssh_host_key ]; then 783 echo ' creating ssh RSA host key'; 784 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 785 fi 786 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 787 echo ' creating ssh DSA host key'; 788 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 789 fi 790 ;; 791 esac 792 793 echo '.' 794 network_pass3_done=YES 795} 796 797network_pass4() { 798 echo -n 'Additional TCP options:' 799 case ${log_in_vain} in 800 [Nn][Oo] | '') 801 ;; 802 *) 803 echo -n ' log_in_vain=YES' 804 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 805 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 806 ;; 807 esac 808 809 echo '.' 810 network_pass4_done=YES 811} 812 813network_gif_setup() { 814 case ${gif_interfaces} in 815 [Nn][Oo] | '') 816 ;; 817 *) 818 for i in ${gif_interfaces}; do 819 eval peers=\$gifconfig_$i 820 case ${peers} in 821 '') 822 continue 823 ;; 824 *) 825 ifconfig $i create >/dev/null 2>&1 826 ifconfig $i tunnel ${peers} 827 ;; 828 esac 829 done 830 ;; 831 esac 832} 833 834convert_host_conf() { 835 host_conf=$1; shift; 836 nsswitch_conf=$1; shift; 837 awk ' \ 838 /^[:blank:]*#/ { next } \ 839 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 840 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 841 /nis/ { nsswitch[c] = "nis"; c++; next } \ 842 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 843 END { \ 844 printf "hosts: "; \ 845 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 846 printf "\n"; \ 847 }' < $host_conf > $nsswitch_conf 848} 849 850