defaultroute revision 90957 
133965Sjdp#!/bin/sh -
260513Sobrien#
360513Sobrien# Copyright (c) 1993  The FreeBSD Project
433965Sjdp# All rights reserved.
533965Sjdp#
633965Sjdp# Redistribution and use in source and binary forms, with or without
733965Sjdp# modification, are permitted provided that the following conditions
833965Sjdp# are met:
933965Sjdp# 1. Redistributions of source code must retain the above copyright
1033965Sjdp#    notice, this list of conditions and the following disclaimer.
1133965Sjdp# 2. Redistributions in binary form must reproduce the above copyright
1233965Sjdp#    notice, this list of conditions and the following disclaimer in the
1333965Sjdp#    documentation and/or other materials provided with the distribution.
1433965Sjdp#
1533965Sjdp# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1633965Sjdp# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1733965Sjdp# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1833965Sjdp# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1960513Sobrien# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2060513Sobrien# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2133965Sjdp# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2233965Sjdp# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2333965Sjdp# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2433965Sjdp# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2533965Sjdp# SUCH DAMAGE.
2633965Sjdp#
2733965Sjdp# $FreeBSD: head/etc/rc.d/routing 90957 2002-02-20 10:31:01Z cjc $
2833965Sjdp#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
2933965Sjdp#
3033965Sjdp
3133965Sjdp# Note that almost all of the user-configurable behavior is no longer in
3233965Sjdp# this file, but rather in /etc/defaults/rc.conf.  Please check that file
3333965Sjdp# first before contemplating any changes here.  If you do need to change
3433965Sjdp# this file for some reason, we would like to know about it.
3533965Sjdp
3633965Sjdp# First pass startup stuff.
3733965Sjdp#
3833965Sjdpnetwork_pass1() {
3933965Sjdp	echo -n 'Doing initial network setup:'
4033965Sjdp
4133965Sjdp	# Generate host.conf for compatibility
4233965Sjdp	#
4333965Sjdp	if [ -f "/etc/nsswitch.conf" ]; then
4433965Sjdp		echo -n ' host.conf'
4533965Sjdp		generate_host_conf /etc/nsswitch.conf /etc/host.conf
4633965Sjdp	fi
4733965Sjdp
4833965Sjdp	# Convert host.conf to nsswitch.conf if necessary
4933965Sjdp	#
5033965Sjdp	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
5133965Sjdp		echo ''
5233965Sjdp		echo 'Warning: /etc/host.conf is no longer used'
5333965Sjdp		echo '  /etc/nsswitch.conf will be created for you'
5433965Sjdp		convert_host_conf /etc/host.conf /etc/nsswitch.conf
5533965Sjdp	fi
5633965Sjdp
5733965Sjdp	# Set the host name if it is not already set
5833965Sjdp	#
5933965Sjdp	if [ -z "`hostname -s`" ]; then
6033965Sjdp		hostname ${hostname}
6133965Sjdp		echo -n ' hostname'
6233965Sjdp	fi
6333965Sjdp
6461846Sobrien	# Establish ipfilter ruleset as early as possible (best in
6561846Sobrien	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
6661846Sobrien
6761846Sobrien	# check whether ipfilter and/or ipnat is enabled
6861846Sobrien	ipfilter_active="NO"
6961846Sobrien	case ${ipfilter_enable} in
7061846Sobrien	[Yy][Ee][Ss])
7161846Sobrien		ipfilter_active="YES"
7261846Sobrien		;;
7361846Sobrien	esac
7461846Sobrien	case ${ipnat_enable} in
7561846Sobrien	[Yy][Ee][Ss])
7661846Sobrien		ipfilter_active="YES"
7761846Sobrien		;;
7861846Sobrien	esac
7961846Sobrien	case ${ipfilter_active} in
8061846Sobrien	[Yy][Ee][Ss])
8133965Sjdp		# load ipfilter kernel module if needed
8261846Sobrien		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
8333965Sjdp			if kldload ipl; then
8461846Sobrien				echo 'IP-filter module loaded.'
8533965Sjdp			else
8633965Sjdp				echo 'Warning: IP-filter module failed to load.'
8733965Sjdp				# avoid further errors
8833965Sjdp				ipmon_enable="NO"
8933965Sjdp				ipfilter_enable="NO"
9033965Sjdp				ipnat_enable="NO"
9133965Sjdp				ipfs_enable="NO"
9233965Sjdp			fi
9333965Sjdp		fi
9433965Sjdp		# start ipmon before loading any rules
9533965Sjdp		case "${ipmon_enable}" in
9633965Sjdp		[Yy][Ee][Ss])
9733965Sjdp			echo -n ' ipmon'
9833965Sjdp			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
9933965Sjdp			;;
10033965Sjdp		esac
10133965Sjdp		case "${ipfilter_enable}" in
10233965Sjdp		[Yy][Ee][Ss])
10333965Sjdp			if [ -r "${ipfilter_rules}" ]; then
10433965Sjdp				echo -n ' ipfilter'
10533965Sjdp				${ipfilter_program:-/sbin/ipf} -Fa -f \
10633965Sjdp				    "${ipfilter_rules}" ${ipfilter_flags}
10733965Sjdp			else
10833965Sjdp				ipfilter_enable="NO"
10933965Sjdp				echo -n ' NO IPF RULES'
11033965Sjdp			fi
11133965Sjdp			;;
11233965Sjdp		esac
11333965Sjdp		case "${ipnat_enable}" in
11433965Sjdp		[Yy][Ee][Ss])
11533965Sjdp			if [ -r "${ipnat_rules}" ]; then
11633965Sjdp				echo -n ' ipnat'
11733965Sjdp				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
11833965Sjdp				    "${ipnat_rules}" ${ipnat_flags}
11933965Sjdp			else
12033965Sjdp				ipnat_enable="NO"
12133965Sjdp				echo -n ' NO IPNAT RULES'
12233965Sjdp			fi
12333965Sjdp			;;
12433965Sjdp		esac
12533965Sjdp		# restore filter/NAT state tables after loading the rules
12633965Sjdp		case "${ipfs_enable}" in
12733965Sjdp		[Yy][Ee][Ss])
12833965Sjdp			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
12933965Sjdp				echo -n ' ipfs'
13033965Sjdp				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
13133965Sjdp				# remove files to avoid reloading old state
13233965Sjdp				# after an ungraceful shutdown
13333965Sjdp				rm -f /var/db/ipf/ipstate.ipf
13433965Sjdp				rm -f /var/db/ipf/ipnat.ipf
13533965Sjdp			fi
13633965Sjdp			;;
13733965Sjdp		esac
13833965Sjdp		;;
13933965Sjdp	esac
14033965Sjdp
14133965Sjdp	# Set the domainname if we're using NIS
14233965Sjdp	#
14333965Sjdp	case ${nisdomainname} in
14433965Sjdp	[Nn][Oo] | '')
14560513Sobrien		;;
14660513Sobrien	*)
14760513Sobrien		domainname ${nisdomainname}
14860513Sobrien		echo -n ' domain'
14960513Sobrien		;;
15060513Sobrien	esac
15133965Sjdp
15233965Sjdp	echo '.'
15333965Sjdp
15433965Sjdp	# Initial ATM interface configuration
15533965Sjdp	#
15633965Sjdp	case ${atm_enable} in
15733965Sjdp	[Yy][Ee][Ss])
15833965Sjdp		if [ -r /etc/rc.atm ]; then
15933965Sjdp			. /etc/rc.atm
16033965Sjdp			atm_pass1
16133965Sjdp		fi
16233965Sjdp		;;
16333965Sjdp	esac
16433965Sjdp
16533965Sjdp	# Attempt to create cloned interfaces.
16633965Sjdp	for ifn in ${cloned_interfaces}; do
16733965Sjdp		ifconfig ${ifn} create
16833965Sjdp	done
16933965Sjdp
17033965Sjdp	# Special options for sppp(4) interfaces go here.  These need
17133965Sjdp	# to go _before_ the general ifconfig section, since in the case
17233965Sjdp	# of hardwired (no link1 flag) but required authentication, you
17333965Sjdp	# cannot pass auth parameters down to the already running interface.
17433965Sjdp	#
17533965Sjdp	for ifn in ${sppp_interfaces}; do
17633965Sjdp		eval spppcontrol_args=\$spppconfig_${ifn}
17733965Sjdp		if [ -n "${spppcontrol_args}" ]; then
17833965Sjdp			# The auth secrets might contain spaces; in order
17960513Sobrien			# to retain the quotation, we need to eval them
18033965Sjdp			# here.
18133965Sjdp			eval spppcontrol ${ifn} ${spppcontrol_args}
18233965Sjdp		fi
18333965Sjdp	done
18433965Sjdp
18533965Sjdp	# gifconfig
18633965Sjdp	network_gif_setup
18733965Sjdp
18833965Sjdp	# Set up all the network interfaces, calling startup scripts if needed
18933965Sjdp	#
19033965Sjdp	case ${network_interfaces} in
19133965Sjdp	[Aa][Uu][Tt][Oo])
19233965Sjdp		network_interfaces="`ifconfig -l`"
19333965Sjdp		;;
19433965Sjdp	*)
19533965Sjdp		network_interfaces="${network_interfaces} ${cloned_interfaces}"
19633965Sjdp		;;
19733965Sjdp	esac
19833965Sjdp
19933965Sjdp	dhcp_interfaces=""
20033965Sjdp	for ifn in ${network_interfaces}; do
20133965Sjdp		if [ -r /etc/start_if.${ifn} ]; then
20233965Sjdp			. /etc/start_if.${ifn}
20333965Sjdp			eval showstat_$ifn=1
20433965Sjdp		fi
20533965Sjdp
20633965Sjdp		# Do the primary ifconfig if specified
20733965Sjdp		#
20833965Sjdp		eval ifconfig_args=\$ifconfig_${ifn}
20933965Sjdp
21033965Sjdp		case ${ifconfig_args} in
21133965Sjdp		'')
21233965Sjdp			;;
21333965Sjdp		[Dd][Hh][Cc][Pp])
21433965Sjdp			# DHCP inits are done all in one go below
21533965Sjdp			dhcp_interfaces="$dhcp_interfaces $ifn"
21633965Sjdp			eval showstat_$ifn=1
21733965Sjdp			;;
21833965Sjdp		*)
21933965Sjdp			ifconfig ${ifn} ${ifconfig_args}
22033965Sjdp			eval showstat_$ifn=1
22133965Sjdp			;;
22233965Sjdp		esac
22333965Sjdp	done
22460513Sobrien
22533965Sjdp	if [ ! -z "${dhcp_interfaces}" ]; then
22633965Sjdp		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
22733965Sjdp	fi
22833965Sjdp
22933965Sjdp	for ifn in ${network_interfaces}; do
23033965Sjdp		# Check to see if aliases need to be added
23133965Sjdp		#
23233965Sjdp		alias=0
23333965Sjdp		while : ; do
23433965Sjdp			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
23533965Sjdp			if [ -n "${ifconfig_args}" ]; then
23633965Sjdp				ifconfig ${ifn} ${ifconfig_args} alias
23733965Sjdp				eval showstat_$ifn=1
23833965Sjdp				alias=$((${alias} + 1))
23933965Sjdp			else
24061846Sobrien				break;
24161846Sobrien			fi
24261846Sobrien		done
24333965Sjdp
24433965Sjdp		# Do ipx address if specified
24533965Sjdp		#
24633965Sjdp		eval ifconfig_args=\$ifconfig_${ifn}_ipx
24733965Sjdp		if [ -n "${ifconfig_args}" ]; then
24833965Sjdp			ifconfig ${ifn} ${ifconfig_args}
24933965Sjdp			eval showstat_$ifn=1
25033965Sjdp		fi
25133965Sjdp	done
25233965Sjdp
25333965Sjdp	for ifn in ${network_interfaces}; do
25433965Sjdp		eval showstat=\$showstat_${ifn}
25533965Sjdp		if [ ! -z ${showstat} ]; then
25633965Sjdp			ifconfig ${ifn}
25733965Sjdp		fi
25833965Sjdp	done
25933965Sjdp
26033965Sjdp	# ISDN subsystem startup
26133965Sjdp	#
26233965Sjdp	case ${isdn_enable} in
26333965Sjdp	[Yy][Ee][Ss])
26433965Sjdp		if [ -r /etc/rc.isdn ]; then
26533965Sjdp			. /etc/rc.isdn
26633965Sjdp		fi
26733965Sjdp		;;
26833965Sjdp	esac
26933965Sjdp
27033965Sjdp	# Start user ppp if required.  This must happen before natd.
27133965Sjdp	#
27233965Sjdp	case ${ppp_enable} in
27333965Sjdp	[Yy][Ee][Ss])
27433965Sjdp		# Establish ppp mode.
27533965Sjdp		#
27633965Sjdp		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
27733965Sjdp			-a "${ppp_mode}" != "dedicated" \
27833965Sjdp			-a "${ppp_mode}" != "background" ]; then
27933965Sjdp			ppp_mode="auto"
28033965Sjdp		fi
28133965Sjdp
28233965Sjdp		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
28333965Sjdp
28433965Sjdp		# Switch on NAT mode?
28533965Sjdp		#
28633965Sjdp		case ${ppp_nat} in
28733965Sjdp		[Yy][Ee][Ss])
28833965Sjdp			ppp_command="${ppp_command} -nat"
28933965Sjdp			;;
29033965Sjdp		esac
29133965Sjdp
29233965Sjdp		ppp_command="${ppp_command} ${ppp_profile}"
29333965Sjdp
29433965Sjdp		echo "Starting ppp as \"${ppp_user}\""
29533965Sjdp		su -m ${ppp_user} -c "exec ${ppp_command}"
29633965Sjdp		;;
29733965Sjdp	esac
29833965Sjdp
29933965Sjdp	# Re-Sync ipfilter so it picks up any new network interfaces
30033965Sjdp	#
30133965Sjdp	case ${ipfilter_active} in
30233965Sjdp	[Yy][Ee][Ss])
30333965Sjdp		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
30433965Sjdp		;;
30533965Sjdp	esac
30633965Sjdp	unset ipfilter_active
30733965Sjdp
30833965Sjdp	# Initialize IP filtering using ipfw
30933965Sjdp	#
31033965Sjdp	if /sbin/ipfw -q flush > /dev/null 2>&1; then
31133965Sjdp		firewall_in_kernel=1
31233965Sjdp	else
31333965Sjdp		firewall_in_kernel=0
31433965Sjdp	fi
31533965Sjdp
31633965Sjdp	case ${firewall_enable} in
31733965Sjdp	[Yy][Ee][Ss])
31833965Sjdp		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
31933965Sjdp			firewall_in_kernel=1
32033965Sjdp			echo 'Kernel firewall module loaded'
32133965Sjdp		elif [ "${firewall_in_kernel}" -eq 0 ]; then
32233965Sjdp			echo 'Warning: firewall kernel module failed to load'
32333965Sjdp		fi
32433965Sjdp		;;
32533965Sjdp	esac
32633965Sjdp
32733965Sjdp	# Load the filters if required
32833965Sjdp	#
32933965Sjdp	case ${firewall_in_kernel} in
33033965Sjdp	1)
33133965Sjdp		if [ -z "${firewall_script}" ]; then
33233965Sjdp			firewall_script=/etc/rc.firewall
33333965Sjdp		fi
33433965Sjdp
33533965Sjdp		case ${firewall_enable} in
33633965Sjdp		[Yy][Ee][Ss])
33733965Sjdp			if [ -r "${firewall_script}" ]; then
33833965Sjdp				. "${firewall_script}"
33933965Sjdp				echo -n 'Firewall rules loaded, starting divert daemons:'
34033965Sjdp
34133965Sjdp				# Network Address Translation daemon
34233965Sjdp				#
34333965Sjdp				case ${natd_enable} in
34433965Sjdp				[Yy][Ee][Ss])
34533965Sjdp					if [ -n "${natd_interface}" ]; then
34633965Sjdp						if echo ${natd_interface} | \
34733965Sjdp							grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
34833965Sjdp							natd_flags="$natd_flags -a ${natd_interface}"
34933965Sjdp						else
35033965Sjdp							natd_flags="$natd_flags -n ${natd_interface}"
35133965Sjdp						fi
35233965Sjdp					fi
35333965Sjdp					echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
35433965Sjdp					;;
35533965Sjdp				esac
35633965Sjdp
35733965Sjdp				echo '.'
35833965Sjdp
35933965Sjdp			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
36033965Sjdp				echo 'Warning: kernel has firewall functionality,' \
36133965Sjdp				     'but firewall rules are not enabled.'
36233965Sjdp				echo '		 All ip services are disabled.'
36333965Sjdp			fi
36433965Sjdp
36533965Sjdp			case ${firewall_logging} in
36633965Sjdp			[Yy][Ee][Ss] | '')
36733965Sjdp				echo 'Firewall logging=YES'
36833965Sjdp				sysctl net.inet.ip.fw.verbose=1 >/dev/null
36933965Sjdp				;;
37033965Sjdp			*)
37133965Sjdp				;;
37233965Sjdp			esac
37333965Sjdp
37433965Sjdp			;;
37533965Sjdp		esac
37633965Sjdp		;;
37733965Sjdp	esac
37833965Sjdp
37933965Sjdp	# Additional ATM interface configuration
38033965Sjdp	#
38133965Sjdp	if [ -n "${atm_pass1_done}" ]; then
38233965Sjdp		atm_pass2
38333965Sjdp	fi
38433965Sjdp
38533965Sjdp	# Configure routing
38633965Sjdp	#
38733965Sjdp	case ${defaultrouter} in
38833965Sjdp	[Nn][Oo] | '')
38933965Sjdp		;;
39033965Sjdp	*)
39133965Sjdp		static_routes="default ${static_routes}"
39233965Sjdp		route_default="default ${defaultrouter}"
39333965Sjdp		;;
39433965Sjdp	esac
39533965Sjdp
39633965Sjdp	# Set up any static routes.  This should be done before router discovery.
39733965Sjdp	#
39833965Sjdp	if [ -n "${static_routes}" ]; then
39933965Sjdp		for i in ${static_routes}; do
40033965Sjdp			eval route_args=\$route_${i}
40133965Sjdp			route add ${route_args}
40233965Sjdp		done
40333965Sjdp	fi
40433965Sjdp
40533965Sjdp	echo -n 'Additional routing options:'
40633965Sjdp	case ${tcp_extensions} in
40733965Sjdp	[Yy][Ee][Ss] | '')
40833965Sjdp		;;
40933965Sjdp	*)
41033965Sjdp		echo -n ' tcp extensions=NO'
41133965Sjdp		sysctl net.inet.tcp.rfc1323=0 >/dev/null
41233965Sjdp		;;
41333965Sjdp	esac
41433965Sjdp
41533965Sjdp	case ${icmp_bmcastecho} in
41633965Sjdp	[Yy][Ee][Ss])
41733965Sjdp		echo -n ' broadcast ping responses=YES'
41833965Sjdp		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
41933965Sjdp		;;
42033965Sjdp	esac
42133965Sjdp
42233965Sjdp	case ${icmp_drop_redirect} in
42333965Sjdp	[Yy][Ee][Ss])
42433965Sjdp		echo -n ' ignore ICMP redirect=YES'
42533965Sjdp		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
42633965Sjdp		;;
42733965Sjdp	esac
42833965Sjdp
42933965Sjdp	case ${icmp_log_redirect} in
43033965Sjdp	[Yy][Ee][Ss])
43133965Sjdp		echo -n ' log ICMP redirect=YES'
43233965Sjdp		sysctl net.inet.icmp.log_redirect=1 >/dev/null
43333965Sjdp		;;
43433965Sjdp	esac
43533965Sjdp
43633965Sjdp	case ${gateway_enable} in
43733965Sjdp	[Yy][Ee][Ss])
43833965Sjdp		echo -n ' IP gateway=YES'
43933965Sjdp		sysctl net.inet.ip.forwarding=1 >/dev/null
44033965Sjdp		;;
44133965Sjdp	esac
44233965Sjdp
44333965Sjdp	case ${forward_sourceroute} in
44433965Sjdp	[Yy][Ee][Ss])
44533965Sjdp		echo -n ' do source routing=YES'
44633965Sjdp		sysctl net.inet.ip.sourceroute=1 >/dev/null
44733965Sjdp		;;
44833965Sjdp	esac
44933965Sjdp
45033965Sjdp	case ${accept_sourceroute} in
45133965Sjdp	[Yy][Ee][Ss])
45233965Sjdp		echo -n ' accept source routing=YES'
45333965Sjdp		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
45433965Sjdp		;;
45533965Sjdp	esac
45633965Sjdp
45733965Sjdp	case ${tcp_keepalive} in
45833965Sjdp	[Nn][Oo])
45933965Sjdp		echo -n ' TCP keepalive=NO'
46033965Sjdp		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
46133965Sjdp		;;
46233965Sjdp	esac
46333965Sjdp
46433965Sjdp	case ${tcp_drop_synfin} in
46533965Sjdp	[Yy][Ee][Ss])
46633965Sjdp		echo -n ' drop SYN+FIN packets=YES'
46733965Sjdp		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
46833965Sjdp		;;
46933965Sjdp	esac
47033965Sjdp
47133965Sjdp	case ${ipxgateway_enable} in
47233965Sjdp	[Yy][Ee][Ss])
47333965Sjdp		echo -n ' IPX gateway=YES'
47433965Sjdp		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
47533965Sjdp		;;
47633965Sjdp	esac
47733965Sjdp
47833965Sjdp	case ${arpproxy_all} in
47933965Sjdp	[Yy][Ee][Ss])
48033965Sjdp		echo -n ' ARP proxyall=YES'
48133965Sjdp		sysctl net.link.ether.inet.proxyall=1 >/dev/null
48233965Sjdp		;;
48333965Sjdp	esac
48433965Sjdp
48533965Sjdp	case ${ip_portrange_first} in
48633965Sjdp	[Nn][Oo] | '')
48733965Sjdp		;;
48833965Sjdp	*)
48933965Sjdp		echo -n " ip_portrange_first=$ip_portrange_first"
49033965Sjdp		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
49133965Sjdp		;;
49233965Sjdp	esac
49333965Sjdp
49433965Sjdp	case ${ip_portrange_last} in
49533965Sjdp	[Nn][Oo] | '')
49633965Sjdp		;;
49733965Sjdp	*)
49833965Sjdp		echo -n " ip_portrange_last=$ip_portrange_last"
49933965Sjdp		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
50033965Sjdp		;;
50133965Sjdp	esac
50233965Sjdp
50333965Sjdp	echo '.'
50433965Sjdp
50533965Sjdp	case ${ipsec_enable} in
50633965Sjdp	[Yy][Ee][Ss])
50733965Sjdp		if [ -f ${ipsec_file} ]; then
50833965Sjdp		    echo ' ipsec: enabled'
50933965Sjdp		    setkey -f ${ipsec_file}
51033965Sjdp		else
51133965Sjdp		    echo ' ipsec: file not found'
51233965Sjdp		fi
51333965Sjdp		;;
51433965Sjdp	esac
51560513Sobrien
51633965Sjdp	echo -n 'Routing daemons:'
51733965Sjdp	case ${router_enable} in
51833965Sjdp	[Yy][Ee][Ss])
51933965Sjdp		echo -n " ${router}";	${router} ${router_flags}
52033965Sjdp		;;
52133965Sjdp	esac
52233965Sjdp
52333965Sjdp	case ${ipxrouted_enable} in
52433965Sjdp	[Yy][Ee][Ss])
52560513Sobrien		echo -n ' IPXrouted'
52633965Sjdp		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
52733965Sjdp		;;
52860513Sobrien	esac
52933965Sjdp
53033965Sjdp	case ${mrouted_enable} in
53133965Sjdp	[Yy][Ee][Ss])
53260513Sobrien		echo -n ' mrouted';	mrouted ${mrouted_flags}
53333965Sjdp		;;
53433965Sjdp	esac
535
536	case ${rarpd_enable} in
537	[Yy][Ee][Ss])
538		echo -n ' rarpd';	rarpd ${rarpd_flags}
539		;;
540	esac
541	echo '.'
542
543	# Let future generations know we made it.
544	#
545	network_pass1_done=YES
546}
547
548network_pass2() {
549	echo -n 'Doing additional network setup:'
550	case ${named_enable} in
551	[Yy][Ee][Ss])
552		echo -n ' named';	${named_program:-named} ${named_flags}
553		;;
554	esac
555
556	case ${ntpdate_enable} in
557	[Yy][Ee][Ss])
558		echo -n ' ntpdate'
559		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
560		;;
561	esac
562
563	case ${xntpd_enable} in
564	[Yy][Ee][Ss])
565		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
566		;;
567	esac
568
569	case ${timed_enable} in
570	[Yy][Ee][Ss])
571		echo -n ' timed';	timed ${timed_flags}
572		;;
573	esac
574
575	case ${portmap_enable} in
576	[Yy][Ee][Ss])
577		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
578			${portmap_flags}
579
580		# Start ypserv if we're an NIS server.
581		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
582		#
583		case ${nis_server_enable} in
584		[Yy][Ee][Ss])
585			echo -n ' ypserv'; ypserv ${nis_server_flags}
586
587			case ${nis_ypxfrd_enable} in
588			[Yy][Ee][Ss])
589				echo -n ' rpc.ypxfrd'
590				rpc.ypxfrd ${nis_ypxfrd_flags}
591				;;
592			esac
593
594			case ${nis_yppasswdd_enable} in
595			[Yy][Ee][Ss])
596				echo -n ' rpc.yppasswdd'
597				rpc.yppasswdd ${nis_yppasswdd_flags}
598				;;
599			esac
600			;;
601		esac
602
603		# Start ypbind if we're an NIS client
604		#
605		case ${nis_client_enable} in
606		[Yy][Ee][Ss])
607			echo -n ' ypbind'; ypbind ${nis_client_flags}
608			case ${nis_ypset_enable} in
609			[Yy][Ee][Ss])
610				echo -n ' ypset';	ypset ${nis_ypset_flags}
611				;;
612			esac
613			;;
614		esac
615
616		# Start keyserv if we are running Secure RPC
617		#
618		case ${keyserv_enable} in
619		[Yy][Ee][Ss])
620			echo -n ' keyserv';	keyserv ${keyserv_flags}
621			;;
622		esac
623
624		# Start ypupdated if we are running Secure RPC
625		# and we are NIS master
626		#
627		case ${rpc_ypupdated_enable} in
628		[Yy][Ee][Ss])
629			echo -n ' rpc.ypupdated';	rpc.ypupdated
630			;;
631		esac
632		;;
633	esac
634
635	# Start ATM daemons
636	if [ -n "${atm_pass2_done}" ]; then
637		atm_pass3
638	fi
639
640	echo '.'
641	network_pass2_done=YES
642}
643
644network_pass3() {
645	echo -n 'Starting final network daemons:'
646
647	case ${portmap_enable} in
648	[Yy][Ee][Ss])
649		case ${nfs_server_enable} in
650		[Yy][Ee][Ss])
651			# Handle absent nfs server support
652			nfsserver_in_kernel=0
653			if sysctl vfs.nfsrv >/dev/null 2>&1; then
654				nfsserver_in_kernel=1
655			else
656				kldload nfsserver && nfsserver_in_kernel=1
657			fi
658
659			if [ -r /etc/exports -a \
660			    ${nfsserver_in_kernel} -eq 1 ]; then
661				echo -n ' mountd'
662
663				case ${weak_mountd_authentication} in
664				[Yy][Ee][Ss])
665					mountd_flags="${mountd_flags} -n"
666					;;
667				esac
668
669				mountd ${mountd_flags}
670
671				case ${nfs_reserved_port_only} in
672				[Yy][Ee][Ss])
673					echo -n ' NFS on reserved port only=YES'
674					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
675					;;
676				esac
677
678				echo -n ' nfsd';	nfsd ${nfs_server_flags}
679
680				case ${rpc_statd_enable} in
681				[Yy][Ee][Ss])
682					echo -n ' rpc.statd';	rpc.statd
683					;;
684				esac
685
686				case ${rpc_lockd_enable} in
687				[Yy][Ee][Ss])
688					echo -n ' rpc.lockd';	rpc.lockd
689					;;
690				esac
691			else
692				echo -n ' Warning: nfs server failed'
693			fi
694			;;
695		*)
696			case ${single_mountd_enable} in
697			[Yy][Ee][Ss])
698				if [ -r /etc/exports ]; then
699					echo -n ' mountd'
700
701					case ${weak_mountd_authentication} in
702					[Yy][Ee][Ss])
703						mountd_flags="-n"
704						;;
705					esac
706
707					mountd ${mountd_flags}
708				fi
709				;;
710			esac
711			;;
712		esac
713
714		case ${nfs_client_enable} in
715		[Yy][Ee][Ss])
716			nfsclient_in_kernel=0
717			# Handle absent nfs client support
718			if sysctl vfs.nfs >/dev/null 2>&1; then
719				nfsclient_in_kernel=1
720			else
721				kldload nfsclient && nfsclient_in_kernel=1
722			fi
723
724			if [ ${nfsclient_in_kernel} -eq 1 ]
725			then
726				if [ -n "${nfs_access_cache}" ]; then
727					echo -n " NFS access cache time=${nfs_access_cache}"
728					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
729				fi
730				if [ -n "${nfs_bufpackets}" ]; then
731					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
732				fi
733				case ${rpc_statd_enable} in
734				[Yy][Ee][Ss])
735					echo -n ' rpc.statd';	rpc.statd
736					;;
737				esac
738
739				case ${rpc_lockd_enable} in
740				[Yy][Ee][Ss])
741					echo -n ' rpc.lockd';	rpc.lockd
742					;;
743				esac
744
745				case ${amd_enable} in
746				[Yy][Ee][Ss])
747					echo -n ' amd'
748					case ${amd_map_program} in
749					[Nn][Oo] | '')
750						;;
751					*)
752						amd_flags="${amd_flags} `eval\
753							${amd_map_program}`"
754						;;
755					esac
756
757					if [ -n "${amd_flags}" ]; then
758						amd -p ${amd_flags}\
759							> /var/run/amd.pid 2> /dev/null
760					else
761						amd 2> /dev/null
762					fi
763					;;
764				esac
765			else
766				echo 'Warning: NFS client kernel module failed to load'
767				nfs_client_enable=NO
768			fi
769			;;
770		esac
771
772		# If /var/db/mounttab exists, some nfs-server has not been
773		# successfully notified about a previous client shutdown.
774		# If there is no /var/db/mounttab, we do nothing.
775		if [ -f /var/db/mounttab ]; then
776			rpc.umntall -k
777		fi
778
779		;;
780	esac
781
782	case ${rwhod_enable} in
783	[Yy][Ee][Ss])
784		echo -n ' rwhod';	rwhod ${rwhod_flags}
785		;;
786	esac
787
788	# Kerberos servers run ONLY on the Kerberos server machine
789	case ${kerberos4_server_enable} in
790	[Yy][Ee][Ss])
791		case ${kerberos_stash} in
792		[Yy][Ee][Ss])
793			stash=-n
794			;;
795		*)
796			stash=
797			;;
798		esac
799
800		echo -n ' kerberosIV'
801		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
802
803		case ${kadmind4_server_enable} in
804		[Yy][Ee][Ss])
805			echo -n ' kadmindIV'
806			(
807				sleep 20;
808				${kadmind4_server} ${stash} >/dev/null 2>&1 &
809			) &
810			;;
811		esac
812		unset stash_flag
813		;;
814	esac
815
816	case ${kerberos5_server_enable} in
817	[Yy][Ee][Ss])
818		echo -n ' kerberos5'
819		${kerberos5_server} &
820
821		case ${kadmind5_server_enable} in
822		[Yy][Ee][Ss])
823			echo -n ' kadmind5'
824			${kadmind5_server} &
825			;;
826		esac
827		;;
828	esac
829
830	case ${pppoed_enable} in
831	[Yy][Ee][Ss])
832		if [ -n "${pppoed_provider}" ]; then
833			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
834		fi
835		echo -n ' pppoed';
836		_opts=$-; set -f
837		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
838		set +f; set -${_opts}
839		;;
840	esac
841
842	case ${sshd_enable} in
843	[Yy][Ee][Ss])
844		if [ ! -f /etc/ssh/ssh_host_key ]; then
845			echo ' creating ssh RSA host key';
846			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
847		fi
848		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
849			echo ' creating ssh DSA host key';
850			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
851		fi
852		;;
853	esac
854
855	echo '.'
856	network_pass3_done=YES
857}
858
859network_pass4() {
860	echo -n 'Additional TCP options:'
861	case ${log_in_vain} in
862	[Nn][Oo] | '')
863		log_in_vain=0
864		;;
865	[Yy][Ee][Ss])
866		log_in_vain=1
867		;;
868	[0-9]*)
869		;;
870	*)
871		echo " invalid log_in_vain setting: ${log_in_vain}"
872		log_in_vain=0
873		;;
874	esac
875
876	[ "${log_in_vain}" -ne 0 ] && (
877	    echo -n " log_in_vain=${log_in_vain}"
878	    sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
879	    sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
880	)
881	echo '.'
882	network_pass4_done=YES
883}
884
885network_gif_setup() {
886	case ${gif_interfaces} in
887	[Nn][Oo] | '')
888		;;
889	*)
890		for i in ${gif_interfaces}; do
891			eval peers=\$gifconfig_$i
892			case ${peers} in
893			'')
894				continue
895				;;
896			*)
897				ifconfig $i create >/dev/null 2>&1
898				ifconfig $i tunnel ${peers}
899				;;
900			esac
901		done
902		;;
903	esac
904}
905
906convert_host_conf() {
907    host_conf=$1; shift;
908    nsswitch_conf=$1; shift;
909    awk '                                                                   \
910        /^[:blank:]*#/       { next }                                       \
911        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
912        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
913        /nis/                { nsswitch[c] = "nis";   c++; next }           \
914        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
915        END {                                                               \
916                printf "hosts: ";                                           \
917                for (i in nsswitch) printf "%s ", nsswitch[i];              \
918                printf "\n";                                                \
919        }' < $host_conf > $nsswitch_conf
920}
921
922generate_host_conf() {
923    nsswitch_conf=$1; shift;
924    host_conf=$1; shift;
925    
926    awk '
927BEGIN {
928    xlat["files"] = "hosts";
929    xlat["dns"] = "bind";
930    xlat["nis"] = "nis";
931    cont = 0;
932}
933sub(/^[\t ]*hosts:/, "") || cont {
934    if (!cont)
935	srcs = ""
936    sub(/#.*/, "")
937    gsub(/[][]/, " & ")
938    cont = sub(/\\$/, "")
939    srcs = srcs " " $0
940}
941END {
942    print "# Auto-generated from nsswitch.conf, do not edit"
943    ns = split(srcs, s)
944    for (n = 1; n <= ns; ++n) {
945        if (s[n] in xlat)
946            print xlat[s[n]]
947    }
948}
949' <$nsswitch_conf >$host_conf
950}
951