defaultroute revision 90957
133965Sjdp#!/bin/sh - 260513Sobrien# 360513Sobrien# Copyright (c) 1993 The FreeBSD Project 433965Sjdp# All rights reserved. 533965Sjdp# 633965Sjdp# Redistribution and use in source and binary forms, with or without 733965Sjdp# modification, are permitted provided that the following conditions 833965Sjdp# are met: 933965Sjdp# 1. Redistributions of source code must retain the above copyright 1033965Sjdp# notice, this list of conditions and the following disclaimer. 1133965Sjdp# 2. Redistributions in binary form must reproduce the above copyright 1233965Sjdp# notice, this list of conditions and the following disclaimer in the 1333965Sjdp# documentation and/or other materials provided with the distribution. 1433965Sjdp# 1533965Sjdp# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1633965Sjdp# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1733965Sjdp# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1833965Sjdp# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1960513Sobrien# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2060513Sobrien# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2133965Sjdp# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2233965Sjdp# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2333965Sjdp# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2433965Sjdp# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2533965Sjdp# SUCH DAMAGE. 2633965Sjdp# 2733965Sjdp# $FreeBSD: head/etc/rc.d/routing 90957 2002-02-20 10:31:01Z cjc $ 2833965Sjdp# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2933965Sjdp# 3033965Sjdp 3133965Sjdp# Note that almost all of the user-configurable behavior is no longer in 3233965Sjdp# this file, but rather in /etc/defaults/rc.conf. Please check that file 3333965Sjdp# first before contemplating any changes here. If you do need to change 3433965Sjdp# this file for some reason, we would like to know about it. 3533965Sjdp 3633965Sjdp# First pass startup stuff. 3733965Sjdp# 3833965Sjdpnetwork_pass1() { 3933965Sjdp echo -n 'Doing initial network setup:' 4033965Sjdp 4133965Sjdp # Generate host.conf for compatibility 4233965Sjdp # 4333965Sjdp if [ -f "/etc/nsswitch.conf" ]; then 4433965Sjdp echo -n ' host.conf' 4533965Sjdp generate_host_conf /etc/nsswitch.conf /etc/host.conf 4633965Sjdp fi 4733965Sjdp 4833965Sjdp # Convert host.conf to nsswitch.conf if necessary 4933965Sjdp # 5033965Sjdp if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 5133965Sjdp echo '' 5233965Sjdp echo 'Warning: /etc/host.conf is no longer used' 5333965Sjdp echo ' /etc/nsswitch.conf will be created for you' 5433965Sjdp convert_host_conf /etc/host.conf /etc/nsswitch.conf 5533965Sjdp fi 5633965Sjdp 5733965Sjdp # Set the host name if it is not already set 5833965Sjdp # 5933965Sjdp if [ -z "`hostname -s`" ]; then 6033965Sjdp hostname ${hostname} 6133965Sjdp echo -n ' hostname' 6233965Sjdp fi 6333965Sjdp 6461846Sobrien # Establish ipfilter ruleset as early as possible (best in 6561846Sobrien # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6661846Sobrien 6761846Sobrien # check whether ipfilter and/or ipnat is enabled 6861846Sobrien ipfilter_active="NO" 6961846Sobrien case ${ipfilter_enable} in 7061846Sobrien [Yy][Ee][Ss]) 7161846Sobrien ipfilter_active="YES" 7261846Sobrien ;; 7361846Sobrien esac 7461846Sobrien case ${ipnat_enable} in 7561846Sobrien [Yy][Ee][Ss]) 7661846Sobrien ipfilter_active="YES" 7761846Sobrien ;; 7861846Sobrien esac 7961846Sobrien case ${ipfilter_active} in 8061846Sobrien [Yy][Ee][Ss]) 8133965Sjdp # load ipfilter kernel module if needed 8261846Sobrien if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 8333965Sjdp if kldload ipl; then 8461846Sobrien echo 'IP-filter module loaded.' 8533965Sjdp else 8633965Sjdp echo 'Warning: IP-filter module failed to load.' 8733965Sjdp # avoid further errors 8833965Sjdp ipmon_enable="NO" 8933965Sjdp ipfilter_enable="NO" 9033965Sjdp ipnat_enable="NO" 9133965Sjdp ipfs_enable="NO" 9233965Sjdp fi 9333965Sjdp fi 9433965Sjdp # start ipmon before loading any rules 9533965Sjdp case "${ipmon_enable}" in 9633965Sjdp [Yy][Ee][Ss]) 9733965Sjdp echo -n ' ipmon' 9833965Sjdp ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 9933965Sjdp ;; 10033965Sjdp esac 10133965Sjdp case "${ipfilter_enable}" in 10233965Sjdp [Yy][Ee][Ss]) 10333965Sjdp if [ -r "${ipfilter_rules}" ]; then 10433965Sjdp echo -n ' ipfilter' 10533965Sjdp ${ipfilter_program:-/sbin/ipf} -Fa -f \ 10633965Sjdp "${ipfilter_rules}" ${ipfilter_flags} 10733965Sjdp else 10833965Sjdp ipfilter_enable="NO" 10933965Sjdp echo -n ' NO IPF RULES' 11033965Sjdp fi 11133965Sjdp ;; 11233965Sjdp esac 11333965Sjdp case "${ipnat_enable}" in 11433965Sjdp [Yy][Ee][Ss]) 11533965Sjdp if [ -r "${ipnat_rules}" ]; then 11633965Sjdp echo -n ' ipnat' 11733965Sjdp eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 11833965Sjdp "${ipnat_rules}" ${ipnat_flags} 11933965Sjdp else 12033965Sjdp ipnat_enable="NO" 12133965Sjdp echo -n ' NO IPNAT RULES' 12233965Sjdp fi 12333965Sjdp ;; 12433965Sjdp esac 12533965Sjdp # restore filter/NAT state tables after loading the rules 12633965Sjdp case "${ipfs_enable}" in 12733965Sjdp [Yy][Ee][Ss]) 12833965Sjdp if [ -r "/var/db/ipf/ipstate.ipf" ]; then 12933965Sjdp echo -n ' ipfs' 13033965Sjdp ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 13133965Sjdp # remove files to avoid reloading old state 13233965Sjdp # after an ungraceful shutdown 13333965Sjdp rm -f /var/db/ipf/ipstate.ipf 13433965Sjdp rm -f /var/db/ipf/ipnat.ipf 13533965Sjdp fi 13633965Sjdp ;; 13733965Sjdp esac 13833965Sjdp ;; 13933965Sjdp esac 14033965Sjdp 14133965Sjdp # Set the domainname if we're using NIS 14233965Sjdp # 14333965Sjdp case ${nisdomainname} in 14433965Sjdp [Nn][Oo] | '') 14560513Sobrien ;; 14660513Sobrien *) 14760513Sobrien domainname ${nisdomainname} 14860513Sobrien echo -n ' domain' 14960513Sobrien ;; 15060513Sobrien esac 15133965Sjdp 15233965Sjdp echo '.' 15333965Sjdp 15433965Sjdp # Initial ATM interface configuration 15533965Sjdp # 15633965Sjdp case ${atm_enable} in 15733965Sjdp [Yy][Ee][Ss]) 15833965Sjdp if [ -r /etc/rc.atm ]; then 15933965Sjdp . /etc/rc.atm 16033965Sjdp atm_pass1 16133965Sjdp fi 16233965Sjdp ;; 16333965Sjdp esac 16433965Sjdp 16533965Sjdp # Attempt to create cloned interfaces. 16633965Sjdp for ifn in ${cloned_interfaces}; do 16733965Sjdp ifconfig ${ifn} create 16833965Sjdp done 16933965Sjdp 17033965Sjdp # Special options for sppp(4) interfaces go here. These need 17133965Sjdp # to go _before_ the general ifconfig section, since in the case 17233965Sjdp # of hardwired (no link1 flag) but required authentication, you 17333965Sjdp # cannot pass auth parameters down to the already running interface. 17433965Sjdp # 17533965Sjdp for ifn in ${sppp_interfaces}; do 17633965Sjdp eval spppcontrol_args=\$spppconfig_${ifn} 17733965Sjdp if [ -n "${spppcontrol_args}" ]; then 17833965Sjdp # The auth secrets might contain spaces; in order 17960513Sobrien # to retain the quotation, we need to eval them 18033965Sjdp # here. 18133965Sjdp eval spppcontrol ${ifn} ${spppcontrol_args} 18233965Sjdp fi 18333965Sjdp done 18433965Sjdp 18533965Sjdp # gifconfig 18633965Sjdp network_gif_setup 18733965Sjdp 18833965Sjdp # Set up all the network interfaces, calling startup scripts if needed 18933965Sjdp # 19033965Sjdp case ${network_interfaces} in 19133965Sjdp [Aa][Uu][Tt][Oo]) 19233965Sjdp network_interfaces="`ifconfig -l`" 19333965Sjdp ;; 19433965Sjdp *) 19533965Sjdp network_interfaces="${network_interfaces} ${cloned_interfaces}" 19633965Sjdp ;; 19733965Sjdp esac 19833965Sjdp 19933965Sjdp dhcp_interfaces="" 20033965Sjdp for ifn in ${network_interfaces}; do 20133965Sjdp if [ -r /etc/start_if.${ifn} ]; then 20233965Sjdp . /etc/start_if.${ifn} 20333965Sjdp eval showstat_$ifn=1 20433965Sjdp fi 20533965Sjdp 20633965Sjdp # Do the primary ifconfig if specified 20733965Sjdp # 20833965Sjdp eval ifconfig_args=\$ifconfig_${ifn} 20933965Sjdp 21033965Sjdp case ${ifconfig_args} in 21133965Sjdp '') 21233965Sjdp ;; 21333965Sjdp [Dd][Hh][Cc][Pp]) 21433965Sjdp # DHCP inits are done all in one go below 21533965Sjdp dhcp_interfaces="$dhcp_interfaces $ifn" 21633965Sjdp eval showstat_$ifn=1 21733965Sjdp ;; 21833965Sjdp *) 21933965Sjdp ifconfig ${ifn} ${ifconfig_args} 22033965Sjdp eval showstat_$ifn=1 22133965Sjdp ;; 22233965Sjdp esac 22333965Sjdp done 22460513Sobrien 22533965Sjdp if [ ! -z "${dhcp_interfaces}" ]; then 22633965Sjdp ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 22733965Sjdp fi 22833965Sjdp 22933965Sjdp for ifn in ${network_interfaces}; do 23033965Sjdp # Check to see if aliases need to be added 23133965Sjdp # 23233965Sjdp alias=0 23333965Sjdp while : ; do 23433965Sjdp eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 23533965Sjdp if [ -n "${ifconfig_args}" ]; then 23633965Sjdp ifconfig ${ifn} ${ifconfig_args} alias 23733965Sjdp eval showstat_$ifn=1 23833965Sjdp alias=$((${alias} + 1)) 23933965Sjdp else 24061846Sobrien break; 24161846Sobrien fi 24261846Sobrien done 24333965Sjdp 24433965Sjdp # Do ipx address if specified 24533965Sjdp # 24633965Sjdp eval ifconfig_args=\$ifconfig_${ifn}_ipx 24733965Sjdp if [ -n "${ifconfig_args}" ]; then 24833965Sjdp ifconfig ${ifn} ${ifconfig_args} 24933965Sjdp eval showstat_$ifn=1 25033965Sjdp fi 25133965Sjdp done 25233965Sjdp 25333965Sjdp for ifn in ${network_interfaces}; do 25433965Sjdp eval showstat=\$showstat_${ifn} 25533965Sjdp if [ ! -z ${showstat} ]; then 25633965Sjdp ifconfig ${ifn} 25733965Sjdp fi 25833965Sjdp done 25933965Sjdp 26033965Sjdp # ISDN subsystem startup 26133965Sjdp # 26233965Sjdp case ${isdn_enable} in 26333965Sjdp [Yy][Ee][Ss]) 26433965Sjdp if [ -r /etc/rc.isdn ]; then 26533965Sjdp . /etc/rc.isdn 26633965Sjdp fi 26733965Sjdp ;; 26833965Sjdp esac 26933965Sjdp 27033965Sjdp # Start user ppp if required. This must happen before natd. 27133965Sjdp # 27233965Sjdp case ${ppp_enable} in 27333965Sjdp [Yy][Ee][Ss]) 27433965Sjdp # Establish ppp mode. 27533965Sjdp # 27633965Sjdp if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 27733965Sjdp -a "${ppp_mode}" != "dedicated" \ 27833965Sjdp -a "${ppp_mode}" != "background" ]; then 27933965Sjdp ppp_mode="auto" 28033965Sjdp fi 28133965Sjdp 28233965Sjdp ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 28333965Sjdp 28433965Sjdp # Switch on NAT mode? 28533965Sjdp # 28633965Sjdp case ${ppp_nat} in 28733965Sjdp [Yy][Ee][Ss]) 28833965Sjdp ppp_command="${ppp_command} -nat" 28933965Sjdp ;; 29033965Sjdp esac 29133965Sjdp 29233965Sjdp ppp_command="${ppp_command} ${ppp_profile}" 29333965Sjdp 29433965Sjdp echo "Starting ppp as \"${ppp_user}\"" 29533965Sjdp su -m ${ppp_user} -c "exec ${ppp_command}" 29633965Sjdp ;; 29733965Sjdp esac 29833965Sjdp 29933965Sjdp # Re-Sync ipfilter so it picks up any new network interfaces 30033965Sjdp # 30133965Sjdp case ${ipfilter_active} in 30233965Sjdp [Yy][Ee][Ss]) 30333965Sjdp ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 30433965Sjdp ;; 30533965Sjdp esac 30633965Sjdp unset ipfilter_active 30733965Sjdp 30833965Sjdp # Initialize IP filtering using ipfw 30933965Sjdp # 31033965Sjdp if /sbin/ipfw -q flush > /dev/null 2>&1; then 31133965Sjdp firewall_in_kernel=1 31233965Sjdp else 31333965Sjdp firewall_in_kernel=0 31433965Sjdp fi 31533965Sjdp 31633965Sjdp case ${firewall_enable} in 31733965Sjdp [Yy][Ee][Ss]) 31833965Sjdp if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 31933965Sjdp firewall_in_kernel=1 32033965Sjdp echo 'Kernel firewall module loaded' 32133965Sjdp elif [ "${firewall_in_kernel}" -eq 0 ]; then 32233965Sjdp echo 'Warning: firewall kernel module failed to load' 32333965Sjdp fi 32433965Sjdp ;; 32533965Sjdp esac 32633965Sjdp 32733965Sjdp # Load the filters if required 32833965Sjdp # 32933965Sjdp case ${firewall_in_kernel} in 33033965Sjdp 1) 33133965Sjdp if [ -z "${firewall_script}" ]; then 33233965Sjdp firewall_script=/etc/rc.firewall 33333965Sjdp fi 33433965Sjdp 33533965Sjdp case ${firewall_enable} in 33633965Sjdp [Yy][Ee][Ss]) 33733965Sjdp if [ -r "${firewall_script}" ]; then 33833965Sjdp . "${firewall_script}" 33933965Sjdp echo -n 'Firewall rules loaded, starting divert daemons:' 34033965Sjdp 34133965Sjdp # Network Address Translation daemon 34233965Sjdp # 34333965Sjdp case ${natd_enable} in 34433965Sjdp [Yy][Ee][Ss]) 34533965Sjdp if [ -n "${natd_interface}" ]; then 34633965Sjdp if echo ${natd_interface} | \ 34733965Sjdp grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 34833965Sjdp natd_flags="$natd_flags -a ${natd_interface}" 34933965Sjdp else 35033965Sjdp natd_flags="$natd_flags -n ${natd_interface}" 35133965Sjdp fi 35233965Sjdp fi 35333965Sjdp echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} 35433965Sjdp ;; 35533965Sjdp esac 35633965Sjdp 35733965Sjdp echo '.' 35833965Sjdp 35933965Sjdp elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 36033965Sjdp echo 'Warning: kernel has firewall functionality,' \ 36133965Sjdp 'but firewall rules are not enabled.' 36233965Sjdp echo ' All ip services are disabled.' 36333965Sjdp fi 36433965Sjdp 36533965Sjdp case ${firewall_logging} in 36633965Sjdp [Yy][Ee][Ss] | '') 36733965Sjdp echo 'Firewall logging=YES' 36833965Sjdp sysctl net.inet.ip.fw.verbose=1 >/dev/null 36933965Sjdp ;; 37033965Sjdp *) 37133965Sjdp ;; 37233965Sjdp esac 37333965Sjdp 37433965Sjdp ;; 37533965Sjdp esac 37633965Sjdp ;; 37733965Sjdp esac 37833965Sjdp 37933965Sjdp # Additional ATM interface configuration 38033965Sjdp # 38133965Sjdp if [ -n "${atm_pass1_done}" ]; then 38233965Sjdp atm_pass2 38333965Sjdp fi 38433965Sjdp 38533965Sjdp # Configure routing 38633965Sjdp # 38733965Sjdp case ${defaultrouter} in 38833965Sjdp [Nn][Oo] | '') 38933965Sjdp ;; 39033965Sjdp *) 39133965Sjdp static_routes="default ${static_routes}" 39233965Sjdp route_default="default ${defaultrouter}" 39333965Sjdp ;; 39433965Sjdp esac 39533965Sjdp 39633965Sjdp # Set up any static routes. This should be done before router discovery. 39733965Sjdp # 39833965Sjdp if [ -n "${static_routes}" ]; then 39933965Sjdp for i in ${static_routes}; do 40033965Sjdp eval route_args=\$route_${i} 40133965Sjdp route add ${route_args} 40233965Sjdp done 40333965Sjdp fi 40433965Sjdp 40533965Sjdp echo -n 'Additional routing options:' 40633965Sjdp case ${tcp_extensions} in 40733965Sjdp [Yy][Ee][Ss] | '') 40833965Sjdp ;; 40933965Sjdp *) 41033965Sjdp echo -n ' tcp extensions=NO' 41133965Sjdp sysctl net.inet.tcp.rfc1323=0 >/dev/null 41233965Sjdp ;; 41333965Sjdp esac 41433965Sjdp 41533965Sjdp case ${icmp_bmcastecho} in 41633965Sjdp [Yy][Ee][Ss]) 41733965Sjdp echo -n ' broadcast ping responses=YES' 41833965Sjdp sysctl net.inet.icmp.bmcastecho=1 >/dev/null 41933965Sjdp ;; 42033965Sjdp esac 42133965Sjdp 42233965Sjdp case ${icmp_drop_redirect} in 42333965Sjdp [Yy][Ee][Ss]) 42433965Sjdp echo -n ' ignore ICMP redirect=YES' 42533965Sjdp sysctl net.inet.icmp.drop_redirect=1 >/dev/null 42633965Sjdp ;; 42733965Sjdp esac 42833965Sjdp 42933965Sjdp case ${icmp_log_redirect} in 43033965Sjdp [Yy][Ee][Ss]) 43133965Sjdp echo -n ' log ICMP redirect=YES' 43233965Sjdp sysctl net.inet.icmp.log_redirect=1 >/dev/null 43333965Sjdp ;; 43433965Sjdp esac 43533965Sjdp 43633965Sjdp case ${gateway_enable} in 43733965Sjdp [Yy][Ee][Ss]) 43833965Sjdp echo -n ' IP gateway=YES' 43933965Sjdp sysctl net.inet.ip.forwarding=1 >/dev/null 44033965Sjdp ;; 44133965Sjdp esac 44233965Sjdp 44333965Sjdp case ${forward_sourceroute} in 44433965Sjdp [Yy][Ee][Ss]) 44533965Sjdp echo -n ' do source routing=YES' 44633965Sjdp sysctl net.inet.ip.sourceroute=1 >/dev/null 44733965Sjdp ;; 44833965Sjdp esac 44933965Sjdp 45033965Sjdp case ${accept_sourceroute} in 45133965Sjdp [Yy][Ee][Ss]) 45233965Sjdp echo -n ' accept source routing=YES' 45333965Sjdp sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 45433965Sjdp ;; 45533965Sjdp esac 45633965Sjdp 45733965Sjdp case ${tcp_keepalive} in 45833965Sjdp [Nn][Oo]) 45933965Sjdp echo -n ' TCP keepalive=NO' 46033965Sjdp sysctl net.inet.tcp.always_keepalive=0 >/dev/null 46133965Sjdp ;; 46233965Sjdp esac 46333965Sjdp 46433965Sjdp case ${tcp_drop_synfin} in 46533965Sjdp [Yy][Ee][Ss]) 46633965Sjdp echo -n ' drop SYN+FIN packets=YES' 46733965Sjdp sysctl net.inet.tcp.drop_synfin=1 >/dev/null 46833965Sjdp ;; 46933965Sjdp esac 47033965Sjdp 47133965Sjdp case ${ipxgateway_enable} in 47233965Sjdp [Yy][Ee][Ss]) 47333965Sjdp echo -n ' IPX gateway=YES' 47433965Sjdp sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 47533965Sjdp ;; 47633965Sjdp esac 47733965Sjdp 47833965Sjdp case ${arpproxy_all} in 47933965Sjdp [Yy][Ee][Ss]) 48033965Sjdp echo -n ' ARP proxyall=YES' 48133965Sjdp sysctl net.link.ether.inet.proxyall=1 >/dev/null 48233965Sjdp ;; 48333965Sjdp esac 48433965Sjdp 48533965Sjdp case ${ip_portrange_first} in 48633965Sjdp [Nn][Oo] | '') 48733965Sjdp ;; 48833965Sjdp *) 48933965Sjdp echo -n " ip_portrange_first=$ip_portrange_first" 49033965Sjdp sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 49133965Sjdp ;; 49233965Sjdp esac 49333965Sjdp 49433965Sjdp case ${ip_portrange_last} in 49533965Sjdp [Nn][Oo] | '') 49633965Sjdp ;; 49733965Sjdp *) 49833965Sjdp echo -n " ip_portrange_last=$ip_portrange_last" 49933965Sjdp sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 50033965Sjdp ;; 50133965Sjdp esac 50233965Sjdp 50333965Sjdp echo '.' 50433965Sjdp 50533965Sjdp case ${ipsec_enable} in 50633965Sjdp [Yy][Ee][Ss]) 50733965Sjdp if [ -f ${ipsec_file} ]; then 50833965Sjdp echo ' ipsec: enabled' 50933965Sjdp setkey -f ${ipsec_file} 51033965Sjdp else 51133965Sjdp echo ' ipsec: file not found' 51233965Sjdp fi 51333965Sjdp ;; 51433965Sjdp esac 51560513Sobrien 51633965Sjdp echo -n 'Routing daemons:' 51733965Sjdp case ${router_enable} in 51833965Sjdp [Yy][Ee][Ss]) 51933965Sjdp echo -n " ${router}"; ${router} ${router_flags} 52033965Sjdp ;; 52133965Sjdp esac 52233965Sjdp 52333965Sjdp case ${ipxrouted_enable} in 52433965Sjdp [Yy][Ee][Ss]) 52560513Sobrien echo -n ' IPXrouted' 52633965Sjdp IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 52733965Sjdp ;; 52860513Sobrien esac 52933965Sjdp 53033965Sjdp case ${mrouted_enable} in 53133965Sjdp [Yy][Ee][Ss]) 53260513Sobrien echo -n ' mrouted'; mrouted ${mrouted_flags} 53333965Sjdp ;; 53433965Sjdp esac 535 536 case ${rarpd_enable} in 537 [Yy][Ee][Ss]) 538 echo -n ' rarpd'; rarpd ${rarpd_flags} 539 ;; 540 esac 541 echo '.' 542 543 # Let future generations know we made it. 544 # 545 network_pass1_done=YES 546} 547 548network_pass2() { 549 echo -n 'Doing additional network setup:' 550 case ${named_enable} in 551 [Yy][Ee][Ss]) 552 echo -n ' named'; ${named_program:-named} ${named_flags} 553 ;; 554 esac 555 556 case ${ntpdate_enable} in 557 [Yy][Ee][Ss]) 558 echo -n ' ntpdate' 559 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 560 ;; 561 esac 562 563 case ${xntpd_enable} in 564 [Yy][Ee][Ss]) 565 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 566 ;; 567 esac 568 569 case ${timed_enable} in 570 [Yy][Ee][Ss]) 571 echo -n ' timed'; timed ${timed_flags} 572 ;; 573 esac 574 575 case ${portmap_enable} in 576 [Yy][Ee][Ss]) 577 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 578 ${portmap_flags} 579 580 # Start ypserv if we're an NIS server. 581 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 582 # 583 case ${nis_server_enable} in 584 [Yy][Ee][Ss]) 585 echo -n ' ypserv'; ypserv ${nis_server_flags} 586 587 case ${nis_ypxfrd_enable} in 588 [Yy][Ee][Ss]) 589 echo -n ' rpc.ypxfrd' 590 rpc.ypxfrd ${nis_ypxfrd_flags} 591 ;; 592 esac 593 594 case ${nis_yppasswdd_enable} in 595 [Yy][Ee][Ss]) 596 echo -n ' rpc.yppasswdd' 597 rpc.yppasswdd ${nis_yppasswdd_flags} 598 ;; 599 esac 600 ;; 601 esac 602 603 # Start ypbind if we're an NIS client 604 # 605 case ${nis_client_enable} in 606 [Yy][Ee][Ss]) 607 echo -n ' ypbind'; ypbind ${nis_client_flags} 608 case ${nis_ypset_enable} in 609 [Yy][Ee][Ss]) 610 echo -n ' ypset'; ypset ${nis_ypset_flags} 611 ;; 612 esac 613 ;; 614 esac 615 616 # Start keyserv if we are running Secure RPC 617 # 618 case ${keyserv_enable} in 619 [Yy][Ee][Ss]) 620 echo -n ' keyserv'; keyserv ${keyserv_flags} 621 ;; 622 esac 623 624 # Start ypupdated if we are running Secure RPC 625 # and we are NIS master 626 # 627 case ${rpc_ypupdated_enable} in 628 [Yy][Ee][Ss]) 629 echo -n ' rpc.ypupdated'; rpc.ypupdated 630 ;; 631 esac 632 ;; 633 esac 634 635 # Start ATM daemons 636 if [ -n "${atm_pass2_done}" ]; then 637 atm_pass3 638 fi 639 640 echo '.' 641 network_pass2_done=YES 642} 643 644network_pass3() { 645 echo -n 'Starting final network daemons:' 646 647 case ${portmap_enable} in 648 [Yy][Ee][Ss]) 649 case ${nfs_server_enable} in 650 [Yy][Ee][Ss]) 651 # Handle absent nfs server support 652 nfsserver_in_kernel=0 653 if sysctl vfs.nfsrv >/dev/null 2>&1; then 654 nfsserver_in_kernel=1 655 else 656 kldload nfsserver && nfsserver_in_kernel=1 657 fi 658 659 if [ -r /etc/exports -a \ 660 ${nfsserver_in_kernel} -eq 1 ]; then 661 echo -n ' mountd' 662 663 case ${weak_mountd_authentication} in 664 [Yy][Ee][Ss]) 665 mountd_flags="${mountd_flags} -n" 666 ;; 667 esac 668 669 mountd ${mountd_flags} 670 671 case ${nfs_reserved_port_only} in 672 [Yy][Ee][Ss]) 673 echo -n ' NFS on reserved port only=YES' 674 sysctl vfs.nfsrv.nfs_privport=1 > /dev/null 675 ;; 676 esac 677 678 echo -n ' nfsd'; nfsd ${nfs_server_flags} 679 680 case ${rpc_statd_enable} in 681 [Yy][Ee][Ss]) 682 echo -n ' rpc.statd'; rpc.statd 683 ;; 684 esac 685 686 case ${rpc_lockd_enable} in 687 [Yy][Ee][Ss]) 688 echo -n ' rpc.lockd'; rpc.lockd 689 ;; 690 esac 691 else 692 echo -n ' Warning: nfs server failed' 693 fi 694 ;; 695 *) 696 case ${single_mountd_enable} in 697 [Yy][Ee][Ss]) 698 if [ -r /etc/exports ]; then 699 echo -n ' mountd' 700 701 case ${weak_mountd_authentication} in 702 [Yy][Ee][Ss]) 703 mountd_flags="-n" 704 ;; 705 esac 706 707 mountd ${mountd_flags} 708 fi 709 ;; 710 esac 711 ;; 712 esac 713 714 case ${nfs_client_enable} in 715 [Yy][Ee][Ss]) 716 nfsclient_in_kernel=0 717 # Handle absent nfs client support 718 if sysctl vfs.nfs >/dev/null 2>&1; then 719 nfsclient_in_kernel=1 720 else 721 kldload nfsclient && nfsclient_in_kernel=1 722 fi 723 724 if [ ${nfsclient_in_kernel} -eq 1 ] 725 then 726 if [ -n "${nfs_access_cache}" ]; then 727 echo -n " NFS access cache time=${nfs_access_cache}" 728 sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 729 fi 730 if [ -n "${nfs_bufpackets}" ]; then 731 sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 732 fi 733 case ${rpc_statd_enable} in 734 [Yy][Ee][Ss]) 735 echo -n ' rpc.statd'; rpc.statd 736 ;; 737 esac 738 739 case ${rpc_lockd_enable} in 740 [Yy][Ee][Ss]) 741 echo -n ' rpc.lockd'; rpc.lockd 742 ;; 743 esac 744 745 case ${amd_enable} in 746 [Yy][Ee][Ss]) 747 echo -n ' amd' 748 case ${amd_map_program} in 749 [Nn][Oo] | '') 750 ;; 751 *) 752 amd_flags="${amd_flags} `eval\ 753 ${amd_map_program}`" 754 ;; 755 esac 756 757 if [ -n "${amd_flags}" ]; then 758 amd -p ${amd_flags}\ 759 > /var/run/amd.pid 2> /dev/null 760 else 761 amd 2> /dev/null 762 fi 763 ;; 764 esac 765 else 766 echo 'Warning: NFS client kernel module failed to load' 767 nfs_client_enable=NO 768 fi 769 ;; 770 esac 771 772 # If /var/db/mounttab exists, some nfs-server has not been 773 # successfully notified about a previous client shutdown. 774 # If there is no /var/db/mounttab, we do nothing. 775 if [ -f /var/db/mounttab ]; then 776 rpc.umntall -k 777 fi 778 779 ;; 780 esac 781 782 case ${rwhod_enable} in 783 [Yy][Ee][Ss]) 784 echo -n ' rwhod'; rwhod ${rwhod_flags} 785 ;; 786 esac 787 788 # Kerberos servers run ONLY on the Kerberos server machine 789 case ${kerberos4_server_enable} in 790 [Yy][Ee][Ss]) 791 case ${kerberos_stash} in 792 [Yy][Ee][Ss]) 793 stash=-n 794 ;; 795 *) 796 stash= 797 ;; 798 esac 799 800 echo -n ' kerberosIV' 801 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 802 803 case ${kadmind4_server_enable} in 804 [Yy][Ee][Ss]) 805 echo -n ' kadmindIV' 806 ( 807 sleep 20; 808 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 809 ) & 810 ;; 811 esac 812 unset stash_flag 813 ;; 814 esac 815 816 case ${kerberos5_server_enable} in 817 [Yy][Ee][Ss]) 818 echo -n ' kerberos5' 819 ${kerberos5_server} & 820 821 case ${kadmind5_server_enable} in 822 [Yy][Ee][Ss]) 823 echo -n ' kadmind5' 824 ${kadmind5_server} & 825 ;; 826 esac 827 ;; 828 esac 829 830 case ${pppoed_enable} in 831 [Yy][Ee][Ss]) 832 if [ -n "${pppoed_provider}" ]; then 833 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 834 fi 835 echo -n ' pppoed'; 836 _opts=$-; set -f 837 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 838 set +f; set -${_opts} 839 ;; 840 esac 841 842 case ${sshd_enable} in 843 [Yy][Ee][Ss]) 844 if [ ! -f /etc/ssh/ssh_host_key ]; then 845 echo ' creating ssh RSA host key'; 846 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 847 fi 848 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 849 echo ' creating ssh DSA host key'; 850 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 851 fi 852 ;; 853 esac 854 855 echo '.' 856 network_pass3_done=YES 857} 858 859network_pass4() { 860 echo -n 'Additional TCP options:' 861 case ${log_in_vain} in 862 [Nn][Oo] | '') 863 log_in_vain=0 864 ;; 865 [Yy][Ee][Ss]) 866 log_in_vain=1 867 ;; 868 [0-9]*) 869 ;; 870 *) 871 echo " invalid log_in_vain setting: ${log_in_vain}" 872 log_in_vain=0 873 ;; 874 esac 875 876 [ "${log_in_vain}" -ne 0 ] && ( 877 echo -n " log_in_vain=${log_in_vain}" 878 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null 879 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null 880 ) 881 echo '.' 882 network_pass4_done=YES 883} 884 885network_gif_setup() { 886 case ${gif_interfaces} in 887 [Nn][Oo] | '') 888 ;; 889 *) 890 for i in ${gif_interfaces}; do 891 eval peers=\$gifconfig_$i 892 case ${peers} in 893 '') 894 continue 895 ;; 896 *) 897 ifconfig $i create >/dev/null 2>&1 898 ifconfig $i tunnel ${peers} 899 ;; 900 esac 901 done 902 ;; 903 esac 904} 905 906convert_host_conf() { 907 host_conf=$1; shift; 908 nsswitch_conf=$1; shift; 909 awk ' \ 910 /^[:blank:]*#/ { next } \ 911 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 912 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 913 /nis/ { nsswitch[c] = "nis"; c++; next } \ 914 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 915 END { \ 916 printf "hosts: "; \ 917 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 918 printf "\n"; \ 919 }' < $host_conf > $nsswitch_conf 920} 921 922generate_host_conf() { 923 nsswitch_conf=$1; shift; 924 host_conf=$1; shift; 925 926 awk ' 927BEGIN { 928 xlat["files"] = "hosts"; 929 xlat["dns"] = "bind"; 930 xlat["nis"] = "nis"; 931 cont = 0; 932} 933sub(/^[\t ]*hosts:/, "") || cont { 934 if (!cont) 935 srcs = "" 936 sub(/#.*/, "") 937 gsub(/[][]/, " & ") 938 cont = sub(/\\$/, "") 939 srcs = srcs " " $0 940} 941END { 942 print "# Auto-generated from nsswitch.conf, do not edit" 943 ns = split(srcs, s) 944 for (n = 1; n <= ns; ++n) { 945 if (s[n] in xlat) 946 print xlat[s[n]] 947 } 948} 949' <$nsswitch_conf >$host_conf 950} 951