xref: /freebsd-9.3-release/etc/rc.d/defaultroute

#!/bin/sh -
#
#	$Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $
#	From: @(#)netstart	5.9 (Berkeley) 3/30/91

# Note that almost all the user-configurable behavior is no longer in
# this file, but rather in /etc/rc.conf.  Please check that file
# first before contemplating any changes here.  If you do need to change
# this file for some reason, we would like to know about it.

# First pass startup stuff.

network_pass1() {
    echo -n 'Doing initial network setup:'
    # Set the host name if it is not already set
    if [ -z "`hostname -s`" ] ; then
	    hostname $hostname
	    echo -n ' hostname'
    fi

    # Set the domainname if we're using NIS
    if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then
	    domainname $nisdomainname
	    echo -n ' domain'
    fi
    echo '.'

    # Initial ATM interface configuration
    if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then
	    . /etc/rc.atm
	    atm_pass1
    fi

    # ISDN subsystem startup
    if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then
	    . /etc/rc.isdn
    fi

    # Special options for sppp(4) interfaces go here.  These need
    # to go _before_ the general ifconfig section, since in the case
    # of hardwired (no link1 flag) but required authentication, you
    # cannot pass auth parameters down to the already running interface.
    for ifn in ${sppp_interfaces}; do
	    eval spppcontrol_args=\$spppconfig_${ifn}
	    if [ -n "${spppcontrol_args}" ] ; then
		    # The auth secrets might contain spaces; in order
		    # to retain the quotation, we need to eval them
		    # here.
		    eval spppcontrol ${ifn} ${spppcontrol_args}
	    fi
    done

    # Set up all the network interfaces, calling startup scripts if needed
    for ifn in ${network_interfaces}; do
	    if [ -e /etc/start_if.${ifn} ]; then
		    . /etc/start_if.${ifn}
	    fi
	    # Do the primary ifconfig if specified
	    eval ifconfig_args=\$ifconfig_${ifn}
	    if [ -n "${ifconfig_args}" ] ; then
		    ifconfig ${ifn} ${ifconfig_args}
	    fi
	    # Check to see if aliases need to be added
	    alias=0
	    while :
	    do
		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
		    if [ -n "${ifconfig_args}" ]; then
			    ifconfig ${ifn} ${ifconfig_args} alias
			    alias=`expr ${alias} + 1`
		    else
			    break;
		    fi
	    done
	    # Do ipx address if specified
	    eval ifconfig_args=\$ifconfig_${ifn}_ipx
	    if [ -n "${ifconfig_args}" ]; then
		    ifconfig ${ifn} ${ifconfig_args}
	    fi
	    ifconfig ${ifn}
    done

    # Initialize IP filtering using ipfw
    echo ""
    /sbin/ipfw -q flush > /dev/null 2>&1
    if [ $? = 0 ] ; then
	firewall_in_kernel=1
    else 
	firewall_in_kernel=0
    fi

    if [ $firewall_in_kernel = 0 -a "x$firewall_enable"  = "xYES" ] ; then
	if kldload ipfw; then
		firewall_in_kernel=1		# module loaded successfully
		echo "Kernel firewall module loaded."
	else
		echo "Warning: firewall kernel module failed to load."
	fi
    fi

    # Load the filters if required
    if [ $firewall_in_kernel = 1 ]; then
	if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \
		"x$firewall_enable" = "xYES" ] ; then
	    . /etc/rc.firewall
	    echo "Firewall rules loaded."
	else
	    IPFW_DEFAULT=`ipfw l 65535`
	    if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then
		echo -n "Warning: kernel has firewall functionality, "
		echo "but firewall rules are not enabled."
		echo "         All ip services are disabled."
	    fi
	fi
    fi

    # Additional ATM interface configuration
    if [ -n "${atm_pass1_done}" ]; then
	    atm_pass2
    fi

    # Configure routing

    if [ "x$defaultrouter" != "xNO" ] ; then
	    static_routes="default ${static_routes}"
	    route_default="default ${defaultrouter}"
    fi
    
    # Set up any static routes.  This should be done before router discovery.
    if [ "x${static_routes}" != "x" ]; then
	    for i in ${static_routes}; do
		    eval route_args=\$route_${i}
		    route add ${route_args}
	    done
    fi

    echo -n 'Additional routing options:'
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
	    echo -n ' tcp extensions=NO'
	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
    fi

    if [ X"$icmp_bmcastecho" = X"YES" ]; then
	    echo -n ' broadcast ping responses=YES'
	    sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1
    fi

    if [ "X$gateway_enable" = X"YES" ]; then
	    echo -n ' IP gateway=YES'
	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
    fi
    
    if [ "X$forward_sourceroute" = X"YES" ]; then
	    echo -n ' do source routing=YES'
	    sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1
    fi

    if [ "X$accept_sourceroute" = X"YES" ]; then
	    echo -n ' accept source routing=YES'
	    sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1
    fi

    if [ "X$ipxgateway_enable" = X"YES" ]; then
	    echo -n ' IPX gateway=YES'
	    sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1
    fi
    
    if [ "X$arpproxy_all" = X"YES" ]; then
	    echo -n ' enabling ARP_PROXY_ALL: '
	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
    fi
    echo '.'

    echo -n 'routing daemons:'
    if [ "X$router_enable" = X"YES" ]; then
	    echo -n " ${router}";	${router} ${router_flags}
    fi
    
    if [ "X$ipxrouted_enable" = X"YES" ]; then
	    echo -n ' IPXrouted'
	    IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
    fi
    
    if [ "X${mrouted_enable}" = X"YES" ]; then
	    echo -n ' mrouted'; mrouted ${mrouted_flags}
    fi

    if [ "X$rarpd_enable" = X"YES" ]; then
	    echo -n ' rarpd';     rarpd ${rarpd_flags}
    fi
    echo '.'
    network_pass1_done=YES	# Let future generations know we made it.
}

network_pass2() {
    echo -n 'Doing additional network setup:'
    if [ "X${named_enable}" = X"YES" ]; then
	    echo -n ' named';		${named_program-"named"} ${named_flags}
    fi

    if [ "X${ntpdate_enable}" = X"YES" ]; then
	    echo -n ' ntpdate';	${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1
    fi

    if [ "X${xntpd_enable}" = X"YES" ]; then
	    echo -n ' xntpd';	${xntpd_program} ${xntpd_flags}
    fi

    if [ "X${timed_enable}" = X"YES" ]; then
	    echo -n ' timed';		timed ${timed_flags}
    fi

    if [ "X${portmap_enable}" = X"YES" ]; then
	    echo -n ' portmap';		${portmap_program} ${portmap_flags}
    fi

    # Start ypserv if we're an NIS server.
    # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
    if [ "X${nis_server_enable}" = X"YES" ]; then
	    echo -n ' ypserv'; ypserv ${nis_server_flags}
	    
	    if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then
		    echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags}
	    fi
	    
	    if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then
		    echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags}
	    fi
    fi

    # Start ypbind if we're an NIS client
    if [ "X${nis_client_enable}" = X"YES" ]; then
	    echo -n ' ypbind'; ypbind ${nis_client_flags}
	    if [ "X${nis_ypset_enable}" = X"YES" ]; then
		    echo -n ' ypset'; ypset ${nis_ypset_flags}
	    fi
    fi

    # Start keyserv if we are running Secure RPC
    if [ "X${keyserv_enable}" = X"YES" ]; then
	    echo -n ' keyserv';		keyserv ${keyserv_flags}
    fi
    # Start ypupdated if we are running Secure RPC and we are NIS master
    if [ "X$rpc_ypupdated_enable" = X"YES" ]; then
	    echo -n ' rpc.ypupdated';	rpc.ypupdated
    fi

    # Start ATM daemons
    if [ -n "${atm_pass2_done}" ]; then
	    atm_pass3
    fi

    echo '.'
    network_pass2_done=YES
}

network_pass3() {
    echo -n 'Starting final network daemons:'

    if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then
	    echo -n ' mountd'
	    if [ "X${weak_mountd_authentication}" = X"YES" ]; then
		    mountd_flags="-n"
	    fi
	    mountd ${mountd_flags}
	    if [ "X${nfs_reserved_port_only}" = X"YES" ]; then
		    sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1
	    fi
	    echo -n ' nfsd';		nfsd ${nfs_server_flags}
	    if [ "X$rpc_lockd_enable" = X"YES" ]; then
		echo -n ' rpc.lockd';		rpc.lockd
	    fi
	    if [ "X$rpc_statd_enable" = X"YES" ]; then
		echo -n ' rpc.statd';		rpc.statd
	    fi
    fi
    
    if [ "X${nfs_client_enable}" = X"YES" ]; then
	    echo -n ' nfsiod';		nfsiod ${nfs_client_flags}
	    if [ "X${nfs_access_cache}" != X ]; then
		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
			>/dev/null 2>&1
	    fi
    fi

    if [ "X${amd_enable}" = X"YES" ]; then
	    echo -n ' amd'
	    if [ "X${amd_map_program}" != X"NO" ]; then
		amd_flags="${amd_flags} `eval ${amd_map_program}`"
	    fi
	    amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
    fi

    if [ "X${rwhod_enable}" = X"YES" ]; then
	    echo -n ' rwhod';	rwhod ${rwhod_flags}
    fi

    # Kerberos runs ONLY on the Kerberos server machine
    if [ "X${kerberos_server_enable}" = X"YES" ]; then
	    if [ "X${kerberos_stash}" = "XYES" ]; then
		stash_flag=-n
	    else
		stash_flag=
	    fi
	    echo -n ' kerberos'; \
		kerberos ${stash_flag} >> /var/log/kerberos.log &
	    if [ "X${kadmind_server_enable}" = "XYES" ]; then
		echo -n ' kadmind'; \
		(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
	    fi
	    unset stash_flag
    fi
    
    # Network Address Translation daemon
       if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \
               -a X"${firewall_enable}" = X"YES" ]; then
               if echo ${natd_interface} | \
                       grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
                       natd_ifarg="-a ${natd_interface}"
               else
                       natd_ifarg="-n ${natd_interface}"
               fi
               echo -n ' natd'; natd ${natd_flags} ${natd_ifarg}
       fi

    echo '.'
    network_pass3_done=YES
}