defaultroute revision 57567
134229Speter#!/bin/sh - 258478Sobrien# 334229Speter# $FreeBSD: head/etc/rc.d/routing 57567 2000-02-28 19:21:05Z jkh $ 434229Speter# From: @(#)netstart 5.9 (Berkeley) 3/30/91 551408Sobrien 634229Speter# Note that almost all of the user-configurable behavior is no longer in 752112Sobrien# this file, but rather in /etc/defaults/rc.conf. Please check that file 818334Speter# first before contemplating any changes here. If you do need to change 918334Speter# this file for some reason, we would like to know about it. 1018334Speter 1118334Speter# First pass startup stuff. 1218334Speter# 1318334Speternetwork_pass1() { 1418334Speter echo -n 'Doing initial network setup:' 1518334Speter 1618334Speter # Set the host name if it is not already set 1718334Speter # 1818334Speter if [ -z "`hostname -s`" ]; then 1918334Speter hostname ${hostname} 2018334Speter echo -n ' hostname' 2118334Speter fi 2218334Speter 2318334Speter # Set the domainname if we're using NIS 2418334Speter # 2518334Speter case ${nisdomainname} in 2651408Sobrien [Nn][Oo] | '') 2718334Speter ;; 2858478Sobrien *) 2958478Sobrien domainname ${nisdomainname} 3058478Sobrien echo -n ' domain' 3158478Sobrien ;; 3251408Sobrien esac 3358478Sobrien 3458478Sobrien echo '.' 3558478Sobrien 3658478Sobrien # Initial ATM interface configuration 3751408Sobrien # 3858478Sobrien case ${atm_enable} in 3958478Sobrien [Yy][Ee][Ss]) 4058478Sobrien if [ -r /etc/rc.atm ]; then 4158478Sobrien . /etc/rc.atm 4258478Sobrien atm_pass1 4358478Sobrien fi 4458478Sobrien ;; 4558478Sobrien esac 4658478Sobrien 4758478Sobrien # Special options for sppp(4) interfaces go here. These need 4858478Sobrien # to go _before_ the general ifconfig section, since in the case 4958478Sobrien # of hardwired (no link1 flag) but required authentication, you 5058478Sobrien # cannot pass auth parameters down to the already running interface. 5158478Sobrien # 5258478Sobrien for ifn in ${sppp_interfaces}; do 5358478Sobrien eval spppcontrol_args=\$spppconfig_${ifn} 5458478Sobrien if [ -n "${spppcontrol_args}" ]; then 5558478Sobrien # The auth secrets might contain spaces; in order 5658478Sobrien # to retain the quotation, we need to eval them 5758478Sobrien # here. 5858478Sobrien eval spppcontrol ${ifn} ${spppcontrol_args} 5958478Sobrien fi 6058478Sobrien done 6158478Sobrien 6258478Sobrien # Set up all the network interfaces, calling startup scripts if needed 6358478Sobrien # 6458478Sobrien case ${network_interfaces} in 6558478Sobrien [Aa][Uu][Tt][Oo]) 6658478Sobrien network_interfaces="`ifconfig -l`" 6758478Sobrien ;; 6858478Sobrien esac 6958478Sobrien 7058478Sobrien dhcp_interfaces="" 7158478Sobrien for ifn in ${network_interfaces}; do 7258478Sobrien if [ -r /etc/start_if.${ifn} ]; then 7358478Sobrien . /etc/start_if.${ifn} 7458478Sobrien eval showstat_$ifn=1 7558478Sobrien fi 7658478Sobrien 7758478Sobrien # Do the primary ifconfig if specified 7858478Sobrien # 7958478Sobrien eval ifconfig_args=\$ifconfig_${ifn} 8058478Sobrien 8158478Sobrien case ${ifconfig_args} in 8258478Sobrien '') 8358478Sobrien ;; 8458478Sobrien [Dd][Hh][Cc][Pp]) 8558478Sobrien # DHCP inits are done all in one go below 8658478Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 8758478Sobrien eval showstat_$ifn=1 8858478Sobrien ;; 8958478Sobrien *) 9058478Sobrien ifconfig ${ifn} ${ifconfig_args} 9158478Sobrien eval showstat_$ifn=1 9258478Sobrien ;; 9358478Sobrien esac 9458478Sobrien done 9558478Sobrien 9658478Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 9758478Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 9858478Sobrien fi 9958478Sobrien 10058478Sobrien for ifn in ${network_interfaces}; do 10158478Sobrien # Check to see if aliases need to be added 10258478Sobrien # 10358478Sobrien alias=0 10458478Sobrien while : ; do 10558478Sobrien eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 10658478Sobrien if [ -n "${ifconfig_args}" ]; then 10758478Sobrien ifconfig ${ifn} ${ifconfig_args} alias 10858478Sobrien eval showstat_$ifn=1 10958478Sobrien alias=`expr ${alias} + 1` 11058478Sobrien else 11158478Sobrien break; 11258478Sobrien fi 11358478Sobrien done 11458478Sobrien 11558478Sobrien # Do ipx address if specified 11658478Sobrien # 11758478Sobrien eval ifconfig_args=\$ifconfig_${ifn}_ipx 11858478Sobrien if [ -n "${ifconfig_args}" ]; then 11958478Sobrien ifconfig ${ifn} ${ifconfig_args} 12058478Sobrien eval showstat_$ifn=1 12158478Sobrien fi 12258478Sobrien done 12358478Sobrien 12458478Sobrien for ifn in ${network_interfaces}; do 12558478Sobrien eval showstat=\$showstat_${ifn} 12658478Sobrien if [ ! -z ${showstat} ]; then 12758478Sobrien ifconfig ${ifn} 12858478Sobrien fi 12958478Sobrien done 13058478Sobrien 13134229Speter # ISDN subsystem startup 13234229Speter # 13334229Speter case ${isdn_enable} in 13418349Speter [Yy][Ee][Ss]) 13534229Speter if [ -r /etc/rc.isdn ]; then 13634229Speter . /etc/rc.isdn 13734229Speter fi 13834229Speter ;; 13918349Speter esac 14034229Speter 14152112Sobrien # Warm up user ppp if required, must happen before natd. 14268601Sobrien # 14368601Sobrien case ${ppp_enable} in 14468601Sobrien [Yy][Ee][Ss]) 14568601Sobrien # Establish ppp mode. 14668601Sobrien # 14768601Sobrien if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 14818349Speter -a "${ppp_mode}" != "dedicated" \ 14958478Sobrien -a "${ppp_mode}" != "background" ]; then 15058478Sobrien ppp_mode="auto"; 15158478Sobrien fi 15258478Sobrien 15358478Sobrien ppp_command="-${ppp_mode} "; 15434229Speter 15534229Speter # Switch on alias mode? 15634229Speter # 15734229Speter case ${ppp_nat} in 15834229Speter [Yy][Ee][Ss]) 15918349Speter ppp_command="${ppp_command} -nat"; 16058478Sobrien ;; 16158478Sobrien esac 16258478Sobrien 16318349Speter echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} 16458478Sobrien ;; 16558478Sobrien esac 16658478Sobrien 16718349Speter # Initialize IP filtering using ipfw 16858478Sobrien # 16958478Sobrien echo '' 17058478Sobrien 17151408Sobrien if /sbin/ipfw -q flush > /dev/null 2>&1; then 17258478Sobrien firewall_in_kernel=1 17358478Sobrien else 17458478Sobrien firewall_in_kernel=0 17518349Speter fi 17658478Sobrien 17758478Sobrien case ${firewall_enable} in 17858478Sobrien [Yy][Ee][Ss]) 17958478Sobrien if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 18058478Sobrien firewall_in_kernel=1 18158478Sobrien echo "Kernel firewall module loaded." 18258478Sobrien elif [ "${firewall_in_kernel}" -eq 0 ]; then 18358478Sobrien echo "Warning: firewall kernel module failed to load." 18458478Sobrien fi 18558478Sobrien ;; 18658478Sobrien esac 18758478Sobrien 18858478Sobrien # Load the filters if required 18958478Sobrien # 19058478Sobrien case ${firewall_in_kernel} in 19158478Sobrien 1) 19258478Sobrien if [ -z "${firewall_script}" ]; then 19358478Sobrien firewall_script=/etc/rc.firewall 19458478Sobrien fi 19558478Sobrien 19658478Sobrien case ${firewall_enable} in 19758478Sobrien [Yy][Ee][Ss]) 19858478Sobrien if [ -r "${firewall_script}" ]; then 19958478Sobrien . "${firewall_script}" 20058478Sobrien echo -n 'Firewall rules loaded, starting divert daemons:' 20158478Sobrien 20258478Sobrien # Network Address Translation daemon 20358478Sobrien # 20458478Sobrien case ${natd_enable} in 20558478Sobrien [Yy][Ee][Ss]) 20658478Sobrien if [ -n "${natd_interface}" ]; then 20758478Sobrien if echo ${natd_interface} | \ 20858478Sobrien grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 20958478Sobrien natd_ifarg="-a ${natd_interface}" 21073325Sobrien else 21173325Sobrien natd_ifarg="-n ${natd_interface}" 21258478Sobrien fi 21358478Sobrien 21458478Sobrien echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 21558478Sobrien fi 21658478Sobrien ;; 21758478Sobrien esac 21858478Sobrien 21958478Sobrien echo '.' 22058478Sobrien 22158478Sobrien elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 22258478Sobrien echo -n "Warning: kernel has firewall functionality, " 22358478Sobrien echo "but firewall rules are not enabled." 22458478Sobrien echo " All ip services are disabled." 22558478Sobrien fi 22658478Sobrien ;; 22758478Sobrien esac 22858478Sobrien ;; 22958478Sobrien esac 23058478Sobrien 23158478Sobrien # Additional ATM interface configuration 23258478Sobrien # 23358478Sobrien if [ -n "${atm_pass1_done}" ]; then 23458478Sobrien atm_pass2 23558478Sobrien fi 23658478Sobrien 23758478Sobrien # Configure routing 23858478Sobrien # 23958478Sobrien case ${defaultrouter} in 24058478Sobrien [Nn][Oo] | '') 24158478Sobrien ;; 24258478Sobrien *) 24358478Sobrien static_routes="default ${static_routes}" 24458478Sobrien route_default="default ${defaultrouter}" 24558478Sobrien ;; 24658478Sobrien esac 24758478Sobrien 24858478Sobrien # Set up any static routes. This should be done before router discovery. 24958478Sobrien # 25058478Sobrien if [ -n "${static_routes}" ]; then 25158478Sobrien for i in ${static_routes}; do 25258478Sobrien eval route_args=\$route_${i} 25358478Sobrien route add ${route_args} 25458478Sobrien done 25558478Sobrien fi 25658478Sobrien 25758478Sobrien echo -n 'Additional routing options:' 25895348Sobrien case ${tcp_extensions} in 25995348Sobrien [Yy][Ee][Ss] | '') 26095348Sobrien ;; 26195348Sobrien *) 26258478Sobrien echo -n ' tcp extensions=NO' 26358478Sobrien sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 26458478Sobrien ;; 26558478Sobrien esac 26658478Sobrien 26758478Sobrien case ${icmp_bmcastecho} in 26858478Sobrien [Yy][Ee][Ss]) 26958478Sobrien echo -n ' broadcast ping responses=YES' 27058478Sobrien sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 27158478Sobrien ;; 27258478Sobrien esac 27334229Speter 27434229Speter case ${icmp_drop_redirect} in 27558478Sobrien [Yy][Ee][Ss]) 27658478Sobrien echo -n ' ignore ICMP redirect=YES' 27758478Sobrien sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 27834229Speter ;; 27918349Speter esac 28034229Speter 28134229Speter case ${icmp_log_redirect} in 28234229Speter [Yy][Ee][Ss]) 28334229Speter echo -n ' log ICMP redirect=YES' 28434229Speter sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 28558478Sobrien ;; 28658478Sobrien esac 28758478Sobrien 28818349Speter case ${gateway_enable} in 28934229Speter [Yy][Ee][Ss]) 29058478Sobrien echo -n ' IP gateway=YES' 29158478Sobrien sysctl -w net.inet.ip.forwarding=1 >/dev/null 29258478Sobrien ;; 29334229Speter esac 29434229Speter 29552112Sobrien case ${forward_sourceroute} in 29652112Sobrien [Yy][Ee][Ss]) 29718334Speter echo -n ' do source routing=YES' 29858478Sobrien sysctl -w net.inet.ip.sourceroute=1 >/dev/null 29958478Sobrien ;; 30058478Sobrien esac 30158478Sobrien 30258478Sobrien case ${accept_sourceroute} in 30358478Sobrien [Yy][Ee][Ss]) 30458478Sobrien echo -n ' accept source routing=YES' 30558478Sobrien sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 30658478Sobrien ;; 30758478Sobrien esac 30858478Sobrien 30958478Sobrien case ${tcp_keepalive} in 31058478Sobrien [Yy][Ee][Ss]) 31158478Sobrien echo -n ' TCP keepalive=YES' 31258478Sobrien sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 31358478Sobrien ;; 31458478Sobrien esac 31558478Sobrien 31658478Sobrien case ${tcp_restrict_rst} in 31758478Sobrien [Yy][Ee][Ss]) 31856810Sobrien echo -n ' restrict TCP reset=YES' 31956810Sobrien sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 32056810Sobrien ;; 32158478Sobrien esac 32256810Sobrien 32358478Sobrien case ${tcp_drop_synfin} in 32458478Sobrien [Yy][Ee][Ss]) 32558478Sobrien echo -n ' drop SYN+FIN packets=YES' 32658478Sobrien sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 32758478Sobrien ;; 32858478Sobrien esac 32958478Sobrien 33056810Sobrien case ${ipxgateway_enable} in 33134229Speter [Yy][Ee][Ss]) 33234229Speter echo -n ' IPX gateway=YES' 33334229Speter sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 33458478Sobrien ;; 33558478Sobrien esac 33652112Sobrien 33718349Speter case ${arpproxy_all} in 33858478Sobrien [Yy][Ee][Ss]) 33952112Sobrien echo -n ' ARP proxyall=YES' 34051408Sobrien sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 34151408Sobrien ;; 34251408Sobrien esac 34351408Sobrien echo '.' 34451408Sobrien 34551408Sobrien echo -n 'routing daemons:' 34618349Speter case ${router_enable} in 34773305Sobrien [Yy][Ee][Ss]) 34873305Sobrien echo -n " ${router}"; ${router} ${router_flags} 34973305Sobrien ;; 35073305Sobrien esac 35173305Sobrien 35273305Sobrien case ${ipxrouted_enable} in 35373305Sobrien [Yy][Ee][Ss]) 35473305Sobrien echo -n ' IPXrouted' 35573305Sobrien IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 35673305Sobrien ;; 35773305Sobrien esac 35873305Sobrien 35973305Sobrien case ${mrouted_enable} in 36073305Sobrien [Yy][Ee][Ss]) 36173305Sobrien echo -n ' mrouted'; mrouted ${mrouted_flags} 36273305Sobrien ;; 36373305Sobrien esac 36473305Sobrien 36573305Sobrien case ${rarpd_enable} in 36673305Sobrien [Yy][Ee][Ss]) 36773305Sobrien echo -n ' rarpd'; rarpd ${rarpd_flags} 36873305Sobrien ;; 36973305Sobrien esac 37073305Sobrien echo '.' 37173305Sobrien 37273305Sobrien # Let future generations know we made it. 37373305Sobrien # 37473305Sobrien network_pass1_done=YES 37573305Sobrien} 37673305Sobrien 37773305Sobriennetwork_pass2() { 37873305Sobrien echo -n 'Doing additional network setup:' 37973305Sobrien case ${named_enable} in 38073305Sobrien [Yy][Ee][Ss]) 38173305Sobrien echo -n ' named'; ${named_program:-named} ${named_flags} 38273305Sobrien ;; 38373305Sobrien esac 38473305Sobrien 38573305Sobrien case ${ntpdate_enable} in 38673305Sobrien [Yy][Ee][Ss]) 38773305Sobrien echo -n ' ntpdate' 38873305Sobrien ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 38973305Sobrien ;; 39073305Sobrien esac 39173305Sobrien 39273305Sobrien case ${xntpd_enable} in 39373305Sobrien [Yy][Ee][Ss]) 39473305Sobrien echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 39573305Sobrien ;; 39673305Sobrien esac 39773305Sobrien 39873305Sobrien case ${timed_enable} in 39973305Sobrien [Yy][Ee][Ss]) 40073305Sobrien echo -n ' timed'; timed ${timed_flags} 40173305Sobrien ;; 40273305Sobrien esac 40373305Sobrien 40473305Sobrien case ${portmap_enable} in 40573305Sobrien [Yy][Ee][Ss]) 40673305Sobrien echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 40773305Sobrien ;; 40873305Sobrien esac 40973305Sobrien 41073305Sobrien # Start ypserv if we're an NIS server. 41173305Sobrien # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 41273305Sobrien # 41358478Sobrien case ${nis_server_enable} in 41458478Sobrien [Yy][Ee][Ss]) 41558478Sobrien echo -n ' ypserv'; ypserv ${nis_server_flags} 41658478Sobrien 41758478Sobrien case ${nis_ypxfrd_enable} in 41858478Sobrien [Yy][Ee][Ss]) 41958478Sobrien echo -n ' rpc.ypxfrd' 42058478Sobrien rpc.ypxfrd ${nis_ypxfrd_flags} 42158478Sobrien ;; 42258478Sobrien esac 42358478Sobrien 42458478Sobrien case ${nis_yppasswdd_enable} in 42558478Sobrien [Yy][Ee][Ss]) 42658478Sobrien echo -n ' rpc.yppasswdd' 42758478Sobrien rpc.yppasswdd ${nis_yppasswdd_flags} 42858478Sobrien ;; 42958478Sobrien esac 43058478Sobrien ;; 43118334Speter esac 43258478Sobrien 43358478Sobrien # Start ypbind if we're an NIS client 43458478Sobrien # 43558478Sobrien case ${nis_client_enable} in 43651408Sobrien [Yy][Ee][Ss]) 43758478Sobrien echo -n ' ypbind'; ypbind ${nis_client_flags} 43858478Sobrien case ${nis_ypset_enable} in 43958478Sobrien [Yy][Ee][Ss]) 44051408Sobrien echo -n ' ypset'; ypset ${nis_ypset_flags} 44158478Sobrien ;; 44258478Sobrien esac 44334229Speter ;; 44458478Sobrien esac 44558478Sobrien 44658478Sobrien # Start keyserv if we are running Secure RPC 44758478Sobrien # 44858478Sobrien case ${keyserv_enable} in 44958478Sobrien [Yy][Ee][Ss]) 45058478Sobrien echo -n ' keyserv'; keyserv ${keyserv_flags} 45134229Speter ;; 45218334Speter esac 45358478Sobrien 45418349Speter # Start ypupdated if we are running Secure RPC and we are NIS master 45558478Sobrien # 45658478Sobrien case ${rpc_ypupdated_enable} in 45758478Sobrien [Yy][Ee][Ss]) 45858478Sobrien echo -n ' rpc.ypupdated'; rpc.ypupdated 45958478Sobrien ;; 46058478Sobrien esac 46158478Sobrien 46258478Sobrien # Start ATM daemons 46358478Sobrien if [ -n "${atm_pass2_done}" ]; then 46458478Sobrien atm_pass3 46558478Sobrien fi 46658478Sobrien 46758478Sobrien echo '.' 46858478Sobrien network_pass2_done=YES 46958478Sobrien} 47058478Sobrien 47158478Sobriennetwork_pass3() { 47258478Sobrien echo -n 'Starting final network daemons:' 47358478Sobrien 47418334Speter case ${nfs_server_enable} in 47518334Speter [Yy][Ee][Ss]) 47658478Sobrien if [ -r /etc/exports ]; then 47758478Sobrien echo -n ' mountd' 47858478Sobrien 47958478Sobrien case ${weak_mountd_authentication} in 48058478Sobrien [Yy][Ee][Ss]) 48158478Sobrien mountd_flags="-n" 48218334Speter ;; 48358478Sobrien esac 48458478Sobrien 48558478Sobrien mountd ${mountd_flags} 48658478Sobrien 48758478Sobrien case ${nfs_reserved_port_only} in 48858478Sobrien [Yy][Ee][Ss]) 48958478Sobrien echo -n ' NFS on reserved port only=YES' 49058478Sobrien sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 49158478Sobrien ;; 49258478Sobrien esac 49358478Sobrien 49458478Sobrien echo -n ' nfsd'; nfsd ${nfs_server_flags} 49558478Sobrien 49658478Sobrien case ${rpc_lockd_enable} in 49758478Sobrien [Yy][Ee][Ss]) 49858478Sobrien echo -n ' rpc.lockd'; rpc.lockd 49958478Sobrien ;; 50058478Sobrien esac 50158478Sobrien 50258478Sobrien case ${rpc_statd_enable} in 50358478Sobrien [Yy][Ee][Ss]) 50458478Sobrien echo -n ' rpc.statd'; rpc.statd 50558478Sobrien ;; 50658478Sobrien esac 50758478Sobrien fi 50834269Speter ;; 50958478Sobrien *) 51058478Sobrien case ${single_mountd_enable} in 51158478Sobrien [Yy][Ee][Ss]) 51258478Sobrien if [ -r /etc/exports ]; then 51358478Sobrien echo -n ' mountd' 51458478Sobrien 51558478Sobrien case ${weak_mountd_authentication} in 51658478Sobrien [Yy][Ee][Ss]) 51758478Sobrien mountd_flags="-n" 51834284Speter ;; 51958478Sobrien esac 52058478Sobrien 52158478Sobrien mountd ${mountd_flags} 52258478Sobrien fi 52358478Sobrien ;; 52458478Sobrien esac 52558478Sobrien ;; 52658478Sobrien esac 52758478Sobrien 52858478Sobrien case ${nfs_client_enable} in 52958478Sobrien [Yy][Ee][Ss]) 53058478Sobrien echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 53158478Sobrien if [ -n "${nfs_access_cache}" ]; then 53258478Sobrien echo -n " NFS access cache time=${nfs_access_cache}" 53358478Sobrien sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 53458478Sobrien >/dev/null 53558478Sobrien fi 53658478Sobrien ;; 53758478Sobrien esac 53858478Sobrien 53958478Sobrien # If /var/db/mounttab exists, some nfs-server has not been 54058478Sobrien # sucessfully notified about a previous client shutdown. 54158478Sobrien # If there is no /var/db/mounttab, we do nothing. 54258478Sobrien if [ -f /var/db/mounttab ]; then 54358478Sobrien rpc.umntall -k 54458478Sobrien fi 54558478Sobrien 54658478Sobrien case ${amd_enable} in 54758478Sobrien [Yy][Ee][Ss]) 54858478Sobrien echo -n ' amd' 54958478Sobrien case ${amd_map_program} in 55058478Sobrien [Nn][Oo] | '') 55158478Sobrien ;; 55258478Sobrien *) 55358478Sobrien amd_flags="${amd_flags} `eval ${amd_map_program}`" 55458478Sobrien ;; 55558478Sobrien esac 55658478Sobrien 55758478Sobrien if [ -n "${amd_flags}" ]; then 55858478Sobrien amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 55958478Sobrien else 56058478Sobrien amd 2> /dev/null 56118334Speter fi 56258478Sobrien ;; 56358478Sobrien esac 56458478Sobrien 56558478Sobrien case ${rwhod_enable} in 56658478Sobrien [Yy][Ee][Ss]) 56758478Sobrien echo -n ' rwhod'; rwhod ${rwhod_flags} 56858478Sobrien ;; 56958478Sobrien esac 57058478Sobrien 57158478Sobrien # Kerberos runs ONLY on the Kerberos server machine 57258478Sobrien case ${kerberos_server_enable} in 57358478Sobrien [Yy][Ee][Ss]) 57458478Sobrien case ${kerberos_stash} in 57558478Sobrien [Yy][Ee][Ss]) 57658478Sobrien stash_flag=-n 57758478Sobrien ;; 57858478Sobrien *) 57958478Sobrien stash_flag= 58058478Sobrien ;; 58158478Sobrien esac 58258478Sobrien 58358478Sobrien echo -n ' kerberos' 58458478Sobrien kerberos ${stash_flag} >> /var/log/kerberos.log & 58558478Sobrien 58658478Sobrien case ${kadmind_server_enable} in 58758478Sobrien [Yy][Ee][Ss]) 58858478Sobrien echo -n ' kadmind' 58958478Sobrien (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 59058478Sobrien ;; 59158478Sobrien esac 59258478Sobrien unset stash_flag 59358478Sobrien ;; 59458478Sobrien esac 59558478Sobrien 59658478Sobrien case ${pppoed_enable} in 59734229Speter [Yy][Ee][Ss]) 59858478Sobrien if [ -n "${pppoed_provider}" ]; then 59958478Sobrien pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 60058478Sobrien fi 60158478Sobrien echo -n ' pppoed'; 60234229Speter /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 60358478Sobrien ;; 60458478Sobrien esac 60558478Sobrien 60658478Sobrien case ${sshd_enable} in 60758478Sobrien [Yy][Ee][Ss]) 60858478Sobrien if [ ! -f /etc/ssh/ssh_host_key ]; then 60958478Sobrien echo creating ssh host key 61058478Sobrien /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 61158478Sobrien echo now starting sshd 61258478Sobrien else 61358478Sobrien echo -n ' sshd'; 61458478Sobrien fi 61558478Sobrien ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} 61658478Sobrien ;; 61758478Sobrien esac 61858478Sobrien 61958478Sobrien echo '.' 62058478Sobrien network_pass3_done=YES 62158478Sobrien} 62258478Sobrien 62358478Sobriennetwork_pass4() { 62458478Sobrien echo -n 'Additional TCP options:' 62558478Sobrien case ${log_in_vain} in 62673305Sobrien [Nn][Oo] | '') 62773305Sobrien ;; 62873305Sobrien *) 62973305Sobrien echo -n ' log_in_vain=YES' 63073305Sobrien sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 63173305Sobrien sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 63273305Sobrien ;; 63373305Sobrien esac 63473305Sobrien 63573305Sobrien echo '.' 63673305Sobrien network_pass4_done=YES 63773305Sobrien} 63873305Sobrien