defaultroute revision 70129 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/routing 70129 2000-12-17 22:14:49Z dougb $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	case "${ipfilter_enable}" in
64	[Yy][Ee][Ss])
65		if [ -r "${ipfilter_rules}" ]; then
66			echo -n ' ipfilter';
67			${ipfilter_program:-/sbin/ipf -Fa -f} \
68			    "${ipfilter_rules}" ${ipfilter_flags}
69			case "${ipmon_enable}" in
70			[Yy][Ee][Ss])
71				echo -n ' ipmon'
72				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
73				;;
74			esac
75			case "${ipnat_enable}" in
76			[Yy][Ee][Ss])
77				if [ -r "${ipnat_rules}" ]; then
78					echo -n ' ipnat';
79				eval ${ipnat_program:-/sbin/ipnat -CF -f} \
80					"${ipnat_rules}" ${ipnat_flags}
81				else
82					echo -n ' NO IPNAT RULES'
83				fi
84				;;
85			esac
86		else
87			ipfilter_enable="NO"
88			echo -n ' NO IPF RULES'
89		fi
90		;;
91	esac
92
93	# Set the domainname if we're using NIS
94	#
95	case ${nisdomainname} in
96	[Nn][Oo] | '')
97		;;
98	*)
99		domainname ${nisdomainname}
100		echo -n ' domain'
101		;;
102	esac
103
104	echo '.'
105
106	# Initial ATM interface configuration
107	#
108	case ${atm_enable} in
109	[Yy][Ee][Ss])
110		if [ -r /etc/rc.atm ]; then
111			. /etc/rc.atm
112			atm_pass1
113		fi
114		;;
115	esac
116
117	# Special options for sppp(4) interfaces go here.  These need
118	# to go _before_ the general ifconfig section, since in the case
119	# of hardwired (no link1 flag) but required authentication, you
120	# cannot pass auth parameters down to the already running interface.
121	#
122	for ifn in ${sppp_interfaces}; do
123		eval spppcontrol_args=\$spppconfig_${ifn}
124		if [ -n "${spppcontrol_args}" ]; then
125			# The auth secrets might contain spaces; in order
126			# to retain the quotation, we need to eval them
127			# here.
128			eval spppcontrol ${ifn} ${spppcontrol_args}
129		fi
130	done
131
132	# Set up all the network interfaces, calling startup scripts if needed
133	#
134	case ${network_interfaces} in
135	[Aa][Uu][Tt][Oo])
136		network_interfaces="`ifconfig -l`"
137		;;
138	esac
139
140	dhcp_interfaces=""
141	for ifn in ${network_interfaces}; do
142		if [ -r /etc/start_if.${ifn} ]; then
143			. /etc/start_if.${ifn}
144			eval showstat_$ifn=1
145		fi
146
147		# Do the primary ifconfig if specified
148		#
149		eval ifconfig_args=\$ifconfig_${ifn}
150
151		case ${ifconfig_args} in
152		'')
153			;;
154		[Dd][Hh][Cc][Pp])
155			# DHCP inits are done all in one go below
156			dhcp_interfaces="$dhcp_interfaces $ifn"
157			eval showstat_$ifn=1
158			;;
159		*)
160			ifconfig ${ifn} ${ifconfig_args}
161			eval showstat_$ifn=1
162			;;
163		esac
164	done
165
166	if [ ! -z "${dhcp_interfaces}" ]; then
167		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
168	fi
169
170	for ifn in ${network_interfaces}; do
171		# Check to see if aliases need to be added
172		#
173		alias=0
174		while : ; do
175			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
176			if [ -n "${ifconfig_args}" ]; then
177				ifconfig ${ifn} ${ifconfig_args} alias
178				eval showstat_$ifn=1
179				alias=`expr ${alias} + 1`
180			else
181				break;
182			fi
183		done
184
185		# Do ipx address if specified
186		#
187		eval ifconfig_args=\$ifconfig_${ifn}_ipx
188		if [ -n "${ifconfig_args}" ]; then
189			ifconfig ${ifn} ${ifconfig_args}
190			eval showstat_$ifn=1
191		fi
192	done
193
194	for ifn in ${network_interfaces}; do
195		eval showstat=\$showstat_${ifn}
196		if [ ! -z ${showstat} ]; then
197			ifconfig ${ifn}
198		fi
199	done
200
201	# ISDN subsystem startup
202	#
203	case ${isdn_enable} in
204	[Yy][Ee][Ss])
205		if [ -r /etc/rc.isdn ]; then
206			. /etc/rc.isdn
207		fi
208		;;
209	esac
210
211	# Start user ppp if required.  This must happen before natd.
212	#
213	case ${ppp_enable} in
214	[Yy][Ee][Ss])
215		# Establish ppp mode.
216		#
217		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
218			-a "${ppp_mode}" != "dedicated" \
219			-a "${ppp_mode}" != "background" ]; then
220			ppp_mode="auto"
221		fi
222
223		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
224
225		# Switch on NAT mode?
226		#
227		case ${ppp_nat} in
228		[Yy][Ee][Ss])
229			ppp_command="${ppp_command} -nat"
230			;;
231		esac
232
233		ppp_command="${ppp_command} ${ppp_profile}"
234
235		echo -n "Starting ppp as \"${ppp_user}\""
236		su -m ${ppp_user} -c "exec ${ppp_command}"
237		;;
238	esac
239
240	# Initialize IP filtering using ipfw
241	#
242	if /sbin/ipfw -q flush > /dev/null 2>&1; then
243		firewall_in_kernel=1
244	else
245		firewall_in_kernel=0
246	fi
247
248	case ${firewall_enable} in
249	[Yy][Ee][Ss])
250		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
251			firewall_in_kernel=1
252			echo 'Kernel firewall module loaded'
253		elif [ "${firewall_in_kernel}" -eq 0 ]; then
254			echo 'Warning: firewall kernel module failed to load'
255		fi
256		;;
257	esac
258
259	# Load the filters if required
260	#
261	case ${firewall_in_kernel} in
262	1)
263		if [ -z "${firewall_script}" ]; then
264			firewall_script=/etc/rc.firewall
265		fi
266
267		case ${firewall_enable} in
268		[Yy][Ee][Ss])
269			if [ -r "${firewall_script}" ]; then
270				. "${firewall_script}"
271				echo -n 'Firewall rules loaded, starting divert daemons:'
272
273				# Network Address Translation daemon
274				#
275				case ${natd_enable} in
276				[Yy][Ee][Ss])
277					if [ -n "${natd_interface}" ]; then
278						if echo ${natd_interface} | \
279							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
280							natd_ifarg="-a ${natd_interface}"
281						else
282							natd_ifarg="-n ${natd_interface}"
283						fi
284
285						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
286					fi
287					;;
288				esac
289
290				echo '.'
291
292			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
293				echo 'Warning: kernel has firewall functionality,' \
294				     'but firewall rules are not enabled.'
295				echo '		 All ip services are disabled.'
296			fi
297
298			case ${firewall_logging} in
299			[Yy][Ee][Ss] | '')
300				echo 'Firewall logging=YES'
301				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
302				;;
303			*)
304				;;
305			esac
306
307			;;
308		esac
309		;;
310	esac
311
312	# Additional ATM interface configuration
313	#
314	if [ -n "${atm_pass1_done}" ]; then
315		atm_pass2
316	fi
317
318	# Configure routing
319	#
320	case ${defaultrouter} in
321	[Nn][Oo] | '')
322		;;
323	*)
324		static_routes="default ${static_routes}"
325		route_default="default ${defaultrouter}"
326		;;
327	esac
328
329	# Set up any static routes.  This should be done before router discovery.
330	#
331	if [ -n "${static_routes}" ]; then
332		for i in ${static_routes}; do
333			eval route_args=\$route_${i}
334			route add ${route_args}
335		done
336	fi
337
338	echo -n 'Additional routing options:'
339	case ${tcp_extensions} in
340	[Yy][Ee][Ss] | '')
341		;;
342	*)
343		echo -n ' tcp extensions=NO'
344		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
345		;;
346	esac
347
348	case ${icmp_bmcastecho} in
349	[Yy][Ee][Ss])
350		echo -n ' broadcast ping responses=YES'
351		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
352		;;
353	esac
354
355	case ${icmp_drop_redirect} in
356	[Yy][Ee][Ss])
357		echo -n ' ignore ICMP redirect=YES'
358		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
359		;;
360	esac
361
362	case ${icmp_log_redirect} in
363	[Yy][Ee][Ss])
364		echo -n ' log ICMP redirect=YES'
365		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
366		;;
367	esac
368
369	case ${gateway_enable} in
370	[Yy][Ee][Ss])
371		echo -n ' IP gateway=YES'
372		sysctl -w net.inet.ip.forwarding=1 >/dev/null
373		;;
374	esac
375
376	case ${forward_sourceroute} in
377	[Yy][Ee][Ss])
378		echo -n ' do source routing=YES'
379		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
380		;;
381	esac
382
383	case ${accept_sourceroute} in
384	[Yy][Ee][Ss])
385		echo -n ' accept source routing=YES'
386		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
387		;;
388	esac
389
390	case ${tcp_keepalive} in
391	[Yy][Ee][Ss])
392		echo -n ' TCP keepalive=YES'
393		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
394		;;
395	esac
396
397	case ${tcp_restrict_rst} in
398	[Yy][Ee][Ss])
399		echo -n ' restrict TCP reset=YES'
400		sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
401		;;
402	esac
403
404	case ${tcp_drop_synfin} in
405	[Yy][Ee][Ss])
406		echo -n ' drop SYN+FIN packets=YES'
407		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
408		;;
409	esac
410
411	case ${ipxgateway_enable} in
412	[Yy][Ee][Ss])
413		echo -n ' IPX gateway=YES'
414		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
415		;;
416	esac
417
418	case ${arpproxy_all} in
419	[Yy][Ee][Ss])
420		echo -n ' ARP proxyall=YES'
421		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
422		;;
423	esac
424
425	case ${ip_portrange_first} in
426	[Nn][Oo] | '')
427		;;
428	*)
429		echo -n " ip_portrange_first=$ip_portrange_first"
430		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
431		;;
432	esac
433
434	case ${ip_portrange_last} in
435	[Nn][Oo] | '')
436		;;
437	*)
438		echo -n " ip_portrange_last=$ip_portrange_last"
439		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
440		;;
441	esac
442
443	echo '.'
444
445	case ${ipsec_enable} in
446	[Yy][Ee][Ss])
447		if [ -f ${ipsec_file} ]; then
448		    echo ' ipsec: enabled'
449		    setkey -f ${ipsec_file}
450		else
451		    echo ' ipsec: file not found'
452		fi
453		;;
454	esac
455
456	echo -n 'Routing daemons:'
457	case ${router_enable} in
458	[Yy][Ee][Ss])
459		echo -n " ${router}";	${router} ${router_flags}
460		;;
461	esac
462
463	case ${ipxrouted_enable} in
464	[Yy][Ee][Ss])
465		echo -n ' IPXrouted'
466		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
467		;;
468	esac
469
470	case ${mrouted_enable} in
471	[Yy][Ee][Ss])
472		echo -n ' mrouted';	mrouted ${mrouted_flags}
473		;;
474	esac
475
476	case ${rarpd_enable} in
477	[Yy][Ee][Ss])
478		echo -n ' rarpd';	rarpd ${rarpd_flags}
479		;;
480	esac
481	echo '.'
482
483	# Let future generations know we made it.
484	#
485	network_pass1_done=YES
486}
487
488network_pass2() {
489	echo -n 'Doing additional network setup:'
490	case ${named_enable} in
491	[Yy][Ee][Ss])
492		echo -n ' named';	${named_program:-named} ${named_flags}
493		;;
494	esac
495
496	case ${ntpdate_enable} in
497	[Yy][Ee][Ss])
498		echo -n ' ntpdate'
499		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
500		;;
501	esac
502
503	case ${xntpd_enable} in
504	[Yy][Ee][Ss])
505		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
506		;;
507	esac
508
509	case ${timed_enable} in
510	[Yy][Ee][Ss])
511		echo -n ' timed';	timed ${timed_flags}
512		;;
513	esac
514
515	case ${portmap_enable} in
516	[Yy][Ee][Ss])
517		echo -n ' portmap';	${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
518		;;
519	esac
520
521	# Start ypserv if we're an NIS server.
522	# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
523	#
524	case ${nis_server_enable} in
525	[Yy][Ee][Ss])
526		echo -n ' ypserv'; ypserv ${nis_server_flags}
527
528		case ${nis_ypxfrd_enable} in
529		[Yy][Ee][Ss])
530			echo -n ' rpc.ypxfrd'
531			rpc.ypxfrd ${nis_ypxfrd_flags}
532			;;
533		esac
534
535		case ${nis_yppasswdd_enable} in
536		[Yy][Ee][Ss])
537			echo -n ' rpc.yppasswdd'
538			rpc.yppasswdd ${nis_yppasswdd_flags}
539			;;
540		esac
541		;;
542	esac
543
544	# Start ypbind if we're an NIS client
545	#
546	case ${nis_client_enable} in
547	[Yy][Ee][Ss])
548		echo -n ' ypbind'; ypbind ${nis_client_flags}
549		case ${nis_ypset_enable} in
550		[Yy][Ee][Ss])
551			echo -n ' ypset';	ypset ${nis_ypset_flags}
552			;;
553		esac
554		;;
555	esac
556
557	# Start keyserv if we are running Secure RPC
558	#
559	case ${keyserv_enable} in
560	[Yy][Ee][Ss])
561		echo -n ' keyserv';	keyserv ${keyserv_flags}
562		;;
563	esac
564
565	# Start ypupdated if we are running Secure RPC and we are NIS master
566	#
567	case ${rpc_ypupdated_enable} in
568	[Yy][Ee][Ss])
569		echo -n ' rpc.ypupdated';	rpc.ypupdated
570		;;
571	esac
572
573	# Start ATM daemons
574	if [ -n "${atm_pass2_done}" ]; then
575		atm_pass3
576	fi
577
578	echo '.'
579	network_pass2_done=YES
580}
581
582network_pass3() {
583	echo -n 'Starting final network daemons:'
584
585	case ${nfs_server_enable} in
586	[Yy][Ee][Ss])
587		if [ -r /etc/exports ]; then
588			echo -n ' mountd'
589
590			case ${weak_mountd_authentication} in
591			[Yy][Ee][Ss])
592				mountd_flags="${mountd_flags} -n"
593				;;
594			esac
595
596			mountd ${mountd_flags}
597
598			case ${nfs_reserved_port_only} in
599			[Yy][Ee][Ss])
600				echo -n ' NFS on reserved port only=YES'
601				sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
602				;;
603			esac
604
605			echo -n ' nfsd';	nfsd ${nfs_server_flags}
606
607			if [ -n "${nfs_bufpackets}" ]; then
608				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
609					> /dev/null
610			fi
611
612			case ${rpc_lockd_enable} in
613			[Yy][Ee][Ss])
614				echo -n ' rpc.lockd';	rpc.lockd
615				;;
616			esac
617
618			case ${rpc_statd_enable} in
619			[Yy][Ee][Ss])
620				echo -n ' rpc.statd';	rpc.statd
621				;;
622			esac
623		fi
624		;;
625	*)
626		case ${single_mountd_enable} in
627		[Yy][Ee][Ss])
628			if [ -r /etc/exports ]; then
629				echo -n ' mountd'
630
631				case ${weak_mountd_authentication} in
632				[Yy][Ee][Ss])
633					mountd_flags="-n"
634					;;
635				esac
636
637				mountd ${mountd_flags}
638			fi
639			;;
640		esac
641		;;
642	esac
643
644	case ${nfs_client_enable} in
645	[Yy][Ee][Ss])
646		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
647		if [ -n "${nfs_access_cache}" ]; then
648		echo -n " NFS access cache time=${nfs_access_cache}"
649		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
650			>/dev/null
651		fi
652		;;
653	esac
654
655	# If /var/db/mounttab exists, some nfs-server has not been
656	# sucessfully notified about a previous client shutdown.
657	# If there is no /var/db/mounttab, we do nothing.
658	if [ -f /var/db/mounttab ]; then
659		rpc.umntall -k
660	fi
661
662	case ${amd_enable} in
663	[Yy][Ee][Ss])
664		echo -n ' amd'
665		case ${amd_map_program} in
666		[Nn][Oo] | '')
667			;;
668		*)
669			amd_flags="${amd_flags} `eval ${amd_map_program}`"
670			;;
671		esac
672
673		if [ -n "${amd_flags}" ]; then
674			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
675		else
676			amd 2> /dev/null
677		fi
678		;;
679	esac
680
681	case ${rwhod_enable} in
682	[Yy][Ee][Ss])
683		echo -n ' rwhod';	rwhod ${rwhod_flags}
684		;;
685	esac
686
687	# Kerberos runs ONLY on the Kerberos server machine
688	case ${kerberos_server_enable} in
689	[Yy][Ee][Ss])
690		case ${kerberos_stash} in
691		[Yy][Ee][Ss])
692			stash_flag=-n
693			;;
694		*)
695			stash_flag=
696			;;
697		esac
698
699		echo -n ' kerberos'
700		kerberos ${stash_flag} >> /var/log/kerberos.log &
701
702		case ${kadmind_server_enable} in
703		[Yy][Ee][Ss])
704			echo -n ' kadmind'
705			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
706			;;
707		esac
708		unset stash_flag
709		;;
710	esac
711
712	case ${pppoed_enable} in
713	[Yy][Ee][Ss])
714		if [ -n "${pppoed_provider}" ]; then
715			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
716		fi
717		echo -n ' pppoed';
718		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
719		;;
720	esac
721
722	case ${sshd_enable} in
723	[Yy][Ee][Ss])
724		if [ ! -f /etc/ssh/ssh_host_key ]; then
725			echo ' creating ssh RSA host key';
726			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
727		fi
728		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
729			echo ' creating ssh DSA host key';
730			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
731		fi
732		;;
733	esac
734
735	echo '.'
736	network_pass3_done=YES
737}
738
739network_pass4() {
740	echo -n 'Additional TCP options:'
741	case ${log_in_vain} in
742	[Nn][Oo] | '')
743		;;
744	*)
745		echo -n ' log_in_vain=YES'
746		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
747		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
748		;;
749	esac
750
751	echo '.'
752	network_pass4_done=YES
753}
754
755convert_host_conf() {
756    host_conf=$1; shift;
757    nsswitch_conf=$1; shift;
758    awk '                                                                   \
759        /^[:blank:]*#/       { next }                                       \
760        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
761        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
762        /nis/                { nsswitch[c] = "nis";   c++; next }           \
763        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
764        END {                                                               \
765                printf "hosts: ";                                           \
766                for (i in nsswitch) printf "%s ", nsswitch[i];              \
767                printf "\n";                                                \
768        }' < $host_conf > $nsswitch_conf
769}
770
771