defaultroute revision 74462
1181111Sdes#!/bin/sh - 2107553Sdes# 399059Sdes# Copyright (c) 1993 The FreeBSD Project 4157020Sdes# All rights reserved. 5157020Sdes# 6157020Sdes# Redistribution and use in source and binary forms, with or without 7124244Sdes# modification, are permitted provided that the following conditions 8157020Sdes# are met: 9157020Sdes# 1. Redistributions of source code must retain the above copyright 1099059Sdes# notice, this list of conditions and the following disclaimer. 11181111Sdes# 2. Redistributions in binary form must reproduce the above copyright 12181111Sdes# notice, this list of conditions and the following disclaimer in the 13181111Sdes# documentation and/or other materials provided with the distribution. 14157020Sdes# 15157020Sdes# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1699059Sdes# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17157020Sdes# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18157020Sdes# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1999059Sdes# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20157020Sdes# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21157020Sdes# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22124244Sdes# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23157020Sdes# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24157020Sdes# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25124244Sdes# SUCH DAMAGE. 26181111Sdes# 27181111Sdes# $FreeBSD: head/etc/rc.d/routing 74462 2001-03-19 12:50:13Z alfred $ 28181111Sdes# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2999059Sdes# 3099059Sdes 3199059Sdes# Note that almost all of the user-configurable behavior is no longer in 32157020Sdes# this file, but rather in /etc/defaults/rc.conf. Please check that file 33157020Sdes# first before contemplating any changes here. If you do need to change 3499059Sdes# this file for some reason, we would like to know about it. 35157020Sdes 36157020Sdes# First pass startup stuff. 3799059Sdes# 38157020Sdesnetwork_pass1() { 39157020Sdes echo -n 'Doing initial network setup:' 40157020Sdes 4199059Sdes # Convert host.conf to nsswitch.conf if necessary 42181111Sdes if [ -f "/etc/host.conf" ]; then 43181111Sdes echo '' 44181111Sdes echo 'Warning: /etc/host.conf is no longer used' 4599059Sdes if [ -f "/etc/nsswitch.conf" ]; then 4699059Sdes echo ' /etc/nsswitch.conf will be used instead' 4799059Sdes else 48157020Sdes echo ' /etc/nsswitch.conf will be created for you' 49157020Sdes convert_host_conf /etc/host.conf /etc/nsswitch.conf 5099059Sdes fi 51157020Sdes fi 52157020Sdes 5399059Sdes # Set the host name if it is not already set 54157020Sdes # 55157020Sdes if [ -z "`hostname -s`" ]; then 5699059Sdes hostname ${hostname} 57157020Sdes echo -n ' hostname' 58157020Sdes fi 59124244Sdes 60157020Sdes # Establish ipfilter ruleset as early as possible (best in 61157020Sdes # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 62128462Sdes # 63157020Sdes case "${ipfilter_enable}" in 64157020Sdes [Yy][Ee][Ss]) 6599059Sdes if [ -r "${ipfilter_rules}" ]; then 66181111Sdes echo -n ' ipfilter'; 67181111Sdes ${ipfilter_program:-/sbin/ipf -Fa -f} \ 68181111Sdes "${ipfilter_rules}" ${ipfilter_flags} 69157020Sdes case "${ipmon_enable}" in 70157020Sdes [Yy][Ee][Ss]) 7199059Sdes echo -n ' ipmon' 72157020Sdes ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 73157020Sdes ;; 7499059Sdes esac 75157020Sdes case "${ipnat_enable}" in 76157020Sdes [Yy][Ee][Ss]) 7799059Sdes if [ -r "${ipnat_rules}" ]; then 78157020Sdes echo -n ' ipnat'; 79157020Sdes eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 8099059Sdes "${ipnat_rules}" ${ipnat_flags} 81157020Sdes else 82157020Sdes echo -n ' NO IPNAT RULES' 8399059Sdes fi 84157020Sdes ;; 85157020Sdes esac 8699059Sdes else 87157020Sdes ipfilter_enable="NO" 88157020Sdes echo -n ' NO IPF RULES' 8999059Sdes fi 90157020Sdes ;; 91157020Sdes esac 9299059Sdes 93157020Sdes # Set the domainname if we're using NIS 94157020Sdes # 9599059Sdes case ${nisdomainname} in 96157020Sdes [Nn][Oo] | '') 97157020Sdes ;; 9899059Sdes *) 9999059Sdes domainname ${nisdomainname} 10099059Sdes echo -n ' domain' 10199059Sdes ;; 10299059Sdes esac 10399059Sdes 10499059Sdes echo '.' 10599059Sdes 10699059Sdes # Initial ATM interface configuration 10799059Sdes # 108157020Sdes case ${atm_enable} in 109157020Sdes [Yy][Ee][Ss]) 11099059Sdes if [ -r /etc/rc.atm ]; then 11199059Sdes . /etc/rc.atm 11299059Sdes atm_pass1 11399059Sdes fi 11499059Sdes ;; 11599059Sdes esac 11699059Sdes 11799059Sdes # Special options for sppp(4) interfaces go here. These need 11899059Sdes # to go _before_ the general ifconfig section, since in the case 11999059Sdes # of hardwired (no link1 flag) but required authentication, you 12099059Sdes # cannot pass auth parameters down to the already running interface. 12199059Sdes # 12299059Sdes for ifn in ${sppp_interfaces}; do 123157020Sdes eval spppcontrol_args=\$spppconfig_${ifn} 124157020Sdes if [ -n "${spppcontrol_args}" ]; then 12599059Sdes # The auth secrets might contain spaces; in order 126181111Sdes # to retain the quotation, we need to eval them 127181111Sdes # here. 128181111Sdes eval spppcontrol ${ifn} ${spppcontrol_args} 129157020Sdes fi 130157020Sdes done 13199059Sdes 132157020Sdes # Set up all the network interfaces, calling startup scripts if needed 133157020Sdes # 13499059Sdes case ${network_interfaces} in 13599059Sdes [Aa][Uu][Tt][Oo]) 136159458Sdes network_interfaces="`ifconfig -l`" 13799059Sdes ;; 13899059Sdes esac 139159458Sdes 14099059Sdes dhcp_interfaces="" 141157020Sdes for ifn in ${network_interfaces}; do 142157020Sdes if [ -r /etc/start_if.${ifn} ]; then 14399059Sdes . /etc/start_if.${ifn} 144157020Sdes eval showstat_$ifn=1 145157020Sdes fi 146124244Sdes 147157020Sdes # Do the primary ifconfig if specified 148157020Sdes # 14999059Sdes eval ifconfig_args=\$ifconfig_${ifn} 150157020Sdes 151157020Sdes case ${ifconfig_args} in 15299059Sdes '') 153157020Sdes ;; 154157020Sdes [Dd][Hh][Cc][Pp]) 15599059Sdes # DHCP inits are done all in one go below 156157020Sdes dhcp_interfaces="$dhcp_interfaces $ifn" 157157020Sdes eval showstat_$ifn=1 15899059Sdes ;; 159157020Sdes *) 160157020Sdes ifconfig ${ifn} ${ifconfig_args} 16199059Sdes eval showstat_$ifn=1 162157020Sdes ;; 163157020Sdes esac 16499059Sdes done 165181111Sdes 166181111Sdes if [ ! -z "${dhcp_interfaces}" ]; then 167181111Sdes ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 168181111Sdes fi 169181111Sdes 170181111Sdes for ifn in ${network_interfaces}; do 171157020Sdes # Check to see if aliases need to be added 172157020Sdes # 17399059Sdes alias=0 174157020Sdes while : ; do 175157020Sdes eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 17699059Sdes if [ -n "${ifconfig_args}" ]; then 177181111Sdes ifconfig ${ifn} ${ifconfig_args} alias 178181111Sdes eval showstat_$ifn=1 179181111Sdes alias=`expr ${alias} + 1` 180149754Sdes else 181149754Sdes break; 182149754Sdes fi 183181111Sdes done 184181111Sdes 185181111Sdes # Do ipx address if specified 186107553Sdes # 18799059Sdes eval ifconfig_args=\$ifconfig_${ifn}_ipx 18899059Sdes if [ -n "${ifconfig_args}" ]; then 189113912Sdes ifconfig ${ifn} ${ifconfig_args} 190113912Sdes eval showstat_$ifn=1 191113912Sdes fi 192157020Sdes done 193157020Sdes 194157020Sdes for ifn in ${network_interfaces}; do 195107553Sdes eval showstat=\$showstat_${ifn} 19699059Sdes if [ ! -z ${showstat} ]; then 19799059Sdes ifconfig ${ifn} 198107553Sdes fi 19999059Sdes done 20099059Sdes 201147006Sdes # ISDN subsystem startup 202147006Sdes # 203147006Sdes case ${isdn_enable} in 204107553Sdes [Yy][Ee][Ss]) 20599059Sdes if [ -r /etc/rc.isdn ]; then 20699059Sdes . /etc/rc.isdn 207107553Sdes fi 20899059Sdes ;; 20999059Sdes esac 210157020Sdes 211157020Sdes # Start user ppp if required. This must happen before natd. 212157020Sdes # 213137019Sdes case ${ppp_enable} in 214137019Sdes [Yy][Ee][Ss]) 215137019Sdes # Establish ppp mode. 216124244Sdes # 217147006Sdes if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 218124244Sdes -a "${ppp_mode}" != "dedicated" \ 219157020Sdes -a "${ppp_mode}" != "background" ]; then 220157020Sdes ppp_mode="auto" 221157020Sdes fi 222162860Sdes 223162860Sdes ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 224162860Sdes 225107553Sdes # Switch on NAT mode? 22699059Sdes # 22799059Sdes case ${ppp_nat} in 228157020Sdes [Yy][Ee][Ss]) 229157020Sdes ppp_command="${ppp_command} -nat" 230157020Sdes ;; 231157020Sdes esac 232157020Sdes 233157020Sdes ppp_command="${ppp_command} ${ppp_profile}" 234147006Sdes 235147006Sdes echo -n "Starting ppp as \"${ppp_user}\"" 236147006Sdes su -m ${ppp_user} -c "exec ${ppp_command}" 237147006Sdes ;; 238162860Sdes esac 239162860Sdes 240162860Sdes # Initialize IP filtering using ipfw 241162860Sdes # 242137019Sdes if /sbin/ipfw -q flush > /dev/null 2>&1; then 243137019Sdes firewall_in_kernel=1 244137019Sdes else 245137019Sdes firewall_in_kernel=0 246147006Sdes fi 247147006Sdes 248147006Sdes case ${firewall_enable} in 249147006Sdes [Yy][Ee][Ss]) 250147006Sdes if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 251147006Sdes firewall_in_kernel=1 252147006Sdes echo 'Kernel firewall module loaded' 253147006Sdes elif [ "${firewall_in_kernel}" -eq 0 ]; then 254147006Sdes echo 'Warning: firewall kernel module failed to load' 255147006Sdes fi 256147006Sdes ;; 257147006Sdes esac 258181111Sdes 259181111Sdes # Load the filters if required 260181111Sdes # 261181111Sdes case ${firewall_in_kernel} in 262181111Sdes 1) 263181111Sdes if [ -z "${firewall_script}" ]; then 264181111Sdes firewall_script=/etc/rc.firewall 265181111Sdes fi 266162860Sdes 267162860Sdes case ${firewall_enable} in 268162860Sdes [Yy][Ee][Ss]) 269162860Sdes if [ -r "${firewall_script}" ]; then 270147006Sdes . "${firewall_script}" 271147006Sdes echo -n 'Firewall rules loaded, starting divert daemons:' 272147006Sdes 273147006Sdes # Network Address Translation daemon 274147006Sdes # 275147006Sdes case ${natd_enable} in 276147006Sdes [Yy][Ee][Ss]) 277147006Sdes if [ -n "${natd_interface}" ]; then 278162860Sdes if echo ${natd_interface} | \ 279162860Sdes grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 280162860Sdes natd_ifarg="-a ${natd_interface}" 281162860Sdes else 282162860Sdes natd_ifarg="-n ${natd_interface}" 283162860Sdes fi 284162860Sdes 285162860Sdes echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 286149754Sdes fi 287149754Sdes ;; 288149754Sdes esac 289149754Sdes 290149754Sdes echo '.' 291149754Sdes 292149754Sdes elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 293149754Sdes echo 'Warning: kernel has firewall functionality,' \ 294157020Sdes 'but firewall rules are not enabled.' 295162860Sdes echo ' All ip services are disabled.' 296157020Sdes fi 297157020Sdes 298157020Sdes case ${firewall_logging} in 299157020Sdes [Yy][Ee][Ss] | '') 300137019Sdes echo 'Firewall logging=YES' 301137019Sdes sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 302137019Sdes ;; 303137019Sdes *) 304137019Sdes ;; 305137019Sdes esac 306107553Sdes 30799059Sdes ;; 30899059Sdes esac 309107553Sdes ;; 31099059Sdes esac 31199059Sdes 312107553Sdes # Additional ATM interface configuration 31399319Sdes # 31499059Sdes if [ -n "${atm_pass1_done}" ]; then 315107553Sdes atm_pass2 31699059Sdes fi 31799059Sdes 318157020Sdes # Configure routing 319157020Sdes # 320157020Sdes case ${defaultrouter} in 321162860Sdes [Nn][Oo] | '') 322162860Sdes ;; 323162860Sdes *) 324157020Sdes static_routes="default ${static_routes}" 325157020Sdes route_default="default ${defaultrouter}" 326157020Sdes ;; 327107553Sdes esac 32899059Sdes 32999059Sdes # Set up any static routes. This should be done before router discovery. 330107553Sdes # 33199059Sdes if [ -n "${static_routes}" ]; then 33299059Sdes for i in ${static_routes}; do 333162860Sdes eval route_args=\$route_${i} 334162860Sdes route add ${route_args} 335162860Sdes done 336162860Sdes fi 337162860Sdes 338162860Sdes echo -n 'Additional routing options:' 339124244Sdes case ${tcp_extensions} in 340124244Sdes [Yy][Ee][Ss] | '') 341124244Sdes ;; 342107553Sdes *) 34399059Sdes echo -n ' tcp extensions=NO' 34499059Sdes sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 345181111Sdes ;; 346181111Sdes esac 347181111Sdes 348107553Sdes case ${icmp_bmcastecho} in 34999059Sdes [Yy][Ee][Ss]) 35099059Sdes echo -n ' broadcast ping responses=YES' 351181111Sdes sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 352181111Sdes ;; 353181111Sdes esac 354181111Sdes 355181111Sdes case ${icmp_drop_redirect} in 356181111Sdes [Yy][Ee][Ss]) 357181111Sdes echo -n ' ignore ICMP redirect=YES' 358181111Sdes sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 359181111Sdes ;; 360107553Sdes esac 36199059Sdes 36299059Sdes case ${icmp_log_redirect} in 363107553Sdes [Yy][Ee][Ss]) 36499059Sdes echo -n ' log ICMP redirect=YES' 36599059Sdes sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 366107553Sdes ;; 36799059Sdes esac 36899059Sdes 369147006Sdes case ${gateway_enable} in 370147006Sdes [Yy][Ee][Ss]) 371147006Sdes echo -n ' IP gateway=YES' 372147006Sdes sysctl -w net.inet.ip.forwarding=1 >/dev/null 373147006Sdes ;; 374147006Sdes esac 375107553Sdes 37699059Sdes case ${forward_sourceroute} in 37799059Sdes [Yy][Ee][Ss]) 378107553Sdes echo -n ' do source routing=YES' 37999059Sdes sysctl -w net.inet.ip.sourceroute=1 >/dev/null 38099059Sdes ;; 381181111Sdes esac 382181111Sdes 383181111Sdes case ${accept_sourceroute} in 384107553Sdes [Yy][Ee][Ss]) 38599059Sdes echo -n ' accept source routing=YES' 38699059Sdes sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 387107553Sdes ;; 38899059Sdes esac 38999059Sdes 390107553Sdes case ${tcp_keepalive} in 39199059Sdes [Yy][Ee][Ss]) 39299059Sdes echo -n ' TCP keepalive=YES' 393107553Sdes sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 394107553Sdes ;; 39599059Sdes esac 396157020Sdes 397157020Sdes case ${tcp_restrict_rst} in 398157020Sdes [Yy][Ee][Ss]) 399157020Sdes echo -n ' restrict TCP reset=YES' 400157020Sdes sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 401157020Sdes ;; 402107553Sdes esac 403107553Sdes 404107553Sdes case ${tcp_drop_synfin} in 405181111Sdes [Yy][Ee][Ss]) 406181111Sdes echo -n ' drop SYN+FIN packets=YES' 407181111Sdes sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 408107553Sdes ;; 40999059Sdes esac 41099059Sdes 411107553Sdes case ${ipxgateway_enable} in 41299059Sdes [Yy][Ee][Ss]) 41399059Sdes echo -n ' IPX gateway=YES' 414157020Sdes sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 415157020Sdes ;; 416157020Sdes esac 417107553Sdes 418124244Sdes case ${arpproxy_all} in 41999059Sdes [Yy][Ee][Ss]) 420162860Sdes echo -n ' ARP proxyall=YES' 421162860Sdes sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 422162860Sdes ;; 423107553Sdes esac 42499059Sdes 42599059Sdes case ${ip_portrange_first} in 426107553Sdes [Nn][Oo] | '') 42799059Sdes ;; 42899059Sdes *) 429107553Sdes echo -n " ip_portrange_first=$ip_portrange_first" 43099059Sdes sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 43199059Sdes ;; 432107553Sdes esac 43399059Sdes 43499059Sdes case ${ip_portrange_last} in 435107553Sdes [Nn][Oo] | '') 43699319Sdes ;; 43799059Sdes *) 438107553Sdes echo -n " ip_portrange_last=$ip_portrange_last" 43999059Sdes sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 44099059Sdes ;; 441107553Sdes esac 44299059Sdes 44399059Sdes echo '.' 444107553Sdes 44599059Sdes case ${ipsec_enable} in 44699059Sdes [Yy][Ee][Ss]) 447162860Sdes if [ -f ${ipsec_file} ]; then 448162860Sdes echo ' ipsec: enabled' 449162860Sdes setkey -f ${ipsec_file} 450107553Sdes else 45199059Sdes echo ' ipsec: file not found' 45299059Sdes fi 453107553Sdes ;; 45499059Sdes esac 45599059Sdes 456126279Sdes echo -n 'Routing daemons:' 457126279Sdes case ${router_enable} in 458126279Sdes [Yy][Ee][Ss]) 459126279Sdes echo -n " ${router}"; ${router} ${router_flags} 460126279Sdes ;; 461126279Sdes esac 462126279Sdes 463126279Sdes case ${ipxrouted_enable} in 464126279Sdes [Yy][Ee][Ss]) 465126279Sdes echo -n ' IPXrouted' 466126279Sdes IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 467126279Sdes ;; 468124244Sdes esac 469147006Sdes 470124244Sdes case ${mrouted_enable} in 471126279Sdes [Yy][Ee][Ss]) 472126279Sdes echo -n ' mrouted'; mrouted ${mrouted_flags} 473126279Sdes ;; 474157020Sdes esac 475157020Sdes 476157020Sdes case ${rarpd_enable} in 477157020Sdes [Yy][Ee][Ss]) 478157055Sdes echo -n ' rarpd'; rarpd ${rarpd_flags} 479157020Sdes ;; 480157020Sdes esac 481157020Sdes echo '.' 482157020Sdes 483149754Sdes # Let future generations know we made it. 484149754Sdes # 485149754Sdes network_pass1_done=YES 486107553Sdes} 487107553Sdes 488107553Sdesnetwork_pass2() { 489157020Sdes echo -n 'Doing additional network setup:' 490157020Sdes case ${named_enable} in 491157020Sdes [Yy][Ee][Ss]) 492157020Sdes echo -n ' named'; ${named_program:-named} ${named_flags} 493157020Sdes ;; 494157020Sdes esac 495107553Sdes 49699059Sdes case ${ntpdate_enable} in 49799059Sdes [Yy][Ee][Ss]) 498107553Sdes echo -n ' ntpdate' 49999059Sdes ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 50099059Sdes ;; 501107553Sdes esac 50299059Sdes 50399059Sdes case ${xntpd_enable} in 504107553Sdes [Yy][Ee][Ss]) 50599059Sdes echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 50699059Sdes ;; 507157020Sdes esac 508157020Sdes 509157020Sdes case ${timed_enable} in 510107553Sdes [Yy][Ee][Ss]) 511162953Sdes echo -n ' timed'; timed ${timed_flags} 51299059Sdes ;; 513157020Sdes esac 514157020Sdes 515157020Sdes case ${portmap_enable} in 516147006Sdes [Yy][Ee][Ss]) 517147006Sdes echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 518147006Sdes ${portmap_flags} 519107553Sdes 52099059Sdes # Start ypserv if we're an NIS server. 52199059Sdes # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 522147006Sdes # 523147006Sdes case ${nis_server_enable} in 524147006Sdes [Yy][Ee][Ss]) 525107553Sdes echo -n ' ypserv'; ypserv ${nis_server_flags} 526107553Sdes 527107553Sdes case ${nis_ypxfrd_enable} in 528107553Sdes [Yy][Ee][Ss]) 52999059Sdes echo -n ' rpc.ypxfrd' 53099059Sdes rpc.ypxfrd ${nis_ypxfrd_flags} 531107553Sdes ;; 53299059Sdes esac 53399059Sdes 534181111Sdes case ${nis_yppasswdd_enable} in 535149754Sdes [Yy][Ee][Ss]) 536149754Sdes echo -n ' rpc.yppasswdd' 537107553Sdes rpc.yppasswdd ${nis_yppasswdd_flags} 53899059Sdes ;; 53999059Sdes esac 540107553Sdes ;; 54199059Sdes esac 54299059Sdes 543107553Sdes # Start ypbind if we're an NIS client 54499059Sdes # 54599059Sdes case ${nis_client_enable} in 546107553Sdes [Yy][Ee][Ss]) 54799059Sdes echo -n ' ypbind'; ypbind ${nis_client_flags} 54899059Sdes case ${nis_ypset_enable} in 549107553Sdes [Yy][Ee][Ss]) 55099059Sdes echo -n ' ypset'; ypset ${nis_ypset_flags} 55199059Sdes ;; 552107553Sdes esac 553107553Sdes ;; 554107553Sdes esac 555107553Sdes 55699059Sdes # Start keyserv if we are running Secure RPC 55799059Sdes # 558107553Sdes case ${keyserv_enable} in 55999059Sdes [Yy][Ee][Ss]) 56099059Sdes echo -n ' keyserv'; keyserv ${keyserv_flags} 561157020Sdes ;; 562157020Sdes esac 563157020Sdes 564157020Sdes # Start ypupdated if we are running Secure RPC 565157020Sdes # and we are NIS master 566157020Sdes # 567107553Sdes case ${rpc_ypupdated_enable} in 56899059Sdes [Yy][Ee][Ss]) 56999059Sdes echo -n ' rpc.ypupdated'; rpc.ypupdated 570107553Sdes ;; 57199059Sdes esac 57299059Sdes ;; 573107553Sdes esac 57499059Sdes 57599059Sdes # Start ATM daemons 576107553Sdes if [ -n "${atm_pass2_done}" ]; then 57799059Sdes atm_pass3 57899059Sdes fi 579107553Sdes 58099059Sdes echo '.' 58199059Sdes network_pass2_done=YES 582157020Sdes} 583157020Sdes 584157020Sdesnetwork_pass3() { 585157020Sdes echo -n 'Starting final network daemons:' 586157020Sdes 587157020Sdes case ${portmap_enable} in 588107553Sdes [Yy][Ee][Ss]) 58999059Sdes case ${nfs_server_enable} in 59099059Sdes [Yy][Ee][Ss]) 591107553Sdes if [ -r /etc/exports ]; then 59299059Sdes echo -n ' mountd' 59399059Sdes 594157020Sdes case ${weak_mountd_authentication} in 595157020Sdes [Yy][Ee][Ss]) 596157020Sdes mountd_flags="${mountd_flags} -n" 597107553Sdes ;; 59899059Sdes esac 59999059Sdes 600107553Sdes mountd ${mountd_flags} 601162953Sdes 60299059Sdes case ${nfs_reserved_port_only} in 603107553Sdes [Yy][Ee][Ss]) 60499059Sdes echo -n ' NFS on reserved port only=YES' 60599059Sdes sysctl -w vfs.nfs.nfs_privport=1 > /dev/null 606107553Sdes ;; 60799059Sdes esac 60899059Sdes 609157020Sdes echo -n ' nfsd'; nfsd ${nfs_server_flags} 610157020Sdes 611157020Sdes if [ -n "${nfs_bufpackets}" ]; then 612157020Sdes sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 613157020Sdes fi 614157020Sdes 615137019Sdes case ${rpc_lockd_enable} in 616137019Sdes [Yy][Ee][Ss]) 617137019Sdes echo -n ' rpc.lockd'; rpc.lockd 618107553Sdes ;; 61999059Sdes esac 62099059Sdes 621107553Sdes case ${rpc_statd_enable} in 62299059Sdes [Yy][Ee][Ss]) 62399059Sdes echo -n ' rpc.statd'; rpc.statd 624162860Sdes ;; 625162860Sdes esac 62699059Sdes fi 627157020Sdes ;; 628157020Sdes *) 629157020Sdes case ${single_mountd_enable} in 630107553Sdes [Yy][Ee][Ss]) 63199059Sdes if [ -r /etc/exports ]; then 63299059Sdes echo -n ' mountd' 633113912Sdes 634113912Sdes case ${weak_mountd_authentication} in 635113912Sdes [Yy][Ee][Ss]) 636107553Sdes mountd_flags="-n" 63799059Sdes ;; 63899059Sdes esac 639157020Sdes 640157020Sdes mountd ${mountd_flags} 641157020Sdes fi 642157020Sdes ;; 643124244Sdes esac 644124244Sdes ;; 645124244Sdes esac 646107553Sdes 64799059Sdes case ${nfs_client_enable} in 64899059Sdes [Yy][Ee][Ss]) 649157020Sdes echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 650157020Sdes if [ -n "${nfs_access_cache}" ]; then 651157020Sdes echo -n " NFS access cache time=${nfs_access_cache}" 652157020Sdes sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 653157020Sdes fi 654157020Sdes ;; 655107553Sdes esac 65699059Sdes 65799059Sdes # If /var/db/mounttab exists, some nfs-server has not been 658126279Sdes # sucessfully notified about a previous client shutdown. 659126279Sdes # If there is no /var/db/mounttab, we do nothing. 660126279Sdes if [ -f /var/db/mounttab ]; then 661124244Sdes rpc.umntall -k 662124244Sdes fi 663124244Sdes 664107553Sdes case ${amd_enable} in 66599059Sdes [Yy][Ee][Ss]) 66699059Sdes echo -n ' amd' 667157020Sdes case ${amd_map_program} in 668157020Sdes [Nn][Oo] | '') 669157020Sdes ;; 670157020Sdes *) 671157020Sdes amd_flags="${amd_flags} `eval\ 672157020Sdes ${amd_map_program}`" 673181111Sdes ;; 674181111Sdes esac 675181111Sdes 676181111Sdes if [ -n "${amd_flags}" ]; then 677181111Sdes amd -p ${amd_flags}\ 678181111Sdes > /var/run/amd.pid 2> /dev/null 679128462Sdes else 680128462Sdes amd 2> /dev/null 681128462Sdes fi 682157020Sdes ;; 683157020Sdes esac 684157020Sdes ;; 685113912Sdes esac 686113912Sdes 687113912Sdes case ${rwhod_enable} in 688107553Sdes [Yy][Ee][Ss]) 68999059Sdes echo -n ' rwhod'; rwhod ${rwhod_flags} 69099059Sdes ;; 691107553Sdes esac 69299319Sdes 69399059Sdes # Kerberos runs ONLY on the Kerberos server machine 694107553Sdes case ${kerberos_server_enable} in 69599059Sdes [Yy][Ee][Ss]) 69699059Sdes case ${kerberos_stash} in 697157020Sdes [Yy][Ee][Ss]) 698157020Sdes stash_flag=-n 699157020Sdes ;; 700157020Sdes *) 701157020Sdes stash_flag= 702157020Sdes ;; 703157020Sdes esac 704157020Sdes 705157020Sdes echo -n ' kerberos' 706107553Sdes kerberos ${stash_flag} >> /var/log/kerberos.log & 70799059Sdes 70899059Sdes case ${kadmind_server_enable} in 709107553Sdes [Yy][Ee][Ss]) 71099059Sdes echo -n ' kadmind' 71199059Sdes (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 712107553Sdes ;; 71399059Sdes esac 71499059Sdes unset stash_flag 715107553Sdes ;; 71699059Sdes esac 71799059Sdes 718107553Sdes case ${pppoed_enable} in 71999059Sdes [Yy][Ee][Ss]) 72099059Sdes if [ -n "${pppoed_provider}" ]; then 721107553Sdes pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 72299059Sdes fi 72399059Sdes echo -n ' pppoed'; 724157020Sdes /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 725157020Sdes ;; 726157020Sdes esac 727107553Sdes 72899059Sdes case ${sshd_enable} in 72999059Sdes [Yy][Ee][Ss]) 730157020Sdes if [ ! -f /etc/ssh/ssh_host_key ]; then 731157020Sdes echo ' creating ssh RSA host key'; 732157020Sdes /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 733107553Sdes fi 73499059Sdes if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 73599059Sdes echo ' creating ssh DSA host key'; 736107553Sdes /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 73799059Sdes fi 73899059Sdes ;; 739124244Sdes esac 740124244Sdes 741124244Sdes echo '.' 742107553Sdes network_pass3_done=YES 74399059Sdes} 74499059Sdes 745107553Sdesnetwork_pass4() { 74699059Sdes echo -n 'Additional TCP options:' 74799059Sdes case ${log_in_vain} in 748107553Sdes [Nn][Oo] | '') 74999059Sdes ;; 75099059Sdes *) 751107553Sdes echo -n ' log_in_vain=YES' 75299059Sdes sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 75399059Sdes sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 754107553Sdes ;; 75599059Sdes esac 75699059Sdes 757107553Sdes echo '.' 75899059Sdes network_pass4_done=YES 75999059Sdes} 760107553Sdes 76199059Sdesconvert_host_conf() { 76299059Sdes host_conf=$1; shift; 763107553Sdes nsswitch_conf=$1; shift; 76499059Sdes awk ' \ 76599059Sdes /^[:blank:]*#/ { next } \ 766107553Sdes /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 76799059Sdes /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 76899059Sdes /nis/ { nsswitch[c] = "nis"; c++; next } \ 769124244Sdes { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 770124244Sdes END { \ 771124244Sdes printf "hosts: "; \ 772107553Sdes for (i in nsswitch) printf "%s ", nsswitch[i]; \ 77399059Sdes printf "\n"; \ 77499059Sdes }' < $host_conf > $nsswitch_conf 775124244Sdes} 776124244Sdes 777124244Sdes