defaultroute revision 79107
11558Srgrimes#!/bin/sh - 21558Srgrimes# 31558Srgrimes# Copyright (c) 1993 The FreeBSD Project 41558Srgrimes# All rights reserved. 51558Srgrimes# 61558Srgrimes# Redistribution and use in source and binary forms, with or without 71558Srgrimes# modification, are permitted provided that the following conditions 81558Srgrimes# are met: 91558Srgrimes# 1. Redistributions of source code must retain the above copyright 101558Srgrimes# notice, this list of conditions and the following disclaimer. 111558Srgrimes# 2. Redistributions in binary form must reproduce the above copyright 121558Srgrimes# notice, this list of conditions and the following disclaimer in the 131558Srgrimes# documentation and/or other materials provided with the distribution. 141558Srgrimes# 151558Srgrimes# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 161558Srgrimes# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 171558Srgrimes# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 181558Srgrimes# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 191558Srgrimes# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 201558Srgrimes# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 211558Srgrimes# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 221558Srgrimes# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 231558Srgrimes# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 241558Srgrimes# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 251558Srgrimes# SUCH DAMAGE. 261558Srgrimes# 271558Srgrimes# $FreeBSD: head/etc/rc.d/routing 79107 2001-07-02 21:08:48Z brooks $ 281558Srgrimes# From: @(#)netstart 5.9 (Berkeley) 3/30/91 291558Srgrimes# 301558Srgrimes 311558Srgrimes# Note that almost all of the user-configurable behavior is no longer in 321558Srgrimes# this file, but rather in /etc/defaults/rc.conf. Please check that file 331558Srgrimes# first before contemplating any changes here. If you do need to change 341558Srgrimes# this file for some reason, we would like to know about it. 351558Srgrimes 361558Srgrimes# First pass startup stuff. 371558Srgrimes# 3823247Swollmannetwork_pass1() { 391558Srgrimes echo -n 'Doing initial network setup:' 401558Srgrimes 411558Srgrimes # Convert host.conf to nsswitch.conf if necessary 421558Srgrimes if [ -f "/etc/host.conf" ]; then 431558Srgrimes echo '' 4437671Scharnier echo 'Warning: /etc/host.conf is no longer used' 451558Srgrimes if [ -f "/etc/nsswitch.conf" ]; then 4637671Scharnier echo ' /etc/nsswitch.conf will be used instead' 4723247Swollman else 4850476Speter echo ' /etc/nsswitch.conf will be created for you' 491558Srgrimes convert_host_conf /etc/host.conf /etc/nsswitch.conf 501558Srgrimes fi 511558Srgrimes fi 521558Srgrimes 531558Srgrimes # Set the host name if it is not already set 5437671Scharnier # 551558Srgrimes if [ -z "`hostname -s`" ]; then 561558Srgrimes hostname ${hostname} 571558Srgrimes echo -n ' hostname' 581558Srgrimes fi 591558Srgrimes 601558Srgrimes # Establish ipfilter ruleset as early as possible (best in 611558Srgrimes # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 621558Srgrimes # 631558Srgrimes case "${ipfilter_enable}" in 641558Srgrimes [Yy][Ee][Ss]) 651558Srgrimes if [ -r "${ipfilter_rules}" ]; then 661558Srgrimes echo -n ' ipfilter'; 671558Srgrimes ${ipfilter_program:-/sbin/ipf -Fa -f} \ 681558Srgrimes "${ipfilter_rules}" ${ipfilter_flags} 6923247Swollman case "${ipmon_enable}" in 7023247Swollman [Yy][Ee][Ss]) 7123247Swollman echo -n ' ipmon' 7223247Swollman ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 7323247Swollman ;; 7427508Swollman esac 7523247Swollman case "${ipnat_enable}" in 7623247Swollman [Yy][Ee][Ss]) 7723247Swollman if [ -r "${ipnat_rules}" ]; then 7823247Swollman echo -n ' ipnat'; 7923247Swollman eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 8023247Swollman "${ipnat_rules}" ${ipnat_flags} 8123247Swollman else 8223247Swollman echo -n ' NO IPNAT RULES' 8323247Swollman fi 841558Srgrimes ;; 851558Srgrimes esac 8636378Sfenner else 871558Srgrimes ipfilter_enable="NO" 8823247Swollman echo -n ' NO IPF RULES' 891558Srgrimes fi 901558Srgrimes ;; 911558Srgrimes esac 921558Srgrimes 9323247Swollman # Set the domainname if we're using NIS 941558Srgrimes # 9555505Sshin case ${nisdomainname} in 9655505Sshin [Nn][Oo] | '') 9755505Sshin ;; 9855505Sshin *) 9936089Sjb domainname ${nisdomainname} 10036089Sjb echo -n ' domain' 10127533Sbde ;; 10227533Sbde esac 1031558Srgrimes 1041558Srgrimes echo '.' 1051558Srgrimes 1061558Srgrimes # Initial ATM interface configuration 10756342Sbillf # 1081558Srgrimes case ${atm_enable} in 1091558Srgrimes [Yy][Ee][Ss]) 1101558Srgrimes if [ -r /etc/rc.atm ]; then 1111558Srgrimes . /etc/rc.atm 1121558Srgrimes atm_pass1 1131558Srgrimes fi 1141558Srgrimes ;; 1151558Srgrimes esac 1161558Srgrimes 1171558Srgrimes # Special options for sppp(4) interfaces go here. These need 11820540Sfenner # to go _before_ the general ifconfig section, since in the case 11920540Sfenner # of hardwired (no link1 flag) but required authentication, you 12020540Sfenner # cannot pass auth parameters down to the already running interface. 12120540Sfenner # 12220540Sfenner for ifn in ${sppp_interfaces}; do 12320540Sfenner eval spppcontrol_args=\$spppconfig_${ifn} 12420540Sfenner if [ -n "${spppcontrol_args}" ]; then 12520540Sfenner # The auth secrets might contain spaces; in order 12620540Sfenner # to retain the quotation, we need to eval them 12720540Sfenner # here. 12820540Sfenner eval spppcontrol ${ifn} ${spppcontrol_args} 12920540Sfenner fi 13020540Sfenner done 13122417Sdanny 13255505Sshin # gifconfig 13355505Sshin network_gif_setup 13455505Sshin 13555505Sshin # Set up all the network interfaces, calling startup scripts if needed 13655505Sshin # 13774029Sru case ${network_interfaces} in 13877119Sphk [Aa][Uu][Tt][Oo]) 1391558Srgrimes network_interfaces="`ifconfig -l`" 1401558Srgrimes ;; 1411558Srgrimes esac 1421558Srgrimes 1431558Srgrimes dhcp_interfaces="" 1441558Srgrimes for ifn in ${network_interfaces}; do 1451558Srgrimes if [ -r /etc/start_if.${ifn} ]; then 1461558Srgrimes . /etc/start_if.${ifn} 1471558Srgrimes eval showstat_$ifn=1 1481558Srgrimes fi 14979403Smjacob 1501558Srgrimes # Do the primary ifconfig if specified 1511558Srgrimes # 1521558Srgrimes eval ifconfig_args=\$ifconfig_${ifn} 1531558Srgrimes 15477119Sphk case ${ifconfig_args} in 1551558Srgrimes '') 1561558Srgrimes ;; 15742337Simp [Dd][Hh][Cc][Pp]) 1581558Srgrimes # DHCP inits are done all in one go below 15923295Simp dhcp_interfaces="$dhcp_interfaces $ifn" 1601558Srgrimes eval showstat_$ifn=1 1611558Srgrimes ;; 1621558Srgrimes *) 1631558Srgrimes ifconfig ${ifn} ${ifconfig_args} 1641558Srgrimes eval showstat_$ifn=1 1651558Srgrimes ;; 16683940Siedowse esac 16738549Sdillon done 1681558Srgrimes 1691558Srgrimes if [ ! -z "${dhcp_interfaces}" ]; then 1701558Srgrimes ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 1711558Srgrimes fi 1721558Srgrimes 1731558Srgrimes for ifn in ${network_interfaces}; do 17427508Swollman # Check to see if aliases need to be added 1751558Srgrimes # 17627533Sbde alias=0 1773792Ssef while : ; do 17827533Sbde eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 1793792Ssef if [ -n "${ifconfig_args}" ]; then 18023247Swollman ifconfig ${ifn} ${ifconfig_args} alias 18123247Swollman eval showstat_$ifn=1 18223247Swollman alias=`expr ${alias} + 1` 18327533Sbde else 18423247Swollman break; 18523247Swollman fi 18623247Swollman done 18723247Swollman 18836378Sfenner # Do ipx address if specified 18923247Swollman # 19023247Swollman eval ifconfig_args=\$ifconfig_${ifn}_ipx 19127533Sbde if [ -n "${ifconfig_args}" ]; then 19223247Swollman ifconfig ${ifn} ${ifconfig_args} 19337671Scharnier eval showstat_$ifn=1 1941558Srgrimes fi 19523247Swollman done 1961558Srgrimes 1971558Srgrimes for ifn in ${network_interfaces}; do 19823247Swollman eval showstat=\$showstat_${ifn} 1991558Srgrimes if [ ! -z ${showstat} ]; then 20093035Sobrien ifconfig ${ifn} 20193035Sobrien fi 20293035Sobrien done 20393035Sobrien 20493035Sobrien # ISDN subsystem startup 20593035Sobrien # 20636378Sfenner case ${isdn_enable} in 2071558Srgrimes [Yy][Ee][Ss]) 20893035Sobrien if [ -r /etc/rc.isdn ]; then 2091558Srgrimes . /etc/rc.isdn 21093035Sobrien fi 21193035Sobrien ;; 21293035Sobrien esac 21393035Sobrien 21493035Sobrien # Start user ppp if required. This must happen before natd. 21593035Sobrien # 21693035Sobrien case ${ppp_enable} in 21793035Sobrien [Yy][Ee][Ss]) 2181558Srgrimes # Establish ppp mode. 2191558Srgrimes # 2201558Srgrimes if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 22193035Sobrien -a "${ppp_mode}" != "dedicated" \ 22293035Sobrien -a "${ppp_mode}" != "background" ]; then 22393035Sobrien ppp_mode="auto" 22455505Sshin fi 22593035Sobrien 22655505Sshin ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 2271558Srgrimes 22817474Sfenner # Switch on NAT mode? 22917474Sfenner # 23017474Sfenner case ${ppp_nat} in 23117474Sfenner [Yy][Ee][Ss]) 23217474Sfenner ppp_command="${ppp_command} -nat" 23323247Swollman ;; 23423247Swollman esac 23517474Sfenner 23617474Sfenner ppp_command="${ppp_command} ${ppp_profile}" 23723295Simp 23817474Sfenner echo "Starting ppp as \"${ppp_user}\"" 23956342Sbillf su -m ${ppp_user} -c "exec ${ppp_command}" 2403792Ssef ;; 24136089Sjb esac 24274029Sru 24377119Sphk # Initialize IP filtering using ipfw 24474029Sru # 24555505Sshin if /sbin/ipfw -q flush > /dev/null 2>&1; then 24674029Sru firewall_in_kernel=1 24755505Sshin else 24874029Sru firewall_in_kernel=0 24974029Sru fi 25055505Sshin 2511558Srgrimes case ${firewall_enable} in 25277119Sphk [Yy][Ee][Ss]) 25377119Sphk if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 25477119Sphk firewall_in_kernel=1 25522417Sdanny echo 'Kernel firewall module loaded' 25622417Sdanny elif [ "${firewall_in_kernel}" -eq 0 ]; then 25722417Sdanny echo 'Warning: firewall kernel module failed to load' 2581558Srgrimes fi 25923247Swollman ;; 26023247Swollman esac 26123247Swollman 26223247Swollman # Load the filters if required 26323247Swollman # 26423247Swollman case ${firewall_in_kernel} in 2651558Srgrimes 1) 2661558Srgrimes if [ -z "${firewall_script}" ]; then 2671558Srgrimes firewall_script=/etc/rc.firewall 2681558Srgrimes fi 2691558Srgrimes 27038549Sdillon case ${firewall_enable} in 27123247Swollman [Yy][Ee][Ss]) 27223247Swollman if [ -r "${firewall_script}" ]; then 2731558Srgrimes . "${firewall_script}" 2741558Srgrimes echo -n 'Firewall rules loaded, starting divert daemons:' 2751558Srgrimes 2761558Srgrimes # Network Address Translation daemon 2771558Srgrimes # 27838549Sdillon case ${natd_enable} in 27938549Sdillon [Yy][Ee][Ss]) 28038549Sdillon if [ -n "${natd_interface}" ]; then 28138549Sdillon if echo ${natd_interface} | \ 28238549Sdillon grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 28338549Sdillon natd_ifarg="-a ${natd_interface}" 28438549Sdillon else 28538549Sdillon natd_ifarg="-n ${natd_interface}" 28638549Sdillon fi 28738549Sdillon 28838549Sdillon echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 28938549Sdillon fi 29038549Sdillon ;; 29138549Sdillon esac 29238549Sdillon 29338549Sdillon echo '.' 29438549Sdillon 2951558Srgrimes elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 29620540Sfenner echo 'Warning: kernel has firewall functionality,' \ 29723247Swollman 'but firewall rules are not enabled.' 29823247Swollman echo ' All ip services are disabled.' 29923247Swollman fi 30023247Swollman 30120540Sfenner case ${firewall_logging} in 30220540Sfenner [Yy][Ee][Ss] | '') 3031558Srgrimes echo 'Firewall logging=YES' 30423247Swollman sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 30523247Swollman ;; 30623247Swollman *) 30723247Swollman ;; 30846643Smckay esac 30923251Simp 31023251Simp ;; 31123251Simp esac 31223247Swollman ;; 3131558Srgrimes esac 31420540Sfenner 31520540Sfenner # Additional ATM interface configuration 31620540Sfenner # 31720540Sfenner if [ -n "${atm_pass1_done}" ]; then 31874029Sru atm_pass2 31974029Sru fi 32074029Sru 32174029Sru # Configure routing 32274029Sru # 32374029Sru case ${defaultrouter} in 32474029Sru [Nn][Oo] | '') 32574029Sru ;; 3261558Srgrimes *) 3271558Srgrimes static_routes="default ${static_routes}" 3281558Srgrimes route_default="default ${defaultrouter}" 3291558Srgrimes ;; 3301558Srgrimes esac 3311558Srgrimes 3321558Srgrimes # Set up any static routes. This should be done before router discovery. 33317724Sfenner # 33417724Sfenner if [ -n "${static_routes}" ]; then 33517724Sfenner for i in ${static_routes}; do 3361558Srgrimes eval route_args=\$route_${i} 3371558Srgrimes route add ${route_args} 3381558Srgrimes done 3391558Srgrimes fi 3401558Srgrimes 3411558Srgrimes echo -n 'Additional routing options:' 3421558Srgrimes case ${tcp_extensions} in 3431558Srgrimes [Yy][Ee][Ss] | '') 3441558Srgrimes ;; 3451558Srgrimes *) 34638549Sdillon echo -n ' tcp extensions=NO' 34738549Sdillon sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 34838549Sdillon ;; 34938549Sdillon esac 35023247Swollman 35123247Swollman case ${icmp_bmcastecho} in 35223247Swollman [Yy][Ee][Ss]) 35323247Swollman echo -n ' broadcast ping responses=YES' 35423247Swollman sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 35523247Swollman ;; 35623247Swollman esac 35723247Swollman 3581558Srgrimes case ${icmp_drop_redirect} in 35942337Simp [Yy][Ee][Ss]) 36042337Simp echo -n ' ignore ICMP redirect=YES' 36142337Simp sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 36255996Sbillf ;; 36356342Sbillf esac 36456342Sbillf 36555996Sbillf case ${icmp_log_redirect} in 36655996Sbillf [Yy][Ee][Ss]) 36756342Sbillf echo -n ' log ICMP redirect=YES' 36856342Sbillf sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 36956342Sbillf ;; 37056342Sbillf esac 37155996Sbillf 37220540Sfenner case ${gateway_enable} in 37323247Swollman [Yy][Ee][Ss]) 37423247Swollman echo -n ' IP gateway=YES' 37523247Swollman sysctl -w net.inet.ip.forwarding=1 >/dev/null 37623247Swollman ;; 37774029Sru esac 37820540Sfenner 37920540Sfenner case ${forward_sourceroute} in 3801558Srgrimes [Yy][Ee][Ss]) 3811558Srgrimes echo -n ' do source routing=YES' 3821558Srgrimes sysctl -w net.inet.ip.sourceroute=1 >/dev/null 38355505Sshin ;; 38455505Sshin esac 38555505Sshin 38655505Sshin case ${accept_sourceroute} in 38755505Sshin [Yy][Ee][Ss]) 38855505Sshin echo -n ' accept source routing=YES' 38955505Sshin sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 39055505Sshin ;; 39155505Sshin esac 39255505Sshin 39355505Sshin case ${tcp_keepalive} in 39455505Sshin [Yy][Ee][Ss]) 39555505Sshin echo -n ' TCP keepalive=YES' 3961558Srgrimes sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 39737671Scharnier ;; 3981558Srgrimes esac 39923247Swollman 4001558Srgrimes case ${tcp_drop_synfin} in 40123247Swollman [Yy][Ee][Ss]) 40237671Scharnier echo -n ' drop SYN+FIN packets=YES' 40323247Swollman sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 4041558Srgrimes ;; 40542337Simp esac 40642337Simp 40742337Simp case ${ipxgateway_enable} in 40842337Simp [Yy][Ee][Ss]) 40942337Simp echo -n ' IPX gateway=YES' 41042337Simp sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 41142337Simp ;; 41242337Simp esac 41342337Simp 41442337Simp case ${arpproxy_all} in 41542337Simp [Yy][Ee][Ss]) 41642337Simp echo -n ' ARP proxyall=YES' 41742337Simp sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 41842337Simp ;; 41942337Simp esac 42042337Simp 42142337Simp case ${ip_portrange_first} in 42242337Simp [Nn][Oo] | '') 42342337Simp ;; 42442337Simp *) 42542337Simp echo -n " ip_portrange_first=$ip_portrange_first" 42642337Simp sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 42742337Simp ;; 42842337Simp esac 42942337Simp 43079403Smjacob case ${ip_portrange_last} in 43179403Smjacob [Nn][Oo] | '') 4321558Srgrimes ;; 43379403Smjacob *) 43423247Swollman echo -n " ip_portrange_last=$ip_portrange_last" 4351558Srgrimes sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 43623247Swollman ;; 43723247Swollman esac 43823247Swollman 43923247Swollman echo '.' 44023247Swollman 44123247Swollman case ${ipsec_enable} in 44223327Simp [Yy][Ee][Ss]) 44323327Simp if [ -f ${ipsec_file} ]; then 44423247Swollman echo ' ipsec: enabled' 4451558Srgrimes setkey -f ${ipsec_file} 44631956Simp else 4471558Srgrimes echo ' ipsec: file not found' 4481558Srgrimes fi 4491558Srgrimes ;; 45023247Swollman esac 45123247Swollman 4521558Srgrimes echo -n 'Routing daemons:' 45323247Swollman case ${router_enable} in 45423247Swollman [Yy][Ee][Ss]) 45523247Swollman echo -n " ${router}"; ${router} ${router_flags} 45623247Swollman ;; 45723247Swollman esac 45823247Swollman 45923247Swollman case ${ipxrouted_enable} in 46023247Swollman [Yy][Ee][Ss]) 46136089Sjb echo -n ' IPXrouted' 4621558Srgrimes IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 4631558Srgrimes ;; 46423247Swollman esac 46523247Swollman 46623247Swollman case ${mrouted_enable} in 4671558Srgrimes [Yy][Ee][Ss]) 46836089Sjb echo -n ' mrouted'; mrouted ${mrouted_flags} 4691558Srgrimes ;; 4701558Srgrimes esac 4711558Srgrimes 4721558Srgrimes case ${rarpd_enable} in 47317474Sfenner [Yy][Ee][Ss]) 47417474Sfenner echo -n ' rarpd'; rarpd ${rarpd_flags} 47523247Swollman ;; 4761558Srgrimes esac 4771558Srgrimes echo '.' 4781558Srgrimes 4791558Srgrimes # Let future generations know we made it. 4801558Srgrimes # 4811558Srgrimes network_pass1_done=YES 4821558Srgrimes} 4831558Srgrimes 48455505Sshinnetwork_pass2() { 48555505Sshin echo -n 'Doing additional network setup:' 48655505Sshin case ${named_enable} in 48755505Sshin [Yy][Ee][Ss]) 48855505Sshin echo -n ' named'; ${named_program:-named} ${named_flags} 48955505Sshin ;; 49055505Sshin esac 49168905Skris 49255505Sshin case ${ntpdate_enable} in 49355505Sshin [Yy][Ee][Ss]) 49455505Sshin echo -n ' ntpdate' 49555505Sshin ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 49655505Sshin ;; 4971558Srgrimes esac 49855505Sshin 49955505Sshin case ${xntpd_enable} in 50055505Sshin [Yy][Ee][Ss]) 50168905Skris echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 50255505Sshin ;; 50355505Sshin esac 50455505Sshin 50555505Sshin case ${timed_enable} in 50655505Sshin [Yy][Ee][Ss]) 50755505Sshin echo -n ' timed'; timed ${timed_flags} 50855505Sshin ;; 50955505Sshin esac 51055505Sshin 5111558Srgrimes case ${portmap_enable} in 5121558Srgrimes [Yy][Ee][Ss]) 5131558Srgrimes echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 51436378Sfenner ${portmap_flags} 5151558Srgrimes 51636378Sfenner # Start ypserv if we're an NIS server. 5171558Srgrimes # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 51836378Sfenner # 5191558Srgrimes case ${nis_server_enable} in 52023247Swollman [Yy][Ee][Ss]) 52123247Swollman echo -n ' ypserv'; ypserv ${nis_server_flags} 5221558Srgrimes 52323247Swollman case ${nis_ypxfrd_enable} in 52423247Swollman [Yy][Ee][Ss]) 5251558Srgrimes echo -n ' rpc.ypxfrd' 5261558Srgrimes rpc.ypxfrd ${nis_ypxfrd_flags} 5271558Srgrimes ;; 52874029Sru esac 52974029Sru 53074029Sru case ${nis_yppasswdd_enable} in 53174029Sru [Yy][Ee][Ss]) 53274029Sru echo -n ' rpc.yppasswdd' 53374029Sru rpc.yppasswdd ${nis_yppasswdd_flags} 53420540Sfenner ;; 53520540Sfenner esac 53620540Sfenner ;; 53723247Swollman esac 53820540Sfenner 53920540Sfenner # Start ypbind if we're an NIS client 54020540Sfenner # 54174029Sru case ${nis_client_enable} in 54274029Sru [Yy][Ee][Ss]) 54323247Swollman echo -n ' ypbind'; ypbind ${nis_client_flags} 54420540Sfenner case ${nis_ypset_enable} in 54520540Sfenner [Yy][Ee][Ss]) 54620540Sfenner echo -n ' ypset'; ypset ${nis_ypset_flags} 54720540Sfenner ;; 54820540Sfenner esac 54923247Swollman ;; 55020540Sfenner esac 55120540Sfenner 55236378Sfenner # Start keyserv if we are running Secure RPC 55336378Sfenner # 55436378Sfenner case ${keyserv_enable} in 55536378Sfenner [Yy][Ee][Ss]) 55636378Sfenner echo -n ' keyserv'; keyserv ${keyserv_flags} 55736378Sfenner ;; 55820540Sfenner esac 5591558Srgrimes 5601558Srgrimes # Start ypupdated if we are running Secure RPC 5611558Srgrimes # and we are NIS master 5621558Srgrimes # 56323247Swollman case ${rpc_ypupdated_enable} in 56423247Swollman [Yy][Ee][Ss]) 5651558Srgrimes echo -n ' rpc.ypupdated'; rpc.ypupdated 5661558Srgrimes ;; 5671558Srgrimes esac 5681558Srgrimes ;; 5691558Srgrimes esac 57079018Srwatson 57179018Srwatson # Start ATM daemons 57279018Srwatson if [ -n "${atm_pass2_done}" ]; then 57379018Srwatson atm_pass3 57479018Srwatson fi 57542337Simp 57642337Simp echo '.' 57742337Simp network_pass2_done=YES 57842337Simp} 57942337Simp 58042337Simpnetwork_pass3() { 58142337Simp echo -n 'Starting final network daemons:' 5821558Srgrimes 5831558Srgrimes case ${portmap_enable} in 58420280Sbde [Yy][Ee][Ss]) 58527354Ssef case ${nfs_server_enable} in 58627354Ssef [Yy][Ee][Ss]) 58720280Sbde if [ -r /etc/exports ]; then 58827354Ssef echo -n ' mountd' 58920205Spst 59020195Ssef case ${weak_mountd_authentication} in 59127354Ssef [Yy][Ee][Ss]) 59227354Ssef mountd_flags="${mountd_flags} -n" 59327354Ssef ;; 59427354Ssef esac 59527354Ssef 59627354Ssef mountd ${mountd_flags} 59727354Ssef 59820195Ssef case ${nfs_reserved_port_only} in 59923385Simp [Yy][Ee][Ss]) 60020195Ssef echo -n ' NFS on reserved port only=YES' 60120195Ssef sysctl -w vfs.nfs.nfs_privport=1 > /dev/null 60256342Sbillf ;; 60356342Sbillf esac 60456342Sbillf 60556342Sbillf echo -n ' nfsd'; nfsd ${nfs_server_flags} 60656342Sbillf 60756342Sbillf if [ -n "${nfs_bufpackets}" ]; then 60836378Sfenner sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 60936378Sfenner fi 61036378Sfenner 61136378Sfenner case ${rpc_lockd_enable} in 61236378Sfenner [Yy][Ee][Ss]) 61336378Sfenner echo -n ' rpc.lockd'; rpc.lockd 61436378Sfenner ;; 61536378Sfenner esac 61636378Sfenner 61736378Sfenner case ${rpc_statd_enable} in 61819864Ssef [Yy][Ee][Ss]) 61919864Ssef echo -n ' rpc.statd'; rpc.statd 62019864Ssef ;; 62119864Ssef esac 62219864Ssef fi 62319864Ssef ;; 62489349Sru *) 62589349Sru case ${single_mountd_enable} in 62689349Sru [Yy][Ee][Ss]) 62789349Sru if [ -r /etc/exports ]; then 62889349Sru echo -n ' mountd' 62989349Sru 63089349Sru case ${weak_mountd_authentication} in 63189349Sru [Yy][Ee][Ss]) 63289349Sru mountd_flags="-n" 6331558Srgrimes ;; 63436378Sfenner esac 63536378Sfenner 63636378Sfenner mountd ${mountd_flags} 63736378Sfenner fi 63838549Sdillon ;; 63938549Sdillon esac 64036378Sfenner ;; 6411558Srgrimes esac 64227533Sbde 64392806Sobrien case ${nfs_client_enable} in 64436378Sfenner [Yy][Ee][Ss]) 64536378Sfenner echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 64636378Sfenner if [ -n "${nfs_access_cache}" ]; then 6471558Srgrimes echo -n " NFS access cache time=${nfs_access_cache}" 64820280Sbde sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 64936378Sfenner fi 65036378Sfenner ;; 65136378Sfenner esac 65236378Sfenner 65336378Sfenner # If /var/db/mounttab exists, some nfs-server has not been 65436378Sfenner # sucessfully notified about a previous client shutdown. 65536378Sfenner # If there is no /var/db/mounttab, we do nothing. 65636378Sfenner if [ -f /var/db/mounttab ]; then 6571558Srgrimes rpc.umntall -k 65837671Scharnier fi 65936378Sfenner 66036378Sfenner case ${amd_enable} in 66136378Sfenner [Yy][Ee][Ss]) 66236378Sfenner echo -n ' amd' 66336378Sfenner case ${amd_map_program} in 66436378Sfenner [Nn][Oo] | '') 66546643Smckay ;; 66646643Smckay *) 66736378Sfenner amd_flags="${amd_flags} `eval\ 66836378Sfenner ${amd_map_program}`" 66936378Sfenner ;; 67036378Sfenner esac 67136378Sfenner 67236378Sfenner if [ -n "${amd_flags}" ]; then 67336378Sfenner amd -p ${amd_flags}\ 67436378Sfenner > /var/run/amd.pid 2> /dev/null 67536378Sfenner else 67636378Sfenner amd 2> /dev/null 67736378Sfenner fi 67837671Scharnier ;; 6791558Srgrimes esac 68036378Sfenner ;; 68136378Sfenner esac 68236378Sfenner 68336378Sfenner case ${rwhod_enable} in 68458068Sshin [Yy][Ee][Ss]) 68536713Sjb echo -n ' rwhod'; rwhod ${rwhod_flags} 68636713Sjb ;; 68736713Sjb esac 68836713Sjb 68936378Sfenner # Kerberos runs ONLY on the Kerberos server machine 69036378Sfenner case ${kerberos_server_enable} in 69136378Sfenner [Yy][Ee][Ss]) 69236378Sfenner case ${kerberos_stash} in 69336378Sfenner [Yy][Ee][Ss]) 69436378Sfenner stash_flag=-n 69536378Sfenner ;; 69636378Sfenner *) 6971558Srgrimes stash_flag= 69846643Smckay ;; 69936378Sfenner esac 70036378Sfenner 70136378Sfenner echo -n ' kerberos' 70236378Sfenner kerberos ${stash_flag} >> /var/log/kerberos.log & 70336378Sfenner 70436378Sfenner case ${kadmind_server_enable} in 70546643Smckay [Yy][Ee][Ss]) 70636378Sfenner echo -n ' kadmind' 70736378Sfenner (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 70836378Sfenner ;; 70936378Sfenner esac 71036378Sfenner unset stash_flag 71136378Sfenner ;; 71236378Sfenner esac 71336378Sfenner 71477119Sphk case ${pppoed_enable} in 71583940Siedowse [Yy][Ee][Ss]) 71683940Siedowse if [ -n "${pppoed_provider}" ]; then 71783940Siedowse pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 71883940Siedowse fi 71983940Siedowse echo -n ' pppoed'; 72036378Sfenner /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 7211558Srgrimes ;; 72227533Sbde esac 7231558Srgrimes 72423251Simp case ${sshd_enable} in 7251558Srgrimes [Yy][Ee][Ss]) 7261558Srgrimes if [ ! -f /etc/ssh/ssh_host_key ]; then 7271558Srgrimes echo ' creating ssh RSA host key'; 72827533Sbde /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 72927533Sbde fi 73027533Sbde if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 73127533Sbde echo ' creating ssh DSA host key'; 73227299Sjulian /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 73327299Sjulian fi 73427533Sbde ;; 73527533Sbde esac 73627299Sjulian 73793035Sobrien echo '.' 73827299Sjulian network_pass3_done=YES 73927299Sjulian} 74027299Sjulian 74127299Sjuliannetwork_pass4() { 7421558Srgrimes echo -n 'Additional TCP options:' 7431558Srgrimes case ${log_in_vain} in 7441558Srgrimes [Nn][Oo] | '') 7451558Srgrimes ;; 74617724Sfenner *) 7471558Srgrimes echo -n ' log_in_vain=YES' 7481558Srgrimes sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 74923247Swollman sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 75023247Swollman ;; 7511558Srgrimes esac 75292806Sobrien 75393035Sobrien echo '.' 7541558Srgrimes network_pass4_done=YES 7551558Srgrimes} 7561558Srgrimes 7571558Srgrimesnetwork_gif_setup() { 7581558Srgrimes case ${gif_interfaces} in 75991432Sfenner [Nn][Oo] | '') 7601558Srgrimes ;; 7611558Srgrimes *) 76291432Sfenner for i in ${gif_interfaces}; do 7631558Srgrimes eval peers=\$gifconfig_$i 7641558Srgrimes case ${peers} in 7651558Srgrimes '') 7661558Srgrimes continue 7671558Srgrimes ;; 76836089Sjb *) 7691558Srgrimes ifconfig $i create tunnel ${peers} 7701558Srgrimes ;; 7711558Srgrimes esac 7721558Srgrimes done 77379403Smjacob ;; 77479403Smjacob esac 7751558Srgrimes} 7761558Srgrimes 77723247Swollmanconvert_host_conf() { 77827533Sbde host_conf=$1; shift; 77927299Sjulian nsswitch_conf=$1; shift; 78027299Sjulian awk ' \ 78127299Sjulian /^[:blank:]*#/ { next } \ 78223247Swollman /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 78323247Swollman /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 78423247Swollman /nis/ { nsswitch[c] = "nis"; c++; next } \ 78535216Sphk { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 78623247Swollman END { \ 78727945Sjulian printf "hosts: "; \ 78827945Sjulian for (i in nsswitch) printf "%s ", nsswitch[i]; \ 7891558Srgrimes printf "\n"; \ 7901558Srgrimes }' < $host_conf > $nsswitch_conf 7911558Srgrimes} 7921558Srgrimes 7931558Srgrimes