defaultroute revision 83677
133965Sjdp#!/bin/sh - 260484Sobrien# 333965Sjdp# Copyright (c) 1993 The FreeBSD Project 433965Sjdp# All rights reserved. 533965Sjdp# 633965Sjdp# Redistribution and use in source and binary forms, with or without 733965Sjdp# modification, are permitted provided that the following conditions 833965Sjdp# are met: 933965Sjdp# 1. Redistributions of source code must retain the above copyright 1033965Sjdp# notice, this list of conditions and the following disclaimer. 1133965Sjdp# 2. Redistributions in binary form must reproduce the above copyright 1233965Sjdp# notice, this list of conditions and the following disclaimer in the 1333965Sjdp# documentation and/or other materials provided with the distribution. 1433965Sjdp# 1533965Sjdp# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1633965Sjdp# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1733965Sjdp# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1833965Sjdp# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1933965Sjdp# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2033965Sjdp# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2133965Sjdp# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2233965Sjdp# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2333965Sjdp# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2433965Sjdp# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2533965Sjdp# SUCH DAMAGE. 2633965Sjdp# 2733965Sjdp# $FreeBSD: head/etc/rc.d/routing 83677 2001-09-19 21:27:27Z brooks $ 2833965Sjdp# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2933965Sjdp# 3033965Sjdp 3133965Sjdp# Note that almost all of the user-configurable behavior is no longer in 3233965Sjdp# this file, but rather in /etc/defaults/rc.conf. Please check that file 3333965Sjdp# first before contemplating any changes here. If you do need to change 3433965Sjdp# this file for some reason, we would like to know about it. 3560484Sobrien 3660484Sobrien# First pass startup stuff. 3733965Sjdp# 3833965Sjdpnetwork_pass1() { 3933965Sjdp echo -n 'Doing initial network setup:' 4033965Sjdp 4133965Sjdp # Convert host.conf to nsswitch.conf if necessary 4233965Sjdp if [ -f "/etc/host.conf" ]; then 4333965Sjdp echo '' 4433965Sjdp echo 'Warning: /etc/host.conf is no longer used' 4533965Sjdp if [ -f "/etc/nsswitch.conf" ]; then 4633965Sjdp echo ' /etc/nsswitch.conf will be used instead' 4733965Sjdp else 4833965Sjdp echo ' /etc/nsswitch.conf will be created for you' 4933965Sjdp convert_host_conf /etc/host.conf /etc/nsswitch.conf 5033965Sjdp fi 5133965Sjdp fi 5233965Sjdp 5333965Sjdp # Set the host name if it is not already set 5433965Sjdp # 5533965Sjdp if [ -z "`hostname -s`" ]; then 5633965Sjdp hostname ${hostname} 5733965Sjdp echo -n ' hostname' 5833965Sjdp fi 5933965Sjdp 6033965Sjdp # Establish ipfilter ruleset as early as possible (best in 6133965Sjdp # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6233965Sjdp # 6333965Sjdp if /sbin/ipfstat -i > /dev/null 2>&1; then 6433965Sjdp ipfilter_in_kernel=1 6533965Sjdp else 6633965Sjdp ipfilter_in_kernel=0 6733965Sjdp fi 6833965Sjdp 6933965Sjdp case "${ipfilter_enable}" in 7033965Sjdp [Yy][Ee][Ss]) 7133965Sjdp if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 7233965Sjdp ipfilter_in_kernel=1 7333965Sjdp echo "Kernel ipfilter module loaded." 7433965Sjdp elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 7533965Sjdp echo "Warning: ipfilter kernel module failed to load." 7633965Sjdp fi 7733965Sjdp 7833965Sjdp if [ -r "${ipfilter_rules}" ]; then 7933965Sjdp echo -n ' ipfilter'; 8033965Sjdp ${ipfilter_program:-/sbin/ipf -Fa -f} \ 8133965Sjdp "${ipfilter_rules}" ${ipfilter_flags} 8233965Sjdp case "${ipmon_enable}" in 8333965Sjdp [Yy][Ee][Ss]) 8433965Sjdp echo -n ' ipmon' 8533965Sjdp ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 8633965Sjdp ;; 8733965Sjdp esac 8833965Sjdp case "${ipnat_enable}" in 8933965Sjdp [Yy][Ee][Ss]) 9033965Sjdp if [ -r "${ipnat_rules}" ]; then 9133965Sjdp echo -n ' ipnat'; 9233965Sjdp eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 9333965Sjdp "${ipnat_rules}" ${ipnat_flags} 9433965Sjdp else 9533965Sjdp echo -n ' NO IPNAT RULES' 9633965Sjdp fi 9733965Sjdp ;; 9833965Sjdp esac 9933965Sjdp else 10033965Sjdp ipfilter_enable="NO" 10133965Sjdp echo -n ' NO IPF RULES' 10233965Sjdp fi 10333965Sjdp ;; 10433965Sjdp esac 10533965Sjdp 10633965Sjdp # Set the domainname if we're using NIS 10733965Sjdp # 10833965Sjdp case ${nisdomainname} in 10933965Sjdp [Nn][Oo] | '') 11033965Sjdp ;; 11133965Sjdp *) 11233965Sjdp domainname ${nisdomainname} 11333965Sjdp echo -n ' domain' 11433965Sjdp ;; 11533965Sjdp esac 11633965Sjdp 11733965Sjdp echo '.' 11833965Sjdp 11933965Sjdp # Initial ATM interface configuration 12033965Sjdp # 12133965Sjdp case ${atm_enable} in 12233965Sjdp [Yy][Ee][Ss]) 12333965Sjdp if [ -r /etc/rc.atm ]; then 12433965Sjdp . /etc/rc.atm 12533965Sjdp atm_pass1 12633965Sjdp fi 12733965Sjdp ;; 12833965Sjdp esac 12933965Sjdp 13033965Sjdp # Attempt to create cloned interfaces. 13133965Sjdp for ifn in ${cloned_interfaces}; do 13233965Sjdp ifconfig ${ifn} create 13333965Sjdp done 13433965Sjdp 13533965Sjdp # Special options for sppp(4) interfaces go here. These need 13633965Sjdp # to go _before_ the general ifconfig section, since in the case 13733965Sjdp # of hardwired (no link1 flag) but required authentication, you 13833965Sjdp # cannot pass auth parameters down to the already running interface. 13933965Sjdp # 14033965Sjdp for ifn in ${sppp_interfaces}; do 14133965Sjdp eval spppcontrol_args=\$spppconfig_${ifn} 14233965Sjdp if [ -n "${spppcontrol_args}" ]; then 14333965Sjdp # The auth secrets might contain spaces; in order 14433965Sjdp # to retain the quotation, we need to eval them 14533965Sjdp # here. 14633965Sjdp eval spppcontrol ${ifn} ${spppcontrol_args} 14733965Sjdp fi 14833965Sjdp done 14933965Sjdp 15033965Sjdp # gifconfig 15133965Sjdp network_gif_setup 15233965Sjdp 15333965Sjdp # Set up all the network interfaces, calling startup scripts if needed 15433965Sjdp # 15533965Sjdp case ${network_interfaces} in 15633965Sjdp [Aa][Uu][Tt][Oo]) 15733965Sjdp network_interfaces="`ifconfig -l`" 15833965Sjdp ;; 15933965Sjdp *) 16033965Sjdp network_interfaces="${network_interfaces} ${cloned_interfaces}" 16133965Sjdp ;; 16233965Sjdp esac 16333965Sjdp 16433965Sjdp dhcp_interfaces="" 16533965Sjdp for ifn in ${network_interfaces}; do 16633965Sjdp if [ -r /etc/start_if.${ifn} ]; then 16760484Sobrien . /etc/start_if.${ifn} 16833965Sjdp eval showstat_$ifn=1 16933965Sjdp fi 17033965Sjdp 17133965Sjdp # Do the primary ifconfig if specified 17233965Sjdp # 17333965Sjdp eval ifconfig_args=\$ifconfig_${ifn} 17433965Sjdp 17533965Sjdp case ${ifconfig_args} in 17633965Sjdp '') 17733965Sjdp ;; 17833965Sjdp [Dd][Hh][Cc][Pp]) 17933965Sjdp # DHCP inits are done all in one go below 18033965Sjdp dhcp_interfaces="$dhcp_interfaces $ifn" 18133965Sjdp eval showstat_$ifn=1 18233965Sjdp ;; 18333965Sjdp *) 18433965Sjdp ifconfig ${ifn} ${ifconfig_args} 18533965Sjdp eval showstat_$ifn=1 18633965Sjdp ;; 18733965Sjdp esac 18833965Sjdp done 18933965Sjdp 19033965Sjdp if [ ! -z "${dhcp_interfaces}" ]; then 19133965Sjdp ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 19233965Sjdp fi 19333965Sjdp 19433965Sjdp for ifn in ${network_interfaces}; do 19533965Sjdp # Check to see if aliases need to be added 19633965Sjdp # 19733965Sjdp alias=0 19833965Sjdp while : ; do 19933965Sjdp eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 20033965Sjdp if [ -n "${ifconfig_args}" ]; then 20133965Sjdp ifconfig ${ifn} ${ifconfig_args} alias 20233965Sjdp eval showstat_$ifn=1 20333965Sjdp alias=`expr ${alias} + 1` 20433965Sjdp else 20533965Sjdp break; 20633965Sjdp fi 20733965Sjdp done 20833965Sjdp 20933965Sjdp # Do ipx address if specified 21033965Sjdp # 21133965Sjdp eval ifconfig_args=\$ifconfig_${ifn}_ipx 21233965Sjdp if [ -n "${ifconfig_args}" ]; then 21333965Sjdp ifconfig ${ifn} ${ifconfig_args} 21433965Sjdp eval showstat_$ifn=1 21533965Sjdp fi 21633965Sjdp done 21733965Sjdp 21833965Sjdp for ifn in ${network_interfaces}; do 21933965Sjdp eval showstat=\$showstat_${ifn} 22033965Sjdp if [ ! -z ${showstat} ]; then 22133965Sjdp ifconfig ${ifn} 22233965Sjdp fi 22333965Sjdp done 22433965Sjdp 22533965Sjdp # ISDN subsystem startup 22633965Sjdp # 22733965Sjdp case ${isdn_enable} in 22833965Sjdp [Yy][Ee][Ss]) 22933965Sjdp if [ -r /etc/rc.isdn ]; then 23033965Sjdp . /etc/rc.isdn 23133965Sjdp fi 23233965Sjdp ;; 23333965Sjdp esac 23433965Sjdp 23533965Sjdp # Start user ppp if required. This must happen before natd. 23633965Sjdp # 23733965Sjdp case ${ppp_enable} in 23833965Sjdp [Yy][Ee][Ss]) 23933965Sjdp # Establish ppp mode. 24033965Sjdp # 24133965Sjdp if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 24233965Sjdp -a "${ppp_mode}" != "dedicated" \ 24333965Sjdp -a "${ppp_mode}" != "background" ]; then 24433965Sjdp ppp_mode="auto" 24533965Sjdp fi 24633965Sjdp 24733965Sjdp ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 24833965Sjdp 24933965Sjdp # Switch on NAT mode? 25033965Sjdp # 25133965Sjdp case ${ppp_nat} in 25233965Sjdp [Yy][Ee][Ss]) 25333965Sjdp ppp_command="${ppp_command} -nat" 25433965Sjdp ;; 25533965Sjdp esac 25633965Sjdp 25733965Sjdp ppp_command="${ppp_command} ${ppp_profile}" 25833965Sjdp 25933965Sjdp echo "Starting ppp as \"${ppp_user}\"" 26033965Sjdp su -m ${ppp_user} -c "exec ${ppp_command}" 26133965Sjdp ;; 26233965Sjdp esac 26333965Sjdp 26433965Sjdp # Initialize IP filtering using ipfw 26533965Sjdp # 26633965Sjdp if /sbin/ipfw -q flush > /dev/null 2>&1; then 26733965Sjdp firewall_in_kernel=1 26833965Sjdp else 26933965Sjdp firewall_in_kernel=0 27033965Sjdp fi 27133965Sjdp 27233965Sjdp case ${firewall_enable} in 27333965Sjdp [Yy][Ee][Ss]) 27433965Sjdp if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 27533965Sjdp firewall_in_kernel=1 27633965Sjdp echo 'Kernel firewall module loaded' 27733965Sjdp elif [ "${firewall_in_kernel}" -eq 0 ]; then 27833965Sjdp echo 'Warning: firewall kernel module failed to load' 27933965Sjdp fi 28033965Sjdp ;; 28133965Sjdp esac 28233965Sjdp 28333965Sjdp # Load the filters if required 28433965Sjdp # 28533965Sjdp case ${firewall_in_kernel} in 28633965Sjdp 1) 28733965Sjdp if [ -z "${firewall_script}" ]; then 28833965Sjdp firewall_script=/etc/rc.firewall 28933965Sjdp fi 29033965Sjdp 29133965Sjdp case ${firewall_enable} in 29233965Sjdp [Yy][Ee][Ss]) 29333965Sjdp if [ -r "${firewall_script}" ]; then 29433965Sjdp . "${firewall_script}" 29533965Sjdp echo -n 'Firewall rules loaded, starting divert daemons:' 29633965Sjdp 29760484Sobrien # Network Address Translation daemon 29833965Sjdp # 29933965Sjdp case ${natd_enable} in 30033965Sjdp [Yy][Ee][Ss]) 30133965Sjdp if [ -n "${natd_interface}" ]; then 30233965Sjdp if echo ${natd_interface} | \ 30333965Sjdp grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 30433965Sjdp natd_ifarg="-a ${natd_interface}" 30533965Sjdp else 30633965Sjdp natd_ifarg="-n ${natd_interface}" 30733965Sjdp fi 30833965Sjdp 30933965Sjdp echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 31033965Sjdp fi 31133965Sjdp ;; 31233965Sjdp esac 31333965Sjdp 31433965Sjdp echo '.' 31533965Sjdp 31633965Sjdp elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 31733965Sjdp echo 'Warning: kernel has firewall functionality,' \ 31833965Sjdp 'but firewall rules are not enabled.' 31933965Sjdp echo ' All ip services are disabled.' 32033965Sjdp fi 32133965Sjdp 32233965Sjdp case ${firewall_logging} in 32333965Sjdp [Yy][Ee][Ss] | '') 32433965Sjdp echo 'Firewall logging=YES' 32533965Sjdp sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 32633965Sjdp ;; 32733965Sjdp *) 32833965Sjdp ;; 32933965Sjdp esac 33033965Sjdp 33133965Sjdp ;; 33233965Sjdp esac 33333965Sjdp ;; 33433965Sjdp esac 33533965Sjdp 33633965Sjdp # Additional ATM interface configuration 33733965Sjdp # 33833965Sjdp if [ -n "${atm_pass1_done}" ]; then 33933965Sjdp atm_pass2 34033965Sjdp fi 34133965Sjdp 34233965Sjdp # Configure routing 34333965Sjdp # 34433965Sjdp case ${defaultrouter} in 34533965Sjdp [Nn][Oo] | '') 34633965Sjdp ;; 34733965Sjdp *) 34833965Sjdp static_routes="default ${static_routes}" 34933965Sjdp route_default="default ${defaultrouter}" 35033965Sjdp ;; 35133965Sjdp esac 35233965Sjdp 35333965Sjdp # Set up any static routes. This should be done before router discovery. 35433965Sjdp # 35533965Sjdp if [ -n "${static_routes}" ]; then 35633965Sjdp for i in ${static_routes}; do 35733965Sjdp eval route_args=\$route_${i} 35833965Sjdp route add ${route_args} 35933965Sjdp done 36033965Sjdp fi 36133965Sjdp 36233965Sjdp echo -n 'Additional routing options:' 36333965Sjdp case ${tcp_extensions} in 36433965Sjdp [Yy][Ee][Ss] | '') 36533965Sjdp ;; 36633965Sjdp *) 36733965Sjdp echo -n ' tcp extensions=NO' 36833965Sjdp sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 36933965Sjdp ;; 37033965Sjdp esac 37133965Sjdp 37233965Sjdp case ${icmp_bmcastecho} in 37333965Sjdp [Yy][Ee][Ss]) 37433965Sjdp echo -n ' broadcast ping responses=YES' 37533965Sjdp sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 37633965Sjdp ;; 37733965Sjdp esac 37833965Sjdp 37933965Sjdp case ${icmp_drop_redirect} in 38033965Sjdp [Yy][Ee][Ss]) 38133965Sjdp echo -n ' ignore ICMP redirect=YES' 38233965Sjdp sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 38333965Sjdp ;; 38433965Sjdp esac 38533965Sjdp 38633965Sjdp case ${icmp_log_redirect} in 38733965Sjdp [Yy][Ee][Ss]) 38833965Sjdp echo -n ' log ICMP redirect=YES' 38933965Sjdp sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 39033965Sjdp ;; 39133965Sjdp esac 39233965Sjdp 39333965Sjdp case ${gateway_enable} in 39433965Sjdp [Yy][Ee][Ss]) 39533965Sjdp echo -n ' IP gateway=YES' 39633965Sjdp sysctl -w net.inet.ip.forwarding=1 >/dev/null 39733965Sjdp ;; 39833965Sjdp esac 39933965Sjdp 40033965Sjdp case ${forward_sourceroute} in 40133965Sjdp [Yy][Ee][Ss]) 40233965Sjdp echo -n ' do source routing=YES' 40333965Sjdp sysctl -w net.inet.ip.sourceroute=1 >/dev/null 40433965Sjdp ;; 40533965Sjdp esac 40633965Sjdp 40733965Sjdp case ${accept_sourceroute} in 40833965Sjdp [Yy][Ee][Ss]) 40933965Sjdp echo -n ' accept source routing=YES' 41033965Sjdp sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 41133965Sjdp ;; 41233965Sjdp esac 41333965Sjdp 41433965Sjdp case ${tcp_keepalive} in 41533965Sjdp [Yy][Ee][Ss]) 41633965Sjdp echo -n ' TCP keepalive=YES' 41733965Sjdp sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 41833965Sjdp ;; 41933965Sjdp esac 42033965Sjdp 42133965Sjdp case ${tcp_drop_synfin} in 42233965Sjdp [Yy][Ee][Ss]) 42333965Sjdp echo -n ' drop SYN+FIN packets=YES' 42433965Sjdp sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 42533965Sjdp ;; 42633965Sjdp esac 42733965Sjdp 42833965Sjdp case ${ipxgateway_enable} in 42933965Sjdp [Yy][Ee][Ss]) 43033965Sjdp echo -n ' IPX gateway=YES' 43133965Sjdp sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 43233965Sjdp ;; 43333965Sjdp esac 43433965Sjdp 43533965Sjdp case ${arpproxy_all} in 43633965Sjdp [Yy][Ee][Ss]) 43733965Sjdp echo -n ' ARP proxyall=YES' 43833965Sjdp sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 43933965Sjdp ;; 44033965Sjdp esac 44133965Sjdp 44233965Sjdp case ${ip_portrange_first} in 44333965Sjdp [Nn][Oo] | '') 44433965Sjdp ;; 44533965Sjdp *) 44633965Sjdp echo -n " ip_portrange_first=$ip_portrange_first" 44733965Sjdp sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 44833965Sjdp ;; 44933965Sjdp esac 45033965Sjdp 45133965Sjdp case ${ip_portrange_last} in 45233965Sjdp [Nn][Oo] | '') 45333965Sjdp ;; 45433965Sjdp *) 45533965Sjdp echo -n " ip_portrange_last=$ip_portrange_last" 45633965Sjdp sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 45733965Sjdp ;; 45833965Sjdp esac 45933965Sjdp 46033965Sjdp echo '.' 46133965Sjdp 46233965Sjdp case ${ipsec_enable} in 46333965Sjdp [Yy][Ee][Ss]) 46433965Sjdp if [ -f ${ipsec_file} ]; then 46533965Sjdp echo ' ipsec: enabled' 46633965Sjdp setkey -f ${ipsec_file} 46733965Sjdp else 46833965Sjdp echo ' ipsec: file not found' 46933965Sjdp fi 47033965Sjdp ;; 47133965Sjdp esac 47233965Sjdp 47333965Sjdp echo -n 'Routing daemons:' 47433965Sjdp case ${router_enable} in 47533965Sjdp [Yy][Ee][Ss]) 47633965Sjdp echo -n " ${router}"; ${router} ${router_flags} 47733965Sjdp ;; 47833965Sjdp esac 47933965Sjdp 48033965Sjdp case ${ipxrouted_enable} in 48133965Sjdp [Yy][Ee][Ss]) 48233965Sjdp echo -n ' IPXrouted' 48333965Sjdp IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 48433965Sjdp ;; 48533965Sjdp esac 48633965Sjdp 48733965Sjdp case ${mrouted_enable} in 48833965Sjdp [Yy][Ee][Ss]) 48933965Sjdp echo -n ' mrouted'; mrouted ${mrouted_flags} 49033965Sjdp ;; 49133965Sjdp esac 49233965Sjdp 49333965Sjdp case ${rarpd_enable} in 49433965Sjdp [Yy][Ee][Ss]) 49533965Sjdp echo -n ' rarpd'; rarpd ${rarpd_flags} 49633965Sjdp ;; 49733965Sjdp esac 49833965Sjdp echo '.' 49933965Sjdp 50033965Sjdp # Let future generations know we made it. 50133965Sjdp # 50233965Sjdp network_pass1_done=YES 50333965Sjdp} 50433965Sjdp 50533965Sjdpnetwork_pass2() { 50633965Sjdp echo -n 'Doing additional network setup:' 50733965Sjdp case ${named_enable} in 50833965Sjdp [Yy][Ee][Ss]) 50933965Sjdp echo -n ' named'; ${named_program:-named} ${named_flags} 51033965Sjdp ;; 51133965Sjdp esac 51233965Sjdp 51333965Sjdp case ${ntpdate_enable} in 51433965Sjdp [Yy][Ee][Ss]) 51533965Sjdp echo -n ' ntpdate' 51633965Sjdp ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 51733965Sjdp ;; 51833965Sjdp esac 51933965Sjdp 52033965Sjdp case ${xntpd_enable} in 52133965Sjdp [Yy][Ee][Ss]) 52233965Sjdp echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 52333965Sjdp ;; 52433965Sjdp esac 52533965Sjdp 52633965Sjdp case ${timed_enable} in 52733965Sjdp [Yy][Ee][Ss]) 52833965Sjdp echo -n ' timed'; timed ${timed_flags} 52933965Sjdp ;; 53033965Sjdp esac 53133965Sjdp 53233965Sjdp case ${portmap_enable} in 53333965Sjdp [Yy][Ee][Ss]) 53433965Sjdp echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 53533965Sjdp ${portmap_flags} 53633965Sjdp 53733965Sjdp # Start ypserv if we're an NIS server. 53833965Sjdp # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 53933965Sjdp # 54033965Sjdp case ${nis_server_enable} in 54133965Sjdp [Yy][Ee][Ss]) 54233965Sjdp echo -n ' ypserv'; ypserv ${nis_server_flags} 54333965Sjdp 54433965Sjdp case ${nis_ypxfrd_enable} in 54533965Sjdp [Yy][Ee][Ss]) 54633965Sjdp echo -n ' rpc.ypxfrd' 54733965Sjdp rpc.ypxfrd ${nis_ypxfrd_flags} 54833965Sjdp ;; 54933965Sjdp esac 55033965Sjdp 55133965Sjdp case ${nis_yppasswdd_enable} in 55233965Sjdp [Yy][Ee][Ss]) 55333965Sjdp echo -n ' rpc.yppasswdd' 55433965Sjdp rpc.yppasswdd ${nis_yppasswdd_flags} 55533965Sjdp ;; 55633965Sjdp esac 55733965Sjdp ;; 55833965Sjdp esac 55933965Sjdp 56033965Sjdp # Start ypbind if we're an NIS client 56133965Sjdp # 56233965Sjdp case ${nis_client_enable} in 56333965Sjdp [Yy][Ee][Ss]) 56433965Sjdp echo -n ' ypbind'; ypbind ${nis_client_flags} 56533965Sjdp case ${nis_ypset_enable} in 56633965Sjdp [Yy][Ee][Ss]) 56733965Sjdp echo -n ' ypset'; ypset ${nis_ypset_flags} 56833965Sjdp ;; 56933965Sjdp esac 57033965Sjdp ;; 57133965Sjdp esac 57233965Sjdp 57333965Sjdp # Start keyserv if we are running Secure RPC 57433965Sjdp # 57533965Sjdp case ${keyserv_enable} in 57633965Sjdp [Yy][Ee][Ss]) 57733965Sjdp echo -n ' keyserv'; keyserv ${keyserv_flags} 57833965Sjdp ;; 57933965Sjdp esac 58033965Sjdp 58133965Sjdp # Start ypupdated if we are running Secure RPC 58233965Sjdp # and we are NIS master 58333965Sjdp # 58433965Sjdp case ${rpc_ypupdated_enable} in 58533965Sjdp [Yy][Ee][Ss]) 58633965Sjdp echo -n ' rpc.ypupdated'; rpc.ypupdated 58733965Sjdp ;; 58833965Sjdp esac 58933965Sjdp ;; 59033965Sjdp esac 59133965Sjdp 59233965Sjdp # Start ATM daemons 59333965Sjdp if [ -n "${atm_pass2_done}" ]; then 59433965Sjdp atm_pass3 59533965Sjdp fi 59633965Sjdp 59733965Sjdp echo '.' 59833965Sjdp network_pass2_done=YES 59933965Sjdp} 60033965Sjdp 60133965Sjdpnetwork_pass3() { 60233965Sjdp echo -n 'Starting final network daemons:' 60333965Sjdp 60433965Sjdp case ${portmap_enable} in 60533965Sjdp [Yy][Ee][Ss]) 60633965Sjdp case ${nfs_server_enable} in 60733965Sjdp [Yy][Ee][Ss]) 60833965Sjdp if [ -r /etc/exports ]; then 60933965Sjdp echo -n ' mountd' 61033965Sjdp 61133965Sjdp case ${weak_mountd_authentication} in 61233965Sjdp [Yy][Ee][Ss]) 61333965Sjdp mountd_flags="${mountd_flags} -n" 61433965Sjdp ;; 61533965Sjdp esac 61633965Sjdp 61733965Sjdp mountd ${mountd_flags} 61833965Sjdp 61933965Sjdp case ${nfs_reserved_port_only} in 62033965Sjdp [Yy][Ee][Ss]) 62133965Sjdp echo -n ' NFS on reserved port only=YES' 62233965Sjdp sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 62333965Sjdp ;; 62433965Sjdp esac 62533965Sjdp 62633965Sjdp echo -n ' nfsd'; nfsd ${nfs_server_flags} 62733965Sjdp 62833965Sjdp case ${rpc_lockd_enable} in 62933965Sjdp [Yy][Ee][Ss]) 63033965Sjdp echo -n ' rpc.lockd'; rpc.lockd 63133965Sjdp ;; 63233965Sjdp esac 63333965Sjdp 63433965Sjdp case ${rpc_statd_enable} in 63533965Sjdp [Yy][Ee][Ss]) 63633965Sjdp echo -n ' rpc.statd'; rpc.statd 63733965Sjdp ;; 63833965Sjdp esac 63933965Sjdp fi 64033965Sjdp ;; 64133965Sjdp *) 64233965Sjdp case ${single_mountd_enable} in 64333965Sjdp [Yy][Ee][Ss]) 64433965Sjdp if [ -r /etc/exports ]; then 64533965Sjdp echo -n ' mountd' 64633965Sjdp 64733965Sjdp case ${weak_mountd_authentication} in 64833965Sjdp [Yy][Ee][Ss]) 64933965Sjdp mountd_flags="-n" 65033965Sjdp ;; 65133965Sjdp esac 65233965Sjdp 65333965Sjdp mountd ${mountd_flags} 65433965Sjdp fi 65533965Sjdp ;; 65633965Sjdp esac 65733965Sjdp ;; 65833965Sjdp esac 65933965Sjdp 66033965Sjdp case ${nfs_client_enable} in 66133965Sjdp [Yy][Ee][Ss]) 66233965Sjdp #echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 66333965Sjdp if [ -n "${nfs_access_cache}" ]; then 66433965Sjdp echo -n " NFS access cache time=${nfs_access_cache}" 66533965Sjdp sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 66633965Sjdp fi 66733965Sjdp if [ -n "${nfs_bufpackets}" ]; then 66833965Sjdp sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 66933965Sjdp fi 67033965Sjdp ;; 67133965Sjdp esac 67233965Sjdp 67333965Sjdp # If /var/db/mounttab exists, some nfs-server has not been 67433965Sjdp # sucessfully notified about a previous client shutdown. 67533965Sjdp # If there is no /var/db/mounttab, we do nothing. 67633965Sjdp if [ -f /var/db/mounttab ]; then 67733965Sjdp rpc.umntall -k 67833965Sjdp fi 67933965Sjdp 68033965Sjdp case ${amd_enable} in 68133965Sjdp [Yy][Ee][Ss]) 68233965Sjdp echo -n ' amd' 68333965Sjdp case ${amd_map_program} in 68433965Sjdp [Nn][Oo] | '') 68533965Sjdp ;; 68633965Sjdp *) 68733965Sjdp amd_flags="${amd_flags} `eval\ 68860484Sobrien ${amd_map_program}`" 68933965Sjdp ;; 69033965Sjdp esac 69133965Sjdp 69233965Sjdp if [ -n "${amd_flags}" ]; then 69333965Sjdp amd -p ${amd_flags}\ 69433965Sjdp > /var/run/amd.pid 2> /dev/null 69533965Sjdp else 69633965Sjdp amd 2> /dev/null 69733965Sjdp fi 69833965Sjdp ;; 69933965Sjdp esac 70033965Sjdp ;; 70133965Sjdp esac 70233965Sjdp 70333965Sjdp case ${rwhod_enable} in 70433965Sjdp [Yy][Ee][Ss]) 70533965Sjdp echo -n ' rwhod'; rwhod ${rwhod_flags} 70633965Sjdp ;; 70733965Sjdp esac 70833965Sjdp 70933965Sjdp # Kerberos servers run ONLY on the Kerberos server machine 71033965Sjdp case ${kerberos4_server_enable} in 71133965Sjdp [Yy][Ee][Ss]) 71233965Sjdp case ${kerberos_stash} in 71333965Sjdp [Yy][Ee][Ss]) 71433965Sjdp stash=-n 71533965Sjdp ;; 71633965Sjdp *) 71733965Sjdp stash= 71833965Sjdp ;; 71933965Sjdp esac 72033965Sjdp 72133965Sjdp echo -n ' kerberosIV' 72233965Sjdp ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 72333965Sjdp 72433965Sjdp case ${kadmind4_server_enable} in 72533965Sjdp [Yy][Ee][Ss]) 72633965Sjdp echo -n ' kadmindIV' 72733965Sjdp ( 72833965Sjdp sleep 20; 72933965Sjdp ${kadmind4_server} ${stash} >/dev/null 2>&1 & 73033965Sjdp ) & 73133965Sjdp ;; 73233965Sjdp esac 73333965Sjdp unset stash_flag 73433965Sjdp ;; 73533965Sjdp esac 73633965Sjdp 73733965Sjdp case ${kerberos5_server_enable} in 73833965Sjdp [Yy][Ee][Ss]) 73933965Sjdp echo -n ' kerberos5' 74033965Sjdp ${kerberos5_server} & 74133965Sjdp 74233965Sjdp case ${kadmind5_server_enable} in 74333965Sjdp [Yy][Ee][Ss]) 74433965Sjdp echo -n ' kadmind5' 74533965Sjdp ${kadmind5_server} & 74633965Sjdp ;; 74733965Sjdp esac 74833965Sjdp ;; 74933965Sjdp esac 75033965Sjdp 75133965Sjdp case ${pppoed_enable} in 75233965Sjdp [Yy][Ee][Ss]) 75333965Sjdp if [ -n "${pppoed_provider}" ]; then 75433965Sjdp pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 75533965Sjdp fi 75633965Sjdp echo -n ' pppoed'; 75733965Sjdp /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 75833965Sjdp ;; 75933965Sjdp esac 76033965Sjdp 76133965Sjdp case ${sshd_enable} in 76233965Sjdp [Yy][Ee][Ss]) 76333965Sjdp if [ ! -f /etc/ssh/ssh_host_key ]; then 76433965Sjdp echo ' creating ssh RSA host key'; 76533965Sjdp /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 76633965Sjdp fi 76733965Sjdp if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 76833965Sjdp echo ' creating ssh DSA host key'; 76933965Sjdp /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 77033965Sjdp fi 77133965Sjdp ;; 77233965Sjdp esac 77333965Sjdp 77433965Sjdp echo '.' 77533965Sjdp network_pass3_done=YES 77633965Sjdp} 77733965Sjdp 77833965Sjdpnetwork_pass4() { 77933965Sjdp echo -n 'Additional TCP options:' 78033965Sjdp case ${log_in_vain} in 78133965Sjdp [Nn][Oo] | '') 78233965Sjdp ;; 78333965Sjdp *) 78433965Sjdp echo -n ' log_in_vain=YES' 78533965Sjdp sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 78633965Sjdp sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 78733965Sjdp ;; 78833965Sjdp esac 78933965Sjdp 79033965Sjdp echo '.' 79133965Sjdp network_pass4_done=YES 79233965Sjdp} 79360484Sobrien 79433965Sjdpnetwork_gif_setup() { 79533965Sjdp case ${gif_interfaces} in 79633965Sjdp [Nn][Oo] | '') 79733965Sjdp ;; 79833965Sjdp *) 79933965Sjdp for i in ${gif_interfaces}; do 80033965Sjdp eval peers=\$gifconfig_$i 80133965Sjdp case ${peers} in 80233965Sjdp '') 80333965Sjdp continue 80433965Sjdp ;; 80533965Sjdp *) 80633965Sjdp ifconfig $i create >/dev/null 2>&1 80733965Sjdp ifconfig $i tunnel ${peers} 80860484Sobrien ;; 80960484Sobrien esac 81060484Sobrien done 81160484Sobrien ;; 81260484Sobrien esac 81360484Sobrien} 81460484Sobrien 81560484Sobrienconvert_host_conf() { 81660484Sobrien host_conf=$1; shift; 81760484Sobrien nsswitch_conf=$1; shift; 81860484Sobrien awk ' \ 81960484Sobrien /^[:blank:]*#/ { next } \ 82060484Sobrien /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 82160484Sobrien /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 82260484Sobrien /nis/ { nsswitch[c] = "nis"; c++; next } \ 82360484Sobrien { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 82460484Sobrien END { \ 82560484Sobrien printf "hosts: "; \ 82660484Sobrien for (i in nsswitch) printf "%s ", nsswitch[i]; \ 82760484Sobrien printf "\n"; \ 82860484Sobrien }' < $host_conf > $nsswitch_conf 82960484Sobrien} 83060484Sobrien 83160484Sobrien