defaultroute revision 85221 
1#!/bin/sh -
2#
3# Copyright (c) 1993  The FreeBSD Project
4# All rights reserved.
5#
6# Redistribution and use in source and binary forms, with or without
7# modification, are permitted provided that the following conditions
8# are met:
9# 1. Redistributions of source code must retain the above copyright
10#    notice, this list of conditions and the following disclaimer.
11# 2. Redistributions in binary form must reproduce the above copyright
12#    notice, this list of conditions and the following disclaimer in the
13#    documentation and/or other materials provided with the distribution.
14#
15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25# SUCH DAMAGE.
26#
27# $FreeBSD: head/etc/rc.d/routing 85221 2001-10-20 04:41:47Z darrenr $
28#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
29#
30
31# Note that almost all of the user-configurable behavior is no longer in
32# this file, but rather in /etc/defaults/rc.conf.  Please check that file
33# first before contemplating any changes here.  If you do need to change
34# this file for some reason, we would like to know about it.
35
36# First pass startup stuff.
37#
38network_pass1() {
39	echo -n 'Doing initial network setup:'
40
41	# Convert host.conf to nsswitch.conf if necessary
42	if [ -f "/etc/host.conf" ]; then
43		echo ''
44		echo 'Warning: /etc/host.conf is no longer used'
45		if [ -f "/etc/nsswitch.conf" ]; then
46		    echo '  /etc/nsswitch.conf will be used instead'
47		else
48		    echo '  /etc/nsswitch.conf will be created for you'
49		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50		fi
51	fi
52
53	# Set the host name if it is not already set
54	#
55	if [ -z "`hostname -s`" ]; then
56		hostname ${hostname}
57		echo -n ' hostname'
58	fi
59
60	# Establish ipfilter ruleset as early as possible (best in
61	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
62	#
63	if /sbin/ipfstat -i > /dev/null 2>&1; then
64		ipfilter_in_kernel=1
65	else
66		ipfilter_in_kernel=0
67	fi
68
69	case "${ipfilter_enable}" in
70	[Yy][Ee][Ss])
71		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
72			ipfilter_in_kernel=1
73			echo "Kernel ipfilter module loaded."
74		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
75			echo "Warning: ipfilter kernel module failed to load."
76		fi
77
78		if [ -r "${ipfilter_rules}" ]; then
79			echo -n ' ipfilter';
80			${ipfilter_program:-/sbin/ipf -Fa -f} \
81			    "${ipfilter_rules}" ${ipfilter_flags}
82			case "${ipmon_enable}" in
83			[Yy][Ee][Ss])
84				echo -n ' ipmon'
85				${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
86				;;
87			esac
88			case "${ipfs_enable}" in
89			[Yy][Ee][Ss])
90				if [ -r "/var/db/ipf/ipstate.ipf" ]; then
91					echo -n ' ipfs';
92					eval ${ipfs_program:-/sbin/ipfs -R} \
93						${ipfs_flags}
94				fi
95				;;
96			esac
97		else
98			ipfilter_enable="NO"
99			echo -n ' NO IPF RULES'
100		fi
101	esac
102	case "${ipnat_enable}" in
103	[Yy][Ee][Ss])
104		if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
105			ipfilter_in_kernel=1
106			echo "Kernel ipfilter module loaded."
107		elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
108			echo "Warning: ipfilter kernel module failed to load."
109		fi
110		if [ -r "${ipnat_rules}" ]; then
111			echo -n ' ipnat';
112		eval ${ipnat_program:-/sbin/ipnat -CF -f} \
113			"${ipnat_rules}" ${ipnat_flags}
114		else
115			echo -n ' NO IPNAT RULES'
116		fi
117		;;
118	esac
119
120	# Set the domainname if we're using NIS
121	#
122	case ${nisdomainname} in
123	[Nn][Oo] | '')
124		;;
125	*)
126		domainname ${nisdomainname}
127		echo -n ' domain'
128		;;
129	esac
130
131	echo '.'
132
133	# Initial ATM interface configuration
134	#
135	case ${atm_enable} in
136	[Yy][Ee][Ss])
137		if [ -r /etc/rc.atm ]; then
138			. /etc/rc.atm
139			atm_pass1
140		fi
141		;;
142	esac
143
144	# Attempt to create cloned interfaces.
145	for ifn in ${cloned_interfaces}; do
146		ifconfig ${ifn} create
147	done
148
149	# Special options for sppp(4) interfaces go here.  These need
150	# to go _before_ the general ifconfig section, since in the case
151	# of hardwired (no link1 flag) but required authentication, you
152	# cannot pass auth parameters down to the already running interface.
153	#
154	for ifn in ${sppp_interfaces}; do
155		eval spppcontrol_args=\$spppconfig_${ifn}
156		if [ -n "${spppcontrol_args}" ]; then
157			# The auth secrets might contain spaces; in order
158			# to retain the quotation, we need to eval them
159			# here.
160			eval spppcontrol ${ifn} ${spppcontrol_args}
161		fi
162	done
163
164	# gifconfig
165	network_gif_setup
166
167	# Set up all the network interfaces, calling startup scripts if needed
168	#
169	case ${network_interfaces} in
170	[Aa][Uu][Tt][Oo])
171		network_interfaces="`ifconfig -l`"
172		;;
173	*)
174		network_interfaces="${network_interfaces} ${cloned_interfaces}"
175		;;
176	esac
177
178	dhcp_interfaces=""
179	for ifn in ${network_interfaces}; do
180		if [ -r /etc/start_if.${ifn} ]; then
181			. /etc/start_if.${ifn}
182			eval showstat_$ifn=1
183		fi
184
185		# Do the primary ifconfig if specified
186		#
187		eval ifconfig_args=\$ifconfig_${ifn}
188
189		case ${ifconfig_args} in
190		'')
191			;;
192		[Dd][Hh][Cc][Pp])
193			# DHCP inits are done all in one go below
194			dhcp_interfaces="$dhcp_interfaces $ifn"
195			eval showstat_$ifn=1
196			;;
197		*)
198			ifconfig ${ifn} ${ifconfig_args}
199			eval showstat_$ifn=1
200			;;
201		esac
202	done
203
204	if [ ! -z "${dhcp_interfaces}" ]; then
205		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
206	fi
207
208	for ifn in ${network_interfaces}; do
209		# Check to see if aliases need to be added
210		#
211		alias=0
212		while : ; do
213			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
214			if [ -n "${ifconfig_args}" ]; then
215				ifconfig ${ifn} ${ifconfig_args} alias
216				eval showstat_$ifn=1
217				alias=`expr ${alias} + 1`
218			else
219				break;
220			fi
221		done
222
223		# Do ipx address if specified
224		#
225		eval ifconfig_args=\$ifconfig_${ifn}_ipx
226		if [ -n "${ifconfig_args}" ]; then
227			ifconfig ${ifn} ${ifconfig_args}
228			eval showstat_$ifn=1
229		fi
230	done
231
232	for ifn in ${network_interfaces}; do
233		eval showstat=\$showstat_${ifn}
234		if [ ! -z ${showstat} ]; then
235			ifconfig ${ifn}
236		fi
237	done
238
239	# ISDN subsystem startup
240	#
241	case ${isdn_enable} in
242	[Yy][Ee][Ss])
243		if [ -r /etc/rc.isdn ]; then
244			. /etc/rc.isdn
245		fi
246		;;
247	esac
248
249	# Start user ppp if required.  This must happen before natd.
250	#
251	case ${ppp_enable} in
252	[Yy][Ee][Ss])
253		# Establish ppp mode.
254		#
255		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
256			-a "${ppp_mode}" != "dedicated" \
257			-a "${ppp_mode}" != "background" ]; then
258			ppp_mode="auto"
259		fi
260
261		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
262
263		# Switch on NAT mode?
264		#
265		case ${ppp_nat} in
266		[Yy][Ee][Ss])
267			ppp_command="${ppp_command} -nat"
268			;;
269		esac
270
271		ppp_command="${ppp_command} ${ppp_profile}"
272
273		echo "Starting ppp as \"${ppp_user}\""
274		su -m ${ppp_user} -c "exec ${ppp_command}"
275		;;
276	esac
277
278	# Initialize IP filtering using ipfw
279	#
280	if /sbin/ipfw -q flush > /dev/null 2>&1; then
281		firewall_in_kernel=1
282	else
283		firewall_in_kernel=0
284	fi
285
286	case ${firewall_enable} in
287	[Yy][Ee][Ss])
288		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
289			firewall_in_kernel=1
290			echo 'Kernel firewall module loaded'
291		elif [ "${firewall_in_kernel}" -eq 0 ]; then
292			echo 'Warning: firewall kernel module failed to load'
293		fi
294		;;
295	esac
296
297	# Load the filters if required
298	#
299	case ${firewall_in_kernel} in
300	1)
301		if [ -z "${firewall_script}" ]; then
302			firewall_script=/etc/rc.firewall
303		fi
304
305		case ${firewall_enable} in
306		[Yy][Ee][Ss])
307			if [ -r "${firewall_script}" ]; then
308				. "${firewall_script}"
309				echo -n 'Firewall rules loaded, starting divert daemons:'
310
311				# Network Address Translation daemon
312				#
313				case ${natd_enable} in
314				[Yy][Ee][Ss])
315					if [ -n "${natd_interface}" ]; then
316						if echo ${natd_interface} | \
317							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
318							natd_ifarg="-a ${natd_interface}"
319						else
320							natd_ifarg="-n ${natd_interface}"
321						fi
322
323						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
324					fi
325					;;
326				esac
327
328				echo '.'
329
330			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
331				echo 'Warning: kernel has firewall functionality,' \
332				     'but firewall rules are not enabled.'
333				echo '		 All ip services are disabled.'
334			fi
335
336			case ${firewall_logging} in
337			[Yy][Ee][Ss] | '')
338				echo 'Firewall logging=YES'
339				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
340				;;
341			*)
342				;;
343			esac
344
345			;;
346		esac
347		;;
348	esac
349
350	# Additional ATM interface configuration
351	#
352	if [ -n "${atm_pass1_done}" ]; then
353		atm_pass2
354	fi
355
356	# Configure routing
357	#
358	case ${defaultrouter} in
359	[Nn][Oo] | '')
360		;;
361	*)
362		static_routes="default ${static_routes}"
363		route_default="default ${defaultrouter}"
364		;;
365	esac
366
367	# Set up any static routes.  This should be done before router discovery.
368	#
369	if [ -n "${static_routes}" ]; then
370		for i in ${static_routes}; do
371			eval route_args=\$route_${i}
372			route add ${route_args}
373		done
374	fi
375
376	echo -n 'Additional routing options:'
377	case ${tcp_extensions} in
378	[Yy][Ee][Ss] | '')
379		;;
380	*)
381		echo -n ' tcp extensions=NO'
382		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
383		;;
384	esac
385
386	case ${icmp_bmcastecho} in
387	[Yy][Ee][Ss])
388		echo -n ' broadcast ping responses=YES'
389		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
390		;;
391	esac
392
393	case ${icmp_drop_redirect} in
394	[Yy][Ee][Ss])
395		echo -n ' ignore ICMP redirect=YES'
396		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
397		;;
398	esac
399
400	case ${icmp_log_redirect} in
401	[Yy][Ee][Ss])
402		echo -n ' log ICMP redirect=YES'
403		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
404		;;
405	esac
406
407	case ${gateway_enable} in
408	[Yy][Ee][Ss])
409		echo -n ' IP gateway=YES'
410		sysctl -w net.inet.ip.forwarding=1 >/dev/null
411		;;
412	esac
413
414	case ${forward_sourceroute} in
415	[Yy][Ee][Ss])
416		echo -n ' do source routing=YES'
417		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
418		;;
419	esac
420
421	case ${accept_sourceroute} in
422	[Yy][Ee][Ss])
423		echo -n ' accept source routing=YES'
424		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
425		;;
426	esac
427
428	case ${tcp_keepalive} in
429	[Yy][Ee][Ss])
430		echo -n ' TCP keepalive=YES'
431		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
432		;;
433	esac
434
435	case ${tcp_drop_synfin} in
436	[Yy][Ee][Ss])
437		echo -n ' drop SYN+FIN packets=YES'
438		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
439		;;
440	esac
441
442	case ${ipxgateway_enable} in
443	[Yy][Ee][Ss])
444		echo -n ' IPX gateway=YES'
445		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
446		;;
447	esac
448
449	case ${arpproxy_all} in
450	[Yy][Ee][Ss])
451		echo -n ' ARP proxyall=YES'
452		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
453		;;
454	esac
455
456	case ${ip_portrange_first} in
457	[Nn][Oo] | '')
458		;;
459	*)
460		echo -n " ip_portrange_first=$ip_portrange_first"
461		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
462		;;
463	esac
464
465	case ${ip_portrange_last} in
466	[Nn][Oo] | '')
467		;;
468	*)
469		echo -n " ip_portrange_last=$ip_portrange_last"
470		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
471		;;
472	esac
473
474	echo '.'
475
476	case ${ipsec_enable} in
477	[Yy][Ee][Ss])
478		if [ -f ${ipsec_file} ]; then
479		    echo ' ipsec: enabled'
480		    setkey -f ${ipsec_file}
481		else
482		    echo ' ipsec: file not found'
483		fi
484		;;
485	esac
486
487	echo -n 'Routing daemons:'
488	case ${router_enable} in
489	[Yy][Ee][Ss])
490		echo -n " ${router}";	${router} ${router_flags}
491		;;
492	esac
493
494	case ${ipxrouted_enable} in
495	[Yy][Ee][Ss])
496		echo -n ' IPXrouted'
497		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
498		;;
499	esac
500
501	case ${mrouted_enable} in
502	[Yy][Ee][Ss])
503		echo -n ' mrouted';	mrouted ${mrouted_flags}
504		;;
505	esac
506
507	case ${rarpd_enable} in
508	[Yy][Ee][Ss])
509		echo -n ' rarpd';	rarpd ${rarpd_flags}
510		;;
511	esac
512	echo '.'
513
514	# Let future generations know we made it.
515	#
516	network_pass1_done=YES
517}
518
519network_pass2() {
520	echo -n 'Doing additional network setup:'
521	case ${named_enable} in
522	[Yy][Ee][Ss])
523		echo -n ' named';	${named_program:-named} ${named_flags}
524		;;
525	esac
526
527	case ${ntpdate_enable} in
528	[Yy][Ee][Ss])
529		echo -n ' ntpdate'
530		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
531		;;
532	esac
533
534	case ${xntpd_enable} in
535	[Yy][Ee][Ss])
536		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
537		;;
538	esac
539
540	case ${timed_enable} in
541	[Yy][Ee][Ss])
542		echo -n ' timed';	timed ${timed_flags}
543		;;
544	esac
545
546	case ${portmap_enable} in
547	[Yy][Ee][Ss])
548		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
549			${portmap_flags}
550
551		# Start ypserv if we're an NIS server.
552		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
553		#
554		case ${nis_server_enable} in
555		[Yy][Ee][Ss])
556			echo -n ' ypserv'; ypserv ${nis_server_flags}
557
558			case ${nis_ypxfrd_enable} in
559			[Yy][Ee][Ss])
560				echo -n ' rpc.ypxfrd'
561				rpc.ypxfrd ${nis_ypxfrd_flags}
562				;;
563			esac
564
565			case ${nis_yppasswdd_enable} in
566			[Yy][Ee][Ss])
567				echo -n ' rpc.yppasswdd'
568				rpc.yppasswdd ${nis_yppasswdd_flags}
569				;;
570			esac
571			;;
572		esac
573
574		# Start ypbind if we're an NIS client
575		#
576		case ${nis_client_enable} in
577		[Yy][Ee][Ss])
578			echo -n ' ypbind'; ypbind ${nis_client_flags}
579			case ${nis_ypset_enable} in
580			[Yy][Ee][Ss])
581				echo -n ' ypset';	ypset ${nis_ypset_flags}
582				;;
583			esac
584			;;
585		esac
586
587		# Start keyserv if we are running Secure RPC
588		#
589		case ${keyserv_enable} in
590		[Yy][Ee][Ss])
591			echo -n ' keyserv';	keyserv ${keyserv_flags}
592			;;
593		esac
594
595		# Start ypupdated if we are running Secure RPC
596		# and we are NIS master
597		#
598		case ${rpc_ypupdated_enable} in
599		[Yy][Ee][Ss])
600			echo -n ' rpc.ypupdated';	rpc.ypupdated
601			;;
602		esac
603		;;
604	esac
605
606	# Start ATM daemons
607	if [ -n "${atm_pass2_done}" ]; then
608		atm_pass3
609	fi
610
611	echo '.'
612	network_pass2_done=YES
613}
614
615network_pass3() {
616	echo -n 'Starting final network daemons:'
617
618	case ${portmap_enable} in
619	[Yy][Ee][Ss])
620		case ${nfs_server_enable} in
621		[Yy][Ee][Ss])
622			# Handle absent nfs server support
623			nfsserver_in_kernel=0
624			if sysctl vfs.nfsrv >/dev/null 2>&1; then
625				nfsserver_in_kernel=1
626			else
627				kldload nfsserver && nfsserver_in_kernel=1
628			fi
629
630			if [ -r /etc/exports -a \
631			    ${nfsserver_in_kernel} -eq 1 ]; then
632				echo -n ' mountd'
633
634				case ${weak_mountd_authentication} in
635				[Yy][Ee][Ss])
636					mountd_flags="${mountd_flags} -n"
637					;;
638				esac
639
640				mountd ${mountd_flags}
641
642				case ${nfs_reserved_port_only} in
643				[Yy][Ee][Ss])
644					echo -n ' NFS on reserved port only=YES'
645					sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
646					;;
647				esac
648
649				echo -n ' nfsd';	nfsd ${nfs_server_flags}
650
651				case ${rpc_lockd_enable} in
652				[Yy][Ee][Ss])
653					echo -n ' rpc.lockd';	rpc.lockd
654					;;
655				esac
656
657				case ${rpc_statd_enable} in
658				[Yy][Ee][Ss])
659					echo -n ' rpc.statd';	rpc.statd
660					;;
661				esac
662			else
663				echo -n ' Warning: nfs server failed'
664			fi
665			;;
666		*)
667			case ${single_mountd_enable} in
668			[Yy][Ee][Ss])
669				if [ -r /etc/exports ]; then
670					echo -n ' mountd'
671
672					case ${weak_mountd_authentication} in
673					[Yy][Ee][Ss])
674						mountd_flags="-n"
675						;;
676					esac
677
678					mountd ${mountd_flags}
679				fi
680				;;
681			esac
682			;;
683		esac
684
685		case ${nfs_client_enable} in
686		[Yy][Ee][Ss])
687			if [ -n "${nfs_access_cache}" ]; then
688				echo -n " NFS access cache time=${nfs_access_cache}"
689				sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
690			fi
691			if [ -n "${nfs_bufpackets}" ]; then
692				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
693			fi
694			;;
695		esac
696
697		# If /var/db/mounttab exists, some nfs-server has not been
698		# sucessfully notified about a previous client shutdown.
699		# If there is no /var/db/mounttab, we do nothing.
700		if [ -f /var/db/mounttab ]; then
701			rpc.umntall -k
702		fi
703
704		case ${amd_enable} in
705		[Yy][Ee][Ss])
706			echo -n ' amd'
707			case ${amd_map_program} in
708			[Nn][Oo] | '')
709				;;
710			*)
711				amd_flags="${amd_flags} `eval\
712					${amd_map_program}`"
713				;;
714			esac
715
716			if [ -n "${amd_flags}" ]; then
717				amd -p ${amd_flags}\
718					> /var/run/amd.pid 2> /dev/null
719			else
720				amd 2> /dev/null
721			fi
722			;;
723		esac
724		;;
725	esac
726
727	case ${rwhod_enable} in
728	[Yy][Ee][Ss])
729		echo -n ' rwhod';	rwhod ${rwhod_flags}
730		;;
731	esac
732
733	# Kerberos servers run ONLY on the Kerberos server machine
734	case ${kerberos4_server_enable} in
735	[Yy][Ee][Ss])
736		case ${kerberos_stash} in
737		[Yy][Ee][Ss])
738			stash=-n
739			;;
740		*)
741			stash=
742			;;
743		esac
744
745		echo -n ' kerberosIV'
746		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
747
748		case ${kadmind4_server_enable} in
749		[Yy][Ee][Ss])
750			echo -n ' kadmindIV'
751			(
752				sleep 20;
753				${kadmind4_server} ${stash} >/dev/null 2>&1 &
754			) &
755			;;
756		esac
757		unset stash_flag
758		;;
759	esac
760
761	case ${kerberos5_server_enable} in
762	[Yy][Ee][Ss])
763		echo -n ' kerberos5'
764		${kerberos5_server} &
765
766		case ${kadmind5_server_enable} in
767		[Yy][Ee][Ss])
768			echo -n ' kadmind5'
769			${kadmind5_server} &
770			;;
771		esac
772		;;
773	esac
774
775	case ${pppoed_enable} in
776	[Yy][Ee][Ss])
777		if [ -n "${pppoed_provider}" ]; then
778			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
779		fi
780		echo -n ' pppoed';
781		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
782		;;
783	esac
784
785	case ${sshd_enable} in
786	[Yy][Ee][Ss])
787		if [ ! -f /etc/ssh/ssh_host_key ]; then
788			echo ' creating ssh RSA host key';
789			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
790		fi
791		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
792			echo ' creating ssh DSA host key';
793			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
794		fi
795		;;
796	esac
797
798	echo '.'
799	network_pass3_done=YES
800}
801
802network_pass4() {
803	echo -n 'Additional TCP options:'
804	case ${log_in_vain} in
805	[Nn][Oo] | '')
806		;;
807	*)
808		echo -n ' log_in_vain=YES'
809		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
810		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
811		;;
812	esac
813
814	echo '.'
815	network_pass4_done=YES
816}
817
818network_gif_setup() {
819	case ${gif_interfaces} in
820	[Nn][Oo] | '')
821		;;
822	*)
823		for i in ${gif_interfaces}; do
824			eval peers=\$gifconfig_$i
825			case ${peers} in
826			'')
827				continue
828				;;
829			*)
830				ifconfig $i create >/dev/null 2>&1
831				ifconfig $i tunnel ${peers}
832				;;
833			esac
834		done
835		;;
836	esac
837}
838
839convert_host_conf() {
840    host_conf=$1; shift;
841    nsswitch_conf=$1; shift;
842    awk '                                                                   \
843        /^[:blank:]*#/       { next }                                       \
844        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
845        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
846        /nis/                { nsswitch[c] = "nis";   c++; next }           \
847        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
848        END {                                                               \
849                printf "hosts: ";                                           \
850                for (i in nsswitch) printf "%s ", nsswitch[i];              \
851                printf "\n";                                                \
852        }' < $host_conf > $nsswitch_conf
853}
854
855