defaultroute revision 85221
1#!/bin/sh - 2# 3# Copyright (c) 1993 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: head/etc/rc.d/routing 85221 2001-10-20 04:41:47Z darrenr $ 28# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29# 30 31# Note that almost all of the user-configurable behavior is no longer in 32# this file, but rather in /etc/defaults/rc.conf. Please check that file 33# first before contemplating any changes here. If you do need to change 34# this file for some reason, we would like to know about it. 35 36# First pass startup stuff. 37# 38network_pass1() { 39 echo -n 'Doing initial network setup:' 40 41 # Convert host.conf to nsswitch.conf if necessary 42 if [ -f "/etc/host.conf" ]; then 43 echo '' 44 echo 'Warning: /etc/host.conf is no longer used' 45 if [ -f "/etc/nsswitch.conf" ]; then 46 echo ' /etc/nsswitch.conf will be used instead' 47 else 48 echo ' /etc/nsswitch.conf will be created for you' 49 convert_host_conf /etc/host.conf /etc/nsswitch.conf 50 fi 51 fi 52 53 # Set the host name if it is not already set 54 # 55 if [ -z "`hostname -s`" ]; then 56 hostname ${hostname} 57 echo -n ' hostname' 58 fi 59 60 # Establish ipfilter ruleset as early as possible (best in 61 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 62 # 63 if /sbin/ipfstat -i > /dev/null 2>&1; then 64 ipfilter_in_kernel=1 65 else 66 ipfilter_in_kernel=0 67 fi 68 69 case "${ipfilter_enable}" in 70 [Yy][Ee][Ss]) 71 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 72 ipfilter_in_kernel=1 73 echo "Kernel ipfilter module loaded." 74 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 75 echo "Warning: ipfilter kernel module failed to load." 76 fi 77 78 if [ -r "${ipfilter_rules}" ]; then 79 echo -n ' ipfilter'; 80 ${ipfilter_program:-/sbin/ipf -Fa -f} \ 81 "${ipfilter_rules}" ${ipfilter_flags} 82 case "${ipmon_enable}" in 83 [Yy][Ee][Ss]) 84 echo -n ' ipmon' 85 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 86 ;; 87 esac 88 case "${ipfs_enable}" in 89 [Yy][Ee][Ss]) 90 if [ -r "/var/db/ipf/ipstate.ipf" ]; then 91 echo -n ' ipfs'; 92 eval ${ipfs_program:-/sbin/ipfs -R} \ 93 ${ipfs_flags} 94 fi 95 ;; 96 esac 97 else 98 ipfilter_enable="NO" 99 echo -n ' NO IPF RULES' 100 fi 101 esac 102 case "${ipnat_enable}" in 103 [Yy][Ee][Ss]) 104 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 105 ipfilter_in_kernel=1 106 echo "Kernel ipfilter module loaded." 107 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 108 echo "Warning: ipfilter kernel module failed to load." 109 fi 110 if [ -r "${ipnat_rules}" ]; then 111 echo -n ' ipnat'; 112 eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 113 "${ipnat_rules}" ${ipnat_flags} 114 else 115 echo -n ' NO IPNAT RULES' 116 fi 117 ;; 118 esac 119 120 # Set the domainname if we're using NIS 121 # 122 case ${nisdomainname} in 123 [Nn][Oo] | '') 124 ;; 125 *) 126 domainname ${nisdomainname} 127 echo -n ' domain' 128 ;; 129 esac 130 131 echo '.' 132 133 # Initial ATM interface configuration 134 # 135 case ${atm_enable} in 136 [Yy][Ee][Ss]) 137 if [ -r /etc/rc.atm ]; then 138 . /etc/rc.atm 139 atm_pass1 140 fi 141 ;; 142 esac 143 144 # Attempt to create cloned interfaces. 145 for ifn in ${cloned_interfaces}; do 146 ifconfig ${ifn} create 147 done 148 149 # Special options for sppp(4) interfaces go here. These need 150 # to go _before_ the general ifconfig section, since in the case 151 # of hardwired (no link1 flag) but required authentication, you 152 # cannot pass auth parameters down to the already running interface. 153 # 154 for ifn in ${sppp_interfaces}; do 155 eval spppcontrol_args=\$spppconfig_${ifn} 156 if [ -n "${spppcontrol_args}" ]; then 157 # The auth secrets might contain spaces; in order 158 # to retain the quotation, we need to eval them 159 # here. 160 eval spppcontrol ${ifn} ${spppcontrol_args} 161 fi 162 done 163 164 # gifconfig 165 network_gif_setup 166 167 # Set up all the network interfaces, calling startup scripts if needed 168 # 169 case ${network_interfaces} in 170 [Aa][Uu][Tt][Oo]) 171 network_interfaces="`ifconfig -l`" 172 ;; 173 *) 174 network_interfaces="${network_interfaces} ${cloned_interfaces}" 175 ;; 176 esac 177 178 dhcp_interfaces="" 179 for ifn in ${network_interfaces}; do 180 if [ -r /etc/start_if.${ifn} ]; then 181 . /etc/start_if.${ifn} 182 eval showstat_$ifn=1 183 fi 184 185 # Do the primary ifconfig if specified 186 # 187 eval ifconfig_args=\$ifconfig_${ifn} 188 189 case ${ifconfig_args} in 190 '') 191 ;; 192 [Dd][Hh][Cc][Pp]) 193 # DHCP inits are done all in one go below 194 dhcp_interfaces="$dhcp_interfaces $ifn" 195 eval showstat_$ifn=1 196 ;; 197 *) 198 ifconfig ${ifn} ${ifconfig_args} 199 eval showstat_$ifn=1 200 ;; 201 esac 202 done 203 204 if [ ! -z "${dhcp_interfaces}" ]; then 205 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 206 fi 207 208 for ifn in ${network_interfaces}; do 209 # Check to see if aliases need to be added 210 # 211 alias=0 212 while : ; do 213 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 214 if [ -n "${ifconfig_args}" ]; then 215 ifconfig ${ifn} ${ifconfig_args} alias 216 eval showstat_$ifn=1 217 alias=`expr ${alias} + 1` 218 else 219 break; 220 fi 221 done 222 223 # Do ipx address if specified 224 # 225 eval ifconfig_args=\$ifconfig_${ifn}_ipx 226 if [ -n "${ifconfig_args}" ]; then 227 ifconfig ${ifn} ${ifconfig_args} 228 eval showstat_$ifn=1 229 fi 230 done 231 232 for ifn in ${network_interfaces}; do 233 eval showstat=\$showstat_${ifn} 234 if [ ! -z ${showstat} ]; then 235 ifconfig ${ifn} 236 fi 237 done 238 239 # ISDN subsystem startup 240 # 241 case ${isdn_enable} in 242 [Yy][Ee][Ss]) 243 if [ -r /etc/rc.isdn ]; then 244 . /etc/rc.isdn 245 fi 246 ;; 247 esac 248 249 # Start user ppp if required. This must happen before natd. 250 # 251 case ${ppp_enable} in 252 [Yy][Ee][Ss]) 253 # Establish ppp mode. 254 # 255 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 256 -a "${ppp_mode}" != "dedicated" \ 257 -a "${ppp_mode}" != "background" ]; then 258 ppp_mode="auto" 259 fi 260 261 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 262 263 # Switch on NAT mode? 264 # 265 case ${ppp_nat} in 266 [Yy][Ee][Ss]) 267 ppp_command="${ppp_command} -nat" 268 ;; 269 esac 270 271 ppp_command="${ppp_command} ${ppp_profile}" 272 273 echo "Starting ppp as \"${ppp_user}\"" 274 su -m ${ppp_user} -c "exec ${ppp_command}" 275 ;; 276 esac 277 278 # Initialize IP filtering using ipfw 279 # 280 if /sbin/ipfw -q flush > /dev/null 2>&1; then 281 firewall_in_kernel=1 282 else 283 firewall_in_kernel=0 284 fi 285 286 case ${firewall_enable} in 287 [Yy][Ee][Ss]) 288 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 289 firewall_in_kernel=1 290 echo 'Kernel firewall module loaded' 291 elif [ "${firewall_in_kernel}" -eq 0 ]; then 292 echo 'Warning: firewall kernel module failed to load' 293 fi 294 ;; 295 esac 296 297 # Load the filters if required 298 # 299 case ${firewall_in_kernel} in 300 1) 301 if [ -z "${firewall_script}" ]; then 302 firewall_script=/etc/rc.firewall 303 fi 304 305 case ${firewall_enable} in 306 [Yy][Ee][Ss]) 307 if [ -r "${firewall_script}" ]; then 308 . "${firewall_script}" 309 echo -n 'Firewall rules loaded, starting divert daemons:' 310 311 # Network Address Translation daemon 312 # 313 case ${natd_enable} in 314 [Yy][Ee][Ss]) 315 if [ -n "${natd_interface}" ]; then 316 if echo ${natd_interface} | \ 317 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 318 natd_ifarg="-a ${natd_interface}" 319 else 320 natd_ifarg="-n ${natd_interface}" 321 fi 322 323 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 324 fi 325 ;; 326 esac 327 328 echo '.' 329 330 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 331 echo 'Warning: kernel has firewall functionality,' \ 332 'but firewall rules are not enabled.' 333 echo ' All ip services are disabled.' 334 fi 335 336 case ${firewall_logging} in 337 [Yy][Ee][Ss] | '') 338 echo 'Firewall logging=YES' 339 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 340 ;; 341 *) 342 ;; 343 esac 344 345 ;; 346 esac 347 ;; 348 esac 349 350 # Additional ATM interface configuration 351 # 352 if [ -n "${atm_pass1_done}" ]; then 353 atm_pass2 354 fi 355 356 # Configure routing 357 # 358 case ${defaultrouter} in 359 [Nn][Oo] | '') 360 ;; 361 *) 362 static_routes="default ${static_routes}" 363 route_default="default ${defaultrouter}" 364 ;; 365 esac 366 367 # Set up any static routes. This should be done before router discovery. 368 # 369 if [ -n "${static_routes}" ]; then 370 for i in ${static_routes}; do 371 eval route_args=\$route_${i} 372 route add ${route_args} 373 done 374 fi 375 376 echo -n 'Additional routing options:' 377 case ${tcp_extensions} in 378 [Yy][Ee][Ss] | '') 379 ;; 380 *) 381 echo -n ' tcp extensions=NO' 382 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 383 ;; 384 esac 385 386 case ${icmp_bmcastecho} in 387 [Yy][Ee][Ss]) 388 echo -n ' broadcast ping responses=YES' 389 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 390 ;; 391 esac 392 393 case ${icmp_drop_redirect} in 394 [Yy][Ee][Ss]) 395 echo -n ' ignore ICMP redirect=YES' 396 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 397 ;; 398 esac 399 400 case ${icmp_log_redirect} in 401 [Yy][Ee][Ss]) 402 echo -n ' log ICMP redirect=YES' 403 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 404 ;; 405 esac 406 407 case ${gateway_enable} in 408 [Yy][Ee][Ss]) 409 echo -n ' IP gateway=YES' 410 sysctl -w net.inet.ip.forwarding=1 >/dev/null 411 ;; 412 esac 413 414 case ${forward_sourceroute} in 415 [Yy][Ee][Ss]) 416 echo -n ' do source routing=YES' 417 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 418 ;; 419 esac 420 421 case ${accept_sourceroute} in 422 [Yy][Ee][Ss]) 423 echo -n ' accept source routing=YES' 424 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 425 ;; 426 esac 427 428 case ${tcp_keepalive} in 429 [Yy][Ee][Ss]) 430 echo -n ' TCP keepalive=YES' 431 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 432 ;; 433 esac 434 435 case ${tcp_drop_synfin} in 436 [Yy][Ee][Ss]) 437 echo -n ' drop SYN+FIN packets=YES' 438 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 439 ;; 440 esac 441 442 case ${ipxgateway_enable} in 443 [Yy][Ee][Ss]) 444 echo -n ' IPX gateway=YES' 445 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 446 ;; 447 esac 448 449 case ${arpproxy_all} in 450 [Yy][Ee][Ss]) 451 echo -n ' ARP proxyall=YES' 452 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 453 ;; 454 esac 455 456 case ${ip_portrange_first} in 457 [Nn][Oo] | '') 458 ;; 459 *) 460 echo -n " ip_portrange_first=$ip_portrange_first" 461 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 462 ;; 463 esac 464 465 case ${ip_portrange_last} in 466 [Nn][Oo] | '') 467 ;; 468 *) 469 echo -n " ip_portrange_last=$ip_portrange_last" 470 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 471 ;; 472 esac 473 474 echo '.' 475 476 case ${ipsec_enable} in 477 [Yy][Ee][Ss]) 478 if [ -f ${ipsec_file} ]; then 479 echo ' ipsec: enabled' 480 setkey -f ${ipsec_file} 481 else 482 echo ' ipsec: file not found' 483 fi 484 ;; 485 esac 486 487 echo -n 'Routing daemons:' 488 case ${router_enable} in 489 [Yy][Ee][Ss]) 490 echo -n " ${router}"; ${router} ${router_flags} 491 ;; 492 esac 493 494 case ${ipxrouted_enable} in 495 [Yy][Ee][Ss]) 496 echo -n ' IPXrouted' 497 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 498 ;; 499 esac 500 501 case ${mrouted_enable} in 502 [Yy][Ee][Ss]) 503 echo -n ' mrouted'; mrouted ${mrouted_flags} 504 ;; 505 esac 506 507 case ${rarpd_enable} in 508 [Yy][Ee][Ss]) 509 echo -n ' rarpd'; rarpd ${rarpd_flags} 510 ;; 511 esac 512 echo '.' 513 514 # Let future generations know we made it. 515 # 516 network_pass1_done=YES 517} 518 519network_pass2() { 520 echo -n 'Doing additional network setup:' 521 case ${named_enable} in 522 [Yy][Ee][Ss]) 523 echo -n ' named'; ${named_program:-named} ${named_flags} 524 ;; 525 esac 526 527 case ${ntpdate_enable} in 528 [Yy][Ee][Ss]) 529 echo -n ' ntpdate' 530 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 531 ;; 532 esac 533 534 case ${xntpd_enable} in 535 [Yy][Ee][Ss]) 536 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 537 ;; 538 esac 539 540 case ${timed_enable} in 541 [Yy][Ee][Ss]) 542 echo -n ' timed'; timed ${timed_flags} 543 ;; 544 esac 545 546 case ${portmap_enable} in 547 [Yy][Ee][Ss]) 548 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 549 ${portmap_flags} 550 551 # Start ypserv if we're an NIS server. 552 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 553 # 554 case ${nis_server_enable} in 555 [Yy][Ee][Ss]) 556 echo -n ' ypserv'; ypserv ${nis_server_flags} 557 558 case ${nis_ypxfrd_enable} in 559 [Yy][Ee][Ss]) 560 echo -n ' rpc.ypxfrd' 561 rpc.ypxfrd ${nis_ypxfrd_flags} 562 ;; 563 esac 564 565 case ${nis_yppasswdd_enable} in 566 [Yy][Ee][Ss]) 567 echo -n ' rpc.yppasswdd' 568 rpc.yppasswdd ${nis_yppasswdd_flags} 569 ;; 570 esac 571 ;; 572 esac 573 574 # Start ypbind if we're an NIS client 575 # 576 case ${nis_client_enable} in 577 [Yy][Ee][Ss]) 578 echo -n ' ypbind'; ypbind ${nis_client_flags} 579 case ${nis_ypset_enable} in 580 [Yy][Ee][Ss]) 581 echo -n ' ypset'; ypset ${nis_ypset_flags} 582 ;; 583 esac 584 ;; 585 esac 586 587 # Start keyserv if we are running Secure RPC 588 # 589 case ${keyserv_enable} in 590 [Yy][Ee][Ss]) 591 echo -n ' keyserv'; keyserv ${keyserv_flags} 592 ;; 593 esac 594 595 # Start ypupdated if we are running Secure RPC 596 # and we are NIS master 597 # 598 case ${rpc_ypupdated_enable} in 599 [Yy][Ee][Ss]) 600 echo -n ' rpc.ypupdated'; rpc.ypupdated 601 ;; 602 esac 603 ;; 604 esac 605 606 # Start ATM daemons 607 if [ -n "${atm_pass2_done}" ]; then 608 atm_pass3 609 fi 610 611 echo '.' 612 network_pass2_done=YES 613} 614 615network_pass3() { 616 echo -n 'Starting final network daemons:' 617 618 case ${portmap_enable} in 619 [Yy][Ee][Ss]) 620 case ${nfs_server_enable} in 621 [Yy][Ee][Ss]) 622 # Handle absent nfs server support 623 nfsserver_in_kernel=0 624 if sysctl vfs.nfsrv >/dev/null 2>&1; then 625 nfsserver_in_kernel=1 626 else 627 kldload nfsserver && nfsserver_in_kernel=1 628 fi 629 630 if [ -r /etc/exports -a \ 631 ${nfsserver_in_kernel} -eq 1 ]; then 632 echo -n ' mountd' 633 634 case ${weak_mountd_authentication} in 635 [Yy][Ee][Ss]) 636 mountd_flags="${mountd_flags} -n" 637 ;; 638 esac 639 640 mountd ${mountd_flags} 641 642 case ${nfs_reserved_port_only} in 643 [Yy][Ee][Ss]) 644 echo -n ' NFS on reserved port only=YES' 645 sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 646 ;; 647 esac 648 649 echo -n ' nfsd'; nfsd ${nfs_server_flags} 650 651 case ${rpc_lockd_enable} in 652 [Yy][Ee][Ss]) 653 echo -n ' rpc.lockd'; rpc.lockd 654 ;; 655 esac 656 657 case ${rpc_statd_enable} in 658 [Yy][Ee][Ss]) 659 echo -n ' rpc.statd'; rpc.statd 660 ;; 661 esac 662 else 663 echo -n ' Warning: nfs server failed' 664 fi 665 ;; 666 *) 667 case ${single_mountd_enable} in 668 [Yy][Ee][Ss]) 669 if [ -r /etc/exports ]; then 670 echo -n ' mountd' 671 672 case ${weak_mountd_authentication} in 673 [Yy][Ee][Ss]) 674 mountd_flags="-n" 675 ;; 676 esac 677 678 mountd ${mountd_flags} 679 fi 680 ;; 681 esac 682 ;; 683 esac 684 685 case ${nfs_client_enable} in 686 [Yy][Ee][Ss]) 687 if [ -n "${nfs_access_cache}" ]; then 688 echo -n " NFS access cache time=${nfs_access_cache}" 689 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 690 fi 691 if [ -n "${nfs_bufpackets}" ]; then 692 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 693 fi 694 ;; 695 esac 696 697 # If /var/db/mounttab exists, some nfs-server has not been 698 # sucessfully notified about a previous client shutdown. 699 # If there is no /var/db/mounttab, we do nothing. 700 if [ -f /var/db/mounttab ]; then 701 rpc.umntall -k 702 fi 703 704 case ${amd_enable} in 705 [Yy][Ee][Ss]) 706 echo -n ' amd' 707 case ${amd_map_program} in 708 [Nn][Oo] | '') 709 ;; 710 *) 711 amd_flags="${amd_flags} `eval\ 712 ${amd_map_program}`" 713 ;; 714 esac 715 716 if [ -n "${amd_flags}" ]; then 717 amd -p ${amd_flags}\ 718 > /var/run/amd.pid 2> /dev/null 719 else 720 amd 2> /dev/null 721 fi 722 ;; 723 esac 724 ;; 725 esac 726 727 case ${rwhod_enable} in 728 [Yy][Ee][Ss]) 729 echo -n ' rwhod'; rwhod ${rwhod_flags} 730 ;; 731 esac 732 733 # Kerberos servers run ONLY on the Kerberos server machine 734 case ${kerberos4_server_enable} in 735 [Yy][Ee][Ss]) 736 case ${kerberos_stash} in 737 [Yy][Ee][Ss]) 738 stash=-n 739 ;; 740 *) 741 stash= 742 ;; 743 esac 744 745 echo -n ' kerberosIV' 746 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 747 748 case ${kadmind4_server_enable} in 749 [Yy][Ee][Ss]) 750 echo -n ' kadmindIV' 751 ( 752 sleep 20; 753 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 754 ) & 755 ;; 756 esac 757 unset stash_flag 758 ;; 759 esac 760 761 case ${kerberos5_server_enable} in 762 [Yy][Ee][Ss]) 763 echo -n ' kerberos5' 764 ${kerberos5_server} & 765 766 case ${kadmind5_server_enable} in 767 [Yy][Ee][Ss]) 768 echo -n ' kadmind5' 769 ${kadmind5_server} & 770 ;; 771 esac 772 ;; 773 esac 774 775 case ${pppoed_enable} in 776 [Yy][Ee][Ss]) 777 if [ -n "${pppoed_provider}" ]; then 778 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 779 fi 780 echo -n ' pppoed'; 781 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 782 ;; 783 esac 784 785 case ${sshd_enable} in 786 [Yy][Ee][Ss]) 787 if [ ! -f /etc/ssh/ssh_host_key ]; then 788 echo ' creating ssh RSA host key'; 789 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 790 fi 791 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 792 echo ' creating ssh DSA host key'; 793 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 794 fi 795 ;; 796 esac 797 798 echo '.' 799 network_pass3_done=YES 800} 801 802network_pass4() { 803 echo -n 'Additional TCP options:' 804 case ${log_in_vain} in 805 [Nn][Oo] | '') 806 ;; 807 *) 808 echo -n ' log_in_vain=YES' 809 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 810 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 811 ;; 812 esac 813 814 echo '.' 815 network_pass4_done=YES 816} 817 818network_gif_setup() { 819 case ${gif_interfaces} in 820 [Nn][Oo] | '') 821 ;; 822 *) 823 for i in ${gif_interfaces}; do 824 eval peers=\$gifconfig_$i 825 case ${peers} in 826 '') 827 continue 828 ;; 829 *) 830 ifconfig $i create >/dev/null 2>&1 831 ifconfig $i tunnel ${peers} 832 ;; 833 esac 834 done 835 ;; 836 esac 837} 838 839convert_host_conf() { 840 host_conf=$1; shift; 841 nsswitch_conf=$1; shift; 842 awk ' \ 843 /^[:blank:]*#/ { next } \ 844 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 845 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 846 /nis/ { nsswitch[c] = "nis"; c++; next } \ 847 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 848 END { \ 849 printf "hosts: "; \ 850 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 851 printf "\n"; \ 852 }' < $host_conf > $nsswitch_conf 853} 854 855