defaultroute revision 86342
1#!/bin/sh - 2# 3# Copyright (c) 1993 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: head/etc/rc.d/routing 86342 2001-11-14 06:35:43Z sheldonh $ 28# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29# 30 31# Note that almost all of the user-configurable behavior is no longer in 32# this file, but rather in /etc/defaults/rc.conf. Please check that file 33# first before contemplating any changes here. If you do need to change 34# this file for some reason, we would like to know about it. 35 36# First pass startup stuff. 37# 38network_pass1() { 39 echo -n 'Doing initial network setup:' 40 41 # Generate host.conf for compatibility 42 # 43 if [ -f "/etc/nsswitch.conf" ]; then 44 echo -n ' host.conf' 45 generate_host_conf /etc/nsswitch.conf /etc/host.conf 46 fi 47 48 # Convert host.conf to nsswitch.conf if necessary 49 # 50 if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 51 echo '' 52 echo 'Warning: /etc/host.conf is no longer used' 53 echo ' /etc/nsswitch.conf will be created for you' 54 convert_host_conf /etc/host.conf /etc/nsswitch.conf 55 fi 56 57 # Set the host name if it is not already set 58 # 59 if [ -z "`hostname -s`" ]; then 60 hostname ${hostname} 61 echo -n ' hostname' 62 fi 63 64 # Establish ipfilter ruleset as early as possible (best in 65 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 66 # 67 if /sbin/ipfstat -i > /dev/null 2>&1; then 68 ipfilter_in_kernel=1 69 else 70 ipfilter_in_kernel=0 71 fi 72 73 case "${ipfilter_enable}" in 74 [Yy][Ee][Ss]) 75 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 76 ipfilter_in_kernel=1 77 echo "Kernel ipfilter module loaded." 78 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 79 echo "Warning: ipfilter kernel module failed to load." 80 fi 81 82 if [ -r "${ipfilter_rules}" ]; then 83 echo -n ' ipfilter'; 84 ${ipfilter_program:-/sbin/ipf -Fa -f} \ 85 "${ipfilter_rules}" ${ipfilter_flags} 86 case "${ipmon_enable}" in 87 [Yy][Ee][Ss]) 88 echo -n ' ipmon' 89 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 90 ;; 91 esac 92 case "${ipfs_enable}" in 93 [Yy][Ee][Ss]) 94 if [ -r "/var/db/ipf/ipstate.ipf" ]; then 95 echo -n ' ipfs'; 96 eval ${ipfs_program:-/sbin/ipfs -R} \ 97 ${ipfs_flags} 98 fi 99 ;; 100 esac 101 else 102 ipfilter_enable="NO" 103 echo -n ' NO IPF RULES' 104 fi 105 esac 106 case "${ipnat_enable}" in 107 [Yy][Ee][Ss]) 108 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 109 ipfilter_in_kernel=1 110 echo "Kernel ipfilter module loaded." 111 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 112 echo "Warning: ipfilter kernel module failed to load." 113 fi 114 if [ -r "${ipnat_rules}" ]; then 115 echo -n ' ipnat'; 116 eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 117 "${ipnat_rules}" ${ipnat_flags} 118 else 119 echo -n ' NO IPNAT RULES' 120 fi 121 ;; 122 esac 123 124 # Set the domainname if we're using NIS 125 # 126 case ${nisdomainname} in 127 [Nn][Oo] | '') 128 ;; 129 *) 130 domainname ${nisdomainname} 131 echo -n ' domain' 132 ;; 133 esac 134 135 echo '.' 136 137 # Initial ATM interface configuration 138 # 139 case ${atm_enable} in 140 [Yy][Ee][Ss]) 141 if [ -r /etc/rc.atm ]; then 142 . /etc/rc.atm 143 atm_pass1 144 fi 145 ;; 146 esac 147 148 # Attempt to create cloned interfaces. 149 for ifn in ${cloned_interfaces}; do 150 ifconfig ${ifn} create 151 done 152 153 # Special options for sppp(4) interfaces go here. These need 154 # to go _before_ the general ifconfig section, since in the case 155 # of hardwired (no link1 flag) but required authentication, you 156 # cannot pass auth parameters down to the already running interface. 157 # 158 for ifn in ${sppp_interfaces}; do 159 eval spppcontrol_args=\$spppconfig_${ifn} 160 if [ -n "${spppcontrol_args}" ]; then 161 # The auth secrets might contain spaces; in order 162 # to retain the quotation, we need to eval them 163 # here. 164 eval spppcontrol ${ifn} ${spppcontrol_args} 165 fi 166 done 167 168 # gifconfig 169 network_gif_setup 170 171 # Set up all the network interfaces, calling startup scripts if needed 172 # 173 case ${network_interfaces} in 174 [Aa][Uu][Tt][Oo]) 175 network_interfaces="`ifconfig -l`" 176 ;; 177 *) 178 network_interfaces="${network_interfaces} ${cloned_interfaces}" 179 ;; 180 esac 181 182 dhcp_interfaces="" 183 for ifn in ${network_interfaces}; do 184 if [ -r /etc/start_if.${ifn} ]; then 185 . /etc/start_if.${ifn} 186 eval showstat_$ifn=1 187 fi 188 189 # Do the primary ifconfig if specified 190 # 191 eval ifconfig_args=\$ifconfig_${ifn} 192 193 case ${ifconfig_args} in 194 '') 195 ;; 196 [Dd][Hh][Cc][Pp]) 197 # DHCP inits are done all in one go below 198 dhcp_interfaces="$dhcp_interfaces $ifn" 199 eval showstat_$ifn=1 200 ;; 201 *) 202 ifconfig ${ifn} ${ifconfig_args} 203 eval showstat_$ifn=1 204 ;; 205 esac 206 done 207 208 if [ ! -z "${dhcp_interfaces}" ]; then 209 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 210 fi 211 212 for ifn in ${network_interfaces}; do 213 # Check to see if aliases need to be added 214 # 215 alias=0 216 while : ; do 217 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 218 if [ -n "${ifconfig_args}" ]; then 219 ifconfig ${ifn} ${ifconfig_args} alias 220 eval showstat_$ifn=1 221 alias=$((${alias} + 1)) 222 else 223 break; 224 fi 225 done 226 227 # Do ipx address if specified 228 # 229 eval ifconfig_args=\$ifconfig_${ifn}_ipx 230 if [ -n "${ifconfig_args}" ]; then 231 ifconfig ${ifn} ${ifconfig_args} 232 eval showstat_$ifn=1 233 fi 234 done 235 236 for ifn in ${network_interfaces}; do 237 eval showstat=\$showstat_${ifn} 238 if [ ! -z ${showstat} ]; then 239 ifconfig ${ifn} 240 fi 241 done 242 243 # ISDN subsystem startup 244 # 245 case ${isdn_enable} in 246 [Yy][Ee][Ss]) 247 if [ -r /etc/rc.isdn ]; then 248 . /etc/rc.isdn 249 fi 250 ;; 251 esac 252 253 # Start user ppp if required. This must happen before natd. 254 # 255 case ${ppp_enable} in 256 [Yy][Ee][Ss]) 257 # Establish ppp mode. 258 # 259 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 260 -a "${ppp_mode}" != "dedicated" \ 261 -a "${ppp_mode}" != "background" ]; then 262 ppp_mode="auto" 263 fi 264 265 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 266 267 # Switch on NAT mode? 268 # 269 case ${ppp_nat} in 270 [Yy][Ee][Ss]) 271 ppp_command="${ppp_command} -nat" 272 ;; 273 esac 274 275 ppp_command="${ppp_command} ${ppp_profile}" 276 277 echo "Starting ppp as \"${ppp_user}\"" 278 su -m ${ppp_user} -c "exec ${ppp_command}" 279 ;; 280 esac 281 282 # Re-Sync ipfilter 283 # 284 case ${ipfilter_enable} in 285 [Yy][Ee][Ss]) 286 ${ipfilter_program:-/sbin/ipf -y} 287 ;; 288 *) 289 case ${ipnat_enable} in 290 [Yy][Ee][Ss]) 291 ${ipfilter_program:-/sbin/ipf -y} 292 ;; 293 esac 294 esac 295 296 # Initialize IP filtering using ipfw 297 # 298 if /sbin/ipfw -q flush > /dev/null 2>&1; then 299 firewall_in_kernel=1 300 else 301 firewall_in_kernel=0 302 fi 303 304 case ${firewall_enable} in 305 [Yy][Ee][Ss]) 306 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 307 firewall_in_kernel=1 308 echo 'Kernel firewall module loaded' 309 elif [ "${firewall_in_kernel}" -eq 0 ]; then 310 echo 'Warning: firewall kernel module failed to load' 311 fi 312 ;; 313 esac 314 315 # Load the filters if required 316 # 317 case ${firewall_in_kernel} in 318 1) 319 if [ -z "${firewall_script}" ]; then 320 firewall_script=/etc/rc.firewall 321 fi 322 323 case ${firewall_enable} in 324 [Yy][Ee][Ss]) 325 if [ -r "${firewall_script}" ]; then 326 . "${firewall_script}" 327 echo -n 'Firewall rules loaded, starting divert daemons:' 328 329 # Network Address Translation daemon 330 # 331 case ${natd_enable} in 332 [Yy][Ee][Ss]) 333 if [ -n "${natd_interface}" ]; then 334 if echo ${natd_interface} | \ 335 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 336 natd_ifarg="-a ${natd_interface}" 337 else 338 natd_ifarg="-n ${natd_interface}" 339 fi 340 341 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 342 fi 343 ;; 344 esac 345 346 echo '.' 347 348 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 349 echo 'Warning: kernel has firewall functionality,' \ 350 'but firewall rules are not enabled.' 351 echo ' All ip services are disabled.' 352 fi 353 354 case ${firewall_logging} in 355 [Yy][Ee][Ss] | '') 356 echo 'Firewall logging=YES' 357 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 358 ;; 359 *) 360 ;; 361 esac 362 363 ;; 364 esac 365 ;; 366 esac 367 368 # Additional ATM interface configuration 369 # 370 if [ -n "${atm_pass1_done}" ]; then 371 atm_pass2 372 fi 373 374 # Configure routing 375 # 376 case ${defaultrouter} in 377 [Nn][Oo] | '') 378 ;; 379 *) 380 static_routes="default ${static_routes}" 381 route_default="default ${defaultrouter}" 382 ;; 383 esac 384 385 # Set up any static routes. This should be done before router discovery. 386 # 387 if [ -n "${static_routes}" ]; then 388 for i in ${static_routes}; do 389 eval route_args=\$route_${i} 390 route add ${route_args} 391 done 392 fi 393 394 echo -n 'Additional routing options:' 395 case ${tcp_extensions} in 396 [Yy][Ee][Ss] | '') 397 ;; 398 *) 399 echo -n ' tcp extensions=NO' 400 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 401 ;; 402 esac 403 404 case ${icmp_bmcastecho} in 405 [Yy][Ee][Ss]) 406 echo -n ' broadcast ping responses=YES' 407 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 408 ;; 409 esac 410 411 case ${icmp_drop_redirect} in 412 [Yy][Ee][Ss]) 413 echo -n ' ignore ICMP redirect=YES' 414 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 415 ;; 416 esac 417 418 case ${icmp_log_redirect} in 419 [Yy][Ee][Ss]) 420 echo -n ' log ICMP redirect=YES' 421 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 422 ;; 423 esac 424 425 case ${gateway_enable} in 426 [Yy][Ee][Ss]) 427 echo -n ' IP gateway=YES' 428 sysctl -w net.inet.ip.forwarding=1 >/dev/null 429 ;; 430 esac 431 432 case ${forward_sourceroute} in 433 [Yy][Ee][Ss]) 434 echo -n ' do source routing=YES' 435 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 436 ;; 437 esac 438 439 case ${accept_sourceroute} in 440 [Yy][Ee][Ss]) 441 echo -n ' accept source routing=YES' 442 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 443 ;; 444 esac 445 446 case ${tcp_keepalive} in 447 [Yy][Ee][Ss]) 448 echo -n ' TCP keepalive=YES' 449 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 450 ;; 451 esac 452 453 case ${tcp_drop_synfin} in 454 [Yy][Ee][Ss]) 455 echo -n ' drop SYN+FIN packets=YES' 456 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 457 ;; 458 esac 459 460 case ${ipxgateway_enable} in 461 [Yy][Ee][Ss]) 462 echo -n ' IPX gateway=YES' 463 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 464 ;; 465 esac 466 467 case ${arpproxy_all} in 468 [Yy][Ee][Ss]) 469 echo -n ' ARP proxyall=YES' 470 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 471 ;; 472 esac 473 474 case ${ip_portrange_first} in 475 [Nn][Oo] | '') 476 ;; 477 *) 478 echo -n " ip_portrange_first=$ip_portrange_first" 479 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 480 ;; 481 esac 482 483 case ${ip_portrange_last} in 484 [Nn][Oo] | '') 485 ;; 486 *) 487 echo -n " ip_portrange_last=$ip_portrange_last" 488 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 489 ;; 490 esac 491 492 echo '.' 493 494 case ${ipsec_enable} in 495 [Yy][Ee][Ss]) 496 if [ -f ${ipsec_file} ]; then 497 echo ' ipsec: enabled' 498 setkey -f ${ipsec_file} 499 else 500 echo ' ipsec: file not found' 501 fi 502 ;; 503 esac 504 505 echo -n 'Routing daemons:' 506 case ${router_enable} in 507 [Yy][Ee][Ss]) 508 echo -n " ${router}"; ${router} ${router_flags} 509 ;; 510 esac 511 512 case ${ipxrouted_enable} in 513 [Yy][Ee][Ss]) 514 echo -n ' IPXrouted' 515 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 516 ;; 517 esac 518 519 case ${mrouted_enable} in 520 [Yy][Ee][Ss]) 521 echo -n ' mrouted'; mrouted ${mrouted_flags} 522 ;; 523 esac 524 525 case ${rarpd_enable} in 526 [Yy][Ee][Ss]) 527 echo -n ' rarpd'; rarpd ${rarpd_flags} 528 ;; 529 esac 530 echo '.' 531 532 # Let future generations know we made it. 533 # 534 network_pass1_done=YES 535} 536 537network_pass2() { 538 echo -n 'Doing additional network setup:' 539 case ${named_enable} in 540 [Yy][Ee][Ss]) 541 echo -n ' named'; ${named_program:-named} ${named_flags} 542 ;; 543 esac 544 545 case ${ntpdate_enable} in 546 [Yy][Ee][Ss]) 547 echo -n ' ntpdate' 548 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 549 ;; 550 esac 551 552 case ${xntpd_enable} in 553 [Yy][Ee][Ss]) 554 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 555 ;; 556 esac 557 558 case ${timed_enable} in 559 [Yy][Ee][Ss]) 560 echo -n ' timed'; timed ${timed_flags} 561 ;; 562 esac 563 564 case ${portmap_enable} in 565 [Yy][Ee][Ss]) 566 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 567 ${portmap_flags} 568 569 # Start ypserv if we're an NIS server. 570 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 571 # 572 case ${nis_server_enable} in 573 [Yy][Ee][Ss]) 574 echo -n ' ypserv'; ypserv ${nis_server_flags} 575 576 case ${nis_ypxfrd_enable} in 577 [Yy][Ee][Ss]) 578 echo -n ' rpc.ypxfrd' 579 rpc.ypxfrd ${nis_ypxfrd_flags} 580 ;; 581 esac 582 583 case ${nis_yppasswdd_enable} in 584 [Yy][Ee][Ss]) 585 echo -n ' rpc.yppasswdd' 586 rpc.yppasswdd ${nis_yppasswdd_flags} 587 ;; 588 esac 589 ;; 590 esac 591 592 # Start ypbind if we're an NIS client 593 # 594 case ${nis_client_enable} in 595 [Yy][Ee][Ss]) 596 echo -n ' ypbind'; ypbind ${nis_client_flags} 597 case ${nis_ypset_enable} in 598 [Yy][Ee][Ss]) 599 echo -n ' ypset'; ypset ${nis_ypset_flags} 600 ;; 601 esac 602 ;; 603 esac 604 605 # Start keyserv if we are running Secure RPC 606 # 607 case ${keyserv_enable} in 608 [Yy][Ee][Ss]) 609 echo -n ' keyserv'; keyserv ${keyserv_flags} 610 ;; 611 esac 612 613 # Start ypupdated if we are running Secure RPC 614 # and we are NIS master 615 # 616 case ${rpc_ypupdated_enable} in 617 [Yy][Ee][Ss]) 618 echo -n ' rpc.ypupdated'; rpc.ypupdated 619 ;; 620 esac 621 ;; 622 esac 623 624 # Start ATM daemons 625 if [ -n "${atm_pass2_done}" ]; then 626 atm_pass3 627 fi 628 629 echo '.' 630 network_pass2_done=YES 631} 632 633network_pass3() { 634 echo -n 'Starting final network daemons:' 635 636 case ${portmap_enable} in 637 [Yy][Ee][Ss]) 638 case ${nfs_server_enable} in 639 [Yy][Ee][Ss]) 640 # Handle absent nfs server support 641 nfsserver_in_kernel=0 642 if sysctl vfs.nfsrv >/dev/null 2>&1; then 643 nfsserver_in_kernel=1 644 else 645 kldload nfsserver && nfsserver_in_kernel=1 646 fi 647 648 if [ -r /etc/exports -a \ 649 ${nfsserver_in_kernel} -eq 1 ]; then 650 echo -n ' mountd' 651 652 case ${weak_mountd_authentication} in 653 [Yy][Ee][Ss]) 654 mountd_flags="${mountd_flags} -n" 655 ;; 656 esac 657 658 mountd ${mountd_flags} 659 660 case ${nfs_reserved_port_only} in 661 [Yy][Ee][Ss]) 662 echo -n ' NFS on reserved port only=YES' 663 sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 664 ;; 665 esac 666 667 echo -n ' nfsd'; nfsd ${nfs_server_flags} 668 669 case ${rpc_lockd_enable} in 670 [Yy][Ee][Ss]) 671 echo -n ' rpc.lockd'; rpc.lockd 672 ;; 673 esac 674 675 case ${rpc_statd_enable} in 676 [Yy][Ee][Ss]) 677 echo -n ' rpc.statd'; rpc.statd 678 ;; 679 esac 680 else 681 echo -n ' Warning: nfs server failed' 682 fi 683 ;; 684 *) 685 case ${single_mountd_enable} in 686 [Yy][Ee][Ss]) 687 if [ -r /etc/exports ]; then 688 echo -n ' mountd' 689 690 case ${weak_mountd_authentication} in 691 [Yy][Ee][Ss]) 692 mountd_flags="-n" 693 ;; 694 esac 695 696 mountd ${mountd_flags} 697 fi 698 ;; 699 esac 700 ;; 701 esac 702 703 case ${nfs_client_enable} in 704 [Yy][Ee][Ss]) 705 if [ -n "${nfs_access_cache}" ]; then 706 echo -n " NFS access cache time=${nfs_access_cache}" 707 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 708 fi 709 if [ -n "${nfs_bufpackets}" ]; then 710 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 711 fi 712 ;; 713 esac 714 715 # If /var/db/mounttab exists, some nfs-server has not been 716 # sucessfully notified about a previous client shutdown. 717 # If there is no /var/db/mounttab, we do nothing. 718 if [ -f /var/db/mounttab ]; then 719 rpc.umntall -k 720 fi 721 722 case ${amd_enable} in 723 [Yy][Ee][Ss]) 724 echo -n ' amd' 725 case ${amd_map_program} in 726 [Nn][Oo] | '') 727 ;; 728 *) 729 amd_flags="${amd_flags} `eval\ 730 ${amd_map_program}`" 731 ;; 732 esac 733 734 if [ -n "${amd_flags}" ]; then 735 amd -p ${amd_flags}\ 736 > /var/run/amd.pid 2> /dev/null 737 else 738 amd 2> /dev/null 739 fi 740 ;; 741 esac 742 ;; 743 esac 744 745 case ${rwhod_enable} in 746 [Yy][Ee][Ss]) 747 echo -n ' rwhod'; rwhod ${rwhod_flags} 748 ;; 749 esac 750 751 # Kerberos servers run ONLY on the Kerberos server machine 752 case ${kerberos4_server_enable} in 753 [Yy][Ee][Ss]) 754 case ${kerberos_stash} in 755 [Yy][Ee][Ss]) 756 stash=-n 757 ;; 758 *) 759 stash= 760 ;; 761 esac 762 763 echo -n ' kerberosIV' 764 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 765 766 case ${kadmind4_server_enable} in 767 [Yy][Ee][Ss]) 768 echo -n ' kadmindIV' 769 ( 770 sleep 20; 771 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 772 ) & 773 ;; 774 esac 775 unset stash_flag 776 ;; 777 esac 778 779 case ${kerberos5_server_enable} in 780 [Yy][Ee][Ss]) 781 echo -n ' kerberos5' 782 ${kerberos5_server} & 783 784 case ${kadmind5_server_enable} in 785 [Yy][Ee][Ss]) 786 echo -n ' kadmind5' 787 ${kadmind5_server} & 788 ;; 789 esac 790 ;; 791 esac 792 793 case ${pppoed_enable} in 794 [Yy][Ee][Ss]) 795 if [ -n "${pppoed_provider}" ]; then 796 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 797 fi 798 echo -n ' pppoed'; 799 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 800 ;; 801 esac 802 803 case ${sshd_enable} in 804 [Yy][Ee][Ss]) 805 if [ ! -f /etc/ssh/ssh_host_key ]; then 806 echo ' creating ssh RSA host key'; 807 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 808 fi 809 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 810 echo ' creating ssh DSA host key'; 811 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 812 fi 813 ;; 814 esac 815 816 echo '.' 817 network_pass3_done=YES 818} 819 820network_pass4() { 821 echo -n 'Additional TCP options:' 822 case ${log_in_vain} in 823 [Nn][Oo] | '') 824 ;; 825 *) 826 echo -n ' log_in_vain=YES' 827 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 828 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 829 ;; 830 esac 831 832 echo '.' 833 network_pass4_done=YES 834} 835 836network_gif_setup() { 837 case ${gif_interfaces} in 838 [Nn][Oo] | '') 839 ;; 840 *) 841 for i in ${gif_interfaces}; do 842 eval peers=\$gifconfig_$i 843 case ${peers} in 844 '') 845 continue 846 ;; 847 *) 848 ifconfig $i create >/dev/null 2>&1 849 ifconfig $i tunnel ${peers} 850 ;; 851 esac 852 done 853 ;; 854 esac 855} 856 857convert_host_conf() { 858 host_conf=$1; shift; 859 nsswitch_conf=$1; shift; 860 awk ' \ 861 /^[:blank:]*#/ { next } \ 862 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 863 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 864 /nis/ { nsswitch[c] = "nis"; c++; next } \ 865 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 866 END { \ 867 printf "hosts: "; \ 868 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 869 printf "\n"; \ 870 }' < $host_conf > $nsswitch_conf 871} 872 873generate_host_conf() { 874 nsswitch_conf=$1; shift; 875 host_conf=$1; shift; 876 877 awk ' 878BEGIN { 879 xlat["files"] = "hosts"; 880 xlat["dns"] = "bind"; 881 xlat["nis"] = "nis"; 882 cont = 0; 883} 884sub(/^[\t ]*hosts:/, "") || cont { 885 if (!cont) 886 srcs = "" 887 sub(/#.*/, "") 888 gsub(/[][]/, " & ") 889 cont = sub(/\\$/, "") 890 srcs = srcs " " $0 891} 892END { 893 print "# Auto-generated from nsswitch.conf, do not edit" 894 ns = split(srcs, s) 895 for (n = 1; n <= ns; ++n) { 896 if (s[n] in xlat) 897 print xlat[s[n]] 898 } 899} 900' <$nsswitch_conf >$host_conf 901} 902