defaultroute revision 89912
1139749Simp#!/bin/sh - 255992Swpaul# 355992Swpaul# Copyright (c) 1993 The FreeBSD Project 455992Swpaul# All rights reserved. 555992Swpaul# 655992Swpaul# Redistribution and use in source and binary forms, with or without 755992Swpaul# modification, are permitted provided that the following conditions 855992Swpaul# are met: 955992Swpaul# 1. Redistributions of source code must retain the above copyright 1055992Swpaul# notice, this list of conditions and the following disclaimer. 1155992Swpaul# 2. Redistributions in binary form must reproduce the above copyright 1255992Swpaul# notice, this list of conditions and the following disclaimer in the 1355992Swpaul# documentation and/or other materials provided with the distribution. 1455992Swpaul# 1555992Swpaul# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1655992Swpaul# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1755992Swpaul# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1855992Swpaul# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1955992Swpaul# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2055992Swpaul# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2155992Swpaul# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2255992Swpaul# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2355992Swpaul# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2455992Swpaul# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2555992Swpaul# SUCH DAMAGE. 2655992Swpaul# 2755992Swpaul# $FreeBSD: head/etc/rc.d/routing 89911 2002-01-28 11:05:01Z sheldonh $ 2855992Swpaul# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2955992Swpaul# 3055992Swpaul 3155992Swpaul# Note that almost all of the user-configurable behavior is no longer in 3255992Swpaul# this file, but rather in /etc/defaults/rc.conf. Please check that file 3355992Swpaul# first before contemplating any changes here. If you do need to change 3455992Swpaul# this file for some reason, we would like to know about it. 35110531Sambrisko 3655992Swpaul# First pass startup stuff. 3777217Sphk# 3877217Sphknetwork_pass1() { 3955992Swpaul echo -n 'Doing initial network setup:' 4055992Swpaul 4155992Swpaul # Generate host.conf for compatibility 4255992Swpaul # 4355992Swpaul if [ -f "/etc/nsswitch.conf" ]; then 4455992Swpaul echo -n ' host.conf' 4555992Swpaul generate_host_conf /etc/nsswitch.conf /etc/host.conf 4655992Swpaul fi 4755992Swpaul 48199756Sjhb # Convert host.conf to nsswitch.conf if necessary 4955992Swpaul # 50199756Sjhb if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 5155992Swpaul echo '' 52199756Sjhb echo 'Warning: /etc/host.conf is no longer used' 5355992Swpaul echo ' /etc/nsswitch.conf will be created for you' 54199756Sjhb convert_host_conf /etc/host.conf /etc/nsswitch.conf 5555992Swpaul fi 5655992Swpaul 57108401Sambrisko # Set the host name if it is not already set 58108401Sambrisko # 59199756Sjhb if [ -z "`hostname -s`" ]; then 60108401Sambrisko hostname ${hostname} 61199756Sjhb echo -n ' hostname' 62108401Sambrisko fi 63199756Sjhb 64108401Sambrisko # Establish ipfilter ruleset as early as possible (best in 65199756Sjhb # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 66108401Sambrisko 67108401Sambrisko # check whether ipfilter and/or ipnat is enabled 68108401Sambrisko ipfilter_active="NO" 69108401Sambrisko case ${ipfilter_enable} in 70108401Sambrisko [Yy][Ee][Ss]) 71199756Sjhb ipfilter_active="YES" 72108401Sambrisko ;; 73108401Sambrisko esac 74199756Sjhb case ${ipnat_enable} in 75108401Sambrisko [Yy][Ee][Ss]) 76108401Sambrisko ipfilter_active="YES" 77199756Sjhb ;; 78108401Sambrisko esac 79108401Sambrisko case ${ipfilter_active} in 80199756Sjhb [Yy][Ee][Ss]) 81108401Sambrisko # load ipfilter kernel module if needed 82108401Sambrisko if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 8355992Swpaul if kldload ipl; then 8455992Swpaul echo 'IP-filter module loaded.' 8555992Swpaul else 8655992Swpaul echo 'Warning: IP-filter module failed to load.' 8755992Swpaul # avoid further errors 88108401Sambrisko ipmon_enable="NO" 89108401Sambrisko ipfilter_enable="NO" 90119156Sambrisko ipnat_enable="NO" 91108401Sambrisko ipfs_enable="NO" 92108401Sambrisko fi 9355992Swpaul fi 9455992Swpaul # start ipmon before loading any rules 9555992Swpaul case "${ipmon_enable}" in 9655992Swpaul [Yy][Ee][Ss]) 97108401Sambrisko echo -n ' ipmon' 98108401Sambrisko ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 99108401Sambrisko ;; 100108401Sambrisko esac 101108401Sambrisko case "${ipfilter_enable}" in 102108401Sambrisko [Yy][Ee][Ss]) 103108401Sambrisko if [ -r "${ipfilter_rules}" ]; then 104108401Sambrisko echo -n ' ipfilter' 105108401Sambrisko ${ipfilter_program:-/sbin/ipf} -Fa -f \ 10655992Swpaul "${ipfilter_rules}" ${ipfilter_flags} 10755992Swpaul else 10855992Swpaul ipfilter_enable="NO" 10955992Swpaul echo -n ' NO IPF RULES' 11055992Swpaul fi 11155992Swpaul ;; 11255992Swpaul esac 11355992Swpaul case "${ipnat_enable}" in 11455992Swpaul [Yy][Ee][Ss]) 11555992Swpaul if [ -r "${ipnat_rules}" ]; then 11655992Swpaul echo -n ' ipnat' 11755992Swpaul eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 118110253Sambrisko "${ipnat_rules}" ${ipnat_flags} 11955992Swpaul else 12055992Swpaul ipnat_enable="NO" 12155992Swpaul echo -n ' NO IPNAT RULES' 12274698Sarchie fi 12355992Swpaul ;; 12455992Swpaul esac 12555992Swpaul # restore filter/NAT state tables after loading the rules 12655992Swpaul case "${ipfs_enable}" in 127108401Sambrisko [Yy][Ee][Ss]) 12855992Swpaul if [ -r "/var/db/ipf/ipstate.ipf" ]; then 12955992Swpaul echo -n ' ipfs' 13055992Swpaul ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 13155992Swpaul # remove files to avoid reloading old state 13255992Swpaul # after an ungraceful shutdown 13355992Swpaul rm -f /var/db/ipf/ipstate.ipf 13455992Swpaul rm -f /var/db/ipf/ipnat.ipf 13555992Swpaul fi 13655992Swpaul ;; 137108401Sambrisko esac 138108401Sambrisko ;; 139108401Sambrisko esac 140108401Sambrisko 141108401Sambrisko # Set the domainname if we're using NIS 142108401Sambrisko # 143108401Sambrisko case ${nisdomainname} in 144108401Sambrisko [Nn][Oo] | '') 145108401Sambrisko ;; 146108401Sambrisko *) 147108401Sambrisko domainname ${nisdomainname} 148108401Sambrisko echo -n ' domain' 149108401Sambrisko ;; 150108401Sambrisko esac 151108401Sambrisko 152108401Sambrisko echo '.' 153108401Sambrisko 154108401Sambrisko # Initial ATM interface configuration 155108401Sambrisko # 156108401Sambrisko case ${atm_enable} in 157108401Sambrisko [Yy][Ee][Ss]) 158108401Sambrisko if [ -r /etc/rc.atm ]; then 159108401Sambrisko . /etc/rc.atm 160108401Sambrisko atm_pass1 161108401Sambrisko fi 162108401Sambrisko ;; 163108401Sambrisko esac 164108401Sambrisko 165108401Sambrisko # Attempt to create cloned interfaces. 166108401Sambrisko for ifn in ${cloned_interfaces}; do 167108401Sambrisko ifconfig ${ifn} create 168108401Sambrisko done 169108401Sambrisko 170108401Sambrisko # Special options for sppp(4) interfaces go here. These need 171108401Sambrisko # to go _before_ the general ifconfig section, since in the case 172108401Sambrisko # of hardwired (no link1 flag) but required authentication, you 173108401Sambrisko # cannot pass auth parameters down to the already running interface. 174108401Sambrisko # 175108401Sambrisko for ifn in ${sppp_interfaces}; do 176119156Sambrisko eval spppcontrol_args=\$spppconfig_${ifn} 177119156Sambrisko if [ -n "${spppcontrol_args}" ]; then 178119156Sambrisko # The auth secrets might contain spaces; in order 179119156Sambrisko # to retain the quotation, we need to eval them 180119156Sambrisko # here. 181108401Sambrisko eval spppcontrol ${ifn} ${spppcontrol_args} 182108401Sambrisko fi 183108401Sambrisko done 184108401Sambrisko 185108401Sambrisko # gifconfig 186108401Sambrisko network_gif_setup 187108401Sambrisko 188108401Sambrisko # Set up all the network interfaces, calling startup scripts if needed 189108401Sambrisko # 190108401Sambrisko case ${network_interfaces} in 191108401Sambrisko [Aa][Uu][Tt][Oo]) 192108401Sambrisko network_interfaces="`ifconfig -l`" 193108401Sambrisko ;; 194108401Sambrisko *) 195108401Sambrisko network_interfaces="${network_interfaces} ${cloned_interfaces}" 196108401Sambrisko ;; 197108401Sambrisko esac 198108401Sambrisko 199108401Sambrisko dhcp_interfaces="" 200108401Sambrisko for ifn in ${network_interfaces}; do 20155992Swpaul if [ -r /etc/start_if.${ifn} ]; then 20255992Swpaul . /etc/start_if.${ifn} 20355992Swpaul eval showstat_$ifn=1 20455992Swpaul fi 20555992Swpaul 20655992Swpaul # Do the primary ifconfig if specified 20755992Swpaul # 20855992Swpaul eval ifconfig_args=\$ifconfig_${ifn} 20955992Swpaul 21055992Swpaul case ${ifconfig_args} in 21155992Swpaul '') 21255992Swpaul ;; 21355992Swpaul [Dd][Hh][Cc][Pp]) 21455992Swpaul # DHCP inits are done all in one go below 21555992Swpaul dhcp_interfaces="$dhcp_interfaces $ifn" 21655992Swpaul eval showstat_$ifn=1 21755992Swpaul ;; 21855992Swpaul *) 21955992Swpaul ifconfig ${ifn} ${ifconfig_args} 22055992Swpaul eval showstat_$ifn=1 22155992Swpaul ;; 22255992Swpaul esac 22355992Swpaul done 22455992Swpaul 22555992Swpaul if [ ! -z "${dhcp_interfaces}" ]; then 22655992Swpaul ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 22755992Swpaul fi 22855992Swpaul 22955992Swpaul for ifn in ${network_interfaces}; do 23055992Swpaul # Check to see if aliases need to be added 23155992Swpaul # 23255992Swpaul alias=0 23355992Swpaul while : ; do 23455992Swpaul eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 23555992Swpaul if [ -n "${ifconfig_args}" ]; then 23655992Swpaul ifconfig ${ifn} ${ifconfig_args} alias 23755992Swpaul eval showstat_$ifn=1 23855992Swpaul alias=$((${alias} + 1)) 239119156Sambrisko else 24055992Swpaul break; 24155992Swpaul fi 24255992Swpaul done 24355992Swpaul 24455992Swpaul # Do ipx address if specified 24555992Swpaul # 24655992Swpaul eval ifconfig_args=\$ifconfig_${ifn}_ipx 24755992Swpaul if [ -n "${ifconfig_args}" ]; then 24855992Swpaul ifconfig ${ifn} ${ifconfig_args} 24955992Swpaul eval showstat_$ifn=1 25055992Swpaul fi 25155992Swpaul done 25255992Swpaul 25355992Swpaul for ifn in ${network_interfaces}; do 25455992Swpaul eval showstat=\$showstat_${ifn} 25555992Swpaul if [ ! -z ${showstat} ]; then 25655992Swpaul ifconfig ${ifn} 25755992Swpaul fi 25855992Swpaul done 25955992Swpaul 26055992Swpaul # ISDN subsystem startup 26155992Swpaul # 26255992Swpaul case ${isdn_enable} in 26355992Swpaul [Yy][Ee][Ss]) 264108401Sambrisko if [ -r /etc/rc.isdn ]; then 265108401Sambrisko . /etc/rc.isdn 266108401Sambrisko fi 267108401Sambrisko ;; 26855992Swpaul esac 26955992Swpaul 27055992Swpaul # Start user ppp if required. This must happen before natd. 27155992Swpaul # 272119156Sambrisko case ${ppp_enable} in 27355992Swpaul [Yy][Ee][Ss]) 27455992Swpaul # Establish ppp mode. 27555992Swpaul # 27655992Swpaul if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 277119156Sambrisko -a "${ppp_mode}" != "dedicated" \ 27855992Swpaul -a "${ppp_mode}" != "background" ]; then 279298955Spfg ppp_mode="auto" 28055992Swpaul fi 28155992Swpaul 282119156Sambrisko ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 283119156Sambrisko 284119156Sambrisko # Switch on NAT mode? 285119156Sambrisko # 286119156Sambrisko case ${ppp_nat} in 287119156Sambrisko [Yy][Ee][Ss]) 288119156Sambrisko ppp_command="${ppp_command} -nat" 28955992Swpaul ;; 29055992Swpaul esac 291108401Sambrisko 292108401Sambrisko ppp_command="${ppp_command} ${ppp_profile}" 293108401Sambrisko 294108401Sambrisko echo "Starting ppp as \"${ppp_user}\"" 29555992Swpaul su -m ${ppp_user} -c "exec ${ppp_command}" 29655992Swpaul ;; 29755992Swpaul esac 29855992Swpaul 29955992Swpaul # Re-Sync ipfilter so it picks up any new network interfaces 30055992Swpaul # 30155992Swpaul case ${ipfilter_active} in 30255992Swpaul [Yy][Ee][Ss]) 30355992Swpaul ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 30455992Swpaul ;; 30555992Swpaul esac 30655992Swpaul unset ipfilter_active 30755992Swpaul 30855992Swpaul # Initialize IP filtering using ipfw 30955992Swpaul # 31055992Swpaul if /sbin/ipfw -q flush > /dev/null 2>&1; then 31155992Swpaul firewall_in_kernel=1 31255992Swpaul else 31355992Swpaul firewall_in_kernel=0 31455992Swpaul fi 31555992Swpaul 31655992Swpaul case ${firewall_enable} in 31755992Swpaul [Yy][Ee][Ss]) 31855992Swpaul if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 31955992Swpaul firewall_in_kernel=1 32055992Swpaul echo 'Kernel firewall module loaded' 32155992Swpaul elif [ "${firewall_in_kernel}" -eq 0 ]; then 32255992Swpaul echo 'Warning: firewall kernel module failed to load' 32355992Swpaul fi 32455992Swpaul ;; 32555992Swpaul esac 32655992Swpaul 32755992Swpaul # Load the filters if required 32855992Swpaul # 32955992Swpaul case ${firewall_in_kernel} in 33055992Swpaul 1) 33155992Swpaul if [ -z "${firewall_script}" ]; then 33255992Swpaul firewall_script=/etc/rc.firewall 33355992Swpaul fi 33455992Swpaul 33555992Swpaul case ${firewall_enable} in 33655992Swpaul [Yy][Ee][Ss]) 33755992Swpaul if [ -r "${firewall_script}" ]; then 33855992Swpaul . "${firewall_script}" 33955992Swpaul echo -n 'Firewall rules loaded, starting divert daemons:' 34055992Swpaul 34155992Swpaul # Network Address Translation daemon 34255992Swpaul # 34355992Swpaul case ${natd_enable} in 34488748Sambrisko [Yy][Ee][Ss]) 345103870Salfred if [ -n "${natd_interface}" ]; then 34655992Swpaul if echo ${natd_interface} | \ 34755992Swpaul grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 34883270Sbrooks natd_ifarg="-a ${natd_interface}" 34955992Swpaul else 35055992Swpaul natd_ifarg="-n ${natd_interface}" 35155992Swpaul fi 35255992Swpaul 35355992Swpaul echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 35455992Swpaul fi 35555992Swpaul ;; 35655992Swpaul esac 35755992Swpaul 35855992Swpaul echo '.' 35955992Swpaul 36083270Sbrooks elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 36155992Swpaul echo 'Warning: kernel has firewall functionality,' \ 36255992Swpaul 'but firewall rules are not enabled.' 36355992Swpaul echo ' All ip services are disabled.' 36455992Swpaul fi 36555992Swpaul 36655992Swpaul case ${firewall_logging} in 36755992Swpaul [Yy][Ee][Ss] | '') 36855992Swpaul echo 'Firewall logging=YES' 36955992Swpaul sysctl net.inet.ip.fw.verbose=1 >/dev/null 37055992Swpaul ;; 37155992Swpaul *) 37255992Swpaul ;; 37355992Swpaul esac 37455992Swpaul 37555992Swpaul ;; 37655992Swpaul esac 37755992Swpaul ;; 37855992Swpaul esac 37955992Swpaul 38055992Swpaul # Additional ATM interface configuration 38155992Swpaul # 38255992Swpaul if [ -n "${atm_pass1_done}" ]; then 38355992Swpaul atm_pass2 38455992Swpaul fi 38555992Swpaul 38655992Swpaul # Configure routing 38755992Swpaul # 38855992Swpaul case ${defaultrouter} in 389199757Sjhb [Nn][Oo] | '') 39055992Swpaul ;; 391199757Sjhb *) 39255992Swpaul static_routes="default ${static_routes}" 393199757Sjhb route_default="default ${defaultrouter}" 394199757Sjhb ;; 395199757Sjhb esac 396199757Sjhb 397199757Sjhb # Set up any static routes. This should be done before router discovery. 398199757Sjhb # 399199757Sjhb if [ -n "${static_routes}" ]; then 400199757Sjhb for i in ${static_routes}; do 401199757Sjhb eval route_args=\$route_${i} 40255992Swpaul route add ${route_args} 40355992Swpaul done 40455992Swpaul fi 40555992Swpaul 40655992Swpaul echo -n 'Additional routing options:' 40755992Swpaul case ${tcp_extensions} in 40855992Swpaul [Yy][Ee][Ss] | '') 40955992Swpaul ;; 41055992Swpaul *) 41155992Swpaul echo -n ' tcp extensions=NO' 41255992Swpaul sysctl net.inet.tcp.rfc1323=0 >/dev/null 41355992Swpaul ;; 41455992Swpaul esac 41555992Swpaul 41655992Swpaul case ${icmp_bmcastecho} in 41755992Swpaul [Yy][Ee][Ss]) 41855992Swpaul echo -n ' broadcast ping responses=YES' 419108401Sambrisko sysctl net.inet.icmp.bmcastecho=1 >/dev/null 420108401Sambrisko ;; 421108401Sambrisko esac 422108401Sambrisko 423108401Sambrisko case ${icmp_drop_redirect} in 424108401Sambrisko [Yy][Ee][Ss]) 425108401Sambrisko echo -n ' ignore ICMP redirect=YES' 426108401Sambrisko sysctl net.inet.icmp.drop_redirect=1 >/dev/null 427108401Sambrisko ;; 42855992Swpaul esac 42955992Swpaul 43083270Sbrooks case ${icmp_log_redirect} in 43183270Sbrooks [Yy][Ee][Ss]) 43255992Swpaul echo -n ' log ICMP redirect=YES' 43355992Swpaul sysctl net.inet.icmp.log_redirect=1 >/dev/null 43455992Swpaul ;; 43555992Swpaul esac 436108401Sambrisko 43755992Swpaul case ${gateway_enable} in 43855992Swpaul [Yy][Ee][Ss]) 43955992Swpaul echo -n ' IP gateway=YES' 440147256Sbrooks sysctl net.inet.ip.forwarding=1 >/dev/null 44155992Swpaul ;; 44255992Swpaul esac 44355992Swpaul 444108401Sambrisko case ${forward_sourceroute} in 445108401Sambrisko [Yy][Ee][Ss]) 446108401Sambrisko echo -n ' do source routing=YES' 447108401Sambrisko sysctl net.inet.ip.sourceroute=1 >/dev/null 448108401Sambrisko ;; 449108401Sambrisko esac 45055992Swpaul 451108401Sambrisko case ${accept_sourceroute} in 45255992Swpaul [Yy][Ee][Ss]) 45355992Swpaul echo -n ' accept source routing=YES' 454108401Sambrisko sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 455108401Sambrisko ;; 456108401Sambrisko esac 45755992Swpaul 45855992Swpaul case ${tcp_keepalive} in 459119156Sambrisko [Nn][Oo]) 46055992Swpaul echo -n ' TCP keepalive=NO' 461110531Sambrisko sysctl net.inet.tcp.always_keepalive=0 >/dev/null 46255992Swpaul ;; 46355992Swpaul esac 46455992Swpaul 46555992Swpaul case ${tcp_drop_synfin} in 46655992Swpaul [Yy][Ee][Ss]) 46755992Swpaul echo -n ' drop SYN+FIN packets=YES' 46855992Swpaul sysctl net.inet.tcp.drop_synfin=1 >/dev/null 46955992Swpaul ;; 47055992Swpaul esac 47155992Swpaul 47255992Swpaul case ${ipxgateway_enable} in 47355992Swpaul [Yy][Ee][Ss]) 47455992Swpaul echo -n ' IPX gateway=YES' 475108401Sambrisko sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 476108401Sambrisko ;; 47755992Swpaul esac 478173668Savatar 47967094Swpaul case ${arpproxy_all} in 48067094Swpaul [Yy][Ee][Ss]) 48177217Sphk echo -n ' ARP proxyall=YES' 48280449Sbrooks sysctl net.link.ether.inet.proxyall=1 >/dev/null 48380449Sbrooks ;; 484199154Sjhb esac 48580449Sbrooks 48688748Sambrisko case ${ip_portrange_first} in 487108401Sambrisko [Nn][Oo] | '') 488108401Sambrisko ;; 489108401Sambrisko *) 490108401Sambrisko echo -n " ip_portrange_first=$ip_portrange_first" 491108401Sambrisko sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 49255992Swpaul ;; 49355992Swpaul esac 49472200Sbmilekic 49572200Sbmilekic case ${ip_portrange_last} in 496122689Ssam [Nn][Oo] | '') 49767094Swpaul ;; 49892739Salfred *) 49992739Salfred echo -n " ip_portrange_last=$ip_portrange_last" 50092739Salfred sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 501108401Sambrisko ;; 50292739Salfred esac 50392739Salfred 504188128Simp echo '.' 505110362Sambrisko 506198995Sjhb case ${ipsec_enable} in 507123978Sambrisko [Yy][Ee][Ss]) 50892739Salfred if [ -f ${ipsec_file} ]; then 50955992Swpaul echo ' ipsec: enabled' 51055992Swpaul setkey -f ${ipsec_file} 51155992Swpaul else 51255992Swpaul echo ' ipsec: file not found' 51355992Swpaul fi 51455992Swpaul ;; 51555992Swpaul esac 51655992Swpaul 51755992Swpaul echo -n 'Routing daemons:' 51855992Swpaul case ${router_enable} in 51955992Swpaul [Yy][Ee][Ss]) 52055992Swpaul echo -n " ${router}"; ${router} ${router_flags} 52155992Swpaul ;; 52255992Swpaul esac 52355992Swpaul 52455992Swpaul case ${ipxrouted_enable} in 52555992Swpaul [Yy][Ee][Ss]) 52655992Swpaul echo -n ' IPXrouted' 52755992Swpaul IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 52855992Swpaul ;; 52955992Swpaul esac 53055992Swpaul 53155992Swpaul case ${mrouted_enable} in 53255992Swpaul [Yy][Ee][Ss]) 53355992Swpaul echo -n ' mrouted'; mrouted ${mrouted_flags} 53455992Swpaul ;; 53555992Swpaul esac 53655992Swpaul 53755992Swpaul case ${rarpd_enable} in 53855992Swpaul [Yy][Ee][Ss]) 53955992Swpaul echo -n ' rarpd'; rarpd ${rarpd_flags} 54055992Swpaul ;; 54155992Swpaul esac 54255992Swpaul echo '.' 54355992Swpaul 54455992Swpaul # Let future generations know we made it. 54555992Swpaul # 54655992Swpaul network_pass1_done=YES 547} 548 549network_pass2() { 550 echo -n 'Doing additional network setup:' 551 case ${named_enable} in 552 [Yy][Ee][Ss]) 553 echo -n ' named'; ${named_program:-named} ${named_flags} 554 ;; 555 esac 556 557 case ${ntpdate_enable} in 558 [Yy][Ee][Ss]) 559 echo -n ' ntpdate' 560 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 561 ;; 562 esac 563 564 case ${xntpd_enable} in 565 [Yy][Ee][Ss]) 566 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 567 ;; 568 esac 569 570 case ${timed_enable} in 571 [Yy][Ee][Ss]) 572 echo -n ' timed'; timed ${timed_flags} 573 ;; 574 esac 575 576 case ${portmap_enable} in 577 [Yy][Ee][Ss]) 578 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 579 ${portmap_flags} 580 581 # Start ypserv if we're an NIS server. 582 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 583 # 584 case ${nis_server_enable} in 585 [Yy][Ee][Ss]) 586 echo -n ' ypserv'; ypserv ${nis_server_flags} 587 588 case ${nis_ypxfrd_enable} in 589 [Yy][Ee][Ss]) 590 echo -n ' rpc.ypxfrd' 591 rpc.ypxfrd ${nis_ypxfrd_flags} 592 ;; 593 esac 594 595 case ${nis_yppasswdd_enable} in 596 [Yy][Ee][Ss]) 597 echo -n ' rpc.yppasswdd' 598 rpc.yppasswdd ${nis_yppasswdd_flags} 599 ;; 600 esac 601 ;; 602 esac 603 604 # Start ypbind if we're an NIS client 605 # 606 case ${nis_client_enable} in 607 [Yy][Ee][Ss]) 608 echo -n ' ypbind'; ypbind ${nis_client_flags} 609 case ${nis_ypset_enable} in 610 [Yy][Ee][Ss]) 611 echo -n ' ypset'; ypset ${nis_ypset_flags} 612 ;; 613 esac 614 ;; 615 esac 616 617 # Start keyserv if we are running Secure RPC 618 # 619 case ${keyserv_enable} in 620 [Yy][Ee][Ss]) 621 echo -n ' keyserv'; keyserv ${keyserv_flags} 622 ;; 623 esac 624 625 # Start ypupdated if we are running Secure RPC 626 # and we are NIS master 627 # 628 case ${rpc_ypupdated_enable} in 629 [Yy][Ee][Ss]) 630 echo -n ' rpc.ypupdated'; rpc.ypupdated 631 ;; 632 esac 633 ;; 634 esac 635 636 # Start ATM daemons 637 if [ -n "${atm_pass2_done}" ]; then 638 atm_pass3 639 fi 640 641 echo '.' 642 network_pass2_done=YES 643} 644 645network_pass3() { 646 echo -n 'Starting final network daemons:' 647 648 case ${portmap_enable} in 649 [Yy][Ee][Ss]) 650 case ${nfs_server_enable} in 651 [Yy][Ee][Ss]) 652 # Handle absent nfs server support 653 nfsserver_in_kernel=0 654 if sysctl vfs.nfsrv >/dev/null 2>&1; then 655 nfsserver_in_kernel=1 656 else 657 kldload nfsserver && nfsserver_in_kernel=1 658 fi 659 660 if [ -r /etc/exports -a \ 661 ${nfsserver_in_kernel} -eq 1 ]; then 662 echo -n ' mountd' 663 664 case ${weak_mountd_authentication} in 665 [Yy][Ee][Ss]) 666 mountd_flags="${mountd_flags} -n" 667 ;; 668 esac 669 670 mountd ${mountd_flags} 671 672 case ${nfs_reserved_port_only} in 673 [Yy][Ee][Ss]) 674 echo -n ' NFS on reserved port only=YES' 675 sysctl vfs.nfsrv.nfs_privport=1 > /dev/null 676 ;; 677 esac 678 679 echo -n ' nfsd'; nfsd ${nfs_server_flags} 680 681 case ${rpc_statd_enable} in 682 [Yy][Ee][Ss]) 683 echo -n ' rpc.statd'; rpc.statd 684 ;; 685 esac 686 687 case ${rpc_lockd_enable} in 688 [Yy][Ee][Ss]) 689 echo -n ' rpc.lockd'; rpc.lockd 690 ;; 691 esac 692 else 693 echo -n ' Warning: nfs server failed' 694 fi 695 ;; 696 *) 697 case ${single_mountd_enable} in 698 [Yy][Ee][Ss]) 699 if [ -r /etc/exports ]; then 700 echo -n ' mountd' 701 702 case ${weak_mountd_authentication} in 703 [Yy][Ee][Ss]) 704 mountd_flags="-n" 705 ;; 706 esac 707 708 mountd ${mountd_flags} 709 fi 710 ;; 711 esac 712 ;; 713 esac 714 715 case ${nfs_client_enable} in 716 [Yy][Ee][Ss]) 717 nfsclient_in_kernel=0 718 # Handle absent nfs client support 719 if sysctl vfs.nfs >/dev/null 2>&1; then 720 nfsclient_in_kernel=1 721 else 722 kldload nfsclient && nfsclient_in_kernel=1 723 fi 724 725 if [ ${nfsclient_in_kernel} -eq 1 ] 726 then 727 if [ -n "${nfs_access_cache}" ]; then 728 echo -n " NFS access cache time=${nfs_access_cache}" 729 sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 730 fi 731 if [ -n "${nfs_bufpackets}" ]; then 732 sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 733 fi 734 case ${rpc_statd_enable} in 735 [Yy][Ee][Ss]) 736 echo -n ' rpc.statd'; rpc.statd 737 ;; 738 esac 739 740 case ${rpc_lockd_enable} in 741 [Yy][Ee][Ss]) 742 echo -n ' rpc.lockd'; rpc.lockd 743 ;; 744 esac 745 746 case ${amd_enable} in 747 [Yy][Ee][Ss]) 748 echo -n ' amd' 749 case ${amd_map_program} in 750 [Nn][Oo] | '') 751 ;; 752 *) 753 amd_flags="${amd_flags} `eval\ 754 ${amd_map_program}`" 755 ;; 756 esac 757 758 if [ -n "${amd_flags}" ]; then 759 amd -p ${amd_flags}\ 760 > /var/run/amd.pid 2> /dev/null 761 else 762 amd 2> /dev/null 763 fi 764 ;; 765 esac 766 else 767 echo 'Warning: NFS client kernel module failed to load' 768 nfs_client_enable=NO 769 fi 770 ;; 771 esac 772 773 # If /var/db/mounttab exists, some nfs-server has not been 774 # successfully notified about a previous client shutdown. 775 # If there is no /var/db/mounttab, we do nothing. 776 if [ -f /var/db/mounttab ]; then 777 rpc.umntall -k 778 fi 779 780 ;; 781 esac 782 783 case ${rwhod_enable} in 784 [Yy][Ee][Ss]) 785 echo -n ' rwhod'; rwhod ${rwhod_flags} 786 ;; 787 esac 788 789 # Kerberos servers run ONLY on the Kerberos server machine 790 case ${kerberos4_server_enable} in 791 [Yy][Ee][Ss]) 792 case ${kerberos_stash} in 793 [Yy][Ee][Ss]) 794 stash=-n 795 ;; 796 *) 797 stash= 798 ;; 799 esac 800 801 echo -n ' kerberosIV' 802 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 803 804 case ${kadmind4_server_enable} in 805 [Yy][Ee][Ss]) 806 echo -n ' kadmindIV' 807 ( 808 sleep 20; 809 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 810 ) & 811 ;; 812 esac 813 unset stash_flag 814 ;; 815 esac 816 817 case ${kerberos5_server_enable} in 818 [Yy][Ee][Ss]) 819 echo -n ' kerberos5' 820 ${kerberos5_server} & 821 822 case ${kadmind5_server_enable} in 823 [Yy][Ee][Ss]) 824 echo -n ' kadmind5' 825 ${kadmind5_server} & 826 ;; 827 esac 828 ;; 829 esac 830 831 case ${pppoed_enable} in 832 [Yy][Ee][Ss]) 833 if [ -n "${pppoed_provider}" ]; then 834 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 835 fi 836 echo -n ' pppoed'; 837 _opts=$-; set -f 838 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 839 set +f; set -${_opts} 840 ;; 841 esac 842 843 case ${sshd_enable} in 844 [Yy][Ee][Ss]) 845 if [ ! -f /etc/ssh/ssh_host_key ]; then 846 echo ' creating ssh RSA host key'; 847 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 848 fi 849 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 850 echo ' creating ssh DSA host key'; 851 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 852 fi 853 ;; 854 esac 855 856 echo '.' 857 network_pass3_done=YES 858} 859 860network_pass4() { 861 echo -n 'Additional TCP options:' 862 case ${log_in_vain} in 863 [Nn][Oo] | '') 864 log_in_vain=0 865 ;; 866 [Yy][Ee][Ss]) 867 log_in_vain=1 868 ;; 869 [0-9]*) 870 ;; 871 *) 872 echo " invalid log_in_vain setting: ${log_in_vain}" 873 log_in_vain=0 874 ;; 875 esac 876 877 [ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}" 878 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null 879 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null 880 881 echo '.' 882 network_pass4_done=YES 883} 884 885network_gif_setup() { 886 case ${gif_interfaces} in 887 [Nn][Oo] | '') 888 ;; 889 *) 890 for i in ${gif_interfaces}; do 891 eval peers=\$gifconfig_$i 892 case ${peers} in 893 '') 894 continue 895 ;; 896 *) 897 ifconfig $i create >/dev/null 2>&1 898 ifconfig $i tunnel ${peers} 899 ;; 900 esac 901 done 902 ;; 903 esac 904} 905 906convert_host_conf() { 907 host_conf=$1; shift; 908 nsswitch_conf=$1; shift; 909 awk ' \ 910 /^[:blank:]*#/ { next } \ 911 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 912 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 913 /nis/ { nsswitch[c] = "nis"; c++; next } \ 914 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 915 END { \ 916 printf "hosts: "; \ 917 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 918 printf "\n"; \ 919 }' < $host_conf > $nsswitch_conf 920} 921 922generate_host_conf() { 923 nsswitch_conf=$1; shift; 924 host_conf=$1; shift; 925 926 awk ' 927BEGIN { 928 xlat["files"] = "hosts"; 929 xlat["dns"] = "bind"; 930 xlat["nis"] = "nis"; 931 cont = 0; 932} 933sub(/^[\t ]*hosts:/, "") || cont { 934 if (!cont) 935 srcs = "" 936 sub(/#.*/, "") 937 gsub(/[][]/, " & ") 938 cont = sub(/\\$/, "") 939 srcs = srcs " " $0 940} 941END { 942 print "# Auto-generated from nsswitch.conf, do not edit" 943 ns = split(srcs, s) 944 for (n = 1; n <= ns; ++n) { 945 if (s[n] in xlat) 946 print xlat[s[n]] 947 } 948} 949' <$nsswitch_conf >$host_conf 950} 951