defaultroute revision 89912 
1139749Simp#!/bin/sh -
255992Swpaul#
355992Swpaul# Copyright (c) 1993  The FreeBSD Project
455992Swpaul# All rights reserved.
555992Swpaul#
655992Swpaul# Redistribution and use in source and binary forms, with or without
755992Swpaul# modification, are permitted provided that the following conditions
855992Swpaul# are met:
955992Swpaul# 1. Redistributions of source code must retain the above copyright
1055992Swpaul#    notice, this list of conditions and the following disclaimer.
1155992Swpaul# 2. Redistributions in binary form must reproduce the above copyright
1255992Swpaul#    notice, this list of conditions and the following disclaimer in the
1355992Swpaul#    documentation and/or other materials provided with the distribution.
1455992Swpaul#
1555992Swpaul# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1655992Swpaul# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1755992Swpaul# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1855992Swpaul# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1955992Swpaul# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2055992Swpaul# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2155992Swpaul# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2255992Swpaul# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2355992Swpaul# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2455992Swpaul# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2555992Swpaul# SUCH DAMAGE.
2655992Swpaul#
2755992Swpaul# $FreeBSD: head/etc/rc.d/routing 89911 2002-01-28 11:05:01Z sheldonh $
2855992Swpaul#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
2955992Swpaul#
3055992Swpaul
3155992Swpaul# Note that almost all of the user-configurable behavior is no longer in
3255992Swpaul# this file, but rather in /etc/defaults/rc.conf.  Please check that file
3355992Swpaul# first before contemplating any changes here.  If you do need to change
3455992Swpaul# this file for some reason, we would like to know about it.
35110531Sambrisko
3655992Swpaul# First pass startup stuff.
3777217Sphk#
3877217Sphknetwork_pass1() {
3955992Swpaul	echo -n 'Doing initial network setup:'
4055992Swpaul
4155992Swpaul	# Generate host.conf for compatibility
4255992Swpaul	#
4355992Swpaul	if [ -f "/etc/nsswitch.conf" ]; then
4455992Swpaul		echo -n ' host.conf'
4555992Swpaul		generate_host_conf /etc/nsswitch.conf /etc/host.conf
4655992Swpaul	fi
4755992Swpaul
48199756Sjhb	# Convert host.conf to nsswitch.conf if necessary
4955992Swpaul	#
50199756Sjhb	if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
5155992Swpaul		echo ''
52199756Sjhb		echo 'Warning: /etc/host.conf is no longer used'
5355992Swpaul		echo '  /etc/nsswitch.conf will be created for you'
54199756Sjhb		convert_host_conf /etc/host.conf /etc/nsswitch.conf
5555992Swpaul	fi
5655992Swpaul
57108401Sambrisko	# Set the host name if it is not already set
58108401Sambrisko	#
59199756Sjhb	if [ -z "`hostname -s`" ]; then
60108401Sambrisko		hostname ${hostname}
61199756Sjhb		echo -n ' hostname'
62108401Sambrisko	fi
63199756Sjhb
64108401Sambrisko	# Establish ipfilter ruleset as early as possible (best in
65199756Sjhb	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
66108401Sambrisko
67108401Sambrisko	# check whether ipfilter and/or ipnat is enabled
68108401Sambrisko	ipfilter_active="NO"
69108401Sambrisko	case ${ipfilter_enable} in
70108401Sambrisko	[Yy][Ee][Ss])
71199756Sjhb		ipfilter_active="YES"
72108401Sambrisko		;;
73108401Sambrisko	esac
74199756Sjhb	case ${ipnat_enable} in
75108401Sambrisko	[Yy][Ee][Ss])
76108401Sambrisko		ipfilter_active="YES"
77199756Sjhb		;;
78108401Sambrisko	esac
79108401Sambrisko	case ${ipfilter_active} in
80199756Sjhb	[Yy][Ee][Ss])
81108401Sambrisko		# load ipfilter kernel module if needed
82108401Sambrisko		if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
8355992Swpaul			if kldload ipl; then
8455992Swpaul				echo 'IP-filter module loaded.'
8555992Swpaul			else
8655992Swpaul				echo 'Warning: IP-filter module failed to load.'
8755992Swpaul				# avoid further errors
88108401Sambrisko				ipmon_enable="NO"
89108401Sambrisko				ipfilter_enable="NO"
90119156Sambrisko				ipnat_enable="NO"
91108401Sambrisko				ipfs_enable="NO"
92108401Sambrisko			fi
9355992Swpaul		fi
9455992Swpaul		# start ipmon before loading any rules
9555992Swpaul		case "${ipmon_enable}" in
9655992Swpaul		[Yy][Ee][Ss])
97108401Sambrisko			echo -n ' ipmon'
98108401Sambrisko			${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
99108401Sambrisko			;;
100108401Sambrisko		esac
101108401Sambrisko		case "${ipfilter_enable}" in
102108401Sambrisko		[Yy][Ee][Ss])
103108401Sambrisko			if [ -r "${ipfilter_rules}" ]; then
104108401Sambrisko				echo -n ' ipfilter'
105108401Sambrisko				${ipfilter_program:-/sbin/ipf} -Fa -f \
10655992Swpaul				    "${ipfilter_rules}" ${ipfilter_flags}
10755992Swpaul			else
10855992Swpaul				ipfilter_enable="NO"
10955992Swpaul				echo -n ' NO IPF RULES'
11055992Swpaul			fi
11155992Swpaul			;;
11255992Swpaul		esac
11355992Swpaul		case "${ipnat_enable}" in
11455992Swpaul		[Yy][Ee][Ss])
11555992Swpaul			if [ -r "${ipnat_rules}" ]; then
11655992Swpaul				echo -n ' ipnat'
11755992Swpaul				eval ${ipnat_program:-/sbin/ipnat} -CF -f \
118110253Sambrisko				    "${ipnat_rules}" ${ipnat_flags}
11955992Swpaul			else
12055992Swpaul				ipnat_enable="NO"
12155992Swpaul				echo -n ' NO IPNAT RULES'
12274698Sarchie			fi
12355992Swpaul			;;
12455992Swpaul		esac
12555992Swpaul		# restore filter/NAT state tables after loading the rules
12655992Swpaul		case "${ipfs_enable}" in
127108401Sambrisko		[Yy][Ee][Ss])
12855992Swpaul			if [ -r "/var/db/ipf/ipstate.ipf" ]; then
12955992Swpaul				echo -n ' ipfs'
13055992Swpaul				${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
13155992Swpaul				# remove files to avoid reloading old state
13255992Swpaul				# after an ungraceful shutdown
13355992Swpaul				rm -f /var/db/ipf/ipstate.ipf
13455992Swpaul				rm -f /var/db/ipf/ipnat.ipf
13555992Swpaul			fi
13655992Swpaul			;;
137108401Sambrisko		esac
138108401Sambrisko		;;
139108401Sambrisko	esac
140108401Sambrisko
141108401Sambrisko	# Set the domainname if we're using NIS
142108401Sambrisko	#
143108401Sambrisko	case ${nisdomainname} in
144108401Sambrisko	[Nn][Oo] | '')
145108401Sambrisko		;;
146108401Sambrisko	*)
147108401Sambrisko		domainname ${nisdomainname}
148108401Sambrisko		echo -n ' domain'
149108401Sambrisko		;;
150108401Sambrisko	esac
151108401Sambrisko
152108401Sambrisko	echo '.'
153108401Sambrisko
154108401Sambrisko	# Initial ATM interface configuration
155108401Sambrisko	#
156108401Sambrisko	case ${atm_enable} in
157108401Sambrisko	[Yy][Ee][Ss])
158108401Sambrisko		if [ -r /etc/rc.atm ]; then
159108401Sambrisko			. /etc/rc.atm
160108401Sambrisko			atm_pass1
161108401Sambrisko		fi
162108401Sambrisko		;;
163108401Sambrisko	esac
164108401Sambrisko
165108401Sambrisko	# Attempt to create cloned interfaces.
166108401Sambrisko	for ifn in ${cloned_interfaces}; do
167108401Sambrisko		ifconfig ${ifn} create
168108401Sambrisko	done
169108401Sambrisko
170108401Sambrisko	# Special options for sppp(4) interfaces go here.  These need
171108401Sambrisko	# to go _before_ the general ifconfig section, since in the case
172108401Sambrisko	# of hardwired (no link1 flag) but required authentication, you
173108401Sambrisko	# cannot pass auth parameters down to the already running interface.
174108401Sambrisko	#
175108401Sambrisko	for ifn in ${sppp_interfaces}; do
176119156Sambrisko		eval spppcontrol_args=\$spppconfig_${ifn}
177119156Sambrisko		if [ -n "${spppcontrol_args}" ]; then
178119156Sambrisko			# The auth secrets might contain spaces; in order
179119156Sambrisko			# to retain the quotation, we need to eval them
180119156Sambrisko			# here.
181108401Sambrisko			eval spppcontrol ${ifn} ${spppcontrol_args}
182108401Sambrisko		fi
183108401Sambrisko	done
184108401Sambrisko
185108401Sambrisko	# gifconfig
186108401Sambrisko	network_gif_setup
187108401Sambrisko
188108401Sambrisko	# Set up all the network interfaces, calling startup scripts if needed
189108401Sambrisko	#
190108401Sambrisko	case ${network_interfaces} in
191108401Sambrisko	[Aa][Uu][Tt][Oo])
192108401Sambrisko		network_interfaces="`ifconfig -l`"
193108401Sambrisko		;;
194108401Sambrisko	*)
195108401Sambrisko		network_interfaces="${network_interfaces} ${cloned_interfaces}"
196108401Sambrisko		;;
197108401Sambrisko	esac
198108401Sambrisko
199108401Sambrisko	dhcp_interfaces=""
200108401Sambrisko	for ifn in ${network_interfaces}; do
20155992Swpaul		if [ -r /etc/start_if.${ifn} ]; then
20255992Swpaul			. /etc/start_if.${ifn}
20355992Swpaul			eval showstat_$ifn=1
20455992Swpaul		fi
20555992Swpaul
20655992Swpaul		# Do the primary ifconfig if specified
20755992Swpaul		#
20855992Swpaul		eval ifconfig_args=\$ifconfig_${ifn}
20955992Swpaul
21055992Swpaul		case ${ifconfig_args} in
21155992Swpaul		'')
21255992Swpaul			;;
21355992Swpaul		[Dd][Hh][Cc][Pp])
21455992Swpaul			# DHCP inits are done all in one go below
21555992Swpaul			dhcp_interfaces="$dhcp_interfaces $ifn"
21655992Swpaul			eval showstat_$ifn=1
21755992Swpaul			;;
21855992Swpaul		*)
21955992Swpaul			ifconfig ${ifn} ${ifconfig_args}
22055992Swpaul			eval showstat_$ifn=1
22155992Swpaul			;;
22255992Swpaul		esac
22355992Swpaul	done
22455992Swpaul
22555992Swpaul	if [ ! -z "${dhcp_interfaces}" ]; then
22655992Swpaul		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
22755992Swpaul	fi
22855992Swpaul
22955992Swpaul	for ifn in ${network_interfaces}; do
23055992Swpaul		# Check to see if aliases need to be added
23155992Swpaul		#
23255992Swpaul		alias=0
23355992Swpaul		while : ; do
23455992Swpaul			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
23555992Swpaul			if [ -n "${ifconfig_args}" ]; then
23655992Swpaul				ifconfig ${ifn} ${ifconfig_args} alias
23755992Swpaul				eval showstat_$ifn=1
23855992Swpaul				alias=$((${alias} + 1))
239119156Sambrisko			else
24055992Swpaul				break;
24155992Swpaul			fi
24255992Swpaul		done
24355992Swpaul
24455992Swpaul		# Do ipx address if specified
24555992Swpaul		#
24655992Swpaul		eval ifconfig_args=\$ifconfig_${ifn}_ipx
24755992Swpaul		if [ -n "${ifconfig_args}" ]; then
24855992Swpaul			ifconfig ${ifn} ${ifconfig_args}
24955992Swpaul			eval showstat_$ifn=1
25055992Swpaul		fi
25155992Swpaul	done
25255992Swpaul
25355992Swpaul	for ifn in ${network_interfaces}; do
25455992Swpaul		eval showstat=\$showstat_${ifn}
25555992Swpaul		if [ ! -z ${showstat} ]; then
25655992Swpaul			ifconfig ${ifn}
25755992Swpaul		fi
25855992Swpaul	done
25955992Swpaul
26055992Swpaul	# ISDN subsystem startup
26155992Swpaul	#
26255992Swpaul	case ${isdn_enable} in
26355992Swpaul	[Yy][Ee][Ss])
264108401Sambrisko		if [ -r /etc/rc.isdn ]; then
265108401Sambrisko			. /etc/rc.isdn
266108401Sambrisko		fi
267108401Sambrisko		;;
26855992Swpaul	esac
26955992Swpaul
27055992Swpaul	# Start user ppp if required.  This must happen before natd.
27155992Swpaul	#
272119156Sambrisko	case ${ppp_enable} in
27355992Swpaul	[Yy][Ee][Ss])
27455992Swpaul		# Establish ppp mode.
27555992Swpaul		#
27655992Swpaul		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
277119156Sambrisko			-a "${ppp_mode}" != "dedicated" \
27855992Swpaul			-a "${ppp_mode}" != "background" ]; then
279298955Spfg			ppp_mode="auto"
28055992Swpaul		fi
28155992Swpaul
282119156Sambrisko		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
283119156Sambrisko
284119156Sambrisko		# Switch on NAT mode?
285119156Sambrisko		#
286119156Sambrisko		case ${ppp_nat} in
287119156Sambrisko		[Yy][Ee][Ss])
288119156Sambrisko			ppp_command="${ppp_command} -nat"
28955992Swpaul			;;
29055992Swpaul		esac
291108401Sambrisko
292108401Sambrisko		ppp_command="${ppp_command} ${ppp_profile}"
293108401Sambrisko
294108401Sambrisko		echo "Starting ppp as \"${ppp_user}\""
29555992Swpaul		su -m ${ppp_user} -c "exec ${ppp_command}"
29655992Swpaul		;;
29755992Swpaul	esac
29855992Swpaul
29955992Swpaul	# Re-Sync ipfilter so it picks up any new network interfaces
30055992Swpaul	#
30155992Swpaul	case ${ipfilter_active} in
30255992Swpaul	[Yy][Ee][Ss])
30355992Swpaul		${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
30455992Swpaul		;;
30555992Swpaul	esac
30655992Swpaul	unset ipfilter_active
30755992Swpaul
30855992Swpaul	# Initialize IP filtering using ipfw
30955992Swpaul	#
31055992Swpaul	if /sbin/ipfw -q flush > /dev/null 2>&1; then
31155992Swpaul		firewall_in_kernel=1
31255992Swpaul	else
31355992Swpaul		firewall_in_kernel=0
31455992Swpaul	fi
31555992Swpaul
31655992Swpaul	case ${firewall_enable} in
31755992Swpaul	[Yy][Ee][Ss])
31855992Swpaul		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
31955992Swpaul			firewall_in_kernel=1
32055992Swpaul			echo 'Kernel firewall module loaded'
32155992Swpaul		elif [ "${firewall_in_kernel}" -eq 0 ]; then
32255992Swpaul			echo 'Warning: firewall kernel module failed to load'
32355992Swpaul		fi
32455992Swpaul		;;
32555992Swpaul	esac
32655992Swpaul
32755992Swpaul	# Load the filters if required
32855992Swpaul	#
32955992Swpaul	case ${firewall_in_kernel} in
33055992Swpaul	1)
33155992Swpaul		if [ -z "${firewall_script}" ]; then
33255992Swpaul			firewall_script=/etc/rc.firewall
33355992Swpaul		fi
33455992Swpaul
33555992Swpaul		case ${firewall_enable} in
33655992Swpaul		[Yy][Ee][Ss])
33755992Swpaul			if [ -r "${firewall_script}" ]; then
33855992Swpaul				. "${firewall_script}"
33955992Swpaul				echo -n 'Firewall rules loaded, starting divert daemons:'
34055992Swpaul
34155992Swpaul				# Network Address Translation daemon
34255992Swpaul				#
34355992Swpaul				case ${natd_enable} in
34488748Sambrisko				[Yy][Ee][Ss])
345103870Salfred					if [ -n "${natd_interface}" ]; then
34655992Swpaul						if echo ${natd_interface} | \
34755992Swpaul							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
34883270Sbrooks							natd_ifarg="-a ${natd_interface}"
34955992Swpaul						else
35055992Swpaul							natd_ifarg="-n ${natd_interface}"
35155992Swpaul						fi
35255992Swpaul
35355992Swpaul						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
35455992Swpaul					fi
35555992Swpaul					;;
35655992Swpaul				esac
35755992Swpaul
35855992Swpaul				echo '.'
35955992Swpaul
36083270Sbrooks			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
36155992Swpaul				echo 'Warning: kernel has firewall functionality,' \
36255992Swpaul				     'but firewall rules are not enabled.'
36355992Swpaul				echo '		 All ip services are disabled.'
36455992Swpaul			fi
36555992Swpaul
36655992Swpaul			case ${firewall_logging} in
36755992Swpaul			[Yy][Ee][Ss] | '')
36855992Swpaul				echo 'Firewall logging=YES'
36955992Swpaul				sysctl net.inet.ip.fw.verbose=1 >/dev/null
37055992Swpaul				;;
37155992Swpaul			*)
37255992Swpaul				;;
37355992Swpaul			esac
37455992Swpaul
37555992Swpaul			;;
37655992Swpaul		esac
37755992Swpaul		;;
37855992Swpaul	esac
37955992Swpaul
38055992Swpaul	# Additional ATM interface configuration
38155992Swpaul	#
38255992Swpaul	if [ -n "${atm_pass1_done}" ]; then
38355992Swpaul		atm_pass2
38455992Swpaul	fi
38555992Swpaul
38655992Swpaul	# Configure routing
38755992Swpaul	#
38855992Swpaul	case ${defaultrouter} in
389199757Sjhb	[Nn][Oo] | '')
39055992Swpaul		;;
391199757Sjhb	*)
39255992Swpaul		static_routes="default ${static_routes}"
393199757Sjhb		route_default="default ${defaultrouter}"
394199757Sjhb		;;
395199757Sjhb	esac
396199757Sjhb
397199757Sjhb	# Set up any static routes.  This should be done before router discovery.
398199757Sjhb	#
399199757Sjhb	if [ -n "${static_routes}" ]; then
400199757Sjhb		for i in ${static_routes}; do
401199757Sjhb			eval route_args=\$route_${i}
40255992Swpaul			route add ${route_args}
40355992Swpaul		done
40455992Swpaul	fi
40555992Swpaul
40655992Swpaul	echo -n 'Additional routing options:'
40755992Swpaul	case ${tcp_extensions} in
40855992Swpaul	[Yy][Ee][Ss] | '')
40955992Swpaul		;;
41055992Swpaul	*)
41155992Swpaul		echo -n ' tcp extensions=NO'
41255992Swpaul		sysctl net.inet.tcp.rfc1323=0 >/dev/null
41355992Swpaul		;;
41455992Swpaul	esac
41555992Swpaul
41655992Swpaul	case ${icmp_bmcastecho} in
41755992Swpaul	[Yy][Ee][Ss])
41855992Swpaul		echo -n ' broadcast ping responses=YES'
419108401Sambrisko		sysctl net.inet.icmp.bmcastecho=1 >/dev/null
420108401Sambrisko		;;
421108401Sambrisko	esac
422108401Sambrisko
423108401Sambrisko	case ${icmp_drop_redirect} in
424108401Sambrisko	[Yy][Ee][Ss])
425108401Sambrisko		echo -n ' ignore ICMP redirect=YES'
426108401Sambrisko		sysctl net.inet.icmp.drop_redirect=1 >/dev/null
427108401Sambrisko		;;
42855992Swpaul	esac
42955992Swpaul
43083270Sbrooks	case ${icmp_log_redirect} in
43183270Sbrooks	[Yy][Ee][Ss])
43255992Swpaul		echo -n ' log ICMP redirect=YES'
43355992Swpaul		sysctl net.inet.icmp.log_redirect=1 >/dev/null
43455992Swpaul		;;
43555992Swpaul	esac
436108401Sambrisko
43755992Swpaul	case ${gateway_enable} in
43855992Swpaul	[Yy][Ee][Ss])
43955992Swpaul		echo -n ' IP gateway=YES'
440147256Sbrooks		sysctl net.inet.ip.forwarding=1 >/dev/null
44155992Swpaul		;;
44255992Swpaul	esac
44355992Swpaul
444108401Sambrisko	case ${forward_sourceroute} in
445108401Sambrisko	[Yy][Ee][Ss])
446108401Sambrisko		echo -n ' do source routing=YES'
447108401Sambrisko		sysctl net.inet.ip.sourceroute=1 >/dev/null
448108401Sambrisko		;;
449108401Sambrisko	esac
45055992Swpaul
451108401Sambrisko	case ${accept_sourceroute} in
45255992Swpaul	[Yy][Ee][Ss])
45355992Swpaul		echo -n ' accept source routing=YES'
454108401Sambrisko		sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
455108401Sambrisko		;;
456108401Sambrisko	esac
45755992Swpaul
45855992Swpaul	case ${tcp_keepalive} in
459119156Sambrisko	[Nn][Oo])
46055992Swpaul		echo -n ' TCP keepalive=NO'
461110531Sambrisko		sysctl net.inet.tcp.always_keepalive=0 >/dev/null
46255992Swpaul		;;
46355992Swpaul	esac
46455992Swpaul
46555992Swpaul	case ${tcp_drop_synfin} in
46655992Swpaul	[Yy][Ee][Ss])
46755992Swpaul		echo -n ' drop SYN+FIN packets=YES'
46855992Swpaul		sysctl net.inet.tcp.drop_synfin=1 >/dev/null
46955992Swpaul		;;
47055992Swpaul	esac
47155992Swpaul
47255992Swpaul	case ${ipxgateway_enable} in
47355992Swpaul	[Yy][Ee][Ss])
47455992Swpaul		echo -n ' IPX gateway=YES'
475108401Sambrisko		sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
476108401Sambrisko		;;
47755992Swpaul	esac
478173668Savatar
47967094Swpaul	case ${arpproxy_all} in
48067094Swpaul	[Yy][Ee][Ss])
48177217Sphk		echo -n ' ARP proxyall=YES'
48280449Sbrooks		sysctl net.link.ether.inet.proxyall=1 >/dev/null
48380449Sbrooks		;;
484199154Sjhb	esac
48580449Sbrooks
48688748Sambrisko	case ${ip_portrange_first} in
487108401Sambrisko	[Nn][Oo] | '')
488108401Sambrisko		;;
489108401Sambrisko	*)
490108401Sambrisko		echo -n " ip_portrange_first=$ip_portrange_first"
491108401Sambrisko		sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
49255992Swpaul		;;
49355992Swpaul	esac
49472200Sbmilekic
49572200Sbmilekic	case ${ip_portrange_last} in
496122689Ssam	[Nn][Oo] | '')
49767094Swpaul		;;
49892739Salfred	*)
49992739Salfred		echo -n " ip_portrange_last=$ip_portrange_last"
50092739Salfred		sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
501108401Sambrisko		;;
50292739Salfred	esac
50392739Salfred
504188128Simp	echo '.'
505110362Sambrisko
506198995Sjhb	case ${ipsec_enable} in
507123978Sambrisko	[Yy][Ee][Ss])
50892739Salfred		if [ -f ${ipsec_file} ]; then
50955992Swpaul		    echo ' ipsec: enabled'
51055992Swpaul		    setkey -f ${ipsec_file}
51155992Swpaul		else
51255992Swpaul		    echo ' ipsec: file not found'
51355992Swpaul		fi
51455992Swpaul		;;
51555992Swpaul	esac
51655992Swpaul
51755992Swpaul	echo -n 'Routing daemons:'
51855992Swpaul	case ${router_enable} in
51955992Swpaul	[Yy][Ee][Ss])
52055992Swpaul		echo -n " ${router}";	${router} ${router_flags}
52155992Swpaul		;;
52255992Swpaul	esac
52355992Swpaul
52455992Swpaul	case ${ipxrouted_enable} in
52555992Swpaul	[Yy][Ee][Ss])
52655992Swpaul		echo -n ' IPXrouted'
52755992Swpaul		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
52855992Swpaul		;;
52955992Swpaul	esac
53055992Swpaul
53155992Swpaul	case ${mrouted_enable} in
53255992Swpaul	[Yy][Ee][Ss])
53355992Swpaul		echo -n ' mrouted';	mrouted ${mrouted_flags}
53455992Swpaul		;;
53555992Swpaul	esac
53655992Swpaul
53755992Swpaul	case ${rarpd_enable} in
53855992Swpaul	[Yy][Ee][Ss])
53955992Swpaul		echo -n ' rarpd';	rarpd ${rarpd_flags}
54055992Swpaul		;;
54155992Swpaul	esac
54255992Swpaul	echo '.'
54355992Swpaul
54455992Swpaul	# Let future generations know we made it.
54555992Swpaul	#
54655992Swpaul	network_pass1_done=YES
547}
548
549network_pass2() {
550	echo -n 'Doing additional network setup:'
551	case ${named_enable} in
552	[Yy][Ee][Ss])
553		echo -n ' named';	${named_program:-named} ${named_flags}
554		;;
555	esac
556
557	case ${ntpdate_enable} in
558	[Yy][Ee][Ss])
559		echo -n ' ntpdate'
560		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
561		;;
562	esac
563
564	case ${xntpd_enable} in
565	[Yy][Ee][Ss])
566		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
567		;;
568	esac
569
570	case ${timed_enable} in
571	[Yy][Ee][Ss])
572		echo -n ' timed';	timed ${timed_flags}
573		;;
574	esac
575
576	case ${portmap_enable} in
577	[Yy][Ee][Ss])
578		echo -n ' rpcbind';	${portmap_program:-/usr/sbin/rpcbind} \
579			${portmap_flags}
580
581		# Start ypserv if we're an NIS server.
582		# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
583		#
584		case ${nis_server_enable} in
585		[Yy][Ee][Ss])
586			echo -n ' ypserv'; ypserv ${nis_server_flags}
587
588			case ${nis_ypxfrd_enable} in
589			[Yy][Ee][Ss])
590				echo -n ' rpc.ypxfrd'
591				rpc.ypxfrd ${nis_ypxfrd_flags}
592				;;
593			esac
594
595			case ${nis_yppasswdd_enable} in
596			[Yy][Ee][Ss])
597				echo -n ' rpc.yppasswdd'
598				rpc.yppasswdd ${nis_yppasswdd_flags}
599				;;
600			esac
601			;;
602		esac
603
604		# Start ypbind if we're an NIS client
605		#
606		case ${nis_client_enable} in
607		[Yy][Ee][Ss])
608			echo -n ' ypbind'; ypbind ${nis_client_flags}
609			case ${nis_ypset_enable} in
610			[Yy][Ee][Ss])
611				echo -n ' ypset';	ypset ${nis_ypset_flags}
612				;;
613			esac
614			;;
615		esac
616
617		# Start keyserv if we are running Secure RPC
618		#
619		case ${keyserv_enable} in
620		[Yy][Ee][Ss])
621			echo -n ' keyserv';	keyserv ${keyserv_flags}
622			;;
623		esac
624
625		# Start ypupdated if we are running Secure RPC
626		# and we are NIS master
627		#
628		case ${rpc_ypupdated_enable} in
629		[Yy][Ee][Ss])
630			echo -n ' rpc.ypupdated';	rpc.ypupdated
631			;;
632		esac
633		;;
634	esac
635
636	# Start ATM daemons
637	if [ -n "${atm_pass2_done}" ]; then
638		atm_pass3
639	fi
640
641	echo '.'
642	network_pass2_done=YES
643}
644
645network_pass3() {
646	echo -n 'Starting final network daemons:'
647
648	case ${portmap_enable} in
649	[Yy][Ee][Ss])
650		case ${nfs_server_enable} in
651		[Yy][Ee][Ss])
652			# Handle absent nfs server support
653			nfsserver_in_kernel=0
654			if sysctl vfs.nfsrv >/dev/null 2>&1; then
655				nfsserver_in_kernel=1
656			else
657				kldload nfsserver && nfsserver_in_kernel=1
658			fi
659
660			if [ -r /etc/exports -a \
661			    ${nfsserver_in_kernel} -eq 1 ]; then
662				echo -n ' mountd'
663
664				case ${weak_mountd_authentication} in
665				[Yy][Ee][Ss])
666					mountd_flags="${mountd_flags} -n"
667					;;
668				esac
669
670				mountd ${mountd_flags}
671
672				case ${nfs_reserved_port_only} in
673				[Yy][Ee][Ss])
674					echo -n ' NFS on reserved port only=YES'
675					sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
676					;;
677				esac
678
679				echo -n ' nfsd';	nfsd ${nfs_server_flags}
680
681				case ${rpc_statd_enable} in
682				[Yy][Ee][Ss])
683					echo -n ' rpc.statd';	rpc.statd
684					;;
685				esac
686
687				case ${rpc_lockd_enable} in
688				[Yy][Ee][Ss])
689					echo -n ' rpc.lockd';	rpc.lockd
690					;;
691				esac
692			else
693				echo -n ' Warning: nfs server failed'
694			fi
695			;;
696		*)
697			case ${single_mountd_enable} in
698			[Yy][Ee][Ss])
699				if [ -r /etc/exports ]; then
700					echo -n ' mountd'
701
702					case ${weak_mountd_authentication} in
703					[Yy][Ee][Ss])
704						mountd_flags="-n"
705						;;
706					esac
707
708					mountd ${mountd_flags}
709				fi
710				;;
711			esac
712			;;
713		esac
714
715		case ${nfs_client_enable} in
716		[Yy][Ee][Ss])
717			nfsclient_in_kernel=0
718			# Handle absent nfs client support
719			if sysctl vfs.nfs >/dev/null 2>&1; then
720				nfsclient_in_kernel=1
721			else
722				kldload nfsclient && nfsclient_in_kernel=1
723			fi
724
725			if [ ${nfsclient_in_kernel} -eq 1 ]
726			then
727				if [ -n "${nfs_access_cache}" ]; then
728					echo -n " NFS access cache time=${nfs_access_cache}"
729					sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
730				fi
731				if [ -n "${nfs_bufpackets}" ]; then
732					sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
733				fi
734				case ${rpc_statd_enable} in
735				[Yy][Ee][Ss])
736					echo -n ' rpc.statd';	rpc.statd
737					;;
738				esac
739
740				case ${rpc_lockd_enable} in
741				[Yy][Ee][Ss])
742					echo -n ' rpc.lockd';	rpc.lockd
743					;;
744				esac
745
746				case ${amd_enable} in
747				[Yy][Ee][Ss])
748					echo -n ' amd'
749					case ${amd_map_program} in
750					[Nn][Oo] | '')
751						;;
752					*)
753						amd_flags="${amd_flags} `eval\
754							${amd_map_program}`"
755						;;
756					esac
757
758					if [ -n "${amd_flags}" ]; then
759						amd -p ${amd_flags}\
760							> /var/run/amd.pid 2> /dev/null
761					else
762						amd 2> /dev/null
763					fi
764					;;
765				esac
766			else
767				echo 'Warning: NFS client kernel module failed to load'
768				nfs_client_enable=NO
769			fi
770			;;
771		esac
772
773		# If /var/db/mounttab exists, some nfs-server has not been
774		# successfully notified about a previous client shutdown.
775		# If there is no /var/db/mounttab, we do nothing.
776		if [ -f /var/db/mounttab ]; then
777			rpc.umntall -k
778		fi
779
780		;;
781	esac
782
783	case ${rwhod_enable} in
784	[Yy][Ee][Ss])
785		echo -n ' rwhod';	rwhod ${rwhod_flags}
786		;;
787	esac
788
789	# Kerberos servers run ONLY on the Kerberos server machine
790	case ${kerberos4_server_enable} in
791	[Yy][Ee][Ss])
792		case ${kerberos_stash} in
793		[Yy][Ee][Ss])
794			stash=-n
795			;;
796		*)
797			stash=
798			;;
799		esac
800
801		echo -n ' kerberosIV'
802		${kerberos4_server} ${stash} >> /var/log/kerberos.log &
803
804		case ${kadmind4_server_enable} in
805		[Yy][Ee][Ss])
806			echo -n ' kadmindIV'
807			(
808				sleep 20;
809				${kadmind4_server} ${stash} >/dev/null 2>&1 &
810			) &
811			;;
812		esac
813		unset stash_flag
814		;;
815	esac
816
817	case ${kerberos5_server_enable} in
818	[Yy][Ee][Ss])
819		echo -n ' kerberos5'
820		${kerberos5_server} &
821
822		case ${kadmind5_server_enable} in
823		[Yy][Ee][Ss])
824			echo -n ' kadmind5'
825			${kadmind5_server} &
826			;;
827		esac
828		;;
829	esac
830
831	case ${pppoed_enable} in
832	[Yy][Ee][Ss])
833		if [ -n "${pppoed_provider}" ]; then
834			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
835		fi
836		echo -n ' pppoed';
837		_opts=$-; set -f
838		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
839		set +f; set -${_opts}
840		;;
841	esac
842
843	case ${sshd_enable} in
844	[Yy][Ee][Ss])
845		if [ ! -f /etc/ssh/ssh_host_key ]; then
846			echo ' creating ssh RSA host key';
847			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
848		fi
849		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
850			echo ' creating ssh DSA host key';
851			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
852		fi
853		;;
854	esac
855
856	echo '.'
857	network_pass3_done=YES
858}
859
860network_pass4() {
861	echo -n 'Additional TCP options:'
862	case ${log_in_vain} in
863	[Nn][Oo] | '')
864		log_in_vain=0
865		;;
866	[Yy][Ee][Ss])
867		log_in_vain=1
868		;;
869	[0-9]*)
870		;;
871	*)
872		echo " invalid log_in_vain setting: ${log_in_vain}"
873		log_in_vain=0
874		;;
875	esac
876
877	[ "${log_in_vain}" -ne 0 ] && echo -n " log_in_vain=${log_in_vain}"
878	sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
879	sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
880
881	echo '.'
882	network_pass4_done=YES
883}
884
885network_gif_setup() {
886	case ${gif_interfaces} in
887	[Nn][Oo] | '')
888		;;
889	*)
890		for i in ${gif_interfaces}; do
891			eval peers=\$gifconfig_$i
892			case ${peers} in
893			'')
894				continue
895				;;
896			*)
897				ifconfig $i create >/dev/null 2>&1
898				ifconfig $i tunnel ${peers}
899				;;
900			esac
901		done
902		;;
903	esac
904}
905
906convert_host_conf() {
907    host_conf=$1; shift;
908    nsswitch_conf=$1; shift;
909    awk '                                                                   \
910        /^[:blank:]*#/       { next }                                       \
911        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
912        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
913        /nis/                { nsswitch[c] = "nis";   c++; next }           \
914        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
915        END {                                                               \
916                printf "hosts: ";                                           \
917                for (i in nsswitch) printf "%s ", nsswitch[i];              \
918                printf "\n";                                                \
919        }' < $host_conf > $nsswitch_conf
920}
921
922generate_host_conf() {
923    nsswitch_conf=$1; shift;
924    host_conf=$1; shift;
925    
926    awk '
927BEGIN {
928    xlat["files"] = "hosts";
929    xlat["dns"] = "bind";
930    xlat["nis"] = "nis";
931    cont = 0;
932}
933sub(/^[\t ]*hosts:/, "") || cont {
934    if (!cont)
935	srcs = ""
936    sub(/#.*/, "")
937    gsub(/[][]/, " & ")
938    cont = sub(/\\$/, "")
939    srcs = srcs " " $0
940}
941END {
942    print "# Auto-generated from nsswitch.conf, do not edit"
943    ns = split(srcs, s)
944    for (n = 1; n <= ns; ++n) {
945        if (s[n] in xlat)
946            print xlat[s[n]]
947    }
948}
949' <$nsswitch_conf >$host_conf
950}
951