defaultroute revision 90403
14Srgrimes#!/bin/sh - 24Srgrimes# 34Srgrimes# Copyright (c) 1993 The FreeBSD Project 44Srgrimes# All rights reserved. 54Srgrimes# 64Srgrimes# Redistribution and use in source and binary forms, with or without 74Srgrimes# modification, are permitted provided that the following conditions 84Srgrimes# are met: 94Srgrimes# 1. Redistributions of source code must retain the above copyright 104Srgrimes# notice, this list of conditions and the following disclaimer. 114Srgrimes# 2. Redistributions in binary form must reproduce the above copyright 124Srgrimes# notice, this list of conditions and the following disclaimer in the 134Srgrimes# documentation and/or other materials provided with the distribution. 144Srgrimes# 154Srgrimes# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 164Srgrimes# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 174Srgrimes# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 184Srgrimes# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 194Srgrimes# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 204Srgrimes# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 214Srgrimes# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 224Srgrimes# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 234Srgrimes# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 244Srgrimes# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 254Srgrimes# SUCH DAMAGE. 264Srgrimes# 274Srgrimes# $FreeBSD: head/etc/rc.d/routing 90403 2002-02-08 13:25:33Z cjc $ 284Srgrimes# From: @(#)netstart 5.9 (Berkeley) 3/30/91 294Srgrimes# 304Srgrimes 314Srgrimes# Note that almost all of the user-configurable behavior is no longer in 324Srgrimes# this file, but rather in /etc/defaults/rc.conf. Please check that file 334Srgrimes# first before contemplating any changes here. If you do need to change 344Srgrimes# this file for some reason, we would like to know about it. 354Srgrimes 36556Srgrimes# First pass startup stuff. 3750477Speter# 3815392Sphknetwork_pass1() { 39757Sdg echo -n 'Doing initial network setup:' 40757Sdg 41757Sdg # Generate host.conf for compatibility 4215392Sphk # 4315392Sphk if [ -f "/etc/nsswitch.conf" ]; then 444Srgrimes echo -n ' host.conf' 454Srgrimes generate_host_conf /etc/nsswitch.conf /etc/host.conf 4632358Seivind fi 4737272Sjmg 4814835Sbde # Convert host.conf to nsswitch.conf if necessary 4914835Sbde # 505908Sbde if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 514Srgrimes echo '' 5214835Sbde echo 'Warning: /etc/host.conf is no longer used' 5314835Sbde echo ' /etc/nsswitch.conf will be created for you' 5414835Sbde convert_host_conf /etc/host.conf /etc/nsswitch.conf 5515543Sphk fi 5614835Sbde 5714835Sbde # Set the host name if it is not already set 5814835Sbde # 5914835Sbde if [ -z "`hostname -s`" ]; then 604Srgrimes hostname ${hostname} 61757Sdg echo -n ' hostname' 62757Sdg fi 634Srgrimes 644Srgrimes # Establish ipfilter ruleset as early as possible (best in 654Srgrimes # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 664Srgrimes 674Srgrimes # check whether ipfilter and/or ipnat is enabled 68200Sdg ipfilter_active="NO" 694Srgrimes case ${ipfilter_enable} in 704Srgrimes [Yy][Ee][Ss]) 714Srgrimes ipfilter_active="YES" 723861Sbde ;; 7315543Sphk esac 7415543Sphk case ${ipnat_enable} in 75757Sdg [Yy][Ee][Ss]) 76592Srgrimes ipfilter_active="YES" 773861Sbde ;; 784Srgrimes esac 794Srgrimes case ${ipfilter_active} in 804Srgrimes [Yy][Ee][Ss]) 81592Srgrimes # load ipfilter kernel module if needed 82592Srgrimes if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 8315543Sphk if kldload ipl; then 84757Sdg echo 'IP-filter module loaded.' 854Srgrimes else 864Srgrimes echo 'Warning: IP-filter module failed to load.' 87556Srgrimes # avoid further errors 88556Srgrimes ipmon_enable="NO" 89556Srgrimes ipfilter_enable="NO" 9014835Sbde ipnat_enable="NO" 91134Sdg ipfs_enable="NO" 9225083Sjdp fi 9313729Sdg fi 9425083Sjdp # start ipmon before loading any rules 953842Sdg case "${ipmon_enable}" in 963861Sbde [Yy][Ee][Ss]) 97134Sdg echo -n ' ipmon' 9815565Sphk ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 996308Sphk ;; 1002783Ssos esac 10146129Sluoqi case "${ipfilter_enable}" in 1022216Sbde [Yy][Ee][Ss]) 1036308Sphk if [ -r "${ipfilter_rules}" ]; then 1046308Sphk echo -n ' ipfilter' 1052216Sbde ${ipfilter_program:-/sbin/ipf} -Fa -f \ 1065908Sbde "${ipfilter_rules}" ${ipfilter_flags} 1074Srgrimes else 108757Sdg ipfilter_enable="NO" 10915428Sphk echo -n ' NO IPF RULES' 110757Sdg fi 11126812Speter ;; 11246129Sluoqi esac 11325164Speter case "${ipnat_enable}" in 11446129Sluoqi [Yy][Ee][Ss]) 11525164Speter if [ -r "${ipnat_rules}" ]; then 11646129Sluoqi echo -n ' ipnat' 11746129Sluoqi eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 11846129Sluoqi "${ipnat_rules}" ${ipnat_flags} 11926812Speter else 12025164Speter ipnat_enable="NO" 1213861Sbde echo -n ' NO IPNAT RULES' 122757Sdg fi 1233861Sbde ;; 12426812Speter esac 12526812Speter # restore filter/NAT state tables after loading the rules 12626812Speter case "${ipfs_enable}" in 127757Sdg [Yy][Ee][Ss]) 1284Srgrimes if [ -r "/var/db/ipf/ipstate.ipf" ]; then 129757Sdg echo -n ' ipfs' 130757Sdg ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 13124693Speter # remove files to avoid reloading old state 132134Sdg # after an ungraceful shutdown 13337889Sjlemon rm -f /var/db/ipf/ipstate.ipf 13437889Sjlemon rm -f /var/db/ipf/ipnat.ipf 13534840Sjlemon fi 13634840Sjlemon ;; 13734840Sjlemon esac 13834840Sjlemon ;; 13915428Sphk esac 14015428Sphk 14115428Sphk # Set the domainname if we're using NIS 14215428Sphk # 143718Swollman case ${nisdomainname} in 14443434Skato [Nn][Oo] | '') 14543434Skato ;; 14643434Skato *) 14743434Skato domainname ${nisdomainname} 14843434Skato echo -n ' domain' 14915428Sphk ;; 15015392Sphk esac 15115392Sphk 15215392Sphk echo '.' 15315392Sphk 154556Srgrimes # Initial ATM interface configuration 155134Sdg # 15615392Sphk case ${atm_enable} in 15715392Sphk [Yy][Ee][Ss]) 15815392Sphk if [ -r /etc/rc.atm ]; then 15915392Sphk . /etc/rc.atm 16015543Sphk atm_pass1 16115392Sphk fi 16215392Sphk ;; 16315392Sphk esac 16415543Sphk 16515392Sphk # Attempt to create cloned interfaces. 16615428Sphk for ifn in ${cloned_interfaces}; do 16715428Sphk ifconfig ${ifn} create 16815428Sphk done 16915392Sphk 170134Sdg # Special options for sppp(4) interfaces go here. These need 17115392Sphk # to go _before_ the general ifconfig section, since in the case 17215565Sphk # of hardwired (no link1 flag) but required authentication, you 17315565Sphk # cannot pass auth parameters down to the already running interface. 17415392Sphk # 17515565Sphk for ifn in ${sppp_interfaces}; do 17615565Sphk eval spppcontrol_args=\$spppconfig_${ifn} 177134Sdg if [ -n "${spppcontrol_args}" ]; then 17815565Sphk # The auth secrets might contain spaces; in order 17919621Sdyson # to retain the quotation, we need to eval them 18019621Sdyson # here. 18119621Sdyson eval spppcontrol ${ifn} ${spppcontrol_args} 18219621Sdyson fi 18315565Sphk done 18415565Sphk 18515565Sphk # gifconfig 18615428Sphk network_gif_setup 18715392Sphk 18815565Sphk # Set up all the network interfaces, calling startup scripts if needed 18915565Sphk # 19015565Sphk case ${network_interfaces} in 19115565Sphk [Aa][Uu][Tt][Oo]) 19215565Sphk network_interfaces="`ifconfig -l`" 19315565Sphk ;; 19415565Sphk *) 19515565Sphk network_interfaces="${network_interfaces} ${cloned_interfaces}" 19615565Sphk ;; 19715565Sphk esac 19815565Sphk 19915392Sphk dhcp_interfaces="" 20015392Sphk for ifn in ${network_interfaces}; do 20115392Sphk if [ -r /etc/start_if.${ifn} ]; then 20215392Sphk . /etc/start_if.${ifn} 20315392Sphk eval showstat_$ifn=1 20415392Sphk fi 2051321Sdg 2064Srgrimes # Do the primary ifconfig if specified 20724112Skato # 20824112Skato eval ifconfig_args=\$ifconfig_${ifn} 20943434Skato 21043434Skato case ${ifconfig_args} in 21143434Skato '') 21224112Skato ;; 21324112Skato [Dd][Hh][Cc][Pp]) 21424112Skato # DHCP inits are done all in one go below 21524112Skato dhcp_interfaces="$dhcp_interfaces $ifn" 21615428Sphk eval showstat_$ifn=1 21715428Sphk ;; 21815428Sphk *) 21915428Sphk ifconfig ${ifn} ${ifconfig_args} 22015428Sphk eval showstat_$ifn=1 22115428Sphk ;; 22215428Sphk esac 22315428Sphk done 22415428Sphk 22515428Sphk if [ ! -z "${dhcp_interfaces}" ]; then 22615392Sphk ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 22715392Sphk fi 22854128Skato 22915392Sphk for ifn in ${network_interfaces}; do 23015428Sphk # Check to see if aliases need to be added 2313384Srgrimes # 2323384Srgrimes alias=0 2333384Srgrimes while : ; do 23415392Sphk eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 2355603Sbde if [ -n "${ifconfig_args}" ]; then 2362486Sdg ifconfig ${ifn} ${ifconfig_args} alias 23715428Sphk eval showstat_$ifn=1 23815428Sphk alias=$((${alias} + 1)) 23915428Sphk else 24015428Sphk break; 24115428Sphk fi 24215428Sphk done 2434217Sphk 2444217Sphk # Do ipx address if specified 2454217Sphk # 24615392Sphk eval ifconfig_args=\$ifconfig_${ifn}_ipx 24715392Sphk if [ -n "${ifconfig_args}" ]; then 24815428Sphk ifconfig ${ifn} ${ifconfig_args} 24915428Sphk eval showstat_$ifn=1 25015428Sphk fi 25115428Sphk done 25215428Sphk 25315428Sphk for ifn in ${network_interfaces}; do 25425083Sjdp eval showstat=\$showstat_${ifn} 25515392Sphk if [ ! -z ${showstat} ]; then 25624112Skato ifconfig ${ifn} 25743447Skato fi 25843447Skato done 25924112Skato 26043447Skato # ISDN subsystem startup 26143447Skato # 26224112Skato case ${isdn_enable} in 26324112Skato [Yy][Ee][Ss]) 26424112Skato if [ -r /etc/rc.isdn ]; then 26524112Skato . /etc/rc.isdn 26624112Skato fi 26724112Skato ;; 26824112Skato esac 26924112Skato 27024112Skato # Start user ppp if required. This must happen before natd. 27124112Skato # 27224112Skato case ${ppp_enable} in 27324112Skato [Yy][Ee][Ss]) 27424112Skato # Establish ppp mode. 27524112Skato # 27643447Skato if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 27724112Skato -a "${ppp_mode}" != "dedicated" \ 27858786Skato -a "${ppp_mode}" != "background" ]; then 27958786Skato ppp_mode="auto" 28058786Skato fi 28124112Skato 28224112Skato ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 28315392Sphk 28415392Sphk # Switch on NAT mode? 28515392Sphk # 28615428Sphk case ${ppp_nat} in 28717120Sbde [Yy][Ee][Ss]) 28815428Sphk ppp_command="${ppp_command} -nat" 28917120Sbde ;; 29017120Sbde esac 29115428Sphk 29215428Sphk ppp_command="${ppp_command} ${ppp_profile}" 29315428Sphk 29415428Sphk echo "Starting ppp as \"${ppp_user}\"" 29515428Sphk su -m ${ppp_user} -c "exec ${ppp_command}" 29615428Sphk ;; 29715428Sphk esac 29815428Sphk 29917120Sbde # Re-Sync ipfilter so it picks up any new network interfaces 30015428Sphk # 30115392Sphk case ${ipfilter_active} in 30215392Sphk [Yy][Ee][Ss]) 30315392Sphk ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} 30415392Sphk ;; 30515428Sphk esac 30615428Sphk unset ipfilter_active 30715428Sphk 30815392Sphk # Initialize IP filtering using ipfw 30915392Sphk # 31015392Sphk if /sbin/ipfw -q flush > /dev/null 2>&1; then 31127993Sdyson firewall_in_kernel=1 31227993Sdyson else 31327993Sdyson firewall_in_kernel=0 31427993Sdyson fi 31527993Sdyson 31627993Sdyson case ${firewall_enable} in 31727993Sdyson [Yy][Ee][Ss]) 31827993Sdyson if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 31927993Sdyson firewall_in_kernel=1 32027993Sdyson echo 'Kernel firewall module loaded' 32115428Sphk elif [ "${firewall_in_kernel}" -eq 0 ]; then 32215428Sphk echo 'Warning: firewall kernel module failed to load' 32315428Sphk fi 32415428Sphk ;; 32515428Sphk esac 32615428Sphk 32715428Sphk # Load the filters if required 32815428Sphk # 32915392Sphk case ${firewall_in_kernel} in 33015392Sphk 1) 33115392Sphk if [ -z "${firewall_script}" ]; then 33215392Sphk firewall_script=/etc/rc.firewall 33315392Sphk fi 33415392Sphk 33515392Sphk case ${firewall_enable} in 33615428Sphk [Yy][Ee][Ss]) 33715428Sphk if [ -r "${firewall_script}" ]; then 33815428Sphk . "${firewall_script}" 33917120Sbde echo -n 'Firewall rules loaded, starting divert daemons:' 34015428Sphk 34115428Sphk # Network Address Translation daemon 34215428Sphk # 34315428Sphk case ${natd_enable} in 34415428Sphk [Yy][Ee][Ss]) 34515428Sphk if [ -n "${natd_interface}" ]; then 34615392Sphk if echo ${natd_interface} | \ 34715392Sphk grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 34815392Sphk natd_ifarg="-a ${natd_interface}" 34915392Sphk else 35015392Sphk natd_ifarg="-n ${natd_interface}" 35165815Sbde fi 35265815Sbde 35365815Sbde echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 35465815Sbde fi 35565815Sbde ;; 35665815Sbde esac 35715392Sphk 35815392Sphk echo '.' 35965815Sbde 36015392Sphk elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 36115392Sphk echo 'Warning: kernel has firewall functionality,' \ 36265815Sbde 'but firewall rules are not enabled.' 36365815Sbde echo ' All ip services are disabled.' 36465815Sbde fi 36565815Sbde 36665815Sbde case ${firewall_logging} in 36765815Sbde [Yy][Ee][Ss] | '') 36865815Sbde echo 'Firewall logging=YES' 36946823Speter sysctl net.inet.ip.fw.verbose=1 >/dev/null 37065815Sbde ;; 37165815Sbde *) 37215392Sphk ;; 37324691Speter esac 37415392Sphk 37515392Sphk ;; 37615392Sphk esac 37760303Sobrien ;; 37851984Smarcel esac 37915392Sphk 38052140Sluoqi # Additional ATM interface configuration 38152140Sluoqi # 38252140Sluoqi if [ -n "${atm_pass1_done}" ]; then 38352140Sluoqi atm_pass2 38452140Sluoqi fi 38551792Smarcel 38651792Smarcel # Configure routing 38752140Sluoqi # 38852140Sluoqi case ${defaultrouter} in 38925083Sjdp [Nn][Oo] | '') 39052140Sluoqi ;; 39160303Sobrien *) 39252140Sluoqi static_routes="default ${static_routes}" 39352140Sluoqi route_default="default ${defaultrouter}" 39452140Sluoqi ;; 39552140Sluoqi esac 39652140Sluoqi 39752140Sluoqi # Set up any static routes. This should be done before router discovery. 39852140Sluoqi # 39952140Sluoqi if [ -n "${static_routes}" ]; then 40052140Sluoqi for i in ${static_routes}; do 40152140Sluoqi eval route_args=\$route_${i} 40252140Sluoqi route add ${route_args} 40352140Sluoqi done 40452140Sluoqi fi 40515392Sphk 40615392Sphk echo -n 'Additional routing options:' 40715392Sphk case ${tcp_extensions} in 40854121Smarcel [Yy][Ee][Ss] | '') 40915392Sphk ;; 41015392Sphk *) 41154121Smarcel echo -n ' tcp extensions=NO' 41252140Sluoqi sysctl net.inet.tcp.rfc1323=0 >/dev/null 41315428Sphk ;; 41415392Sphk esac 41515392Sphk 41615392Sphk case ${icmp_bmcastecho} in 41715392Sphk [Yy][Ee][Ss]) 41815392Sphk echo -n ' broadcast ping responses=YES' 41915392Sphk sysctl net.inet.icmp.bmcastecho=1 >/dev/null 42015392Sphk ;; 42115392Sphk esac 4223284Srgrimes 4233284Srgrimes case ${icmp_drop_redirect} in 4243284Srgrimes [Yy][Ee][Ss]) 4253284Srgrimes echo -n ' ignore ICMP redirect=YES' 4263284Srgrimes sysctl net.inet.icmp.drop_redirect=1 >/dev/null 4273284Srgrimes ;; 4283284Srgrimes esac 4293284Srgrimes 4303284Srgrimes case ${icmp_log_redirect} in 4313284Srgrimes [Yy][Ee][Ss]) 4323284Srgrimes echo -n ' log ICMP redirect=YES' 4333284Srgrimes sysctl net.inet.icmp.log_redirect=1 >/dev/null 4343284Srgrimes ;; 4353284Srgrimes esac 4363284Srgrimes 4373284Srgrimes case ${gateway_enable} in 4383284Srgrimes [Yy][Ee][Ss]) 4393284Srgrimes echo -n ' IP gateway=YES' 4403284Srgrimes sysctl net.inet.ip.forwarding=1 >/dev/null 4413284Srgrimes ;; 4423284Srgrimes esac 4433284Srgrimes 4443284Srgrimes case ${forward_sourceroute} in 4453384Srgrimes [Yy][Ee][Ss]) 4463384Srgrimes echo -n ' do source routing=YES' 4474Srgrimes sysctl net.inet.ip.sourceroute=1 >/dev/null 4483284Srgrimes ;; 4493284Srgrimes esac 4503284Srgrimes 4513284Srgrimes case ${accept_sourceroute} in 4523284Srgrimes [Yy][Ee][Ss]) 4533284Srgrimes echo -n ' accept source routing=YES' 4543384Srgrimes sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 45515392Sphk ;; 4563284Srgrimes esac 4573284Srgrimes 4583284Srgrimes case ${tcp_keepalive} in 4593284Srgrimes [Nn][Oo]) 46015428Sphk echo -n ' TCP keepalive=NO' 46115428Sphk sysctl net.inet.tcp.always_keepalive=0 >/dev/null 4623284Srgrimes ;; 4633384Srgrimes esac 46415392Sphk 4653284Srgrimes case ${tcp_drop_synfin} in 4663284Srgrimes [Yy][Ee][Ss]) 4673284Srgrimes echo -n ' drop SYN+FIN packets=YES' 4683284Srgrimes sysctl net.inet.tcp.drop_synfin=1 >/dev/null 4693284Srgrimes ;; 4703284Srgrimes esac 4713284Srgrimes 4723284Srgrimes case ${ipxgateway_enable} in 4733284Srgrimes [Yy][Ee][Ss]) 4743384Srgrimes echo -n ' IPX gateway=YES' 47515428Sphk sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 4763384Srgrimes ;; 4773284Srgrimes esac 47815392Sphk 4793384Srgrimes case ${arpproxy_all} in 4805908Sbde [Yy][Ee][Ss]) 4813384Srgrimes echo -n ' ARP proxyall=YES' 4823384Srgrimes sysctl net.link.ether.inet.proxyall=1 >/dev/null 4833384Srgrimes ;; 4843384Srgrimes esac 48515428Sphk 48615428Sphk case ${ip_portrange_first} in 48715428Sphk [Nn][Oo] | '') 48815428Sphk ;; 4893384Srgrimes *) 4903284Srgrimes echo -n " ip_portrange_first=$ip_portrange_first" 4913384Srgrimes sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 4923284Srgrimes ;; 4933384Srgrimes esac 4943384Srgrimes 4955908Sbde case ${ip_portrange_last} in 4963384Srgrimes [Nn][Oo] | '') 4979344Sdg ;; 4989344Sdg *) 49915926Sphk echo -n " ip_portrange_last=$ip_portrange_last" 5009344Sdg sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 5019344Sdg ;; 5029344Sdg esac 5039344Sdg 5049344Sdg echo '.' 5059344Sdg 5063384Srgrimes case ${ipsec_enable} in 5073384Srgrimes [Yy][Ee][Ss]) 5083384Srgrimes if [ -f ${ipsec_file} ]; then 5093384Srgrimes echo ' ipsec: enabled' 5109344Sdg setkey -f ${ipsec_file} 51115428Sphk else 5125908Sbde echo ' ipsec: file not found' 5135908Sbde fi 5145908Sbde ;; 5155908Sbde esac 5164600Sphk 5175908Sbde echo -n 'Routing daemons:' 5185908Sbde case ${router_enable} in 5195908Sbde [Yy][Ee][Ss]) 5205908Sbde echo -n " ${router}"; ${router} ${router_flags} 5215908Sbde ;; 5225908Sbde esac 52315428Sphk 5245908Sbde case ${ipxrouted_enable} in 5255908Sbde [Yy][Ee][Ss]) 5264600Sphk echo -n ' IPXrouted' 52715926Sphk IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 5285908Sbde ;; 5295908Sbde esac 5304600Sphk 5315908Sbde case ${mrouted_enable} in 5324600Sphk [Yy][Ee][Ss]) 5334600Sphk echo -n ' mrouted'; mrouted ${mrouted_flags} 5344600Sphk ;; 5354600Sphk esac 53638063Smsmith 53725837Stegge case ${rarpd_enable} in 5383384Srgrimes [Yy][Ee][Ss]) 5393384Srgrimes echo -n ' rarpd'; rarpd ${rarpd_flags} 5403384Srgrimes ;; 5415908Sbde esac 5423384Srgrimes echo '.' 54315428Sphk 54415926Sphk # Let future generations know we made it. 5453384Srgrimes # 5463384Srgrimes network_pass1_done=YES 5473384Srgrimes} 5483384Srgrimes 54915926Sphknetwork_pass2() { 5503795Sphk echo -n 'Doing additional network setup:' 5513406Sdg case ${named_enable} in 55225837Stegge [Yy][Ee][Ss]) 5533384Srgrimes echo -n ' named'; ${named_program:-named} ${named_flags} 5543384Srgrimes ;; 5553284Srgrimes esac 5563284Srgrimes 5573384Srgrimes case ${ntpdate_enable} in 5583384Srgrimes [Yy][Ee][Ss]) 5593284Srgrimes echo -n ' ntpdate' 56015392Sphk ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 5613384Srgrimes ;; 56215926Sphk esac 5633384Srgrimes 56415926Sphk case ${xntpd_enable} in 5652783Ssos [Yy][Ee][Ss]) 56615392Sphk echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 5673258Sdg ;; 5681321Sdg esac 56915392Sphk 57015392Sphk case ${timed_enable} in 57115392Sphk [Yy][Ee][Ss]) 57215392Sphk echo -n ' timed'; timed ${timed_flags} 57315392Sphk ;; 57415392Sphk esac 57515392Sphk 5761998Swollman case ${portmap_enable} in 5771998Swollman [Yy][Ee][Ss]) 5781998Swollman echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 5791998Swollman ${portmap_flags} 5801998Swollman 5811998Swollman # Start ypserv if we're an NIS server. 5821998Swollman # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 5831998Swollman # 5841998Swollman case ${nis_server_enable} in 5851998Swollman [Yy][Ee][Ss]) 5861998Swollman echo -n ' ypserv'; ypserv ${nis_server_flags} 5871998Swollman 5881998Swollman case ${nis_ypxfrd_enable} in 5891998Swollman [Yy][Ee][Ss]) 5901998Swollman echo -n ' rpc.ypxfrd' 59124112Skato rpc.ypxfrd ${nis_ypxfrd_flags} 59224112Skato ;; 59324112Skato esac 59424112Skato 59524112Skato case ${nis_yppasswdd_enable} in 59624112Skato [Yy][Ee][Ss]) 59724112Skato echo -n ' rpc.yppasswdd' 59824112Skato rpc.yppasswdd ${nis_yppasswdd_flags} 59924112Skato ;; 60024112Skato esac 60124112Skato ;; 60215926Sphk esac 60313081Sdg 6041998Swollman # Start ypbind if we're an NIS client 60524112Skato # 60627424Skato case ${nis_client_enable} in 60724112Skato [Yy][Ee][Ss]) 60824112Skato echo -n ' ypbind'; ypbind ${nis_client_flags} 60924112Skato case ${nis_ypset_enable} in 61024112Skato [Yy][Ee][Ss]) 61124112Skato echo -n ' ypset'; ypset ${nis_ypset_flags} 61224112Skato ;; 61324112Skato esac 61424112Skato ;; 6151998Swollman esac 6161998Swollman 6171998Swollman # Start keyserv if we are running Secure RPC 6181998Swollman # 6191998Swollman case ${keyserv_enable} in 6201998Swollman [Yy][Ee][Ss]) 6211998Swollman echo -n ' keyserv'; keyserv ${keyserv_flags} 6221998Swollman ;; 6231998Swollman esac 6241998Swollman 6251998Swollman # Start ypupdated if we are running Secure RPC 6261998Swollman # and we are NIS master 6271998Swollman # 6281998Swollman case ${rpc_ypupdated_enable} in 62924112Skato [Yy][Ee][Ss]) 63015926Sphk echo -n ' rpc.ypupdated'; rpc.ypupdated 6312495Spst ;; 63224112Skato esac 63324112Skato ;; 63424112Skato esac 63524112Skato 63624112Skato # Start ATM daemons 63724112Skato if [ -n "${atm_pass2_done}" ]; then 63824112Skato atm_pass3 63924112Skato fi 64024112Skato 64124112Skato echo '.' 64224112Skato network_pass2_done=YES 64324112Skato} 64424112Skato 64524112Skatonetwork_pass3() { 64624112Skato echo -n 'Starting final network daemons:' 64724112Skato 6482495Spst case ${portmap_enable} in 64924112Skato [Yy][Ee][Ss]) 65024112Skato case ${nfs_server_enable} in 65124112Skato [Yy][Ee][Ss]) 65224112Skato # Handle absent nfs server support 65324112Skato nfsserver_in_kernel=0 65424112Skato if sysctl vfs.nfsrv >/dev/null 2>&1; then 65524112Skato nfsserver_in_kernel=1 65624112Skato else 65715926Sphk kldload nfsserver && nfsserver_in_kernel=1 65824112Skato fi 65924112Skato 66013014Sdg if [ -r /etc/exports -a \ 6611998Swollman ${nfsserver_in_kernel} -eq 1 ]; then 66224112Skato echo -n ' mountd' 6631998Swollman 66469006Smarkm case ${weak_mountd_authentication} in 66515926Sphk [Yy][Ee][Ss]) 66615926Sphk mountd_flags="${mountd_flags} -n" 66715926Sphk ;; 66815926Sphk esac 66915926Sphk 6701998Swollman mountd ${mountd_flags} 6711998Swollman 67269006Smarkm case ${nfs_reserved_port_only} in 67315926Sphk [Yy][Ee][Ss]) 67415926Sphk echo -n ' NFS on reserved port only=YES' 6756308Sphk sysctl vfs.nfsrv.nfs_privport=1 > /dev/null 6761998Swollman ;; 6771998Swollman esac 6781998Swollman 6791998Swollman echo -n ' nfsd'; nfsd ${nfs_server_flags} 6801998Swollman 68115926Sphk case ${rpc_statd_enable} in 68213000Sdg [Yy][Ee][Ss]) 68313000Sdg echo -n ' rpc.statd'; rpc.statd 68413000Sdg ;; 68513000Sdg esac 68613000Sdg 68715926Sphk case ${rpc_lockd_enable} in 68813000Sdg [Yy][Ee][Ss]) 689556Srgrimes echo -n ' rpc.lockd'; rpc.lockd 69013000Sdg ;; 69115926Sphk esac 69213000Sdg else 69315392Sphk echo -n ' Warning: nfs server failed' 694556Srgrimes fi 6954Srgrimes ;; 69615392Sphk *) 697570Srgrimes case ${single_mountd_enable} in 69815428Sphk [Yy][Ee][Ss]) 69915392Sphk if [ -r /etc/exports ]; then 700570Srgrimes echo -n ' mountd' 701570Srgrimes 70215392Sphk case ${weak_mountd_authentication} in 70315392Sphk [Yy][Ee][Ss]) 70419621Sdyson mountd_flags="-n" 70519621Sdyson ;; 70619621Sdyson esac 70719621Sdyson 70819621Sdyson mountd ${mountd_flags} 70919621Sdyson fi 71019621Sdyson ;; 71115428Sphk esac 71215392Sphk ;; 7134Srgrimes esac 71461422Sbde 71515392Sphk case ${nfs_client_enable} in 7165908Sbde [Yy][Ee][Ss]) 71715428Sphk nfsclient_in_kernel=0 7185908Sbde # Handle absent nfs client support 7195908Sbde if sysctl vfs.nfs >/dev/null 2>&1; then 72015392Sphk nfsclient_in_kernel=1 72115392Sphk else 72215428Sphk kldload nfsclient && nfsclient_in_kernel=1 7235908Sbde fi 72440081Smsmith 72540081Smsmith if [ ${nfsclient_in_kernel} -eq 1 ] 72640081Smsmith then 72740081Smsmith if [ -n "${nfs_access_cache}" ]; then 72840081Smsmith echo -n " NFS access cache time=${nfs_access_cache}" 72940081Smsmith sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 73040081Smsmith fi 73115565Sphk if [ -n "${nfs_bufpackets}" ]; then 73215565Sphk sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 73315392Sphk fi 73415428Sphk case ${rpc_statd_enable} in 735608Srgrimes [Yy][Ee][Ss]) 73615392Sphk echo -n ' rpc.statd'; rpc.statd 73715392Sphk ;; 73815392Sphk esac 739757Sdg 74015392Sphk case ${rpc_lockd_enable} in 74115392Sphk [Yy][Ee][Ss]) 74215392Sphk echo -n ' rpc.lockd'; rpc.lockd 7434Srgrimes ;; 74415392Sphk esac 74515392Sphk 74617120Sbde case ${amd_enable} in 74715392Sphk [Yy][Ee][Ss]) 74815392Sphk echo -n ' amd' 7494Srgrimes case ${amd_map_program} in 75037889Sjlemon [Nn][Oo] | '') 75137889Sjlemon ;; 75237889Sjlemon *) 75337889Sjlemon amd_flags="${amd_flags} `eval\ 75434840Sjlemon ${amd_map_program}`" 75534840Sjlemon ;; 75634840Sjlemon esac 75734840Sjlemon 75826812Speter if [ -n "${amd_flags}" ]; then 75925164Speter amd -p ${amd_flags}\ 76025164Speter > /var/run/amd.pid 2> /dev/null 76125164Speter else 76225164Speter amd 2> /dev/null 76325164Speter fi 76425164Speter ;; 76546129Sluoqi esac 76625164Speter else 76746129Sluoqi echo 'Warning: NFS client kernel module failed to load' 76825164Speter nfs_client_enable=NO 76946129Sluoqi fi 77026812Speter ;; 77125164Speter esac 77215392Sphk 77315565Sphk # If /var/db/mounttab exists, some nfs-server has not been 77415428Sphk # successfully notified about a previous client shutdown. 77515428Sphk # If there is no /var/db/mounttab, we do nothing. 77615428Sphk if [ -f /var/db/mounttab ]; then 77715428Sphk rpc.umntall -k 77815428Sphk fi 77919621Sdyson 78027484Sdyson ;; 78127484Sdyson esac 78219621Sdyson 78319621Sdyson case ${rwhod_enable} in 78419621Sdyson [Yy][Ee][Ss]) 78527484Sdyson echo -n ' rwhod'; rwhod ${rwhod_flags} 78619621Sdyson ;; 78719621Sdyson esac 78815565Sphk 78915565Sphk # Kerberos servers run ONLY on the Kerberos server machine 79019621Sdyson case ${kerberos4_server_enable} in 791757Sdg [Yy][Ee][Ss]) 79215392Sphk case ${kerberos_stash} in 79315565Sphk [Yy][Ee][Ss]) 79415694Sphk stash=-n 79515694Sphk ;; 79615428Sphk *) 79719621Sdyson stash= 79827484Sdyson ;; 79919621Sdyson esac 80019621Sdyson 80119621Sdyson echo -n ' kerberosIV' 80227484Sdyson ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 80319621Sdyson 80419621Sdyson case ${kadmind4_server_enable} in 805757Sdg [Yy][Ee][Ss]) 80615543Sphk echo -n ' kadmindIV' 80719621Sdyson ( 808757Sdg sleep 20; 80915428Sphk ${kadmind4_server} ${stash} >/dev/null 2>&1 & 81015392Sphk ) & 81115392Sphk ;; 81219621Sdyson esac 813757Sdg unset stash_flag 81417120Sbde ;; 81517120Sbde esac 81615392Sphk 81719621Sdyson case ${kerberos5_server_enable} in 8184Srgrimes [Yy][Ee][Ss]) 81915565Sphk echo -n ' kerberos5' 82015565Sphk ${kerberos5_server} & 82115565Sphk 82222130Sdg case ${kadmind5_server_enable} in 82315565Sphk [Yy][Ee][Ss]) 82434840Sjlemon echo -n ' kadmind5' 82537889Sjlemon ${kadmind5_server} & 82634840Sjlemon ;; 82734840Sjlemon esac 82834840Sjlemon ;; 82934840Sjlemon esac 83034840Sjlemon 83134840Sjlemon case ${pppoed_enable} in 83234840Sjlemon [Yy][Ee][Ss]) 83334840Sjlemon if [ -n "${pppoed_provider}" ]; then 83434840Sjlemon pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 83534840Sjlemon fi 83634840Sjlemon echo -n ' pppoed'; 83734840Sjlemon _opts=$-; set -f 83834840Sjlemon /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 83934840Sjlemon set +f; set -${_opts} 84034840Sjlemon ;; 84126812Speter esac 84226812Speter 84325164Speter case ${sshd_enable} in 84425164Speter [Yy][Ee][Ss]) 84525164Speter if [ ! -f /etc/ssh/ssh_host_key ]; then 84625164Speter echo ' creating ssh RSA host key'; 84746129Sluoqi /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 84846129Sluoqi fi 84925164Speter if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 85025164Speter echo ' creating ssh DSA host key'; 85125164Speter /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 85246129Sluoqi fi 85325164Speter ;; 85425164Speter esac 85525164Speter 85646129Sluoqi echo '.' 85725164Speter network_pass3_done=YES 85826812Speter} 85946129Sluoqi 86025164Speternetwork_pass4() { 86125164Speter echo -n 'Additional TCP options:' 86225164Speter case ${log_in_vain} in 86334840Sjlemon [Nn][Oo] | '') 86434840Sjlemon log_in_vain=0 86534840Sjlemon ;; 86634840Sjlemon [Yy][Ee][Ss]) 86746129Sluoqi log_in_vain=1 86834840Sjlemon ;; 86946129Sluoqi [0-9]*) 87026812Speter ;; 87125164Speter *) 87215392Sphk echo " invalid log_in_vain setting: ${log_in_vain}" 87315392Sphk log_in_vain=0 87415565Sphk ;; 87515565Sphk esac 87619621Sdyson 8774Srgrimes [ "${log_in_vain}" -ne 0 ] && ( 87815392Sphk echo -n " log_in_vain=${log_in_vain}" 87915392Sphk sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null 88015565Sphk sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null 88115565Sphk ) 88219621Sdyson echo '.' 8834Srgrimes network_pass4_done=YES 88415392Sphk} 88515565Sphk 88615565Sphknetwork_gif_setup() { 88715565Sphk case ${gif_interfaces} in 88819621Sdyson [Nn][Oo] | '') 8894Srgrimes ;; 8904Srgrimes *) 89115428Sphk for i in ${gif_interfaces}; do 89215428Sphk eval peers=\$gifconfig_$i 89315428Sphk case ${peers} in 89415428Sphk '') 89515428Sphk continue 89615428Sphk ;; 89715428Sphk *) 89815428Sphk ifconfig $i create >/dev/null 2>&1 89915428Sphk ifconfig $i tunnel ${peers} 90015428Sphk ;; 90115428Sphk esac 90215428Sphk done 90315428Sphk ;; 90415428Sphk esac 90515428Sphk} 90615428Sphk 90715428Sphkconvert_host_conf() { 90815428Sphk host_conf=$1; shift; 90915428Sphk nsswitch_conf=$1; shift; 91015428Sphk awk ' \ 91115428Sphk /^[:blank:]*#/ { next } \ 91215428Sphk /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 91315428Sphk /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 91415428Sphk /nis/ { nsswitch[c] = "nis"; c++; next } \ 91515428Sphk { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 91615428Sphk END { \ 91715428Sphk printf "hosts: "; \ 91815428Sphk for (i in nsswitch) printf "%s ", nsswitch[i]; \ 91915428Sphk printf "\n"; \ 92015428Sphk }' < $host_conf > $nsswitch_conf 92115428Sphk} 92215428Sphk 92315428Sphkgenerate_host_conf() { 92415428Sphk nsswitch_conf=$1; shift; 92515428Sphk host_conf=$1; shift; 92615428Sphk 92715428Sphk awk ' 92815428SphkBEGIN { 92915428Sphk xlat["files"] = "hosts"; 93015428Sphk xlat["dns"] = "bind"; 93148005Sbde xlat["nis"] = "nis"; 93215428Sphk cont = 0; 93315428Sphk} 93415428Sphksub(/^[\t ]*hosts:/, "") || cont { 93515428Sphk if (!cont) 93615428Sphk srcs = "" 93715428Sphk sub(/#.*/, "") 93815428Sphk gsub(/[][]/, " & ") 93915428Sphk cont = sub(/\\$/, "") 94015428Sphk srcs = srcs " " $0 94115428Sphk} 94215428SphkEND { 94315428Sphk print "# Auto-generated from nsswitch.conf, do not edit" 94415428Sphk ns = split(srcs, s) 94515428Sphk for (n = 1; n <= ns; ++n) { 94615428Sphk if (s[n] in xlat) 94715428Sphk print xlat[s[n]] 94815428Sphk } 94915428Sphk} 95015428Sphk' <$nsswitch_conf >$host_conf 95115428Sphk} 95215428Sphk