defaultroute revision 92184
1#!/bin/sh - 2# 3# Copyright (c) 1993 The FreeBSD Project 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD: head/etc/rc.d/routing 92184 2002-03-12 20:25:25Z cjc $ 28# From: @(#)netstart 5.9 (Berkeley) 3/30/91 29# 30 31# Note that almost all of the user-configurable behavior is no longer in 32# this file, but rather in /etc/defaults/rc.conf. Please check that file 33# first before contemplating any changes here. If you do need to change 34# this file for some reason, we would like to know about it. 35 36# First pass startup stuff. 37# 38network_pass1() { 39 echo -n 'Doing initial network setup:' 40 41 # Generate host.conf for compatibility 42 # 43 if [ -f "/etc/nsswitch.conf" ]; then 44 echo -n ' host.conf' 45 generate_host_conf /etc/nsswitch.conf /etc/host.conf 46 fi 47 48 # Convert host.conf to nsswitch.conf if necessary 49 # 50 if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 51 echo '' 52 echo 'Warning: /etc/host.conf is no longer used' 53 echo ' /etc/nsswitch.conf will be created for you' 54 convert_host_conf /etc/host.conf /etc/nsswitch.conf 55 fi 56 57 # Set the host name if it is not already set 58 # 59 if [ -z "`hostname -s`" ]; then 60 hostname ${hostname} 61 echo -n ' hostname' 62 fi 63 64 # Establish ipfilter ruleset as early as possible (best in 65 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 66 67 # check whether ipfilter and/or ipnat is enabled 68 ipfilter_active="NO" 69 case ${ipfilter_enable} in 70 [Yy][Ee][Ss]) 71 ipfilter_active="YES" 72 ;; 73 esac 74 case ${ipnat_enable} in 75 [Yy][Ee][Ss]) 76 ipfilter_active="YES" 77 ;; 78 esac 79 case ${ipfilter_active} in 80 [Yy][Ee][Ss]) 81 # load ipfilter kernel module if needed 82 if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 83 if kldload ipl; then 84 echo 'IP-filter module loaded.' 85 else 86 echo 'Warning: IP-filter module failed to load.' 87 # avoid further errors 88 ipmon_enable="NO" 89 ipfilter_enable="NO" 90 ipnat_enable="NO" 91 ipfs_enable="NO" 92 fi 93 fi 94 # start ipmon before loading any rules 95 case "${ipmon_enable}" in 96 [Yy][Ee][Ss]) 97 echo -n ' ipmon' 98 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 99 ;; 100 esac 101 case "${ipfilter_enable}" in 102 [Yy][Ee][Ss]) 103 if [ -r "${ipfilter_rules}" ]; then 104 echo -n ' ipfilter' 105 ${ipfilter_program:-/sbin/ipf} -Fa -f \ 106 "${ipfilter_rules}" ${ipfilter_flags} 107 else 108 ipfilter_enable="NO" 109 echo -n ' NO IPF RULES' 110 fi 111 ;; 112 esac 113 case "${ipnat_enable}" in 114 [Yy][Ee][Ss]) 115 if [ -r "${ipnat_rules}" ]; then 116 echo -n ' ipnat' 117 eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 118 "${ipnat_rules}" ${ipnat_flags} 119 else 120 ipnat_enable="NO" 121 echo -n ' NO IPNAT RULES' 122 fi 123 ;; 124 esac 125 # restore filter/NAT state tables after loading the rules 126 case "${ipfs_enable}" in 127 [Yy][Ee][Ss]) 128 if [ -r "/var/db/ipf/ipstate.ipf" ]; then 129 echo -n ' ipfs' 130 ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 131 # remove files to avoid reloading old state 132 # after an ungraceful shutdown 133 rm -f /var/db/ipf/ipstate.ipf 134 rm -f /var/db/ipf/ipnat.ipf 135 fi 136 ;; 137 esac 138 ;; 139 esac 140 141 # Set the domainname if we're using NIS 142 # 143 case ${nisdomainname} in 144 [Nn][Oo] | '') 145 ;; 146 *) 147 domainname ${nisdomainname} 148 echo -n ' domain' 149 ;; 150 esac 151 152 echo '.' 153 154 # Initial ATM interface configuration 155 # 156 case ${atm_enable} in 157 [Yy][Ee][Ss]) 158 if [ -r /etc/rc.atm ]; then 159 . /etc/rc.atm 160 atm_pass1 161 fi 162 ;; 163 esac 164 165 # Attempt to create cloned interfaces. 166 for ifn in ${cloned_interfaces}; do 167 ifconfig ${ifn} create 168 done 169 170 # Special options for sppp(4) interfaces go here. These need 171 # to go _before_ the general ifconfig section, since in the case 172 # of hardwired (no link1 flag) but required authentication, you 173 # cannot pass auth parameters down to the already running interface. 174 # 175 for ifn in ${sppp_interfaces}; do 176 eval spppcontrol_args=\$spppconfig_${ifn} 177 if [ -n "${spppcontrol_args}" ]; then 178 # The auth secrets might contain spaces; in order 179 # to retain the quotation, we need to eval them 180 # here. 181 eval spppcontrol ${ifn} ${spppcontrol_args} 182 fi 183 done 184 185 # gifconfig 186 network_gif_setup 187 188 # Set up all the network interfaces, calling startup scripts if needed 189 # 190 case ${network_interfaces} in 191 [Aa][Uu][Tt][Oo]) 192 network_interfaces="`ifconfig -l`" 193 ;; 194 *) 195 network_interfaces="${network_interfaces} ${cloned_interfaces}" 196 ;; 197 esac 198 199 dhcp_interfaces="" 200 for ifn in ${network_interfaces}; do 201 if [ -r /etc/start_if.${ifn} ]; then 202 . /etc/start_if.${ifn} 203 eval showstat_$ifn=1 204 fi 205 206 # Do the primary ifconfig if specified 207 # 208 eval ifconfig_args=\$ifconfig_${ifn} 209 210 case ${ifconfig_args} in 211 '') 212 ;; 213 [Dd][Hh][Cc][Pp]) 214 # DHCP inits are done all in one go below 215 dhcp_interfaces="$dhcp_interfaces $ifn" 216 eval showstat_$ifn=1 217 ;; 218 *) 219 ifconfig ${ifn} ${ifconfig_args} 220 eval showstat_$ifn=1 221 ;; 222 esac 223 done 224 225 if [ ! -z "${dhcp_interfaces}" ]; then 226 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 227 fi 228 229 for ifn in ${network_interfaces}; do 230 # Check to see if aliases need to be added 231 # 232 alias=0 233 while : ; do 234 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 235 if [ -n "${ifconfig_args}" ]; then 236 ifconfig ${ifn} ${ifconfig_args} alias 237 eval showstat_$ifn=1 238 alias=$((${alias} + 1)) 239 else 240 break; 241 fi 242 done 243 244 # Do ipx address if specified 245 # 246 eval ifconfig_args=\$ifconfig_${ifn}_ipx 247 if [ -n "${ifconfig_args}" ]; then 248 ifconfig ${ifn} ${ifconfig_args} 249 eval showstat_$ifn=1 250 fi 251 done 252 253 for ifn in ${network_interfaces}; do 254 eval showstat=\$showstat_${ifn} 255 if [ ! -z ${showstat} ]; then 256 ifconfig ${ifn} 257 fi 258 done 259 260 # ISDN subsystem startup 261 # 262 case ${isdn_enable} in 263 [Yy][Ee][Ss]) 264 if [ -r /etc/rc.isdn ]; then 265 . /etc/rc.isdn 266 fi 267 ;; 268 esac 269 270 # Start user ppp if required. This must happen before natd. 271 # 272 case ${ppp_enable} in 273 [Yy][Ee][Ss]) 274 # Establish ppp mode. 275 # 276 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 277 -a "${ppp_mode}" != "dedicated" \ 278 -a "${ppp_mode}" != "background" ]; then 279 ppp_mode="auto" 280 fi 281 282 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 283 284 # Switch on NAT mode? 285 # 286 case ${ppp_nat} in 287 [Yy][Ee][Ss]) 288 ppp_command="${ppp_command} -nat" 289 ;; 290 esac 291 292 ppp_command="${ppp_command} ${ppp_profile}" 293 294 echo "Starting ppp as \"${ppp_user}\"" 295 su -m ${ppp_user} -c "exec ${ppp_command}" 296 ;; 297 esac 298 299 # Re-Sync ipfilter so it picks up any new network interfaces 300 # 301 case ${ipfilter_enable} in 302 [Yy][Ee][Ss]) 303 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null 304 ;; 305 esac 306 307 # Initialize IP filtering using ipfw 308 # 309 if /sbin/ipfw -q flush > /dev/null 2>&1; then 310 firewall_in_kernel=1 311 else 312 firewall_in_kernel=0 313 fi 314 315 case ${firewall_enable} in 316 [Yy][Ee][Ss]) 317 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 318 firewall_in_kernel=1 319 echo 'Kernel firewall module loaded' 320 elif [ "${firewall_in_kernel}" -eq 0 ]; then 321 echo 'Warning: firewall kernel module failed to load' 322 fi 323 ;; 324 esac 325 326 # Load the filters if required 327 # 328 case ${firewall_in_kernel} in 329 1) 330 if [ -z "${firewall_script}" ]; then 331 firewall_script=/etc/rc.firewall 332 fi 333 334 case ${firewall_enable} in 335 [Yy][Ee][Ss]) 336 if [ -r "${firewall_script}" ]; then 337 . "${firewall_script}" 338 echo -n 'Firewall rules loaded, starting divert daemons:' 339 340 # Network Address Translation daemon 341 # 342 case ${natd_enable} in 343 [Yy][Ee][Ss]) 344 if [ -n "${natd_interface}" ]; then 345 if echo ${natd_interface} | \ 346 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 347 natd_flags="$natd_flags -a ${natd_interface}" 348 else 349 natd_flags="$natd_flags -n ${natd_interface}" 350 fi 351 fi 352 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} 353 ;; 354 esac 355 356 echo '.' 357 358 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 359 echo 'Warning: kernel has firewall functionality,' \ 360 'but firewall rules are not enabled.' 361 echo ' All ip services are disabled.' 362 fi 363 364 case ${firewall_logging} in 365 [Yy][Ee][Ss] | '') 366 echo 'Firewall logging=YES' 367 sysctl net.inet.ip.fw.verbose=1 >/dev/null 368 ;; 369 *) 370 ;; 371 esac 372 373 ;; 374 esac 375 ;; 376 esac 377 378 # Additional ATM interface configuration 379 # 380 if [ -n "${atm_pass1_done}" ]; then 381 atm_pass2 382 fi 383 384 # Configure routing 385 # 386 case ${defaultrouter} in 387 [Nn][Oo] | '') 388 ;; 389 *) 390 static_routes="default ${static_routes}" 391 route_default="default ${defaultrouter}" 392 ;; 393 esac 394 395 # Set up any static routes. This should be done before router discovery. 396 # 397 if [ -n "${static_routes}" ]; then 398 for i in ${static_routes}; do 399 eval route_args=\$route_${i} 400 route add ${route_args} 401 done 402 fi 403 404 echo -n 'Additional routing options:' 405 case ${tcp_extensions} in 406 [Yy][Ee][Ss] | '') 407 ;; 408 *) 409 echo -n ' tcp extensions=NO' 410 sysctl net.inet.tcp.rfc1323=0 >/dev/null 411 ;; 412 esac 413 414 case ${icmp_bmcastecho} in 415 [Yy][Ee][Ss]) 416 echo -n ' broadcast ping responses=YES' 417 sysctl net.inet.icmp.bmcastecho=1 >/dev/null 418 ;; 419 esac 420 421 case ${icmp_drop_redirect} in 422 [Yy][Ee][Ss]) 423 echo -n ' ignore ICMP redirect=YES' 424 sysctl net.inet.icmp.drop_redirect=1 >/dev/null 425 ;; 426 esac 427 428 case ${icmp_log_redirect} in 429 [Yy][Ee][Ss]) 430 echo -n ' log ICMP redirect=YES' 431 sysctl net.inet.icmp.log_redirect=1 >/dev/null 432 ;; 433 esac 434 435 case ${gateway_enable} in 436 [Yy][Ee][Ss]) 437 echo -n ' IP gateway=YES' 438 sysctl net.inet.ip.forwarding=1 >/dev/null 439 ;; 440 esac 441 442 case ${forward_sourceroute} in 443 [Yy][Ee][Ss]) 444 echo -n ' do source routing=YES' 445 sysctl net.inet.ip.sourceroute=1 >/dev/null 446 ;; 447 esac 448 449 case ${accept_sourceroute} in 450 [Yy][Ee][Ss]) 451 echo -n ' accept source routing=YES' 452 sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 453 ;; 454 esac 455 456 case ${tcp_keepalive} in 457 [Nn][Oo]) 458 echo -n ' TCP keepalive=NO' 459 sysctl net.inet.tcp.always_keepalive=0 >/dev/null 460 ;; 461 esac 462 463 case ${tcp_drop_synfin} in 464 [Yy][Ee][Ss]) 465 echo -n ' drop SYN+FIN packets=YES' 466 sysctl net.inet.tcp.drop_synfin=1 >/dev/null 467 ;; 468 esac 469 470 case ${ipxgateway_enable} in 471 [Yy][Ee][Ss]) 472 echo -n ' IPX gateway=YES' 473 sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 474 ;; 475 esac 476 477 case ${arpproxy_all} in 478 [Yy][Ee][Ss]) 479 echo -n ' ARP proxyall=YES' 480 sysctl net.link.ether.inet.proxyall=1 >/dev/null 481 ;; 482 esac 483 484 case ${ip_portrange_first} in 485 [Nn][Oo] | '') 486 ;; 487 *) 488 echo -n " ip_portrange_first=$ip_portrange_first" 489 sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 490 ;; 491 esac 492 493 case ${ip_portrange_last} in 494 [Nn][Oo] | '') 495 ;; 496 *) 497 echo -n " ip_portrange_last=$ip_portrange_last" 498 sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 499 ;; 500 esac 501 502 echo '.' 503 504 case ${ipsec_enable} in 505 [Yy][Ee][Ss]) 506 if [ -f ${ipsec_file} ]; then 507 echo ' ipsec: enabled' 508 setkey -f ${ipsec_file} 509 else 510 echo ' ipsec: file not found' 511 fi 512 ;; 513 esac 514 515 echo -n 'Routing daemons:' 516 case ${router_enable} in 517 [Yy][Ee][Ss]) 518 echo -n " ${router}"; ${router} ${router_flags} 519 ;; 520 esac 521 522 case ${ipxrouted_enable} in 523 [Yy][Ee][Ss]) 524 echo -n ' IPXrouted' 525 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 526 ;; 527 esac 528 529 case ${mrouted_enable} in 530 [Yy][Ee][Ss]) 531 echo -n ' mrouted'; mrouted ${mrouted_flags} 532 ;; 533 esac 534 535 case ${rarpd_enable} in 536 [Yy][Ee][Ss]) 537 echo -n ' rarpd'; rarpd ${rarpd_flags} 538 ;; 539 esac 540 echo '.' 541 542 # Let future generations know we made it. 543 # 544 network_pass1_done=YES 545} 546 547network_pass2() { 548 echo -n 'Doing additional network setup:' 549 case ${named_enable} in 550 [Yy][Ee][Ss]) 551 echo -n ' named'; ${named_program:-named} ${named_flags} 552 ;; 553 esac 554 555 case ${ntpdate_enable} in 556 [Yy][Ee][Ss]) 557 echo -n ' ntpdate' 558 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 559 ;; 560 esac 561 562 case ${xntpd_enable} in 563 [Yy][Ee][Ss]) 564 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 565 ;; 566 esac 567 568 case ${timed_enable} in 569 [Yy][Ee][Ss]) 570 echo -n ' timed'; timed ${timed_flags} 571 ;; 572 esac 573 574 case ${portmap_enable} in 575 [Yy][Ee][Ss]) 576 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 577 ${portmap_flags} 578 579 # Start ypserv if we're an NIS server. 580 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 581 # 582 case ${nis_server_enable} in 583 [Yy][Ee][Ss]) 584 echo -n ' ypserv'; ypserv ${nis_server_flags} 585 586 case ${nis_ypxfrd_enable} in 587 [Yy][Ee][Ss]) 588 echo -n ' rpc.ypxfrd' 589 rpc.ypxfrd ${nis_ypxfrd_flags} 590 ;; 591 esac 592 593 case ${nis_yppasswdd_enable} in 594 [Yy][Ee][Ss]) 595 echo -n ' rpc.yppasswdd' 596 rpc.yppasswdd ${nis_yppasswdd_flags} 597 ;; 598 esac 599 ;; 600 esac 601 602 # Start ypbind if we're an NIS client 603 # 604 case ${nis_client_enable} in 605 [Yy][Ee][Ss]) 606 echo -n ' ypbind'; ypbind ${nis_client_flags} 607 case ${nis_ypset_enable} in 608 [Yy][Ee][Ss]) 609 echo -n ' ypset'; ypset ${nis_ypset_flags} 610 ;; 611 esac 612 ;; 613 esac 614 615 # Start keyserv if we are running Secure RPC 616 # 617 case ${keyserv_enable} in 618 [Yy][Ee][Ss]) 619 echo -n ' keyserv'; keyserv ${keyserv_flags} 620 ;; 621 esac 622 623 # Start ypupdated if we are running Secure RPC 624 # and we are NIS master 625 # 626 case ${rpc_ypupdated_enable} in 627 [Yy][Ee][Ss]) 628 echo -n ' rpc.ypupdated'; rpc.ypupdated 629 ;; 630 esac 631 ;; 632 esac 633 634 # Start ATM daemons 635 if [ -n "${atm_pass2_done}" ]; then 636 atm_pass3 637 fi 638 639 echo '.' 640 network_pass2_done=YES 641} 642 643network_pass3() { 644 echo -n 'Starting final network daemons:' 645 646 case ${portmap_enable} in 647 [Yy][Ee][Ss]) 648 case ${nfs_server_enable} in 649 [Yy][Ee][Ss]) 650 # Handle absent nfs server support 651 nfsserver_in_kernel=0 652 if sysctl vfs.nfsrv >/dev/null 2>&1; then 653 nfsserver_in_kernel=1 654 else 655 kldload nfsserver && nfsserver_in_kernel=1 656 fi 657 658 if [ -r /etc/exports -a \ 659 ${nfsserver_in_kernel} -eq 1 ]; then 660 echo -n ' mountd' 661 662 case ${weak_mountd_authentication} in 663 [Yy][Ee][Ss]) 664 mountd_flags="${mountd_flags} -n" 665 ;; 666 esac 667 668 mountd ${mountd_flags} 669 670 case ${nfs_reserved_port_only} in 671 [Yy][Ee][Ss]) 672 echo -n ' NFS on reserved port only=YES' 673 sysctl vfs.nfsrv.nfs_privport=1 > /dev/null 674 ;; 675 esac 676 677 echo -n ' nfsd'; nfsd ${nfs_server_flags} 678 679 case ${rpc_statd_enable} in 680 [Yy][Ee][Ss]) 681 echo -n ' rpc.statd'; rpc.statd 682 ;; 683 esac 684 685 case ${rpc_lockd_enable} in 686 [Yy][Ee][Ss]) 687 echo -n ' rpc.lockd'; rpc.lockd 688 ;; 689 esac 690 else 691 echo -n ' Warning: nfs server failed' 692 fi 693 ;; 694 *) 695 case ${single_mountd_enable} in 696 [Yy][Ee][Ss]) 697 if [ -r /etc/exports ]; then 698 echo -n ' mountd' 699 700 case ${weak_mountd_authentication} in 701 [Yy][Ee][Ss]) 702 mountd_flags="-n" 703 ;; 704 esac 705 706 mountd ${mountd_flags} 707 fi 708 ;; 709 esac 710 ;; 711 esac 712 713 case ${nfs_client_enable} in 714 [Yy][Ee][Ss]) 715 nfsclient_in_kernel=0 716 # Handle absent nfs client support 717 if sysctl vfs.nfs >/dev/null 2>&1; then 718 nfsclient_in_kernel=1 719 else 720 kldload nfsclient && nfsclient_in_kernel=1 721 fi 722 723 if [ ${nfsclient_in_kernel} -eq 1 ] 724 then 725 if [ -n "${nfs_access_cache}" ]; then 726 echo -n " NFS access cache time=${nfs_access_cache}" 727 sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 728 fi 729 if [ -n "${nfs_bufpackets}" ]; then 730 sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 731 fi 732 case ${rpc_statd_enable} in 733 [Yy][Ee][Ss]) 734 echo -n ' rpc.statd'; rpc.statd 735 ;; 736 esac 737 738 case ${rpc_lockd_enable} in 739 [Yy][Ee][Ss]) 740 echo -n ' rpc.lockd'; rpc.lockd 741 ;; 742 esac 743 744 case ${amd_enable} in 745 [Yy][Ee][Ss]) 746 echo -n ' amd' 747 case ${amd_map_program} in 748 [Nn][Oo] | '') 749 ;; 750 *) 751 amd_flags="${amd_flags} `eval\ 752 ${amd_map_program}`" 753 ;; 754 esac 755 756 amd -p ${amd_flags} > /var/run/amd.pid \ 757 2> /dev/null & 758 ;; 759 esac 760 else 761 echo 'Warning: NFS client kernel module failed to load' 762 nfs_client_enable=NO 763 fi 764 ;; 765 esac 766 767 # If /var/db/mounttab exists, some nfs-server has not been 768 # successfully notified about a previous client shutdown. 769 # If there is no /var/db/mounttab, we do nothing. 770 if [ -f /var/db/mounttab ]; then 771 rpc.umntall -k 772 fi 773 774 ;; 775 esac 776 777 case ${rwhod_enable} in 778 [Yy][Ee][Ss]) 779 echo -n ' rwhod'; rwhod ${rwhod_flags} 780 ;; 781 esac 782 783 # Kerberos servers run ONLY on the Kerberos server machine 784 case ${kerberos4_server_enable} in 785 [Yy][Ee][Ss]) 786 case ${kerberos_stash} in 787 [Yy][Ee][Ss]) 788 stash=-n 789 ;; 790 *) 791 stash= 792 ;; 793 esac 794 795 echo -n ' kerberosIV' 796 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 797 798 case ${kadmind4_server_enable} in 799 [Yy][Ee][Ss]) 800 echo -n ' kadmindIV' 801 ( 802 sleep 20; 803 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 804 ) & 805 ;; 806 esac 807 unset stash_flag 808 ;; 809 esac 810 811 case ${kerberos5_server_enable} in 812 [Yy][Ee][Ss]) 813 echo -n ' kerberos5' 814 ${kerberos5_server} & 815 816 case ${kadmind5_server_enable} in 817 [Yy][Ee][Ss]) 818 echo -n ' kadmind5' 819 ${kadmind5_server} & 820 ;; 821 esac 822 ;; 823 esac 824 825 case ${pppoed_enable} in 826 [Yy][Ee][Ss]) 827 if [ -n "${pppoed_provider}" ]; then 828 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 829 fi 830 echo -n ' pppoed'; 831 _opts=$-; set -f 832 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 833 set +f; set -${_opts} 834 ;; 835 esac 836 837 case ${sshd_enable} in 838 [Yy][Ee][Ss]) 839 if [ ! -f /etc/ssh/ssh_host_key ]; then 840 echo ' creating ssh RSA host key'; 841 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 842 fi 843 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 844 echo ' creating ssh DSA host key'; 845 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 846 fi 847 ;; 848 esac 849 850 echo '.' 851 network_pass3_done=YES 852} 853 854network_pass4() { 855 echo -n 'Additional TCP options:' 856 case ${log_in_vain} in 857 [Nn][Oo] | '') 858 log_in_vain=0 859 ;; 860 [Yy][Ee][Ss]) 861 log_in_vain=1 862 ;; 863 [0-9]*) 864 ;; 865 *) 866 echo " invalid log_in_vain setting: ${log_in_vain}" 867 log_in_vain=0 868 ;; 869 esac 870 871 [ "${log_in_vain}" -ne 0 ] && ( 872 echo -n " log_in_vain=${log_in_vain}" 873 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null 874 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null 875 ) 876 echo '.' 877 network_pass4_done=YES 878} 879 880network_gif_setup() { 881 case ${gif_interfaces} in 882 [Nn][Oo] | '') 883 ;; 884 *) 885 for i in ${gif_interfaces}; do 886 eval peers=\$gifconfig_$i 887 case ${peers} in 888 '') 889 continue 890 ;; 891 *) 892 ifconfig $i create >/dev/null 2>&1 893 ifconfig $i tunnel ${peers} 894 ;; 895 esac 896 done 897 ;; 898 esac 899} 900 901convert_host_conf() { 902 host_conf=$1; shift; 903 nsswitch_conf=$1; shift; 904 awk ' \ 905 /^[:blank:]*#/ { next } \ 906 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 907 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 908 /nis/ { nsswitch[c] = "nis"; c++; next } \ 909 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 910 END { \ 911 printf "hosts: "; \ 912 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 913 printf "\n"; \ 914 }' < $host_conf > $nsswitch_conf 915} 916 917generate_host_conf() { 918 nsswitch_conf=$1; shift; 919 host_conf=$1; shift; 920 921 awk ' 922BEGIN { 923 xlat["files"] = "hosts"; 924 xlat["dns"] = "bind"; 925 xlat["nis"] = "nis"; 926 cont = 0; 927} 928sub(/^[\t ]*hosts:/, "") || cont { 929 if (!cont) 930 srcs = "" 931 sub(/#.*/, "") 932 gsub(/[][]/, " & ") 933 cont = sub(/\\$/, "") 934 srcs = srcs " " $0 935} 936END { 937 print "# Auto-generated from nsswitch.conf, do not edit" 938 ns = split(srcs, s) 939 for (n = 1; n <= ns; ++n) { 940 if (s[n] in xlat) 941 print xlat[s[n]] 942 } 943} 944' <$nsswitch_conf >$host_conf 945} 946