1314817Sngie#!/bin/sh 2272343Sngie# 3272343Sngie# 4272343Sngie 5272343Sngie# PROVIDE: netoptions 6272343Sngie# REQUIRE: FILESYSTEMS 7272343Sngie# BEFORE: netif 8272343Sngie# KEYWORD: nojailvnet 9272343Sngie 10272343Sngie. /etc/rc.subr 11272343Sngie. /etc/network.subr 12272343Sngie 13272343Sngiename="netoptions" 14272343Sngiedesc="Network options setup" 15272343Sngiestart_cmd="netoptions_start" 16272343Sngiestop_cmd=: 17272343Sngie 18272343Sngie_netoptions_initdone= 19272343Sngienetoptions_init() 20272343Sngie{ 21272343Sngie if [ -z "${_netoptions_initdone}" ]; then 22272343Sngie echo -n 'Additional TCP/IP options:' 23272343Sngie _netoptions_initdone=yes 24272343Sngie fi 25272343Sngie} 26272343Sngie 27272343Sngienetoptions_start() 28272343Sngie{ 29272343Sngie local _af 30272343Sngie 31272343Sngie for _af in inet inet6; do 32314817Sngie afexists ${_af} && eval netoptions_${_af} 33272343Sngie done 34272343Sngie [ -n "${_netoptions_initdone}" ] && echo '.' 35272343Sngie} 36272343Sngie 37272343Sngienetoptions_inet() 38272343Sngie{ 39272343Sngie case ${log_in_vain} in 40272343Sngie [12]) 41272343Sngie netoptions_init 42272343Sngie echo -n " log_in_vain=${log_in_vain}" 43272343Sngie ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null 44314817Sngie ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null 45272343Sngie ;; 46272343Sngie *) 47272343Sngie ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null 48272343Sngie ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null 49272343Sngie ;; 50272343Sngie esac 51272343Sngie 52272343Sngie if checkyesno tcp_extensions; then 53272343Sngie ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null 54272343Sngie else 55272343Sngie netoptions_init 56272343Sngie echo -n " rfc1323 extensions=${tcp_extensions}" 57272343Sngie ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null 58272343Sngie fi 59272343Sngie 60272343Sngie if checkyesno tcp_keepalive; then 61272343Sngie ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null 62272343Sngie else 63272343Sngie netoptions_init 64272343Sngie echo -n " TCP keepalive=${tcp_keepalive}" 65272343Sngie ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null 66272343Sngie fi 67272343Sngie 68272343Sngie if checkyesno tcp_drop_synfin; then 69272343Sngie netoptions_init 70272343Sngie echo -n " drop SYN+FIN packets=${tcp_drop_synfin}" 71272343Sngie ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null 72272343Sngie else 73272343Sngie ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null 74272343Sngie fi 75272343Sngie 76272343Sngie case ${ip_portrange_first} in 77272343Sngie [0-9]*) 78272343Sngie netoptions_init 79272343Sngie echo -n " ip_portrange_first=$ip_portrange_first" 80272343Sngie ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 81272343Sngie ;; 82272343Sngie esac 83272343Sngie 84272343Sngie case ${ip_portrange_last} in 85272343Sngie [0-9]*) 86272343Sngie netoptions_init 87272343Sngie echo -n " ip_portrange_last=$ip_portrange_last" 88272343Sngie ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 89272343Sngie ;; 90272343Sngie esac 91272343Sngie} 92272343Sngie 93272343Sngienetoptions_inet6() 94272343Sngie{ 95272343Sngie if checkyesno ipv6_ipv4mapping; then 96272343Sngie netoptions_init 97272343Sngie echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" 98272343Sngie ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null 99272343Sngie else 100272343Sngie ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null 101272343Sngie fi 102272343Sngie 103272343Sngie if checkyesno ipv6_privacy; then 104272343Sngie netoptions_init 105272343Sngie echo -n " IPv6 Privacy Addresses" 106272343Sngie ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null 107272343Sngie ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null 108272343Sngie fi 109272343Sngie 110272343Sngie case $ipv6_cpe_wanif in 111272343Sngie ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) 112272343Sngie ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null 113272343Sngie ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null 114272343Sngie ;; 115272343Sngie *) 116272343Sngie netoptions_init 117272343Sngie echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}" 118272343Sngie ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null 119272343Sngie ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null 120272343Sngie ;; 121272343Sngie esac 122272343Sngie} 123272343Sngie 124272343Sngieload_rc_config $name 125272343Sngie 126272343Sngie# doesn't make sense to run in a svcj: config setting 127272343Sngienetoptions_svcj="NO" 128272343Sngie 129272343Sngierun_rc_command $1 130272343Sngie