defaultroute revision 64471
1311118Sdim#!/bin/sh - 2311118Sdim# 3311118Sdim# $FreeBSD: head/etc/rc.d/routing 64471 2000-08-10 00:13:02Z brian $ 4311118Sdim# From: @(#)netstart 5.9 (Berkeley) 3/30/91 5311118Sdim 6311118Sdim# Note that almost all of the user-configurable behavior is no longer in 7311118Sdim# this file, but rather in /etc/defaults/rc.conf. Please check that file 8311118Sdim# first before contemplating any changes here. If you do need to change 9311118Sdim# this file for some reason, we would like to know about it. 10311118Sdim 11311118Sdim# First pass startup stuff. 12311118Sdim# 13311118Sdimnetwork_pass1() { 14311118Sdim echo -n 'Doing initial network setup:' 15311118Sdim 16311118Sdim # Set the host name if it is not already set 17311118Sdim # 18311118Sdim if [ -z "`hostname -s`" ]; then 19311118Sdim hostname ${hostname} 20311118Sdim echo -n ' hostname' 21311118Sdim fi 22311118Sdim 23311118Sdim # Set the domainname if we're using NIS 24311118Sdim # 25311118Sdim case ${nisdomainname} in 26311118Sdim [Nn][Oo] | '') 27311118Sdim ;; 28311118Sdim *) 29311118Sdim domainname ${nisdomainname} 30311118Sdim echo -n ' domain' 31311118Sdim ;; 32311118Sdim esac 33311118Sdim 34311118Sdim echo '.' 35311118Sdim 36311118Sdim # Initial ATM interface configuration 37311118Sdim # 38311118Sdim case ${atm_enable} in 39311118Sdim [Yy][Ee][Ss]) 40311118Sdim if [ -r /etc/rc.atm ]; then 41311118Sdim . /etc/rc.atm 42311118Sdim atm_pass1 43311118Sdim fi 44311118Sdim ;; 45311118Sdim esac 46311118Sdim 47311118Sdim # Special options for sppp(4) interfaces go here. These need 48311118Sdim # to go _before_ the general ifconfig section, since in the case 49311118Sdim # of hardwired (no link1 flag) but required authentication, you 50311118Sdim # cannot pass auth parameters down to the already running interface. 51311118Sdim # 52311118Sdim for ifn in ${sppp_interfaces}; do 53311118Sdim eval spppcontrol_args=\$spppconfig_${ifn} 54311118Sdim if [ -n "${spppcontrol_args}" ]; then 55311118Sdim # The auth secrets might contain spaces; in order 56311118Sdim # to retain the quotation, we need to eval them 57311118Sdim # here. 58311118Sdim eval spppcontrol ${ifn} ${spppcontrol_args} 59311118Sdim fi 60311118Sdim done 61311118Sdim 62311118Sdim # Set up all the network interfaces, calling startup scripts if needed 63311118Sdim # 64311118Sdim case ${network_interfaces} in 65311118Sdim [Aa][Uu][Tt][Oo]) 66311118Sdim network_interfaces="`ifconfig -l`" 67311118Sdim ;; 68311118Sdim esac 69311118Sdim 70311118Sdim dhcp_interfaces="" 71311118Sdim for ifn in ${network_interfaces}; do 72311118Sdim if [ -r /etc/start_if.${ifn} ]; then 73311118Sdim . /etc/start_if.${ifn} 74311118Sdim eval showstat_$ifn=1 75311118Sdim fi 76311118Sdim 77311118Sdim # Do the primary ifconfig if specified 78311118Sdim # 79311118Sdim eval ifconfig_args=\$ifconfig_${ifn} 80311118Sdim 81311118Sdim case ${ifconfig_args} in 82311118Sdim '') 83311118Sdim ;; 84311118Sdim [Dd][Hh][Cc][Pp]) 85311118Sdim # DHCP inits are done all in one go below 86311118Sdim dhcp_interfaces="$dhcp_interfaces $ifn" 87311118Sdim eval showstat_$ifn=1 88311118Sdim ;; 89311118Sdim *) 90311118Sdim ifconfig ${ifn} ${ifconfig_args} 91311118Sdim eval showstat_$ifn=1 92311118Sdim ;; 93311118Sdim esac 94311118Sdim done 95311118Sdim 96311118Sdim if [ ! -z "${dhcp_interfaces}" ]; then 97311118Sdim ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 98311118Sdim fi 99311118Sdim 100311118Sdim for ifn in ${network_interfaces}; do 101311118Sdim # Check to see if aliases need to be added 102311118Sdim # 103311118Sdim alias=0 104311118Sdim while : ; do 105311118Sdim eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 106311118Sdim if [ -n "${ifconfig_args}" ]; then 107311118Sdim ifconfig ${ifn} ${ifconfig_args} alias 108311118Sdim eval showstat_$ifn=1 109311118Sdim alias=`expr ${alias} + 1` 110311118Sdim else 111311118Sdim break; 112311118Sdim fi 113311118Sdim done 114311118Sdim 115311118Sdim # Do ipx address if specified 116311118Sdim # 117311118Sdim eval ifconfig_args=\$ifconfig_${ifn}_ipx 118311118Sdim if [ -n "${ifconfig_args}" ]; then 119311118Sdim ifconfig ${ifn} ${ifconfig_args} 120311118Sdim eval showstat_$ifn=1 121311118Sdim fi 122311118Sdim done 123311118Sdim 124311118Sdim for ifn in ${network_interfaces}; do 125311118Sdim eval showstat=\$showstat_${ifn} 126311118Sdim if [ ! -z ${showstat} ]; then 127311118Sdim ifconfig ${ifn} 128311118Sdim fi 129311118Sdim done 130311118Sdim 131311118Sdim # ISDN subsystem startup 132311118Sdim # 133311118Sdim case ${isdn_enable} in 134311118Sdim [Yy][Ee][Ss]) 135311118Sdim if [ -r /etc/rc.isdn ]; then 136311118Sdim . /etc/rc.isdn 137311118Sdim fi 138311118Sdim ;; 139311118Sdim esac 140311118Sdim 141311118Sdim # Start user ppp if required. This must happen before natd. 142311118Sdim # 143311118Sdim case ${ppp_enable} in 144311118Sdim [Yy][Ee][Ss]) 145311118Sdim # Establish ppp mode. 146311118Sdim # 147311118Sdim if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 148311118Sdim -a "${ppp_mode}" != "dedicated" \ 149311118Sdim -a "${ppp_mode}" != "background" ]; then 150311118Sdim ppp_mode="auto" 151311118Sdim fi 152311118Sdim 153311118Sdim ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 154311118Sdim 155311118Sdim # Switch on NAT mode? 156311118Sdim # 157311118Sdim case ${ppp_nat} in 158311118Sdim [Yy][Ee][Ss]) 159311118Sdim ppp_command="${ppp_command} -nat" 160311118Sdim ;; 161311118Sdim esac 162311118Sdim 163311118Sdim ppp_command="${ppp_command} ${ppp_profile}" 164311118Sdim 165311118Sdim echo -n "Starting ppp as \"${ppp_user}\"" 166311118Sdim su ${ppp_user} -c "exec ${ppp_command}" 167311118Sdim ;; 168311118Sdim esac 169311118Sdim 170311118Sdim # Initialize IP filtering using ipfw 171311118Sdim # 172311118Sdim if /sbin/ipfw -q flush > /dev/null 2>&1; then 173311118Sdim firewall_in_kernel=1 174311118Sdim else 175311118Sdim firewall_in_kernel=0 176311118Sdim fi 177311118Sdim 178311118Sdim case ${firewall_enable} in 179311118Sdim [Yy][Ee][Ss]) 180311118Sdim if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 181311118Sdim firewall_in_kernel=1 182311118Sdim echo "Kernel firewall module loaded." 183311118Sdim elif [ "${firewall_in_kernel}" -eq 0 ]; then 184311118Sdim echo "Warning: firewall kernel module failed to load." 185311118Sdim fi 186311118Sdim ;; 187311118Sdim esac 188311118Sdim 189311118Sdim # Load the filters if required 190311118Sdim # 191311118Sdim case ${firewall_in_kernel} in 192311118Sdim 1) 193311118Sdim if [ -z "${firewall_script}" ]; then 194311118Sdim firewall_script=/etc/rc.firewall 195311118Sdim fi 196311118Sdim 197311118Sdim case ${firewall_enable} in 198311118Sdim [Yy][Ee][Ss]) 199311118Sdim if [ -r "${firewall_script}" ]; then 200311118Sdim . "${firewall_script}" 201311118Sdim echo -n 'Firewall rules loaded, starting divert daemons:' 202311118Sdim 203311118Sdim # Network Address Translation daemon 204311118Sdim # 205311118Sdim case ${natd_enable} in 206311118Sdim [Yy][Ee][Ss]) 207311118Sdim if [ -n "${natd_interface}" ]; then 208311118Sdim if echo ${natd_interface} | \ 209311118Sdim grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 210311118Sdim natd_ifarg="-a ${natd_interface}" 211311118Sdim else 212311118Sdim natd_ifarg="-n ${natd_interface}" 213311118Sdim fi 214311118Sdim 215311118Sdim echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 216311118Sdim fi 217311118Sdim ;; 218311118Sdim esac 219311118Sdim 220311118Sdim echo '.' 221311118Sdim 222311118Sdim elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 223311118Sdim echo -n "Warning: kernel has firewall functionality, " 224311118Sdim echo "but firewall rules are not enabled." 225311118Sdim echo " All ip services are disabled." 226311118Sdim fi 227311118Sdim 228311118Sdim case ${firewall_logging} in 229311118Sdim [Yy][Ee][Ss] | '') 230311118Sdim echo 'Firewall logging=YES' 231311118Sdim sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 232311118Sdim ;; 233311118Sdim *) 234311118Sdim ;; 235311118Sdim esac 236311118Sdim 237311118Sdim ;; 238311118Sdim esac 239311118Sdim ;; 240311118Sdim esac 241311118Sdim 242311118Sdim # Additional ATM interface configuration 243311118Sdim # 244311118Sdim if [ -n "${atm_pass1_done}" ]; then 245311118Sdim atm_pass2 246311118Sdim fi 247311118Sdim 248311118Sdim # Configure routing 249311118Sdim # 250311118Sdim case ${defaultrouter} in 251311118Sdim [Nn][Oo] | '') 252311118Sdim ;; 253311118Sdim *) 254311118Sdim static_routes="default ${static_routes}" 255311118Sdim route_default="default ${defaultrouter}" 256311118Sdim ;; 257311118Sdim esac 258311118Sdim 259311118Sdim # Set up any static routes. This should be done before router discovery. 260311118Sdim # 261311118Sdim if [ -n "${static_routes}" ]; then 262311118Sdim for i in ${static_routes}; do 263311118Sdim eval route_args=\$route_${i} 264311118Sdim route add ${route_args} 265311118Sdim done 266311118Sdim fi 267311118Sdim 268311118Sdim echo -n 'Additional routing options:' 269311118Sdim case ${tcp_extensions} in 270311118Sdim [Yy][Ee][Ss] | '') 271311118Sdim ;; 272311118Sdim *) 273311118Sdim echo -n ' tcp extensions=NO' 274311118Sdim sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 275311118Sdim ;; 276311118Sdim esac 277311118Sdim 278311118Sdim case ${icmp_bmcastecho} in 279311118Sdim [Yy][Ee][Ss]) 280311118Sdim echo -n ' broadcast ping responses=YES' 281311118Sdim sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 282311118Sdim ;; 283311118Sdim esac 284311118Sdim 285311118Sdim case ${icmp_drop_redirect} in 286311118Sdim [Yy][Ee][Ss]) 287311118Sdim echo -n ' ignore ICMP redirect=YES' 288311118Sdim sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 289311118Sdim ;; 290311118Sdim esac 291311118Sdim 292311118Sdim case ${icmp_log_redirect} in 293311118Sdim [Yy][Ee][Ss]) 294311118Sdim echo -n ' log ICMP redirect=YES' 295311118Sdim sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 296311118Sdim ;; 297311118Sdim esac 298311118Sdim 299311118Sdim case ${gateway_enable} in 300311118Sdim [Yy][Ee][Ss]) 301311118Sdim echo -n ' IP gateway=YES' 302311118Sdim sysctl -w net.inet.ip.forwarding=1 >/dev/null 303311118Sdim ;; 304311118Sdim esac 305311118Sdim 306311118Sdim case ${forward_sourceroute} in 307311118Sdim [Yy][Ee][Ss]) 308311118Sdim echo -n ' do source routing=YES' 309311118Sdim sysctl -w net.inet.ip.sourceroute=1 >/dev/null 310311118Sdim ;; 311311118Sdim esac 312311118Sdim 313311118Sdim case ${accept_sourceroute} in 314311118Sdim [Yy][Ee][Ss]) 315311118Sdim echo -n ' accept source routing=YES' 316311118Sdim sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 317311118Sdim ;; 318311118Sdim esac 319311118Sdim 320311118Sdim case ${tcp_keepalive} in 321311118Sdim [Yy][Ee][Ss]) 322311118Sdim echo -n ' TCP keepalive=YES' 323311118Sdim sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 324311118Sdim ;; 325311118Sdim esac 326311118Sdim 327311118Sdim case ${tcp_restrict_rst} in 328311118Sdim [Yy][Ee][Ss]) 329311118Sdim echo -n ' restrict TCP reset=YES' 330311118Sdim sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 331311118Sdim ;; 332311118Sdim esac 333311118Sdim 334311118Sdim case ${tcp_drop_synfin} in 335311118Sdim [Yy][Ee][Ss]) 336311118Sdim echo -n ' drop SYN+FIN packets=YES' 337311118Sdim sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 338311118Sdim ;; 339311118Sdim esac 340311118Sdim 341311118Sdim case ${ipxgateway_enable} in 342311118Sdim [Yy][Ee][Ss]) 343311118Sdim echo -n ' IPX gateway=YES' 344311118Sdim sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 345311118Sdim ;; 346311118Sdim esac 347311118Sdim 348311118Sdim case ${arpproxy_all} in 349311118Sdim [Yy][Ee][Ss]) 350311118Sdim echo -n ' ARP proxyall=YES' 351311118Sdim sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 352311118Sdim ;; 353311118Sdim esac 354311118Sdim 355311118Sdim case ${ip_portrange_first} in 356311118Sdim [Nn][Oo] | '') 357311118Sdim ;; 358311118Sdim *) 359311118Sdim echo -n ' ip_portrange_first=$ip_portrange_first' 360311118Sdim sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 361311118Sdim ;; 362311118Sdim esac 363311118Sdim 364311118Sdim case ${ip_portrange_last} in 365311118Sdim [Nn][Oo] | '') 366311118Sdim ;; 367311118Sdim *) 368311118Sdim echo -n ' ip_portrange_last=$ip_portrange_last' 369311118Sdim sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 370311118Sdim ;; 371311118Sdim esac 372311118Sdim 373311118Sdim echo '.' 374 375 case ${ipsec_enable} in 376 [Yy][Ee][Ss]) 377 if [ -f ${ipsec_file} ]; then 378 echo ' ipsec: enabled' 379 setkey -f ${ipsec_file} 380 else 381 echo ' ipsec: file not found' 382 fi 383 ;; 384 esac 385 386 echo -n 'routing daemons:' 387 case ${router_enable} in 388 [Yy][Ee][Ss]) 389 echo -n " ${router}"; ${router} ${router_flags} 390 ;; 391 esac 392 393 case ${ipxrouted_enable} in 394 [Yy][Ee][Ss]) 395 echo -n ' IPXrouted' 396 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 397 ;; 398 esac 399 400 case ${mrouted_enable} in 401 [Yy][Ee][Ss]) 402 echo -n ' mrouted'; mrouted ${mrouted_flags} 403 ;; 404 esac 405 406 case ${rarpd_enable} in 407 [Yy][Ee][Ss]) 408 echo -n ' rarpd'; rarpd ${rarpd_flags} 409 ;; 410 esac 411 echo '.' 412 413 # Let future generations know we made it. 414 # 415 network_pass1_done=YES 416} 417 418network_pass2() { 419 echo -n 'Doing additional network setup:' 420 case ${named_enable} in 421 [Yy][Ee][Ss]) 422 echo -n ' named'; ${named_program:-named} ${named_flags} 423 ;; 424 esac 425 426 case ${ntpdate_enable} in 427 [Yy][Ee][Ss]) 428 echo -n ' ntpdate' 429 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 430 ;; 431 esac 432 433 case ${xntpd_enable} in 434 [Yy][Ee][Ss]) 435 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 436 ;; 437 esac 438 439 case ${timed_enable} in 440 [Yy][Ee][Ss]) 441 echo -n ' timed'; timed ${timed_flags} 442 ;; 443 esac 444 445 case ${portmap_enable} in 446 [Yy][Ee][Ss]) 447 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 448 ;; 449 esac 450 451 # Start ypserv if we're an NIS server. 452 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 453 # 454 case ${nis_server_enable} in 455 [Yy][Ee][Ss]) 456 echo -n ' ypserv'; ypserv ${nis_server_flags} 457 458 case ${nis_ypxfrd_enable} in 459 [Yy][Ee][Ss]) 460 echo -n ' rpc.ypxfrd' 461 rpc.ypxfrd ${nis_ypxfrd_flags} 462 ;; 463 esac 464 465 case ${nis_yppasswdd_enable} in 466 [Yy][Ee][Ss]) 467 echo -n ' rpc.yppasswdd' 468 rpc.yppasswdd ${nis_yppasswdd_flags} 469 ;; 470 esac 471 ;; 472 esac 473 474 # Start ypbind if we're an NIS client 475 # 476 case ${nis_client_enable} in 477 [Yy][Ee][Ss]) 478 echo -n ' ypbind'; ypbind ${nis_client_flags} 479 case ${nis_ypset_enable} in 480 [Yy][Ee][Ss]) 481 echo -n ' ypset'; ypset ${nis_ypset_flags} 482 ;; 483 esac 484 ;; 485 esac 486 487 # Start keyserv if we are running Secure RPC 488 # 489 case ${keyserv_enable} in 490 [Yy][Ee][Ss]) 491 echo -n ' keyserv'; keyserv ${keyserv_flags} 492 ;; 493 esac 494 495 # Start ypupdated if we are running Secure RPC and we are NIS master 496 # 497 case ${rpc_ypupdated_enable} in 498 [Yy][Ee][Ss]) 499 echo -n ' rpc.ypupdated'; rpc.ypupdated 500 ;; 501 esac 502 503 # Start ATM daemons 504 if [ -n "${atm_pass2_done}" ]; then 505 atm_pass3 506 fi 507 508 echo '.' 509 network_pass2_done=YES 510} 511 512network_pass3() { 513 echo -n 'Starting final network daemons:' 514 515 case ${nfs_server_enable} in 516 [Yy][Ee][Ss]) 517 if [ -r /etc/exports ]; then 518 echo -n ' mountd' 519 520 case ${weak_mountd_authentication} in 521 [Yy][Ee][Ss]) 522 mountd_flags="${mountd_flags} -n" 523 ;; 524 esac 525 526 mountd ${mountd_flags} 527 528 case ${nfs_reserved_port_only} in 529 [Yy][Ee][Ss]) 530 echo -n ' NFS on reserved port only=YES' 531 sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 532 ;; 533 esac 534 535 echo -n ' nfsd'; nfsd ${nfs_server_flags} 536 537 if [ -n "${nfs_bufpackets}" ]; then 538 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 539 > /dev/null 540 fi 541 542 case ${rpc_lockd_enable} in 543 [Yy][Ee][Ss]) 544 echo -n ' rpc.lockd'; rpc.lockd 545 ;; 546 esac 547 548 case ${rpc_statd_enable} in 549 [Yy][Ee][Ss]) 550 echo -n ' rpc.statd'; rpc.statd 551 ;; 552 esac 553 fi 554 ;; 555 *) 556 case ${single_mountd_enable} in 557 [Yy][Ee][Ss]) 558 if [ -r /etc/exports ]; then 559 echo -n ' mountd' 560 561 case ${weak_mountd_authentication} in 562 [Yy][Ee][Ss]) 563 mountd_flags="-n" 564 ;; 565 esac 566 567 mountd ${mountd_flags} 568 fi 569 ;; 570 esac 571 ;; 572 esac 573 574 case ${nfs_client_enable} in 575 [Yy][Ee][Ss]) 576 echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 577 if [ -n "${nfs_access_cache}" ]; then 578 echo -n " NFS access cache time=${nfs_access_cache}" 579 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 580 >/dev/null 581 fi 582 ;; 583 esac 584 585 # If /var/db/mounttab exists, some nfs-server has not been 586 # sucessfully notified about a previous client shutdown. 587 # If there is no /var/db/mounttab, we do nothing. 588 if [ -f /var/db/mounttab ]; then 589 rpc.umntall -k 590 fi 591 592 case ${amd_enable} in 593 [Yy][Ee][Ss]) 594 echo -n ' amd' 595 case ${amd_map_program} in 596 [Nn][Oo] | '') 597 ;; 598 *) 599 amd_flags="${amd_flags} `eval ${amd_map_program}`" 600 ;; 601 esac 602 603 if [ -n "${amd_flags}" ]; then 604 amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 605 else 606 amd 2> /dev/null 607 fi 608 ;; 609 esac 610 611 case ${rwhod_enable} in 612 [Yy][Ee][Ss]) 613 echo -n ' rwhod'; rwhod ${rwhod_flags} 614 ;; 615 esac 616 617 # Kerberos runs ONLY on the Kerberos server machine 618 case ${kerberos_server_enable} in 619 [Yy][Ee][Ss]) 620 case ${kerberos_stash} in 621 [Yy][Ee][Ss]) 622 stash_flag=-n 623 ;; 624 *) 625 stash_flag= 626 ;; 627 esac 628 629 echo -n ' kerberos' 630 kerberos ${stash_flag} >> /var/log/kerberos.log & 631 632 case ${kadmind_server_enable} in 633 [Yy][Ee][Ss]) 634 echo -n ' kadmind' 635 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 636 ;; 637 esac 638 unset stash_flag 639 ;; 640 esac 641 642 case ${pppoed_enable} in 643 [Yy][Ee][Ss]) 644 if [ -n "${pppoed_provider}" ]; then 645 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 646 fi 647 echo -n ' pppoed'; 648 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 649 ;; 650 esac 651 652 case ${sshd_enable} in 653 [Yy][Ee][Ss]) 654 if [ ! -f /etc/ssh/ssh_host_key ]; then 655 echo ' creating ssh RSA host key'; 656 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 657 fi 658 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 659 echo ' creating ssh DSA host key'; 660 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 661 fi 662 ;; 663 esac 664 665 echo '.' 666 network_pass3_done=YES 667} 668 669network_pass4() { 670 echo -n 'Additional TCP options:' 671 case ${log_in_vain} in 672 [Nn][Oo] | '') 673 ;; 674 *) 675 echo -n ' log_in_vain=YES' 676 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 677 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 678 ;; 679 esac 680 681 echo '.' 682 network_pass4_done=YES 683} 684