defaultroute revision 64471 
1311118Sdim#!/bin/sh -
2311118Sdim#
3311118Sdim# $FreeBSD: head/etc/rc.d/routing 64471 2000-08-10 00:13:02Z brian $
4311118Sdim#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
5311118Sdim
6311118Sdim# Note that almost all of the user-configurable behavior is no longer in
7311118Sdim# this file, but rather in /etc/defaults/rc.conf.  Please check that file
8311118Sdim# first before contemplating any changes here.  If you do need to change
9311118Sdim# this file for some reason, we would like to know about it.
10311118Sdim
11311118Sdim# First pass startup stuff.
12311118Sdim#
13311118Sdimnetwork_pass1() {
14311118Sdim	echo -n 'Doing initial network setup:'
15311118Sdim
16311118Sdim	# Set the host name if it is not already set
17311118Sdim	#
18311118Sdim	if [ -z "`hostname -s`" ]; then
19311118Sdim		hostname ${hostname}
20311118Sdim		echo -n ' hostname'
21311118Sdim	fi
22311118Sdim
23311118Sdim	# Set the domainname if we're using NIS
24311118Sdim	#
25311118Sdim	case ${nisdomainname} in
26311118Sdim	[Nn][Oo] | '')
27311118Sdim		;;
28311118Sdim	*)
29311118Sdim		domainname ${nisdomainname}
30311118Sdim		echo -n ' domain'
31311118Sdim		;;
32311118Sdim	esac
33311118Sdim
34311118Sdim	echo '.'
35311118Sdim
36311118Sdim	# Initial ATM interface configuration
37311118Sdim	#
38311118Sdim	case ${atm_enable} in
39311118Sdim	[Yy][Ee][Ss])
40311118Sdim		if [ -r /etc/rc.atm ]; then
41311118Sdim			. /etc/rc.atm
42311118Sdim			atm_pass1
43311118Sdim		fi
44311118Sdim		;;
45311118Sdim	esac
46311118Sdim
47311118Sdim	# Special options for sppp(4) interfaces go here.  These need
48311118Sdim	# to go _before_ the general ifconfig section, since in the case
49311118Sdim	# of hardwired (no link1 flag) but required authentication, you
50311118Sdim	# cannot pass auth parameters down to the already running interface.
51311118Sdim	#
52311118Sdim	for ifn in ${sppp_interfaces}; do
53311118Sdim		eval spppcontrol_args=\$spppconfig_${ifn}
54311118Sdim		if [ -n "${spppcontrol_args}" ]; then
55311118Sdim			# The auth secrets might contain spaces; in order
56311118Sdim			# to retain the quotation, we need to eval them
57311118Sdim			# here.
58311118Sdim			eval spppcontrol ${ifn} ${spppcontrol_args}
59311118Sdim		fi
60311118Sdim	done
61311118Sdim
62311118Sdim	# Set up all the network interfaces, calling startup scripts if needed
63311118Sdim	#
64311118Sdim	case ${network_interfaces} in
65311118Sdim	[Aa][Uu][Tt][Oo])
66311118Sdim		network_interfaces="`ifconfig -l`"
67311118Sdim		;;
68311118Sdim	esac
69311118Sdim
70311118Sdim	dhcp_interfaces=""
71311118Sdim	for ifn in ${network_interfaces}; do
72311118Sdim		if [ -r /etc/start_if.${ifn} ]; then
73311118Sdim			. /etc/start_if.${ifn}
74311118Sdim			eval showstat_$ifn=1
75311118Sdim		fi
76311118Sdim
77311118Sdim		# Do the primary ifconfig if specified
78311118Sdim		#
79311118Sdim		eval ifconfig_args=\$ifconfig_${ifn}
80311118Sdim
81311118Sdim		case ${ifconfig_args} in
82311118Sdim		'')
83311118Sdim			;;
84311118Sdim		[Dd][Hh][Cc][Pp])
85311118Sdim			# DHCP inits are done all in one go below
86311118Sdim			dhcp_interfaces="$dhcp_interfaces $ifn"
87311118Sdim			eval showstat_$ifn=1
88311118Sdim			;;
89311118Sdim		*)
90311118Sdim			ifconfig ${ifn} ${ifconfig_args}
91311118Sdim			eval showstat_$ifn=1
92311118Sdim			;;
93311118Sdim		esac
94311118Sdim	done
95311118Sdim
96311118Sdim	if [ ! -z "${dhcp_interfaces}" ]; then
97311118Sdim		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
98311118Sdim	fi
99311118Sdim
100311118Sdim	for ifn in ${network_interfaces}; do
101311118Sdim		# Check to see if aliases need to be added
102311118Sdim		#
103311118Sdim		alias=0
104311118Sdim		while : ; do
105311118Sdim			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
106311118Sdim			if [ -n "${ifconfig_args}" ]; then
107311118Sdim				ifconfig ${ifn} ${ifconfig_args} alias
108311118Sdim				eval showstat_$ifn=1
109311118Sdim				alias=`expr ${alias} + 1`
110311118Sdim			else
111311118Sdim				break;
112311118Sdim			fi
113311118Sdim		done
114311118Sdim
115311118Sdim		# Do ipx address if specified
116311118Sdim		#
117311118Sdim		eval ifconfig_args=\$ifconfig_${ifn}_ipx
118311118Sdim		if [ -n "${ifconfig_args}" ]; then
119311118Sdim			ifconfig ${ifn} ${ifconfig_args}
120311118Sdim			eval showstat_$ifn=1
121311118Sdim		fi
122311118Sdim	done
123311118Sdim
124311118Sdim	for ifn in ${network_interfaces}; do
125311118Sdim		eval showstat=\$showstat_${ifn}
126311118Sdim		if [ ! -z ${showstat} ]; then
127311118Sdim			ifconfig ${ifn}
128311118Sdim		fi
129311118Sdim	done
130311118Sdim
131311118Sdim	# ISDN subsystem startup
132311118Sdim	#
133311118Sdim	case ${isdn_enable} in
134311118Sdim	[Yy][Ee][Ss])
135311118Sdim		if [ -r /etc/rc.isdn ]; then
136311118Sdim			. /etc/rc.isdn
137311118Sdim		fi
138311118Sdim		;;
139311118Sdim	esac
140311118Sdim
141311118Sdim	# Start user ppp if required.  This must happen before natd.
142311118Sdim	#
143311118Sdim	case ${ppp_enable} in
144311118Sdim	[Yy][Ee][Ss])
145311118Sdim		# Establish ppp mode.
146311118Sdim		#
147311118Sdim		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
148311118Sdim			-a "${ppp_mode}" != "dedicated" \
149311118Sdim			-a "${ppp_mode}" != "background" ]; then
150311118Sdim			ppp_mode="auto"
151311118Sdim		fi
152311118Sdim
153311118Sdim		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
154311118Sdim
155311118Sdim		# Switch on NAT mode?
156311118Sdim		#
157311118Sdim		case ${ppp_nat} in
158311118Sdim		[Yy][Ee][Ss])
159311118Sdim			ppp_command="${ppp_command} -nat"
160311118Sdim			;;
161311118Sdim		esac
162311118Sdim
163311118Sdim		ppp_command="${ppp_command} ${ppp_profile}"
164311118Sdim
165311118Sdim		echo -n "Starting ppp as \"${ppp_user}\""
166311118Sdim		su ${ppp_user} -c "exec ${ppp_command}"
167311118Sdim		;;
168311118Sdim	esac
169311118Sdim
170311118Sdim	# Initialize IP filtering using ipfw
171311118Sdim	#
172311118Sdim	if /sbin/ipfw -q flush > /dev/null 2>&1; then
173311118Sdim		firewall_in_kernel=1
174311118Sdim	else
175311118Sdim		firewall_in_kernel=0
176311118Sdim	fi
177311118Sdim
178311118Sdim	case ${firewall_enable} in
179311118Sdim	[Yy][Ee][Ss])
180311118Sdim		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
181311118Sdim			firewall_in_kernel=1
182311118Sdim			echo "Kernel firewall module loaded."
183311118Sdim		elif [ "${firewall_in_kernel}" -eq 0 ]; then
184311118Sdim			echo "Warning: firewall kernel module failed to load."
185311118Sdim		fi
186311118Sdim		;;
187311118Sdim	esac
188311118Sdim
189311118Sdim	# Load the filters if required
190311118Sdim	#
191311118Sdim	case ${firewall_in_kernel} in
192311118Sdim	1)
193311118Sdim		if [ -z "${firewall_script}" ]; then
194311118Sdim			firewall_script=/etc/rc.firewall
195311118Sdim		fi
196311118Sdim
197311118Sdim		case ${firewall_enable} in
198311118Sdim		[Yy][Ee][Ss])
199311118Sdim			if [ -r "${firewall_script}" ]; then
200311118Sdim				. "${firewall_script}"
201311118Sdim				echo -n 'Firewall rules loaded, starting divert daemons:'
202311118Sdim
203311118Sdim				# Network Address Translation daemon
204311118Sdim				#
205311118Sdim				case ${natd_enable} in
206311118Sdim				[Yy][Ee][Ss])
207311118Sdim					if [ -n "${natd_interface}" ]; then
208311118Sdim						if echo ${natd_interface} | \
209311118Sdim							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
210311118Sdim							natd_ifarg="-a ${natd_interface}"
211311118Sdim						else
212311118Sdim							natd_ifarg="-n ${natd_interface}"
213311118Sdim						fi
214311118Sdim
215311118Sdim						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
216311118Sdim					fi
217311118Sdim					;;
218311118Sdim				esac
219311118Sdim
220311118Sdim				echo '.'
221311118Sdim
222311118Sdim			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
223311118Sdim				echo -n "Warning: kernel has firewall functionality, "
224311118Sdim				echo "but firewall rules are not enabled."
225311118Sdim				echo "		 All ip services are disabled."
226311118Sdim			fi
227311118Sdim
228311118Sdim			case ${firewall_logging} in
229311118Sdim			[Yy][Ee][Ss] | '')
230311118Sdim				echo 'Firewall logging=YES'
231311118Sdim				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
232311118Sdim				;;
233311118Sdim			*)
234311118Sdim				;;
235311118Sdim			esac
236311118Sdim
237311118Sdim			;;
238311118Sdim		esac
239311118Sdim		;;
240311118Sdim	esac
241311118Sdim
242311118Sdim	# Additional ATM interface configuration
243311118Sdim	#
244311118Sdim	if [ -n "${atm_pass1_done}" ]; then
245311118Sdim		atm_pass2
246311118Sdim	fi
247311118Sdim
248311118Sdim	# Configure routing
249311118Sdim	#
250311118Sdim	case ${defaultrouter} in
251311118Sdim	[Nn][Oo] | '')
252311118Sdim		;;
253311118Sdim	*)
254311118Sdim		static_routes="default ${static_routes}"
255311118Sdim		route_default="default ${defaultrouter}"
256311118Sdim		;;
257311118Sdim	esac
258311118Sdim
259311118Sdim	# Set up any static routes.  This should be done before router discovery.
260311118Sdim	#
261311118Sdim	if [ -n "${static_routes}" ]; then
262311118Sdim		for i in ${static_routes}; do
263311118Sdim			eval route_args=\$route_${i}
264311118Sdim			route add ${route_args}
265311118Sdim		done
266311118Sdim	fi
267311118Sdim
268311118Sdim	echo -n 'Additional routing options:'
269311118Sdim	case ${tcp_extensions} in
270311118Sdim	[Yy][Ee][Ss] | '')
271311118Sdim		;;
272311118Sdim	*)
273311118Sdim		echo -n ' tcp extensions=NO'
274311118Sdim		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
275311118Sdim		;;
276311118Sdim	esac
277311118Sdim
278311118Sdim	case ${icmp_bmcastecho} in
279311118Sdim	[Yy][Ee][Ss])
280311118Sdim		echo -n ' broadcast ping responses=YES'
281311118Sdim		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
282311118Sdim		;;
283311118Sdim	esac
284311118Sdim
285311118Sdim	case ${icmp_drop_redirect} in
286311118Sdim	[Yy][Ee][Ss])
287311118Sdim		echo -n ' ignore ICMP redirect=YES'
288311118Sdim		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
289311118Sdim		;;
290311118Sdim	esac
291311118Sdim
292311118Sdim	case ${icmp_log_redirect} in
293311118Sdim	[Yy][Ee][Ss])
294311118Sdim		echo -n ' log ICMP redirect=YES'
295311118Sdim		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
296311118Sdim		;;
297311118Sdim	esac
298311118Sdim
299311118Sdim	case ${gateway_enable} in
300311118Sdim	[Yy][Ee][Ss])
301311118Sdim		echo -n ' IP gateway=YES'
302311118Sdim		sysctl -w net.inet.ip.forwarding=1 >/dev/null
303311118Sdim		;;
304311118Sdim	esac
305311118Sdim
306311118Sdim	case ${forward_sourceroute} in
307311118Sdim	[Yy][Ee][Ss])
308311118Sdim		echo -n ' do source routing=YES'
309311118Sdim		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
310311118Sdim		;;
311311118Sdim	esac
312311118Sdim
313311118Sdim	case ${accept_sourceroute} in
314311118Sdim	[Yy][Ee][Ss])
315311118Sdim		echo -n ' accept source routing=YES'
316311118Sdim		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
317311118Sdim		;;
318311118Sdim	esac
319311118Sdim
320311118Sdim	case ${tcp_keepalive} in
321311118Sdim	[Yy][Ee][Ss])
322311118Sdim		echo -n ' TCP keepalive=YES'
323311118Sdim		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
324311118Sdim		;;
325311118Sdim	esac
326311118Sdim
327311118Sdim	case ${tcp_restrict_rst} in
328311118Sdim	[Yy][Ee][Ss])
329311118Sdim		echo -n ' restrict TCP reset=YES'
330311118Sdim		sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
331311118Sdim		;;
332311118Sdim	esac
333311118Sdim
334311118Sdim	case ${tcp_drop_synfin} in
335311118Sdim	[Yy][Ee][Ss])
336311118Sdim		echo -n ' drop SYN+FIN packets=YES'
337311118Sdim		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
338311118Sdim		;;
339311118Sdim	esac
340311118Sdim
341311118Sdim	case ${ipxgateway_enable} in
342311118Sdim	[Yy][Ee][Ss])
343311118Sdim		echo -n ' IPX gateway=YES'
344311118Sdim		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
345311118Sdim		;;
346311118Sdim	esac
347311118Sdim
348311118Sdim	case ${arpproxy_all} in
349311118Sdim	[Yy][Ee][Ss])
350311118Sdim		echo -n ' ARP proxyall=YES'
351311118Sdim		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
352311118Sdim		;;
353311118Sdim	esac
354311118Sdim
355311118Sdim	case ${ip_portrange_first} in
356311118Sdim	[Nn][Oo] | '')
357311118Sdim		;;
358311118Sdim	*)
359311118Sdim		echo -n ' ip_portrange_first=$ip_portrange_first'
360311118Sdim		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
361311118Sdim		;;
362311118Sdim	esac
363311118Sdim
364311118Sdim	case ${ip_portrange_last} in
365311118Sdim	[Nn][Oo] | '')
366311118Sdim	    ;;
367311118Sdim	*)
368311118Sdim		echo -n ' ip_portrange_last=$ip_portrange_last'
369311118Sdim		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
370311118Sdim		;;
371311118Sdim	esac
372311118Sdim
373311118Sdim	echo '.'
374
375	case ${ipsec_enable} in
376	[Yy][Ee][Ss])
377		if [ -f ${ipsec_file} ]; then
378		    echo ' ipsec: enabled'
379		    setkey -f ${ipsec_file}
380		else
381		    echo ' ipsec: file not found'
382		fi
383		;;
384	esac
385
386	echo -n 'routing daemons:'
387	case ${router_enable} in
388	[Yy][Ee][Ss])
389		echo -n " ${router}";	${router} ${router_flags}
390		;;
391	esac
392
393	case ${ipxrouted_enable} in
394	[Yy][Ee][Ss])
395		echo -n ' IPXrouted'
396		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
397		;;
398	esac
399
400	case ${mrouted_enable} in
401	[Yy][Ee][Ss])
402		echo -n ' mrouted';	mrouted ${mrouted_flags}
403		;;
404	esac
405
406	case ${rarpd_enable} in
407	[Yy][Ee][Ss])
408		echo -n ' rarpd';	rarpd ${rarpd_flags}
409		;;
410	esac
411	echo '.'
412
413	# Let future generations know we made it.
414	#
415	network_pass1_done=YES
416}
417
418network_pass2() {
419	echo -n 'Doing additional network setup:'
420	case ${named_enable} in
421	[Yy][Ee][Ss])
422		echo -n ' named';	${named_program:-named} ${named_flags}
423		;;
424	esac
425
426	case ${ntpdate_enable} in
427	[Yy][Ee][Ss])
428		echo -n ' ntpdate'
429		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
430		;;
431	esac
432
433	case ${xntpd_enable} in
434	[Yy][Ee][Ss])
435		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
436		;;
437	esac
438
439	case ${timed_enable} in
440	[Yy][Ee][Ss])
441		echo -n ' timed';	timed ${timed_flags}
442		;;
443	esac
444
445	case ${portmap_enable} in
446	[Yy][Ee][Ss])
447		echo -n ' portmap';	${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
448		;;
449	esac
450
451	# Start ypserv if we're an NIS server.
452	# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
453	#
454	case ${nis_server_enable} in
455	[Yy][Ee][Ss])
456		echo -n ' ypserv'; ypserv ${nis_server_flags}
457
458		case ${nis_ypxfrd_enable} in
459		[Yy][Ee][Ss])
460			echo -n ' rpc.ypxfrd'
461			rpc.ypxfrd ${nis_ypxfrd_flags}
462			;;
463		esac
464
465		case ${nis_yppasswdd_enable} in
466		[Yy][Ee][Ss])
467			echo -n ' rpc.yppasswdd'
468			rpc.yppasswdd ${nis_yppasswdd_flags}
469			;;
470		esac
471		;;
472	esac
473
474	# Start ypbind if we're an NIS client
475	#
476	case ${nis_client_enable} in
477	[Yy][Ee][Ss])
478		echo -n ' ypbind'; ypbind ${nis_client_flags}
479		case ${nis_ypset_enable} in
480		[Yy][Ee][Ss])
481			echo -n ' ypset';	ypset ${nis_ypset_flags}
482			;;
483		esac
484		;;
485	esac
486
487	# Start keyserv if we are running Secure RPC
488	#
489	case ${keyserv_enable} in
490	[Yy][Ee][Ss])
491		echo -n ' keyserv';	keyserv ${keyserv_flags}
492		;;
493	esac
494
495	# Start ypupdated if we are running Secure RPC and we are NIS master
496	#
497	case ${rpc_ypupdated_enable} in
498	[Yy][Ee][Ss])
499		echo -n ' rpc.ypupdated';	rpc.ypupdated
500		;;
501	esac
502
503	# Start ATM daemons
504	if [ -n "${atm_pass2_done}" ]; then
505		atm_pass3
506	fi
507
508	echo '.'
509	network_pass2_done=YES
510}
511
512network_pass3() {
513	echo -n 'Starting final network daemons:'
514
515	case ${nfs_server_enable} in
516	[Yy][Ee][Ss])
517		if [ -r /etc/exports ]; then
518			echo -n ' mountd'
519
520			case ${weak_mountd_authentication} in
521			[Yy][Ee][Ss])
522				mountd_flags="${mountd_flags} -n"
523				;;
524			esac
525
526			mountd ${mountd_flags}
527
528			case ${nfs_reserved_port_only} in
529			[Yy][Ee][Ss])
530				echo -n ' NFS on reserved port only=YES'
531				sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
532				;;
533			esac
534
535			echo -n ' nfsd';	nfsd ${nfs_server_flags}
536
537			if [ -n "${nfs_bufpackets}" ]; then
538				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
539					> /dev/null
540			fi
541
542			case ${rpc_lockd_enable} in
543			[Yy][Ee][Ss])
544				echo -n ' rpc.lockd';	rpc.lockd
545				;;
546			esac
547
548			case ${rpc_statd_enable} in
549			[Yy][Ee][Ss])
550				echo -n ' rpc.statd';	rpc.statd
551				;;
552			esac
553		fi
554		;;
555	*)
556		case ${single_mountd_enable} in
557		[Yy][Ee][Ss])
558			if [ -r /etc/exports ]; then
559				echo -n ' mountd'
560
561				case ${weak_mountd_authentication} in
562				[Yy][Ee][Ss])
563					mountd_flags="-n"
564					;;
565				esac
566
567				mountd ${mountd_flags}
568			fi
569			;;
570		esac
571		;;
572	esac
573
574	case ${nfs_client_enable} in
575	[Yy][Ee][Ss])
576		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
577		if [ -n "${nfs_access_cache}" ]; then
578		echo -n " NFS access cache time=${nfs_access_cache}"
579		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
580			>/dev/null
581		fi
582		;;
583	esac
584
585	# If /var/db/mounttab exists, some nfs-server has not been
586	# sucessfully notified about a previous client shutdown.
587	# If there is no /var/db/mounttab, we do nothing.
588	if [ -f /var/db/mounttab ]; then
589		rpc.umntall -k
590	fi
591
592	case ${amd_enable} in
593	[Yy][Ee][Ss])
594		echo -n ' amd'
595		case ${amd_map_program} in
596		[Nn][Oo] | '')
597			;;
598		*)
599			amd_flags="${amd_flags} `eval ${amd_map_program}`"
600			;;
601		esac
602
603		if [ -n "${amd_flags}" ]; then
604			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
605		else
606			amd 2> /dev/null
607		fi
608		;;
609	esac
610
611	case ${rwhod_enable} in
612	[Yy][Ee][Ss])
613		echo -n ' rwhod';	rwhod ${rwhod_flags}
614		;;
615	esac
616
617	# Kerberos runs ONLY on the Kerberos server machine
618	case ${kerberos_server_enable} in
619	[Yy][Ee][Ss])
620		case ${kerberos_stash} in
621		[Yy][Ee][Ss])
622			stash_flag=-n
623			;;
624		*)
625			stash_flag=
626			;;
627		esac
628
629		echo -n ' kerberos'
630		kerberos ${stash_flag} >> /var/log/kerberos.log &
631
632		case ${kadmind_server_enable} in
633		[Yy][Ee][Ss])
634			echo -n ' kadmind'
635			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
636			;;
637		esac
638		unset stash_flag
639		;;
640	esac
641
642	case ${pppoed_enable} in
643	[Yy][Ee][Ss])
644		if [ -n "${pppoed_provider}" ]; then
645			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
646		fi
647		echo -n ' pppoed';
648		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
649		;;
650	esac
651
652	case ${sshd_enable} in
653	[Yy][Ee][Ss])
654		if [ ! -f /etc/ssh/ssh_host_key ]; then
655			echo ' creating ssh RSA host key';
656			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
657		fi
658		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
659			echo ' creating ssh DSA host key';
660			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
661		fi
662		;;
663	esac
664
665	echo '.'
666	network_pass3_done=YES
667}
668
669network_pass4() {
670	echo -n 'Additional TCP options:'
671	case ${log_in_vain} in
672	[Nn][Oo] | '')
673		;;
674	*)
675		echo -n ' log_in_vain=YES'
676		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
677		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
678		;;
679	esac
680
681	echo '.'
682	network_pass4_done=YES
683}
684