defaultroute revision 92127
132785Speter#!/bin/sh - 244852Speter# 332785Speter# Copyright (c) 1993 The FreeBSD Project 432785Speter# All rights reserved. 532785Speter# 632785Speter# Redistribution and use in source and binary forms, with or without 732785Speter# modification, are permitted provided that the following conditions 832785Speter# are met: 932785Speter# 1. Redistributions of source code must retain the above copyright 1032785Speter# notice, this list of conditions and the following disclaimer. 1132785Speter# 2. Redistributions in binary form must reproduce the above copyright 1232785Speter# notice, this list of conditions and the following disclaimer in the 1332785Speter# documentation and/or other materials provided with the distribution. 1432785Speter# 1532785Speter# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1632785Speter# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1732785Speter# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1832785Speter# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1932785Speter# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2032785Speter# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2132785Speter# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2232785Speter# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2332785Speter# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2432785Speter# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2532785Speter# SUCH DAMAGE. 2632785Speter# 2732785Speter# $FreeBSD: head/etc/rc.d/routing 92127 2002-03-12 01:04:35Z obrien $ 2832785Speter# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2932785Speter# 3032785Speter 3132785Speter# Note that almost all of the user-configurable behavior is no longer in 3232785Speter# this file, but rather in /etc/defaults/rc.conf. Please check that file 3332785Speter# first before contemplating any changes here. If you do need to change 3432785Speter# this file for some reason, we would like to know about it. 3532785Speter 3632785Speter# First pass startup stuff. 3732785Speter# 3832785Speternetwork_pass1() { 3932785Speter echo -n 'Doing initial network setup:' 4032785Speter 4132785Speter # Generate host.conf for compatibility 4232785Speter # 4332785Speter if [ -f "/etc/nsswitch.conf" ]; then 4432785Speter echo -n ' host.conf' 4532785Speter generate_host_conf /etc/nsswitch.conf /etc/host.conf 4644852Speter fi 4732785Speter 4832785Speter # Convert host.conf to nsswitch.conf if necessary 4932785Speter # 5032785Speter if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 5132785Speter echo '' 5232785Speter echo 'Warning: /etc/host.conf is no longer used' 5344852Speter echo ' /etc/nsswitch.conf will be created for you' 5432785Speter convert_host_conf /etc/host.conf /etc/nsswitch.conf 5532785Speter fi 5632785Speter 5732785Speter # Set the host name if it is not already set 5832785Speter # 5932785Speter if [ -z "`hostname -s`" ]; then 6032785Speter hostname ${hostname} 6132785Speter echo -n ' hostname' 6232785Speter fi 6332785Speter 6432785Speter # Establish ipfilter ruleset as early as possible (best in 6532785Speter # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6632785Speter 6732785Speter # check whether ipfilter and/or ipnat is enabled 6832785Speter ipfilter_active="NO" 6932785Speter case ${ipfilter_enable} in 7032785Speter [Yy][Ee][Ss]) 7132785Speter ipfilter_active="YES" 7232785Speter ;; 7332785Speter esac 7432785Speter case ${ipnat_enable} in 7532785Speter [Yy][Ee][Ss]) 7632785Speter ipfilter_active="YES" 7732785Speter ;; 7832785Speter esac 7932785Speter case ${ipfilter_active} in 8032785Speter [Yy][Ee][Ss]) 8132785Speter # load ipfilter kernel module if needed 8232785Speter if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then 8332785Speter if kldload ipl; then 8432785Speter echo 'IP-filter module loaded.' 8532785Speter else 8632785Speter echo 'Warning: IP-filter module failed to load.' 8732785Speter # avoid further errors 8832785Speter ipmon_enable="NO" 8932785Speter ipfilter_enable="NO" 9032785Speter ipnat_enable="NO" 9132785Speter ipfs_enable="NO" 9232785Speter fi 9332785Speter fi 9432785Speter # start ipmon before loading any rules 9532785Speter case "${ipmon_enable}" in 9632785Speter [Yy][Ee][Ss]) 9732785Speter echo -n ' ipmon' 9832785Speter ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 9932785Speter ;; 10032785Speter esac 10132785Speter case "${ipfilter_enable}" in 10232785Speter [Yy][Ee][Ss]) 10332785Speter if [ -r "${ipfilter_rules}" ]; then 10432785Speter echo -n ' ipfilter' 10532785Speter ${ipfilter_program:-/sbin/ipf} -Fa -f \ 10632785Speter "${ipfilter_rules}" ${ipfilter_flags} 10732785Speter else 10832785Speter ipfilter_enable="NO" 10932785Speter echo -n ' NO IPF RULES' 11032785Speter fi 11132785Speter ;; 11232785Speter esac 11332785Speter case "${ipnat_enable}" in 11432785Speter [Yy][Ee][Ss]) 11532785Speter if [ -r "${ipnat_rules}" ]; then 11632785Speter echo -n ' ipnat' 11732785Speter eval ${ipnat_program:-/sbin/ipnat} -CF -f \ 11832785Speter "${ipnat_rules}" ${ipnat_flags} 11944852Speter else 12032785Speter ipnat_enable="NO" 12144852Speter echo -n ' NO IPNAT RULES' 12232785Speter fi 12332785Speter ;; 12432785Speter esac 12532785Speter # restore filter/NAT state tables after loading the rules 12632785Speter case "${ipfs_enable}" in 12732785Speter [Yy][Ee][Ss]) 12832785Speter if [ -r "/var/db/ipf/ipstate.ipf" ]; then 12932785Speter echo -n ' ipfs' 13032785Speter ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} 13132785Speter # remove files to avoid reloading old state 13232785Speter # after an ungraceful shutdown 13332785Speter rm -f /var/db/ipf/ipstate.ipf 13432785Speter rm -f /var/db/ipf/ipnat.ipf 13532785Speter fi 13632785Speter ;; 13732785Speter esac 13832785Speter ;; 13932785Speter esac 14032785Speter 14132785Speter # Set the domainname if we're using NIS 14232785Speter # 14332785Speter case ${nisdomainname} in 14432785Speter [Nn][Oo] | '') 14532785Speter ;; 14632785Speter *) 14732785Speter domainname ${nisdomainname} 14832785Speter echo -n ' domain' 14932785Speter ;; 15032785Speter esac 15132785Speter 15232785Speter echo '.' 15332785Speter 15432785Speter # Initial ATM interface configuration 15532785Speter # 15632785Speter case ${atm_enable} in 15732785Speter [Yy][Ee][Ss]) 15832785Speter if [ -r /etc/rc.atm ]; then 15932785Speter . /etc/rc.atm 16032785Speter atm_pass1 16132785Speter fi 16232785Speter ;; 16332785Speter esac 16432785Speter 16544852Speter # Attempt to create cloned interfaces. 16632785Speter for ifn in ${cloned_interfaces}; do 16732785Speter ifconfig ${ifn} create 16832785Speter done 16944852Speter 17044852Speter # Special options for sppp(4) interfaces go here. These need 17132785Speter # to go _before_ the general ifconfig section, since in the case 17232785Speter # of hardwired (no link1 flag) but required authentication, you 17344852Speter # cannot pass auth parameters down to the already running interface. 17432785Speter # 17544852Speter for ifn in ${sppp_interfaces}; do 17632785Speter eval spppcontrol_args=\$spppconfig_${ifn} 17732785Speter if [ -n "${spppcontrol_args}" ]; then 17832785Speter # The auth secrets might contain spaces; in order 17932785Speter # to retain the quotation, we need to eval them 18032785Speter # here. 18132785Speter eval spppcontrol ${ifn} ${spppcontrol_args} 18232785Speter fi 18332785Speter done 18432785Speter 18532785Speter # gifconfig 18632785Speter network_gif_setup 18732785Speter 18832785Speter # Set up all the network interfaces, calling startup scripts if needed 18932785Speter # 19032785Speter case ${network_interfaces} in 19132785Speter [Aa][Uu][Tt][Oo]) 19232785Speter network_interfaces="`ifconfig -l`" 19332785Speter ;; 19432785Speter *) 19532785Speter network_interfaces="${network_interfaces} ${cloned_interfaces}" 19632785Speter ;; 19732785Speter esac 19832785Speter 19932785Speter dhcp_interfaces="" 20032785Speter for ifn in ${network_interfaces}; do 20132785Speter if [ -r /etc/start_if.${ifn} ]; then 20244852Speter . /etc/start_if.${ifn} 20332785Speter eval showstat_$ifn=1 20444852Speter fi 20532785Speter 20632785Speter # Do the primary ifconfig if specified 20732785Speter # 20832785Speter eval ifconfig_args=\$ifconfig_${ifn} 20932785Speter 21032785Speter case ${ifconfig_args} in 21132785Speter '') 21232785Speter ;; 21332785Speter [Dd][Hh][Cc][Pp]) 21432785Speter # DHCP inits are done all in one go below 21532785Speter dhcp_interfaces="$dhcp_interfaces $ifn" 21632785Speter eval showstat_$ifn=1 21732785Speter ;; 21832785Speter *) 21932785Speter ifconfig ${ifn} ${ifconfig_args} 22032785Speter eval showstat_$ifn=1 22132785Speter ;; 22232785Speter esac 22332785Speter done 22432785Speter 22532785Speter if [ ! -z "${dhcp_interfaces}" ]; then 22632785Speter ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 22732785Speter fi 22832785Speter 22932785Speter for ifn in ${network_interfaces}; do 23032785Speter # Check to see if aliases need to be added 23132785Speter # 23232785Speter alias=0 23332785Speter while : ; do 23432785Speter eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 23532785Speter if [ -n "${ifconfig_args}" ]; then 23632785Speter ifconfig ${ifn} ${ifconfig_args} alias 23732785Speter eval showstat_$ifn=1 23832785Speter alias=$((${alias} + 1)) 23932785Speter else 24032785Speter break; 24132785Speter fi 24232785Speter done 24332785Speter 24432785Speter # Do ipx address if specified 24532785Speter # 24632785Speter eval ifconfig_args=\$ifconfig_${ifn}_ipx 24732785Speter if [ -n "${ifconfig_args}" ]; then 24832785Speter ifconfig ${ifn} ${ifconfig_args} 24932785Speter eval showstat_$ifn=1 25032785Speter fi 25144852Speter done 25232785Speter 25344852Speter for ifn in ${network_interfaces}; do 25432785Speter eval showstat=\$showstat_${ifn} 25532785Speter if [ ! -z ${showstat} ]; then 25632785Speter ifconfig ${ifn} 25732785Speter fi 25832785Speter done 25932785Speter 26032785Speter # ISDN subsystem startup 26132785Speter # 26232785Speter case ${isdn_enable} in 26332785Speter [Yy][Ee][Ss]) 26432785Speter if [ -r /etc/rc.isdn ]; then 26532785Speter . /etc/rc.isdn 26632785Speter fi 26732785Speter ;; 26832785Speter esac 26932785Speter 27032785Speter # Start user ppp if required. This must happen before natd. 27132785Speter # 27232785Speter case ${ppp_enable} in 27332785Speter [Yy][Ee][Ss]) 27432785Speter # Establish ppp mode. 27532785Speter # 27632785Speter if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 27732785Speter -a "${ppp_mode}" != "dedicated" \ 27832785Speter -a "${ppp_mode}" != "background" ]; then 27932785Speter ppp_mode="auto" 28032785Speter fi 28132785Speter 28232785Speter ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 28332785Speter 28432785Speter # Switch on NAT mode? 28532785Speter # 28632785Speter case ${ppp_nat} in 28732785Speter [Yy][Ee][Ss]) 28832785Speter ppp_command="${ppp_command} -nat" 28932785Speter ;; 29032785Speter esac 29132785Speter 29232785Speter ppp_command="${ppp_command} ${ppp_profile}" 29332785Speter 29444852Speter echo "Starting ppp as \"${ppp_user}\"" 29532785Speter su -m ${ppp_user} -c "exec ${ppp_command}" 29644852Speter ;; 29732785Speter esac 29844852Speter 29932785Speter # Re-Sync ipfilter so it picks up any new network interfaces 30032785Speter # 30132785Speter case ${ipfilter_active} in 30232785Speter [Yy][Ee][Ss]) 30332785Speter ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null 30432785Speter ;; 30544852Speter esac 30644852Speter unset ipfilter_active 30732785Speter 30844852Speter # Initialize IP filtering using ipfw 30932785Speter # 31032785Speter if /sbin/ipfw -q flush > /dev/null 2>&1; then 31132785Speter firewall_in_kernel=1 31232785Speter else 31332785Speter firewall_in_kernel=0 31432785Speter fi 31532785Speter 31632785Speter case ${firewall_enable} in 31732785Speter [Yy][Ee][Ss]) 31832785Speter if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 31932785Speter firewall_in_kernel=1 32032785Speter echo 'Kernel firewall module loaded' 32144852Speter elif [ "${firewall_in_kernel}" -eq 0 ]; then 32232785Speter echo 'Warning: firewall kernel module failed to load' 32332785Speter fi 32432785Speter ;; 32532785Speter esac 32632785Speter 32732785Speter # Load the filters if required 32832785Speter # 32932785Speter case ${firewall_in_kernel} in 33032785Speter 1) 33132785Speter if [ -z "${firewall_script}" ]; then 33244852Speter firewall_script=/etc/rc.firewall 33332785Speter fi 33444852Speter 33532785Speter case ${firewall_enable} in 33632785Speter [Yy][Ee][Ss]) 33732785Speter if [ -r "${firewall_script}" ]; then 33832785Speter . "${firewall_script}" 33932785Speter echo -n 'Firewall rules loaded, starting divert daemons:' 34032785Speter 34132785Speter # Network Address Translation daemon 34232785Speter # 34344852Speter case ${natd_enable} in 34432785Speter [Yy][Ee][Ss]) 34544852Speter if [ -n "${natd_interface}" ]; then 34632785Speter if echo ${natd_interface} | \ 34732785Speter grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then 34832785Speter natd_flags="$natd_flags -a ${natd_interface}" 34932785Speter else 35032785Speter natd_flags="$natd_flags -n ${natd_interface}" 35132785Speter fi 35232785Speter fi 35332785Speter echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} 35432785Speter ;; 35532785Speter esac 35632785Speter 35732785Speter echo '.' 35832785Speter 35932785Speter elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 36032785Speter echo 'Warning: kernel has firewall functionality,' \ 36132785Speter 'but firewall rules are not enabled.' 36232785Speter echo ' All ip services are disabled.' 36332785Speter fi 36432785Speter 36532785Speter case ${firewall_logging} in 36632785Speter [Yy][Ee][Ss] | '') 36732785Speter echo 'Firewall logging=YES' 36832785Speter sysctl net.inet.ip.fw.verbose=1 >/dev/null 36932785Speter ;; 37032785Speter *) 37132785Speter ;; 37232785Speter esac 37332785Speter 37432785Speter ;; 37532785Speter esac 37632785Speter ;; 37732785Speter esac 37832785Speter 37932785Speter # Additional ATM interface configuration 38032785Speter # 38132785Speter if [ -n "${atm_pass1_done}" ]; then 38232785Speter atm_pass2 38332785Speter fi 38432785Speter 38532785Speter # Configure routing 38632785Speter # 38732785Speter case ${defaultrouter} in 38832785Speter [Nn][Oo] | '') 38932785Speter ;; 39032785Speter *) 39132785Speter static_routes="default ${static_routes}" 39232785Speter route_default="default ${defaultrouter}" 39332785Speter ;; 39432785Speter esac 39532785Speter 39632785Speter # Set up any static routes. This should be done before router discovery. 39732785Speter # 39832785Speter if [ -n "${static_routes}" ]; then 39932785Speter for i in ${static_routes}; do 40032785Speter eval route_args=\$route_${i} 40132785Speter route add ${route_args} 40232785Speter done 40332785Speter fi 40432785Speter 40532785Speter echo -n 'Additional routing options:' 40632785Speter case ${tcp_extensions} in 40732785Speter [Yy][Ee][Ss] | '') 40832785Speter ;; 40932785Speter *) 41032785Speter echo -n ' tcp extensions=NO' 41132785Speter sysctl net.inet.tcp.rfc1323=0 >/dev/null 41232785Speter ;; 41332785Speter esac 41432785Speter 41532785Speter case ${icmp_bmcastecho} in 41632785Speter [Yy][Ee][Ss]) 41732785Speter echo -n ' broadcast ping responses=YES' 41832785Speter sysctl net.inet.icmp.bmcastecho=1 >/dev/null 41932785Speter ;; 42032785Speter esac 42132785Speter 42232785Speter case ${icmp_drop_redirect} in 42332785Speter [Yy][Ee][Ss]) 42432785Speter echo -n ' ignore ICMP redirect=YES' 42532785Speter sysctl net.inet.icmp.drop_redirect=1 >/dev/null 42632785Speter ;; 42732785Speter esac 42832785Speter 42932785Speter case ${icmp_log_redirect} in 43032785Speter [Yy][Ee][Ss]) 43132785Speter echo -n ' log ICMP redirect=YES' 43232785Speter sysctl net.inet.icmp.log_redirect=1 >/dev/null 43332785Speter ;; 43432785Speter esac 43532785Speter 43632785Speter case ${gateway_enable} in 43732785Speter [Yy][Ee][Ss]) 43832785Speter echo -n ' IP gateway=YES' 43932785Speter sysctl net.inet.ip.forwarding=1 >/dev/null 44032785Speter ;; 44132785Speter esac 44232785Speter 44332785Speter case ${forward_sourceroute} in 44432785Speter [Yy][Ee][Ss]) 44532785Speter echo -n ' do source routing=YES' 44632785Speter sysctl net.inet.ip.sourceroute=1 >/dev/null 44732785Speter ;; 44832785Speter esac 44932785Speter 45032785Speter case ${accept_sourceroute} in 45132785Speter [Yy][Ee][Ss]) 45232785Speter echo -n ' accept source routing=YES' 45332785Speter sysctl net.inet.ip.accept_sourceroute=1 >/dev/null 45432785Speter ;; 45532785Speter esac 45632785Speter 45732785Speter case ${tcp_keepalive} in 45832785Speter [Nn][Oo]) 45932785Speter echo -n ' TCP keepalive=NO' 46032785Speter sysctl net.inet.tcp.always_keepalive=0 >/dev/null 46132785Speter ;; 46232785Speter esac 46332785Speter 46432785Speter case ${tcp_drop_synfin} in 465 [Yy][Ee][Ss]) 466 echo -n ' drop SYN+FIN packets=YES' 467 sysctl net.inet.tcp.drop_synfin=1 >/dev/null 468 ;; 469 esac 470 471 case ${ipxgateway_enable} in 472 [Yy][Ee][Ss]) 473 echo -n ' IPX gateway=YES' 474 sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null 475 ;; 476 esac 477 478 case ${arpproxy_all} in 479 [Yy][Ee][Ss]) 480 echo -n ' ARP proxyall=YES' 481 sysctl net.link.ether.inet.proxyall=1 >/dev/null 482 ;; 483 esac 484 485 case ${ip_portrange_first} in 486 [Nn][Oo] | '') 487 ;; 488 *) 489 echo -n " ip_portrange_first=$ip_portrange_first" 490 sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 491 ;; 492 esac 493 494 case ${ip_portrange_last} in 495 [Nn][Oo] | '') 496 ;; 497 *) 498 echo -n " ip_portrange_last=$ip_portrange_last" 499 sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 500 ;; 501 esac 502 503 echo '.' 504 505 case ${ipsec_enable} in 506 [Yy][Ee][Ss]) 507 if [ -f ${ipsec_file} ]; then 508 echo ' ipsec: enabled' 509 setkey -f ${ipsec_file} 510 else 511 echo ' ipsec: file not found' 512 fi 513 ;; 514 esac 515 516 echo -n 'Routing daemons:' 517 case ${router_enable} in 518 [Yy][Ee][Ss]) 519 echo -n " ${router}"; ${router} ${router_flags} 520 ;; 521 esac 522 523 case ${ipxrouted_enable} in 524 [Yy][Ee][Ss]) 525 echo -n ' IPXrouted' 526 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 527 ;; 528 esac 529 530 case ${mrouted_enable} in 531 [Yy][Ee][Ss]) 532 echo -n ' mrouted'; mrouted ${mrouted_flags} 533 ;; 534 esac 535 536 case ${rarpd_enable} in 537 [Yy][Ee][Ss]) 538 echo -n ' rarpd'; rarpd ${rarpd_flags} 539 ;; 540 esac 541 echo '.' 542 543 # Let future generations know we made it. 544 # 545 network_pass1_done=YES 546} 547 548network_pass2() { 549 echo -n 'Doing additional network setup:' 550 case ${named_enable} in 551 [Yy][Ee][Ss]) 552 echo -n ' named'; ${named_program:-named} ${named_flags} 553 ;; 554 esac 555 556 case ${ntpdate_enable} in 557 [Yy][Ee][Ss]) 558 echo -n ' ntpdate' 559 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 560 ;; 561 esac 562 563 case ${xntpd_enable} in 564 [Yy][Ee][Ss]) 565 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 566 ;; 567 esac 568 569 case ${timed_enable} in 570 [Yy][Ee][Ss]) 571 echo -n ' timed'; timed ${timed_flags} 572 ;; 573 esac 574 575 case ${portmap_enable} in 576 [Yy][Ee][Ss]) 577 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 578 ${portmap_flags} 579 580 # Start ypserv if we're an NIS server. 581 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 582 # 583 case ${nis_server_enable} in 584 [Yy][Ee][Ss]) 585 echo -n ' ypserv'; ypserv ${nis_server_flags} 586 587 case ${nis_ypxfrd_enable} in 588 [Yy][Ee][Ss]) 589 echo -n ' rpc.ypxfrd' 590 rpc.ypxfrd ${nis_ypxfrd_flags} 591 ;; 592 esac 593 594 case ${nis_yppasswdd_enable} in 595 [Yy][Ee][Ss]) 596 echo -n ' rpc.yppasswdd' 597 rpc.yppasswdd ${nis_yppasswdd_flags} 598 ;; 599 esac 600 ;; 601 esac 602 603 # Start ypbind if we're an NIS client 604 # 605 case ${nis_client_enable} in 606 [Yy][Ee][Ss]) 607 echo -n ' ypbind'; ypbind ${nis_client_flags} 608 case ${nis_ypset_enable} in 609 [Yy][Ee][Ss]) 610 echo -n ' ypset'; ypset ${nis_ypset_flags} 611 ;; 612 esac 613 ;; 614 esac 615 616 # Start keyserv if we are running Secure RPC 617 # 618 case ${keyserv_enable} in 619 [Yy][Ee][Ss]) 620 echo -n ' keyserv'; keyserv ${keyserv_flags} 621 ;; 622 esac 623 624 # Start ypupdated if we are running Secure RPC 625 # and we are NIS master 626 # 627 case ${rpc_ypupdated_enable} in 628 [Yy][Ee][Ss]) 629 echo -n ' rpc.ypupdated'; rpc.ypupdated 630 ;; 631 esac 632 ;; 633 esac 634 635 # Start ATM daemons 636 if [ -n "${atm_pass2_done}" ]; then 637 atm_pass3 638 fi 639 640 echo '.' 641 network_pass2_done=YES 642} 643 644network_pass3() { 645 echo -n 'Starting final network daemons:' 646 647 case ${portmap_enable} in 648 [Yy][Ee][Ss]) 649 case ${nfs_server_enable} in 650 [Yy][Ee][Ss]) 651 # Handle absent nfs server support 652 nfsserver_in_kernel=0 653 if sysctl vfs.nfsrv >/dev/null 2>&1; then 654 nfsserver_in_kernel=1 655 else 656 kldload nfsserver && nfsserver_in_kernel=1 657 fi 658 659 if [ -r /etc/exports -a \ 660 ${nfsserver_in_kernel} -eq 1 ]; then 661 echo -n ' mountd' 662 663 case ${weak_mountd_authentication} in 664 [Yy][Ee][Ss]) 665 mountd_flags="${mountd_flags} -n" 666 ;; 667 esac 668 669 mountd ${mountd_flags} 670 671 case ${nfs_reserved_port_only} in 672 [Yy][Ee][Ss]) 673 echo -n ' NFS on reserved port only=YES' 674 sysctl vfs.nfsrv.nfs_privport=1 > /dev/null 675 ;; 676 esac 677 678 echo -n ' nfsd'; nfsd ${nfs_server_flags} 679 680 case ${rpc_statd_enable} in 681 [Yy][Ee][Ss]) 682 echo -n ' rpc.statd'; rpc.statd 683 ;; 684 esac 685 686 case ${rpc_lockd_enable} in 687 [Yy][Ee][Ss]) 688 echo -n ' rpc.lockd'; rpc.lockd 689 ;; 690 esac 691 else 692 echo -n ' Warning: nfs server failed' 693 fi 694 ;; 695 *) 696 case ${single_mountd_enable} in 697 [Yy][Ee][Ss]) 698 if [ -r /etc/exports ]; then 699 echo -n ' mountd' 700 701 case ${weak_mountd_authentication} in 702 [Yy][Ee][Ss]) 703 mountd_flags="-n" 704 ;; 705 esac 706 707 mountd ${mountd_flags} 708 fi 709 ;; 710 esac 711 ;; 712 esac 713 714 case ${nfs_client_enable} in 715 [Yy][Ee][Ss]) 716 nfsclient_in_kernel=0 717 # Handle absent nfs client support 718 if sysctl vfs.nfs >/dev/null 2>&1; then 719 nfsclient_in_kernel=1 720 else 721 kldload nfsclient && nfsclient_in_kernel=1 722 fi 723 724 if [ ${nfsclient_in_kernel} -eq 1 ] 725 then 726 if [ -n "${nfs_access_cache}" ]; then 727 echo -n " NFS access cache time=${nfs_access_cache}" 728 sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 729 fi 730 if [ -n "${nfs_bufpackets}" ]; then 731 sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 732 fi 733 case ${rpc_statd_enable} in 734 [Yy][Ee][Ss]) 735 echo -n ' rpc.statd'; rpc.statd 736 ;; 737 esac 738 739 case ${rpc_lockd_enable} in 740 [Yy][Ee][Ss]) 741 echo -n ' rpc.lockd'; rpc.lockd 742 ;; 743 esac 744 745 case ${amd_enable} in 746 [Yy][Ee][Ss]) 747 echo -n ' amd' 748 case ${amd_map_program} in 749 [Nn][Oo] | '') 750 ;; 751 *) 752 amd_flags="${amd_flags} `eval\ 753 ${amd_map_program}`" 754 ;; 755 esac 756 757 amd -p ${amd_flags} > /var/run/amd.pid \ 758 2> /dev/null & 759 ;; 760 esac 761 else 762 echo 'Warning: NFS client kernel module failed to load' 763 nfs_client_enable=NO 764 fi 765 ;; 766 esac 767 768 # If /var/db/mounttab exists, some nfs-server has not been 769 # successfully notified about a previous client shutdown. 770 # If there is no /var/db/mounttab, we do nothing. 771 if [ -f /var/db/mounttab ]; then 772 rpc.umntall -k 773 fi 774 775 ;; 776 esac 777 778 case ${rwhod_enable} in 779 [Yy][Ee][Ss]) 780 echo -n ' rwhod'; rwhod ${rwhod_flags} 781 ;; 782 esac 783 784 # Kerberos servers run ONLY on the Kerberos server machine 785 case ${kerberos4_server_enable} in 786 [Yy][Ee][Ss]) 787 case ${kerberos_stash} in 788 [Yy][Ee][Ss]) 789 stash=-n 790 ;; 791 *) 792 stash= 793 ;; 794 esac 795 796 echo -n ' kerberosIV' 797 ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 798 799 case ${kadmind4_server_enable} in 800 [Yy][Ee][Ss]) 801 echo -n ' kadmindIV' 802 ( 803 sleep 20; 804 ${kadmind4_server} ${stash} >/dev/null 2>&1 & 805 ) & 806 ;; 807 esac 808 unset stash_flag 809 ;; 810 esac 811 812 case ${kerberos5_server_enable} in 813 [Yy][Ee][Ss]) 814 echo -n ' kerberos5' 815 ${kerberos5_server} & 816 817 case ${kadmind5_server_enable} in 818 [Yy][Ee][Ss]) 819 echo -n ' kadmind5' 820 ${kadmind5_server} & 821 ;; 822 esac 823 ;; 824 esac 825 826 case ${pppoed_enable} in 827 [Yy][Ee][Ss]) 828 if [ -n "${pppoed_provider}" ]; then 829 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 830 fi 831 echo -n ' pppoed'; 832 _opts=$-; set -f 833 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 834 set +f; set -${_opts} 835 ;; 836 esac 837 838 case ${sshd_enable} in 839 [Yy][Ee][Ss]) 840 if [ ! -f /etc/ssh/ssh_host_key ]; then 841 echo ' creating ssh RSA host key'; 842 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 843 fi 844 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 845 echo ' creating ssh DSA host key'; 846 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 847 fi 848 ;; 849 esac 850 851 echo '.' 852 network_pass3_done=YES 853} 854 855network_pass4() { 856 echo -n 'Additional TCP options:' 857 case ${log_in_vain} in 858 [Nn][Oo] | '') 859 log_in_vain=0 860 ;; 861 [Yy][Ee][Ss]) 862 log_in_vain=1 863 ;; 864 [0-9]*) 865 ;; 866 *) 867 echo " invalid log_in_vain setting: ${log_in_vain}" 868 log_in_vain=0 869 ;; 870 esac 871 872 [ "${log_in_vain}" -ne 0 ] && ( 873 echo -n " log_in_vain=${log_in_vain}" 874 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null 875 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null 876 ) 877 echo '.' 878 network_pass4_done=YES 879} 880 881network_gif_setup() { 882 case ${gif_interfaces} in 883 [Nn][Oo] | '') 884 ;; 885 *) 886 for i in ${gif_interfaces}; do 887 eval peers=\$gifconfig_$i 888 case ${peers} in 889 '') 890 continue 891 ;; 892 *) 893 ifconfig $i create >/dev/null 2>&1 894 ifconfig $i tunnel ${peers} 895 ;; 896 esac 897 done 898 ;; 899 esac 900} 901 902convert_host_conf() { 903 host_conf=$1; shift; 904 nsswitch_conf=$1; shift; 905 awk ' \ 906 /^[:blank:]*#/ { next } \ 907 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 908 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 909 /nis/ { nsswitch[c] = "nis"; c++; next } \ 910 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 911 END { \ 912 printf "hosts: "; \ 913 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 914 printf "\n"; \ 915 }' < $host_conf > $nsswitch_conf 916} 917 918generate_host_conf() { 919 nsswitch_conf=$1; shift; 920 host_conf=$1; shift; 921 922 awk ' 923BEGIN { 924 xlat["files"] = "hosts"; 925 xlat["dns"] = "bind"; 926 xlat["nis"] = "nis"; 927 cont = 0; 928} 929sub(/^[\t ]*hosts:/, "") || cont { 930 if (!cont) 931 srcs = "" 932 sub(/#.*/, "") 933 gsub(/[][]/, " & ") 934 cont = sub(/\\$/, "") 935 srcs = srcs " " $0 936} 937END { 938 print "# Auto-generated from nsswitch.conf, do not edit" 939 ns = split(srcs, s) 940 for (n = 1; n <= ns; ++n) { 941 if (s[n] in xlat) 942 print xlat[s[n]] 943 } 944} 945' <$nsswitch_conf >$host_conf 946} 947