network.subr revision 66830 
177943Sdfr#!/bin/sh -
277943Sdfr#
377943Sdfr# Copyright (c) 1993  The FreeBSD Project
477943Sdfr# All rights reserved.
577943Sdfr#
677943Sdfr# Redistribution and use in source and binary forms, with or without
777943Sdfr# modification, are permitted provided that the following conditions
877943Sdfr# are met:
977943Sdfr# 1. Redistributions of source code must retain the above copyright
1077943Sdfr#    notice, this list of conditions and the following disclaimer.
1177943Sdfr# 2. Redistributions in binary form must reproduce the above copyright
1277943Sdfr#    notice, this list of conditions and the following disclaimer in the
1377943Sdfr#    documentation and/or other materials provided with the distribution.
1477943Sdfr#
1577943Sdfr# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1677943Sdfr# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1777943Sdfr# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1877943Sdfr# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1977943Sdfr# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2077943Sdfr# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2177943Sdfr# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2277943Sdfr# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2377943Sdfr# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2477943Sdfr# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2577943Sdfr# SUCH DAMAGE.
2677943Sdfr#
2777943Sdfr# $FreeBSD: head/etc/network.subr 66830 2000-10-08 19:20:36Z obrien $
2877943Sdfr#	From: @(#)netstart	5.9 (Berkeley) 3/30/91
2977943Sdfr#
3077943Sdfr
3177943Sdfr# Note that almost all of the user-configurable behavior is no longer in
32154527Smarcel# this file, but rather in /etc/defaults/rc.conf.  Please check that file
3377943Sdfr# first before contemplating any changes here.  If you do need to change
3477943Sdfr# this file for some reason, we would like to know about it.
3577943Sdfr
36154527Smarcel# First pass startup stuff.
3777943Sdfr#
3877943Sdfrnetwork_pass1() {
3977943Sdfr	echo -n 'Doing initial network setup:'
4077943Sdfr
4177943Sdfr	# Convert host.conf to nsswitch.conf if necessary
4277943Sdfr	if [ -f "/etc/host.conf" ]; then
4377943Sdfr		echo ""
4477943Sdfr		echo "Warning: /etc/host.conf is no longer used"
4577943Sdfr		if [ -f "/etc/nsswitch.conf" ]; then
46154491Smarcel		    echo "  /etc/nsswitch.conf will be used instead"
47154491Smarcel		else
48154491Smarcel		    echo "  /etc/nsswitch.conf will be created for you"
49154491Smarcel		    convert_host_conf /etc/host.conf /etc/nsswitch.conf
50154491Smarcel		fi
51154491Smarcel	fi
5277943Sdfr
5377943Sdfr	# Set the host name if it is not already set
5477943Sdfr	#
5577943Sdfr	if [ -z "`hostname -s`" ]; then
5677943Sdfr		hostname ${hostname}
5777943Sdfr		echo -n ' hostname'
5877943Sdfr	fi
5977943Sdfr
6077943Sdfr	# Establish ipfilter ruleset as early as possible (best in
6177943Sdfr	# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
6295190Smarcel	#
6377943Sdfr	case "${ipfilter_enable}" in
6477943Sdfr	[Yy][Ee][Ss])
6577943Sdfr		if [ -r "${ipfilter_rules}" ]; then
6677943Sdfr			echo -n ' ipfilter';
6777943Sdfr			${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags}
6877943Sdfr			case "${ipmon_enable}" in
6977943Sdfr			[Yy][Ee][Ss])
7077943Sdfr				echo -n ' ipmon'
7177943Sdfr				${ipmon_program:-ipmon} ${ipmon_flags}
7277943Sdfr				;;
7377943Sdfr			esac
7477943Sdfr			case "${ipnat_enable}" in
7577943Sdfr			[Yy][Ee][Ss])
7677943Sdfr				if [ -r "${ipnat_rules}" ]; then
7777943Sdfr					echo -n ' ipnat';
7877943Sdfr					${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags}
7977943Sdfr				else
8077943Sdfr					echo -n ' NO IPNAT RULES'
81132437Smarcel				fi
82132437Smarcel				;;
83132437Smarcel			esac
8477943Sdfr		else
8577943Sdfr			ipfilter_enable="NO"
8677943Sdfr			echo -n ' NO IPF RULES'
8777943Sdfr		fi
88132437Smarcel		;;
89132437Smarcel	esac
90132437Smarcel
91132437Smarcel	# Set the domainname if we're using NIS
9277943Sdfr	#
9377943Sdfr	case ${nisdomainname} in
9495190Smarcel	[Nn][Oo] | '')
9595190Smarcel		;;
9695190Smarcel	*)
9795190Smarcel		domainname ${nisdomainname}
9895190Smarcel		echo -n ' domain'
9995190Smarcel		;;
10095190Smarcel	esac
10195190Smarcel
10295190Smarcel	echo '.'
10395190Smarcel
10495190Smarcel	# Initial ATM interface configuration
10595190Smarcel	#
10695190Smarcel	case ${atm_enable} in
10795190Smarcel	[Yy][Ee][Ss])
10895190Smarcel		if [ -r /etc/rc.atm ]; then
10995190Smarcel			. /etc/rc.atm
11095190Smarcel			atm_pass1
11195190Smarcel		fi
11295190Smarcel		;;
113154491Smarcel	esac
11495190Smarcel
11595190Smarcel	# Special options for sppp(4) interfaces go here.  These need
11695190Smarcel	# to go _before_ the general ifconfig section, since in the case
11777943Sdfr	# of hardwired (no link1 flag) but required authentication, you
11895190Smarcel	# cannot pass auth parameters down to the already running interface.
11995190Smarcel	#
12077943Sdfr	for ifn in ${sppp_interfaces}; do
12195190Smarcel		eval spppcontrol_args=\$spppconfig_${ifn}
12277943Sdfr		if [ -n "${spppcontrol_args}" ]; then
12395190Smarcel			# The auth secrets might contain spaces; in order
12495190Smarcel			# to retain the quotation, we need to eval them
12595190Smarcel			# here.
12695190Smarcel			eval spppcontrol ${ifn} ${spppcontrol_args}
12795190Smarcel		fi
12895190Smarcel	done
12995190Smarcel
13095190Smarcel	# Set up all the network interfaces, calling startup scripts if needed
13185436Sdfr	#
13295190Smarcel	case ${network_interfaces} in
13395190Smarcel	[Aa][Uu][Tt][Oo])
134154491Smarcel		network_interfaces="`ifconfig -l`"
13577943Sdfr		;;
13695190Smarcel	esac
13795190Smarcel
13877943Sdfr	dhcp_interfaces=""
13977943Sdfr	for ifn in ${network_interfaces}; do
14077943Sdfr		if [ -r /etc/start_if.${ifn} ]; then
14177943Sdfr			. /etc/start_if.${ifn}
14277943Sdfr			eval showstat_$ifn=1
14377943Sdfr		fi
14495190Smarcel
14595190Smarcel		# Do the primary ifconfig if specified
14695190Smarcel		#
14795190Smarcel		eval ifconfig_args=\$ifconfig_${ifn}
14895190Smarcel
14995190Smarcel		case ${ifconfig_args} in
15095190Smarcel		'')
15195190Smarcel			;;
15295190Smarcel		[Dd][Hh][Cc][Pp])
15395190Smarcel			# DHCP inits are done all in one go below
15495190Smarcel			dhcp_interfaces="$dhcp_interfaces $ifn"
15595190Smarcel			eval showstat_$ifn=1
15695190Smarcel			;;
15795190Smarcel		*)
15895190Smarcel			ifconfig ${ifn} ${ifconfig_args}
15995190Smarcel			eval showstat_$ifn=1
16095190Smarcel			;;
16195190Smarcel		esac
16295190Smarcel	done
16395190Smarcel
16495190Smarcel	if [ ! -z "${dhcp_interfaces}" ]; then
16595190Smarcel		${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
16695190Smarcel	fi
16795190Smarcel
16895190Smarcel	for ifn in ${network_interfaces}; do
16995190Smarcel		# Check to see if aliases need to be added
17095190Smarcel		#
17195190Smarcel		alias=0
17295190Smarcel		while : ; do
17395190Smarcel			eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
17495190Smarcel			if [ -n "${ifconfig_args}" ]; then
17595190Smarcel				ifconfig ${ifn} ${ifconfig_args} alias
17695190Smarcel				eval showstat_$ifn=1
17795190Smarcel				alias=`expr ${alias} + 1`
17895190Smarcel			else
17995190Smarcel				break;
18095190Smarcel			fi
18195190Smarcel		done
18295190Smarcel
18395190Smarcel		# Do ipx address if specified
18495190Smarcel		#
18595190Smarcel		eval ifconfig_args=\$ifconfig_${ifn}_ipx
18677943Sdfr		if [ -n "${ifconfig_args}" ]; then
18795190Smarcel			ifconfig ${ifn} ${ifconfig_args}
18877943Sdfr			eval showstat_$ifn=1
18977943Sdfr		fi
19095190Smarcel	done
19177943Sdfr
19277943Sdfr	for ifn in ${network_interfaces}; do
193154491Smarcel		eval showstat=\$showstat_${ifn}
19495190Smarcel		if [ ! -z ${showstat} ]; then
19577943Sdfr			ifconfig ${ifn}
196154491Smarcel		fi
197132437Smarcel	done
198132437Smarcel
199154491Smarcel	# ISDN subsystem startup
20077943Sdfr	#
20177943Sdfr	case ${isdn_enable} in
20295190Smarcel	[Yy][Ee][Ss])
20377943Sdfr		if [ -r /etc/rc.isdn ]; then
20495190Smarcel			. /etc/rc.isdn
20577943Sdfr		fi
20695190Smarcel		;;
20777943Sdfr	esac
20895190Smarcel
20977943Sdfr	# Start user ppp if required.  This must happen before natd.
21095190Smarcel	#
21185436Sdfr	case ${ppp_enable} in
21295190Smarcel	[Yy][Ee][Ss])
21395190Smarcel		# Establish ppp mode.
21495190Smarcel		#
21595190Smarcel		if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
216154491Smarcel			-a "${ppp_mode}" != "dedicated" \
21785436Sdfr			-a "${ppp_mode}" != "background" ]; then
21885436Sdfr			ppp_mode="auto"
219154491Smarcel		fi
22095190Smarcel
22177943Sdfr		ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
22295190Smarcel
22395190Smarcel		# Switch on NAT mode?
22477943Sdfr		#
22595190Smarcel		case ${ppp_nat} in
22695190Smarcel		[Yy][Ee][Ss])
22777943Sdfr			ppp_command="${ppp_command} -nat"
22895190Smarcel			;;
22977943Sdfr		esac
23095190Smarcel
23195190Smarcel		ppp_command="${ppp_command} ${ppp_profile}"
23277943Sdfr
233132437Smarcel		echo -n "Starting ppp as \"${ppp_user}\""
234132437Smarcel		su -m ${ppp_user} -c "exec ${ppp_command}"
235132437Smarcel		;;
236132437Smarcel	esac
237132437Smarcel
238132437Smarcel	# Initialize IP filtering using ipfw
239132437Smarcel	#
24095190Smarcel	if /sbin/ipfw -q flush > /dev/null 2>&1; then
24195190Smarcel		firewall_in_kernel=1
24295190Smarcel	else
24377943Sdfr		firewall_in_kernel=0
24495190Smarcel	fi
24595190Smarcel
24695190Smarcel	case ${firewall_enable} in
24795190Smarcel	[Yy][Ee][Ss])
24895190Smarcel		if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
24995190Smarcel			firewall_in_kernel=1
25077943Sdfr			echo "Kernel firewall module loaded."
25195190Smarcel		elif [ "${firewall_in_kernel}" -eq 0 ]; then
25295190Smarcel			echo "Warning: firewall kernel module failed to load."
25395190Smarcel		fi
25495190Smarcel		;;
25595190Smarcel	esac
25685436Sdfr
25795190Smarcel	# Load the filters if required
25895190Smarcel	#
25995190Smarcel	case ${firewall_in_kernel} in
26095190Smarcel	1)
26185436Sdfr		if [ -z "${firewall_script}" ]; then
26295190Smarcel			firewall_script=/etc/rc.firewall
26385436Sdfr		fi
26495190Smarcel
26595190Smarcel		case ${firewall_enable} in
26695190Smarcel		[Yy][Ee][Ss])
26795190Smarcel			if [ -r "${firewall_script}" ]; then
26895190Smarcel				. "${firewall_script}"
26977943Sdfr				echo -n 'Firewall rules loaded, starting divert daemons:'
27095190Smarcel
27177943Sdfr				# Network Address Translation daemon
27295190Smarcel				#
27377943Sdfr				case ${natd_enable} in
27495190Smarcel				[Yy][Ee][Ss])
27577943Sdfr					if [ -n "${natd_interface}" ]; then
27695190Smarcel						if echo ${natd_interface} | \
27795190Smarcel							grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
27877943Sdfr							natd_ifarg="-a ${natd_interface}"
27977943Sdfr						else
28077943Sdfr							natd_ifarg="-n ${natd_interface}"
28177943Sdfr						fi
28277943Sdfr
28377943Sdfr						echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
28477943Sdfr					fi
28577943Sdfr					;;
28677943Sdfr				esac
28777943Sdfr
288107720Smarcel				echo '.'
28977943Sdfr
290107720Smarcel			elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
291				echo -n "Warning: kernel has firewall functionality, "
292				echo "but firewall rules are not enabled."
293				echo "		 All ip services are disabled."
294			fi
295
296			case ${firewall_logging} in
297			[Yy][Ee][Ss] | '')
298				echo 'Firewall logging=YES'
299				sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
300				;;
301			*)
302				;;
303			esac
304
305			;;
306		esac
307		;;
308	esac
309
310	# Additional ATM interface configuration
311	#
312	if [ -n "${atm_pass1_done}" ]; then
313		atm_pass2
314	fi
315
316	# Configure routing
317	#
318	case ${defaultrouter} in
319	[Nn][Oo] | '')
320		;;
321	*)
322		static_routes="default ${static_routes}"
323		route_default="default ${defaultrouter}"
324		;;
325	esac
326
327	# Set up any static routes.  This should be done before router discovery.
328	#
329	if [ -n "${static_routes}" ]; then
330		for i in ${static_routes}; do
331			eval route_args=\$route_${i}
332			route add ${route_args}
333		done
334	fi
335
336	echo -n 'Additional routing options:'
337	case ${tcp_extensions} in
338	[Yy][Ee][Ss] | '')
339		;;
340	*)
341		echo -n ' tcp extensions=NO'
342		sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
343		;;
344	esac
345
346	case ${icmp_bmcastecho} in
347	[Yy][Ee][Ss])
348		echo -n ' broadcast ping responses=YES'
349		sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
350		;;
351	esac
352
353	case ${icmp_drop_redirect} in
354	[Yy][Ee][Ss])
355		echo -n ' ignore ICMP redirect=YES'
356		sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
357		;;
358	esac
359
360	case ${icmp_log_redirect} in
361	[Yy][Ee][Ss])
362		echo -n ' log ICMP redirect=YES'
363		sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
364		;;
365	esac
366
367	case ${gateway_enable} in
368	[Yy][Ee][Ss])
369		echo -n ' IP gateway=YES'
370		sysctl -w net.inet.ip.forwarding=1 >/dev/null
371		;;
372	esac
373
374	case ${forward_sourceroute} in
375	[Yy][Ee][Ss])
376		echo -n ' do source routing=YES'
377		sysctl -w net.inet.ip.sourceroute=1 >/dev/null
378		;;
379	esac
380
381	case ${accept_sourceroute} in
382	[Yy][Ee][Ss])
383		echo -n ' accept source routing=YES'
384		sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
385		;;
386	esac
387
388	case ${tcp_keepalive} in
389	[Yy][Ee][Ss])
390		echo -n ' TCP keepalive=YES'
391		sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
392		;;
393	esac
394
395	case ${tcp_restrict_rst} in
396	[Yy][Ee][Ss])
397		echo -n ' restrict TCP reset=YES'
398		sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
399		;;
400	esac
401
402	case ${tcp_drop_synfin} in
403	[Yy][Ee][Ss])
404		echo -n ' drop SYN+FIN packets=YES'
405		sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
406		;;
407	esac
408
409	case ${ipxgateway_enable} in
410	[Yy][Ee][Ss])
411		echo -n ' IPX gateway=YES'
412		sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
413		;;
414	esac
415
416	case ${arpproxy_all} in
417	[Yy][Ee][Ss])
418		echo -n ' ARP proxyall=YES'
419		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
420		;;
421	esac
422
423	case ${ip_portrange_first} in
424	[Nn][Oo] | '')
425		;;
426	*)
427		echo -n ' ip_portrange_first=$ip_portrange_first'
428		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
429		;;
430	esac
431
432	case ${ip_portrange_last} in
433	[Nn][Oo] | '')
434		;;
435	*)
436		echo -n ' ip_portrange_last=$ip_portrange_last'
437		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
438		;;
439	esac
440
441	echo '.'
442
443	case ${ipsec_enable} in
444	[Yy][Ee][Ss])
445		if [ -f ${ipsec_file} ]; then
446		    echo ' ipsec: enabled'
447		    setkey -f ${ipsec_file}
448		else
449		    echo ' ipsec: file not found'
450		fi
451		;;
452	esac
453
454	echo -n 'routing daemons:'
455	case ${router_enable} in
456	[Yy][Ee][Ss])
457		echo -n " ${router}";	${router} ${router_flags}
458		;;
459	esac
460
461	case ${ipxrouted_enable} in
462	[Yy][Ee][Ss])
463		echo -n ' IPXrouted'
464		IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
465		;;
466	esac
467
468	case ${mrouted_enable} in
469	[Yy][Ee][Ss])
470		echo -n ' mrouted';	mrouted ${mrouted_flags}
471		;;
472	esac
473
474	case ${rarpd_enable} in
475	[Yy][Ee][Ss])
476		echo -n ' rarpd';	rarpd ${rarpd_flags}
477		;;
478	esac
479	echo '.'
480
481	# Let future generations know we made it.
482	#
483	network_pass1_done=YES
484}
485
486network_pass2() {
487	echo -n 'Doing additional network setup:'
488	case ${named_enable} in
489	[Yy][Ee][Ss])
490		echo -n ' named';	${named_program:-named} ${named_flags}
491		;;
492	esac
493
494	case ${ntpdate_enable} in
495	[Yy][Ee][Ss])
496		echo -n ' ntpdate'
497		${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
498		;;
499	esac
500
501	case ${xntpd_enable} in
502	[Yy][Ee][Ss])
503		echo -n ' ntpd';	${xntpd_program:-ntpd} ${xntpd_flags}
504		;;
505	esac
506
507	case ${timed_enable} in
508	[Yy][Ee][Ss])
509		echo -n ' timed';	timed ${timed_flags}
510		;;
511	esac
512
513	case ${portmap_enable} in
514	[Yy][Ee][Ss])
515		echo -n ' portmap';	${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
516		;;
517	esac
518
519	# Start ypserv if we're an NIS server.
520	# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
521	#
522	case ${nis_server_enable} in
523	[Yy][Ee][Ss])
524		echo -n ' ypserv'; ypserv ${nis_server_flags}
525
526		case ${nis_ypxfrd_enable} in
527		[Yy][Ee][Ss])
528			echo -n ' rpc.ypxfrd'
529			rpc.ypxfrd ${nis_ypxfrd_flags}
530			;;
531		esac
532
533		case ${nis_yppasswdd_enable} in
534		[Yy][Ee][Ss])
535			echo -n ' rpc.yppasswdd'
536			rpc.yppasswdd ${nis_yppasswdd_flags}
537			;;
538		esac
539		;;
540	esac
541
542	# Start ypbind if we're an NIS client
543	#
544	case ${nis_client_enable} in
545	[Yy][Ee][Ss])
546		echo -n ' ypbind'; ypbind ${nis_client_flags}
547		case ${nis_ypset_enable} in
548		[Yy][Ee][Ss])
549			echo -n ' ypset';	ypset ${nis_ypset_flags}
550			;;
551		esac
552		;;
553	esac
554
555	# Start keyserv if we are running Secure RPC
556	#
557	case ${keyserv_enable} in
558	[Yy][Ee][Ss])
559		echo -n ' keyserv';	keyserv ${keyserv_flags}
560		;;
561	esac
562
563	# Start ypupdated if we are running Secure RPC and we are NIS master
564	#
565	case ${rpc_ypupdated_enable} in
566	[Yy][Ee][Ss])
567		echo -n ' rpc.ypupdated';	rpc.ypupdated
568		;;
569	esac
570
571	# Start ATM daemons
572	if [ -n "${atm_pass2_done}" ]; then
573		atm_pass3
574	fi
575
576	echo '.'
577	network_pass2_done=YES
578}
579
580network_pass3() {
581	echo -n 'Starting final network daemons:'
582
583	case ${nfs_server_enable} in
584	[Yy][Ee][Ss])
585		if [ -r /etc/exports ]; then
586			echo -n ' mountd'
587
588			case ${weak_mountd_authentication} in
589			[Yy][Ee][Ss])
590				mountd_flags="${mountd_flags} -n"
591				;;
592			esac
593
594			mountd ${mountd_flags}
595
596			case ${nfs_reserved_port_only} in
597			[Yy][Ee][Ss])
598				echo -n ' NFS on reserved port only=YES'
599				sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
600				;;
601			esac
602
603			echo -n ' nfsd';	nfsd ${nfs_server_flags}
604
605			if [ -n "${nfs_bufpackets}" ]; then
606				sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
607					> /dev/null
608			fi
609
610			case ${rpc_lockd_enable} in
611			[Yy][Ee][Ss])
612				echo -n ' rpc.lockd';	rpc.lockd
613				;;
614			esac
615
616			case ${rpc_statd_enable} in
617			[Yy][Ee][Ss])
618				echo -n ' rpc.statd';	rpc.statd
619				;;
620			esac
621		fi
622		;;
623	*)
624		case ${single_mountd_enable} in
625		[Yy][Ee][Ss])
626			if [ -r /etc/exports ]; then
627				echo -n ' mountd'
628
629				case ${weak_mountd_authentication} in
630				[Yy][Ee][Ss])
631					mountd_flags="-n"
632					;;
633				esac
634
635				mountd ${mountd_flags}
636			fi
637			;;
638		esac
639		;;
640	esac
641
642	case ${nfs_client_enable} in
643	[Yy][Ee][Ss])
644		echo -n ' nfsiod';	nfsiod ${nfs_client_flags}
645		if [ -n "${nfs_access_cache}" ]; then
646		echo -n " NFS access cache time=${nfs_access_cache}"
647		sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
648			>/dev/null
649		fi
650		;;
651	esac
652
653	# If /var/db/mounttab exists, some nfs-server has not been
654	# sucessfully notified about a previous client shutdown.
655	# If there is no /var/db/mounttab, we do nothing.
656	if [ -f /var/db/mounttab ]; then
657		rpc.umntall -k
658	fi
659
660	case ${amd_enable} in
661	[Yy][Ee][Ss])
662		echo -n ' amd'
663		case ${amd_map_program} in
664		[Nn][Oo] | '')
665			;;
666		*)
667			amd_flags="${amd_flags} `eval ${amd_map_program}`"
668			;;
669		esac
670
671		if [ -n "${amd_flags}" ]; then
672			amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
673		else
674			amd 2> /dev/null
675		fi
676		;;
677	esac
678
679	case ${rwhod_enable} in
680	[Yy][Ee][Ss])
681		echo -n ' rwhod';	rwhod ${rwhod_flags}
682		;;
683	esac
684
685	# Kerberos runs ONLY on the Kerberos server machine
686	case ${kerberos_server_enable} in
687	[Yy][Ee][Ss])
688		case ${kerberos_stash} in
689		[Yy][Ee][Ss])
690			stash_flag=-n
691			;;
692		*)
693			stash_flag=
694			;;
695		esac
696
697		echo -n ' kerberos'
698		kerberos ${stash_flag} >> /var/log/kerberos.log &
699
700		case ${kadmind_server_enable} in
701		[Yy][Ee][Ss])
702			echo -n ' kadmind'
703			(sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
704			;;
705		esac
706		unset stash_flag
707		;;
708	esac
709
710	case ${pppoed_enable} in
711	[Yy][Ee][Ss])
712		if [ -n "${pppoed_provider}" ]; then
713			pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
714		fi
715		echo -n ' pppoed';
716		/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
717		;;
718	esac
719
720	case ${sshd_enable} in
721	[Yy][Ee][Ss])
722		if [ ! -f /etc/ssh/ssh_host_key ]; then
723			echo ' creating ssh RSA host key';
724			/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
725		fi
726		if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
727			echo ' creating ssh DSA host key';
728			/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
729		fi
730		;;
731	esac
732
733	echo '.'
734	network_pass3_done=YES
735}
736
737network_pass4() {
738	echo -n 'Additional TCP options:'
739	case ${log_in_vain} in
740	[Nn][Oo] | '')
741		;;
742	*)
743		echo -n ' log_in_vain=YES'
744		sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
745		sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
746		;;
747	esac
748
749	echo '.'
750	network_pass4_done=YES
751}
752
753convert_host_conf() {
754    host_conf=$1; shift;
755    nsswitch_conf=$1; shift;
756    awk '                                                                   \
757        /^[:blank:]*#/       { next }                                       \
758        /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next }           \
759        /(dns|bind)/         { nsswitch[c] = "dns";   c++; next }           \
760        /nis/                { nsswitch[c] = "nis";   c++; next }           \
761        { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" }    \
762        END {                                                               \
763                printf "hosts: ";                                           \
764                for (i in nsswitch) printf "%s ", nsswitch[i];              \
765                printf "\n";                                                \
766        }' < $host_conf > $nsswitch_conf
767}
768
769