network.subr revision 66830
177943Sdfr#!/bin/sh - 277943Sdfr# 377943Sdfr# Copyright (c) 1993 The FreeBSD Project 477943Sdfr# All rights reserved. 577943Sdfr# 677943Sdfr# Redistribution and use in source and binary forms, with or without 777943Sdfr# modification, are permitted provided that the following conditions 877943Sdfr# are met: 977943Sdfr# 1. Redistributions of source code must retain the above copyright 1077943Sdfr# notice, this list of conditions and the following disclaimer. 1177943Sdfr# 2. Redistributions in binary form must reproduce the above copyright 1277943Sdfr# notice, this list of conditions and the following disclaimer in the 1377943Sdfr# documentation and/or other materials provided with the distribution. 1477943Sdfr# 1577943Sdfr# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1677943Sdfr# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1777943Sdfr# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1877943Sdfr# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1977943Sdfr# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2077943Sdfr# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2177943Sdfr# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2277943Sdfr# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2377943Sdfr# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2477943Sdfr# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2577943Sdfr# SUCH DAMAGE. 2677943Sdfr# 2777943Sdfr# $FreeBSD: head/etc/network.subr 66830 2000-10-08 19:20:36Z obrien $ 2877943Sdfr# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2977943Sdfr# 3077943Sdfr 3177943Sdfr# Note that almost all of the user-configurable behavior is no longer in 32154527Smarcel# this file, but rather in /etc/defaults/rc.conf. Please check that file 3377943Sdfr# first before contemplating any changes here. If you do need to change 3477943Sdfr# this file for some reason, we would like to know about it. 3577943Sdfr 36154527Smarcel# First pass startup stuff. 3777943Sdfr# 3877943Sdfrnetwork_pass1() { 3977943Sdfr echo -n 'Doing initial network setup:' 4077943Sdfr 4177943Sdfr # Convert host.conf to nsswitch.conf if necessary 4277943Sdfr if [ -f "/etc/host.conf" ]; then 4377943Sdfr echo "" 4477943Sdfr echo "Warning: /etc/host.conf is no longer used" 4577943Sdfr if [ -f "/etc/nsswitch.conf" ]; then 46154491Smarcel echo " /etc/nsswitch.conf will be used instead" 47154491Smarcel else 48154491Smarcel echo " /etc/nsswitch.conf will be created for you" 49154491Smarcel convert_host_conf /etc/host.conf /etc/nsswitch.conf 50154491Smarcel fi 51154491Smarcel fi 5277943Sdfr 5377943Sdfr # Set the host name if it is not already set 5477943Sdfr # 5577943Sdfr if [ -z "`hostname -s`" ]; then 5677943Sdfr hostname ${hostname} 5777943Sdfr echo -n ' hostname' 5877943Sdfr fi 5977943Sdfr 6077943Sdfr # Establish ipfilter ruleset as early as possible (best in 6177943Sdfr # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6295190Smarcel # 6377943Sdfr case "${ipfilter_enable}" in 6477943Sdfr [Yy][Ee][Ss]) 6577943Sdfr if [ -r "${ipfilter_rules}" ]; then 6677943Sdfr echo -n ' ipfilter'; 6777943Sdfr ${ipfilter_program:-ipf -Fa -f} "${ipfilter_rules}" ${ipfilter_flags} 6877943Sdfr case "${ipmon_enable}" in 6977943Sdfr [Yy][Ee][Ss]) 7077943Sdfr echo -n ' ipmon' 7177943Sdfr ${ipmon_program:-ipmon} ${ipmon_flags} 7277943Sdfr ;; 7377943Sdfr esac 7477943Sdfr case "${ipnat_enable}" in 7577943Sdfr [Yy][Ee][Ss]) 7677943Sdfr if [ -r "${ipnat_rules}" ]; then 7777943Sdfr echo -n ' ipnat'; 7877943Sdfr ${ipnat_program:-ipnat -CF -f} "${ipnat_rules}" ${ipnat_flags} 7977943Sdfr else 8077943Sdfr echo -n ' NO IPNAT RULES' 81132437Smarcel fi 82132437Smarcel ;; 83132437Smarcel esac 8477943Sdfr else 8577943Sdfr ipfilter_enable="NO" 8677943Sdfr echo -n ' NO IPF RULES' 8777943Sdfr fi 88132437Smarcel ;; 89132437Smarcel esac 90132437Smarcel 91132437Smarcel # Set the domainname if we're using NIS 9277943Sdfr # 9377943Sdfr case ${nisdomainname} in 9495190Smarcel [Nn][Oo] | '') 9595190Smarcel ;; 9695190Smarcel *) 9795190Smarcel domainname ${nisdomainname} 9895190Smarcel echo -n ' domain' 9995190Smarcel ;; 10095190Smarcel esac 10195190Smarcel 10295190Smarcel echo '.' 10395190Smarcel 10495190Smarcel # Initial ATM interface configuration 10595190Smarcel # 10695190Smarcel case ${atm_enable} in 10795190Smarcel [Yy][Ee][Ss]) 10895190Smarcel if [ -r /etc/rc.atm ]; then 10995190Smarcel . /etc/rc.atm 11095190Smarcel atm_pass1 11195190Smarcel fi 11295190Smarcel ;; 113154491Smarcel esac 11495190Smarcel 11595190Smarcel # Special options for sppp(4) interfaces go here. These need 11695190Smarcel # to go _before_ the general ifconfig section, since in the case 11777943Sdfr # of hardwired (no link1 flag) but required authentication, you 11895190Smarcel # cannot pass auth parameters down to the already running interface. 11995190Smarcel # 12077943Sdfr for ifn in ${sppp_interfaces}; do 12195190Smarcel eval spppcontrol_args=\$spppconfig_${ifn} 12277943Sdfr if [ -n "${spppcontrol_args}" ]; then 12395190Smarcel # The auth secrets might contain spaces; in order 12495190Smarcel # to retain the quotation, we need to eval them 12595190Smarcel # here. 12695190Smarcel eval spppcontrol ${ifn} ${spppcontrol_args} 12795190Smarcel fi 12895190Smarcel done 12995190Smarcel 13095190Smarcel # Set up all the network interfaces, calling startup scripts if needed 13185436Sdfr # 13295190Smarcel case ${network_interfaces} in 13395190Smarcel [Aa][Uu][Tt][Oo]) 134154491Smarcel network_interfaces="`ifconfig -l`" 13577943Sdfr ;; 13695190Smarcel esac 13795190Smarcel 13877943Sdfr dhcp_interfaces="" 13977943Sdfr for ifn in ${network_interfaces}; do 14077943Sdfr if [ -r /etc/start_if.${ifn} ]; then 14177943Sdfr . /etc/start_if.${ifn} 14277943Sdfr eval showstat_$ifn=1 14377943Sdfr fi 14495190Smarcel 14595190Smarcel # Do the primary ifconfig if specified 14695190Smarcel # 14795190Smarcel eval ifconfig_args=\$ifconfig_${ifn} 14895190Smarcel 14995190Smarcel case ${ifconfig_args} in 15095190Smarcel '') 15195190Smarcel ;; 15295190Smarcel [Dd][Hh][Cc][Pp]) 15395190Smarcel # DHCP inits are done all in one go below 15495190Smarcel dhcp_interfaces="$dhcp_interfaces $ifn" 15595190Smarcel eval showstat_$ifn=1 15695190Smarcel ;; 15795190Smarcel *) 15895190Smarcel ifconfig ${ifn} ${ifconfig_args} 15995190Smarcel eval showstat_$ifn=1 16095190Smarcel ;; 16195190Smarcel esac 16295190Smarcel done 16395190Smarcel 16495190Smarcel if [ ! -z "${dhcp_interfaces}" ]; then 16595190Smarcel ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 16695190Smarcel fi 16795190Smarcel 16895190Smarcel for ifn in ${network_interfaces}; do 16995190Smarcel # Check to see if aliases need to be added 17095190Smarcel # 17195190Smarcel alias=0 17295190Smarcel while : ; do 17395190Smarcel eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 17495190Smarcel if [ -n "${ifconfig_args}" ]; then 17595190Smarcel ifconfig ${ifn} ${ifconfig_args} alias 17695190Smarcel eval showstat_$ifn=1 17795190Smarcel alias=`expr ${alias} + 1` 17895190Smarcel else 17995190Smarcel break; 18095190Smarcel fi 18195190Smarcel done 18295190Smarcel 18395190Smarcel # Do ipx address if specified 18495190Smarcel # 18595190Smarcel eval ifconfig_args=\$ifconfig_${ifn}_ipx 18677943Sdfr if [ -n "${ifconfig_args}" ]; then 18795190Smarcel ifconfig ${ifn} ${ifconfig_args} 18877943Sdfr eval showstat_$ifn=1 18977943Sdfr fi 19095190Smarcel done 19177943Sdfr 19277943Sdfr for ifn in ${network_interfaces}; do 193154491Smarcel eval showstat=\$showstat_${ifn} 19495190Smarcel if [ ! -z ${showstat} ]; then 19577943Sdfr ifconfig ${ifn} 196154491Smarcel fi 197132437Smarcel done 198132437Smarcel 199154491Smarcel # ISDN subsystem startup 20077943Sdfr # 20177943Sdfr case ${isdn_enable} in 20295190Smarcel [Yy][Ee][Ss]) 20377943Sdfr if [ -r /etc/rc.isdn ]; then 20495190Smarcel . /etc/rc.isdn 20577943Sdfr fi 20695190Smarcel ;; 20777943Sdfr esac 20895190Smarcel 20977943Sdfr # Start user ppp if required. This must happen before natd. 21095190Smarcel # 21185436Sdfr case ${ppp_enable} in 21295190Smarcel [Yy][Ee][Ss]) 21395190Smarcel # Establish ppp mode. 21495190Smarcel # 21595190Smarcel if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 216154491Smarcel -a "${ppp_mode}" != "dedicated" \ 21785436Sdfr -a "${ppp_mode}" != "background" ]; then 21885436Sdfr ppp_mode="auto" 219154491Smarcel fi 22095190Smarcel 22177943Sdfr ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 22295190Smarcel 22395190Smarcel # Switch on NAT mode? 22477943Sdfr # 22595190Smarcel case ${ppp_nat} in 22695190Smarcel [Yy][Ee][Ss]) 22777943Sdfr ppp_command="${ppp_command} -nat" 22895190Smarcel ;; 22977943Sdfr esac 23095190Smarcel 23195190Smarcel ppp_command="${ppp_command} ${ppp_profile}" 23277943Sdfr 233132437Smarcel echo -n "Starting ppp as \"${ppp_user}\"" 234132437Smarcel su -m ${ppp_user} -c "exec ${ppp_command}" 235132437Smarcel ;; 236132437Smarcel esac 237132437Smarcel 238132437Smarcel # Initialize IP filtering using ipfw 239132437Smarcel # 24095190Smarcel if /sbin/ipfw -q flush > /dev/null 2>&1; then 24195190Smarcel firewall_in_kernel=1 24295190Smarcel else 24377943Sdfr firewall_in_kernel=0 24495190Smarcel fi 24595190Smarcel 24695190Smarcel case ${firewall_enable} in 24795190Smarcel [Yy][Ee][Ss]) 24895190Smarcel if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 24995190Smarcel firewall_in_kernel=1 25077943Sdfr echo "Kernel firewall module loaded." 25195190Smarcel elif [ "${firewall_in_kernel}" -eq 0 ]; then 25295190Smarcel echo "Warning: firewall kernel module failed to load." 25395190Smarcel fi 25495190Smarcel ;; 25595190Smarcel esac 25685436Sdfr 25795190Smarcel # Load the filters if required 25895190Smarcel # 25995190Smarcel case ${firewall_in_kernel} in 26095190Smarcel 1) 26185436Sdfr if [ -z "${firewall_script}" ]; then 26295190Smarcel firewall_script=/etc/rc.firewall 26385436Sdfr fi 26495190Smarcel 26595190Smarcel case ${firewall_enable} in 26695190Smarcel [Yy][Ee][Ss]) 26795190Smarcel if [ -r "${firewall_script}" ]; then 26895190Smarcel . "${firewall_script}" 26977943Sdfr echo -n 'Firewall rules loaded, starting divert daemons:' 27095190Smarcel 27177943Sdfr # Network Address Translation daemon 27295190Smarcel # 27377943Sdfr case ${natd_enable} in 27495190Smarcel [Yy][Ee][Ss]) 27577943Sdfr if [ -n "${natd_interface}" ]; then 27695190Smarcel if echo ${natd_interface} | \ 27795190Smarcel grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 27877943Sdfr natd_ifarg="-a ${natd_interface}" 27977943Sdfr else 28077943Sdfr natd_ifarg="-n ${natd_interface}" 28177943Sdfr fi 28277943Sdfr 28377943Sdfr echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 28477943Sdfr fi 28577943Sdfr ;; 28677943Sdfr esac 28777943Sdfr 288107720Smarcel echo '.' 28977943Sdfr 290107720Smarcel elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 291 echo -n "Warning: kernel has firewall functionality, " 292 echo "but firewall rules are not enabled." 293 echo " All ip services are disabled." 294 fi 295 296 case ${firewall_logging} in 297 [Yy][Ee][Ss] | '') 298 echo 'Firewall logging=YES' 299 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 300 ;; 301 *) 302 ;; 303 esac 304 305 ;; 306 esac 307 ;; 308 esac 309 310 # Additional ATM interface configuration 311 # 312 if [ -n "${atm_pass1_done}" ]; then 313 atm_pass2 314 fi 315 316 # Configure routing 317 # 318 case ${defaultrouter} in 319 [Nn][Oo] | '') 320 ;; 321 *) 322 static_routes="default ${static_routes}" 323 route_default="default ${defaultrouter}" 324 ;; 325 esac 326 327 # Set up any static routes. This should be done before router discovery. 328 # 329 if [ -n "${static_routes}" ]; then 330 for i in ${static_routes}; do 331 eval route_args=\$route_${i} 332 route add ${route_args} 333 done 334 fi 335 336 echo -n 'Additional routing options:' 337 case ${tcp_extensions} in 338 [Yy][Ee][Ss] | '') 339 ;; 340 *) 341 echo -n ' tcp extensions=NO' 342 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 343 ;; 344 esac 345 346 case ${icmp_bmcastecho} in 347 [Yy][Ee][Ss]) 348 echo -n ' broadcast ping responses=YES' 349 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 350 ;; 351 esac 352 353 case ${icmp_drop_redirect} in 354 [Yy][Ee][Ss]) 355 echo -n ' ignore ICMP redirect=YES' 356 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 357 ;; 358 esac 359 360 case ${icmp_log_redirect} in 361 [Yy][Ee][Ss]) 362 echo -n ' log ICMP redirect=YES' 363 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 364 ;; 365 esac 366 367 case ${gateway_enable} in 368 [Yy][Ee][Ss]) 369 echo -n ' IP gateway=YES' 370 sysctl -w net.inet.ip.forwarding=1 >/dev/null 371 ;; 372 esac 373 374 case ${forward_sourceroute} in 375 [Yy][Ee][Ss]) 376 echo -n ' do source routing=YES' 377 sysctl -w net.inet.ip.sourceroute=1 >/dev/null 378 ;; 379 esac 380 381 case ${accept_sourceroute} in 382 [Yy][Ee][Ss]) 383 echo -n ' accept source routing=YES' 384 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 385 ;; 386 esac 387 388 case ${tcp_keepalive} in 389 [Yy][Ee][Ss]) 390 echo -n ' TCP keepalive=YES' 391 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 392 ;; 393 esac 394 395 case ${tcp_restrict_rst} in 396 [Yy][Ee][Ss]) 397 echo -n ' restrict TCP reset=YES' 398 sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null 399 ;; 400 esac 401 402 case ${tcp_drop_synfin} in 403 [Yy][Ee][Ss]) 404 echo -n ' drop SYN+FIN packets=YES' 405 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 406 ;; 407 esac 408 409 case ${ipxgateway_enable} in 410 [Yy][Ee][Ss]) 411 echo -n ' IPX gateway=YES' 412 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 413 ;; 414 esac 415 416 case ${arpproxy_all} in 417 [Yy][Ee][Ss]) 418 echo -n ' ARP proxyall=YES' 419 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 420 ;; 421 esac 422 423 case ${ip_portrange_first} in 424 [Nn][Oo] | '') 425 ;; 426 *) 427 echo -n ' ip_portrange_first=$ip_portrange_first' 428 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 429 ;; 430 esac 431 432 case ${ip_portrange_last} in 433 [Nn][Oo] | '') 434 ;; 435 *) 436 echo -n ' ip_portrange_last=$ip_portrange_last' 437 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 438 ;; 439 esac 440 441 echo '.' 442 443 case ${ipsec_enable} in 444 [Yy][Ee][Ss]) 445 if [ -f ${ipsec_file} ]; then 446 echo ' ipsec: enabled' 447 setkey -f ${ipsec_file} 448 else 449 echo ' ipsec: file not found' 450 fi 451 ;; 452 esac 453 454 echo -n 'routing daemons:' 455 case ${router_enable} in 456 [Yy][Ee][Ss]) 457 echo -n " ${router}"; ${router} ${router_flags} 458 ;; 459 esac 460 461 case ${ipxrouted_enable} in 462 [Yy][Ee][Ss]) 463 echo -n ' IPXrouted' 464 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 465 ;; 466 esac 467 468 case ${mrouted_enable} in 469 [Yy][Ee][Ss]) 470 echo -n ' mrouted'; mrouted ${mrouted_flags} 471 ;; 472 esac 473 474 case ${rarpd_enable} in 475 [Yy][Ee][Ss]) 476 echo -n ' rarpd'; rarpd ${rarpd_flags} 477 ;; 478 esac 479 echo '.' 480 481 # Let future generations know we made it. 482 # 483 network_pass1_done=YES 484} 485 486network_pass2() { 487 echo -n 'Doing additional network setup:' 488 case ${named_enable} in 489 [Yy][Ee][Ss]) 490 echo -n ' named'; ${named_program:-named} ${named_flags} 491 ;; 492 esac 493 494 case ${ntpdate_enable} in 495 [Yy][Ee][Ss]) 496 echo -n ' ntpdate' 497 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 498 ;; 499 esac 500 501 case ${xntpd_enable} in 502 [Yy][Ee][Ss]) 503 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 504 ;; 505 esac 506 507 case ${timed_enable} in 508 [Yy][Ee][Ss]) 509 echo -n ' timed'; timed ${timed_flags} 510 ;; 511 esac 512 513 case ${portmap_enable} in 514 [Yy][Ee][Ss]) 515 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} 516 ;; 517 esac 518 519 # Start ypserv if we're an NIS server. 520 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 521 # 522 case ${nis_server_enable} in 523 [Yy][Ee][Ss]) 524 echo -n ' ypserv'; ypserv ${nis_server_flags} 525 526 case ${nis_ypxfrd_enable} in 527 [Yy][Ee][Ss]) 528 echo -n ' rpc.ypxfrd' 529 rpc.ypxfrd ${nis_ypxfrd_flags} 530 ;; 531 esac 532 533 case ${nis_yppasswdd_enable} in 534 [Yy][Ee][Ss]) 535 echo -n ' rpc.yppasswdd' 536 rpc.yppasswdd ${nis_yppasswdd_flags} 537 ;; 538 esac 539 ;; 540 esac 541 542 # Start ypbind if we're an NIS client 543 # 544 case ${nis_client_enable} in 545 [Yy][Ee][Ss]) 546 echo -n ' ypbind'; ypbind ${nis_client_flags} 547 case ${nis_ypset_enable} in 548 [Yy][Ee][Ss]) 549 echo -n ' ypset'; ypset ${nis_ypset_flags} 550 ;; 551 esac 552 ;; 553 esac 554 555 # Start keyserv if we are running Secure RPC 556 # 557 case ${keyserv_enable} in 558 [Yy][Ee][Ss]) 559 echo -n ' keyserv'; keyserv ${keyserv_flags} 560 ;; 561 esac 562 563 # Start ypupdated if we are running Secure RPC and we are NIS master 564 # 565 case ${rpc_ypupdated_enable} in 566 [Yy][Ee][Ss]) 567 echo -n ' rpc.ypupdated'; rpc.ypupdated 568 ;; 569 esac 570 571 # Start ATM daemons 572 if [ -n "${atm_pass2_done}" ]; then 573 atm_pass3 574 fi 575 576 echo '.' 577 network_pass2_done=YES 578} 579 580network_pass3() { 581 echo -n 'Starting final network daemons:' 582 583 case ${nfs_server_enable} in 584 [Yy][Ee][Ss]) 585 if [ -r /etc/exports ]; then 586 echo -n ' mountd' 587 588 case ${weak_mountd_authentication} in 589 [Yy][Ee][Ss]) 590 mountd_flags="${mountd_flags} -n" 591 ;; 592 esac 593 594 mountd ${mountd_flags} 595 596 case ${nfs_reserved_port_only} in 597 [Yy][Ee][Ss]) 598 echo -n ' NFS on reserved port only=YES' 599 sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 600 ;; 601 esac 602 603 echo -n ' nfsd'; nfsd ${nfs_server_flags} 604 605 if [ -n "${nfs_bufpackets}" ]; then 606 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \ 607 > /dev/null 608 fi 609 610 case ${rpc_lockd_enable} in 611 [Yy][Ee][Ss]) 612 echo -n ' rpc.lockd'; rpc.lockd 613 ;; 614 esac 615 616 case ${rpc_statd_enable} in 617 [Yy][Ee][Ss]) 618 echo -n ' rpc.statd'; rpc.statd 619 ;; 620 esac 621 fi 622 ;; 623 *) 624 case ${single_mountd_enable} in 625 [Yy][Ee][Ss]) 626 if [ -r /etc/exports ]; then 627 echo -n ' mountd' 628 629 case ${weak_mountd_authentication} in 630 [Yy][Ee][Ss]) 631 mountd_flags="-n" 632 ;; 633 esac 634 635 mountd ${mountd_flags} 636 fi 637 ;; 638 esac 639 ;; 640 esac 641 642 case ${nfs_client_enable} in 643 [Yy][Ee][Ss]) 644 echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 645 if [ -n "${nfs_access_cache}" ]; then 646 echo -n " NFS access cache time=${nfs_access_cache}" 647 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ 648 >/dev/null 649 fi 650 ;; 651 esac 652 653 # If /var/db/mounttab exists, some nfs-server has not been 654 # sucessfully notified about a previous client shutdown. 655 # If there is no /var/db/mounttab, we do nothing. 656 if [ -f /var/db/mounttab ]; then 657 rpc.umntall -k 658 fi 659 660 case ${amd_enable} in 661 [Yy][Ee][Ss]) 662 echo -n ' amd' 663 case ${amd_map_program} in 664 [Nn][Oo] | '') 665 ;; 666 *) 667 amd_flags="${amd_flags} `eval ${amd_map_program}`" 668 ;; 669 esac 670 671 if [ -n "${amd_flags}" ]; then 672 amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null 673 else 674 amd 2> /dev/null 675 fi 676 ;; 677 esac 678 679 case ${rwhod_enable} in 680 [Yy][Ee][Ss]) 681 echo -n ' rwhod'; rwhod ${rwhod_flags} 682 ;; 683 esac 684 685 # Kerberos runs ONLY on the Kerberos server machine 686 case ${kerberos_server_enable} in 687 [Yy][Ee][Ss]) 688 case ${kerberos_stash} in 689 [Yy][Ee][Ss]) 690 stash_flag=-n 691 ;; 692 *) 693 stash_flag= 694 ;; 695 esac 696 697 echo -n ' kerberos' 698 kerberos ${stash_flag} >> /var/log/kerberos.log & 699 700 case ${kadmind_server_enable} in 701 [Yy][Ee][Ss]) 702 echo -n ' kadmind' 703 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & 704 ;; 705 esac 706 unset stash_flag 707 ;; 708 esac 709 710 case ${pppoed_enable} in 711 [Yy][Ee][Ss]) 712 if [ -n "${pppoed_provider}" ]; then 713 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 714 fi 715 echo -n ' pppoed'; 716 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 717 ;; 718 esac 719 720 case ${sshd_enable} in 721 [Yy][Ee][Ss]) 722 if [ ! -f /etc/ssh/ssh_host_key ]; then 723 echo ' creating ssh RSA host key'; 724 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 725 fi 726 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 727 echo ' creating ssh DSA host key'; 728 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 729 fi 730 ;; 731 esac 732 733 echo '.' 734 network_pass3_done=YES 735} 736 737network_pass4() { 738 echo -n 'Additional TCP options:' 739 case ${log_in_vain} in 740 [Nn][Oo] | '') 741 ;; 742 *) 743 echo -n ' log_in_vain=YES' 744 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 745 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 746 ;; 747 esac 748 749 echo '.' 750 network_pass4_done=YES 751} 752 753convert_host_conf() { 754 host_conf=$1; shift; 755 nsswitch_conf=$1; shift; 756 awk ' \ 757 /^[:blank:]*#/ { next } \ 758 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 759 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 760 /nis/ { nsswitch[c] = "nis"; c++; next } \ 761 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 762 END { \ 763 printf "hosts: "; \ 764 for (i in nsswitch) printf "%s ", nsswitch[i]; \ 765 printf "\n"; \ 766 }' < $host_conf > $nsswitch_conf 767} 768 769