network.subr revision 83677
125184Sjkh#!/bin/sh - 225184Sjkh# 366830Sobrien# Copyright (c) 1993 The FreeBSD Project 466830Sobrien# All rights reserved. 566830Sobrien# 666830Sobrien# Redistribution and use in source and binary forms, with or without 766830Sobrien# modification, are permitted provided that the following conditions 866830Sobrien# are met: 966830Sobrien# 1. Redistributions of source code must retain the above copyright 1066830Sobrien# notice, this list of conditions and the following disclaimer. 1166830Sobrien# 2. Redistributions in binary form must reproduce the above copyright 1266830Sobrien# notice, this list of conditions and the following disclaimer in the 1366830Sobrien# documentation and/or other materials provided with the distribution. 1466830Sobrien# 1566830Sobrien# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1666830Sobrien# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1766830Sobrien# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1866830Sobrien# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1966830Sobrien# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2066830Sobrien# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2166830Sobrien# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2266830Sobrien# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2366830Sobrien# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2466830Sobrien# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2566830Sobrien# SUCH DAMAGE. 2666830Sobrien# 2750472Speter# $FreeBSD: head/etc/network.subr 83677 2001-09-19 21:27:27Z brooks $ 2825184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2966830Sobrien# 3025184Sjkh 3151231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 3251231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 3325184Sjkh# first before contemplating any changes here. If you do need to change 3425184Sjkh# this file for some reason, we would like to know about it. 3525184Sjkh 3625184Sjkh# First pass startup stuff. 3751231Ssheldonh# 3825184Sjkhnetwork_pass1() { 3951231Ssheldonh echo -n 'Doing initial network setup:' 4025184Sjkh 4165532Snectar # Convert host.conf to nsswitch.conf if necessary 4265532Snectar if [ -f "/etc/host.conf" ]; then 4370108Sdougb echo '' 4470108Sdougb echo 'Warning: /etc/host.conf is no longer used' 4565532Snectar if [ -f "/etc/nsswitch.conf" ]; then 4670108Sdougb echo ' /etc/nsswitch.conf will be used instead' 4765532Snectar else 4870108Sdougb echo ' /etc/nsswitch.conf will be created for you' 4965532Snectar convert_host_conf /etc/host.conf /etc/nsswitch.conf 5065532Snectar fi 5165532Snectar fi 5265532Snectar 5351231Ssheldonh # Set the host name if it is not already set 5451231Ssheldonh # 5551231Ssheldonh if [ -z "`hostname -s`" ]; then 5651231Ssheldonh hostname ${hostname} 5751231Ssheldonh echo -n ' hostname' 5851231Ssheldonh fi 5925184Sjkh 6066745Sdarrenr # Establish ipfilter ruleset as early as possible (best in 6166745Sdarrenr # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6266745Sdarrenr # 6380683Sdarrenr if /sbin/ipfstat -i > /dev/null 2>&1; then 6480683Sdarrenr ipfilter_in_kernel=1 6580683Sdarrenr else 6680683Sdarrenr ipfilter_in_kernel=0 6780683Sdarrenr fi 6880683Sdarrenr 6966745Sdarrenr case "${ipfilter_enable}" in 7066745Sdarrenr [Yy][Ee][Ss]) 7180683Sdarrenr if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 7280683Sdarrenr ipfilter_in_kernel=1 7380683Sdarrenr echo "Kernel ipfilter module loaded." 7480683Sdarrenr elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 7580683Sdarrenr echo "Warning: ipfilter kernel module failed to load." 7680683Sdarrenr fi 7780683Sdarrenr 7866745Sdarrenr if [ -r "${ipfilter_rules}" ]; then 7966745Sdarrenr echo -n ' ipfilter'; 8070129Sdougb ${ipfilter_program:-/sbin/ipf -Fa -f} \ 8170129Sdougb "${ipfilter_rules}" ${ipfilter_flags} 8266745Sdarrenr case "${ipmon_enable}" in 8366745Sdarrenr [Yy][Ee][Ss]) 8466745Sdarrenr echo -n ' ipmon' 8570129Sdougb ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 8666745Sdarrenr ;; 8766745Sdarrenr esac 8866745Sdarrenr case "${ipnat_enable}" in 8966745Sdarrenr [Yy][Ee][Ss]) 9066745Sdarrenr if [ -r "${ipnat_rules}" ]; then 9166745Sdarrenr echo -n ' ipnat'; 9270129Sdougb eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 9370129Sdougb "${ipnat_rules}" ${ipnat_flags} 9466745Sdarrenr else 9566745Sdarrenr echo -n ' NO IPNAT RULES' 9666745Sdarrenr fi 9766745Sdarrenr ;; 9866745Sdarrenr esac 9966745Sdarrenr else 10066745Sdarrenr ipfilter_enable="NO" 10166745Sdarrenr echo -n ' NO IPF RULES' 10266745Sdarrenr fi 10366745Sdarrenr ;; 10466745Sdarrenr esac 10566745Sdarrenr 10651231Ssheldonh # Set the domainname if we're using NIS 10751231Ssheldonh # 10851231Ssheldonh case ${nisdomainname} in 10951231Ssheldonh [Nn][Oo] | '') 11051231Ssheldonh ;; 11151231Ssheldonh *) 11251231Ssheldonh domainname ${nisdomainname} 11351231Ssheldonh echo -n ' domain' 11451231Ssheldonh ;; 11551231Ssheldonh esac 11640006Sphk 11751231Ssheldonh echo '.' 11842621Shm 11951231Ssheldonh # Initial ATM interface configuration 12051231Ssheldonh # 12151231Ssheldonh case ${atm_enable} in 12251231Ssheldonh [Yy][Ee][Ss]) 12351231Ssheldonh if [ -r /etc/rc.atm ]; then 12451231Ssheldonh . /etc/rc.atm 12551231Ssheldonh atm_pass1 12651231Ssheldonh fi 12751231Ssheldonh ;; 12851231Ssheldonh esac 12942627Sjoerg 13083677Sbrooks # Attempt to create cloned interfaces. 13183677Sbrooks for ifn in ${cloned_interfaces}; do 13283677Sbrooks ifconfig ${ifn} create 13383677Sbrooks done 13483677Sbrooks 13551231Ssheldonh # Special options for sppp(4) interfaces go here. These need 13651231Ssheldonh # to go _before_ the general ifconfig section, since in the case 13751231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 13851231Ssheldonh # cannot pass auth parameters down to the already running interface. 13951231Ssheldonh # 14051231Ssheldonh for ifn in ${sppp_interfaces}; do 14151231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 14251231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 14351231Ssheldonh # The auth secrets might contain spaces; in order 14451231Ssheldonh # to retain the quotation, we need to eval them 14551231Ssheldonh # here. 14651231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 14751231Ssheldonh fi 14851231Ssheldonh done 14949122Sbrian 15077651Sbrian # gifconfig 15177651Sbrian network_gif_setup 15277651Sbrian 15351231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 15451231Ssheldonh # 15551231Ssheldonh case ${network_interfaces} in 15651231Ssheldonh [Aa][Uu][Tt][Oo]) 15751231Ssheldonh network_interfaces="`ifconfig -l`" 15851231Ssheldonh ;; 15983677Sbrooks *) 16083677Sbrooks network_interfaces="${network_interfaces} ${cloned_interfaces}" 16183677Sbrooks ;; 16251231Ssheldonh esac 16349122Sbrian 16454458Sobrien dhcp_interfaces="" 16551231Ssheldonh for ifn in ${network_interfaces}; do 16651231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 16751231Ssheldonh . /etc/start_if.${ifn} 16854458Sobrien eval showstat_$ifn=1 16951231Ssheldonh fi 17049122Sbrian 17151231Ssheldonh # Do the primary ifconfig if specified 17251231Ssheldonh # 17351231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 17429300Sdanny 17551231Ssheldonh case ${ifconfig_args} in 17651231Ssheldonh '') 17751231Ssheldonh ;; 17851231Ssheldonh [Dd][Hh][Cc][Pp]) 17954458Sobrien # DHCP inits are done all in one go below 18054458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 18154458Sobrien eval showstat_$ifn=1 18251231Ssheldonh ;; 18351231Ssheldonh *) 18451231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 18554458Sobrien eval showstat_$ifn=1 18651231Ssheldonh ;; 18751231Ssheldonh esac 18854458Sobrien done 18951231Ssheldonh 19054458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 19154458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 19254458Sobrien fi 19354458Sobrien 19454458Sobrien for ifn in ${network_interfaces}; do 19551231Ssheldonh # Check to see if aliases need to be added 19651231Ssheldonh # 19751231Ssheldonh alias=0 19851231Ssheldonh while : ; do 19951231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 20051231Ssheldonh if [ -n "${ifconfig_args}" ]; then 20151231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 20254458Sobrien eval showstat_$ifn=1 20351231Ssheldonh alias=`expr ${alias} + 1` 20451231Ssheldonh else 20551231Ssheldonh break; 20651231Ssheldonh fi 20751231Ssheldonh done 20851231Ssheldonh 20951231Ssheldonh # Do ipx address if specified 21051231Ssheldonh # 21151231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 21251231Ssheldonh if [ -n "${ifconfig_args}" ]; then 21351231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 21454458Sobrien eval showstat_$ifn=1 21551231Ssheldonh fi 21654458Sobrien done 21751231Ssheldonh 21854458Sobrien for ifn in ${network_interfaces}; do 21954458Sobrien eval showstat=\$showstat_${ifn} 22054458Sobrien if [ ! -z ${showstat} ]; then 22151231Ssheldonh ifconfig ${ifn} 22254458Sobrien fi 22351231Ssheldonh done 22451231Ssheldonh 22557012Shm # ISDN subsystem startup 22657012Shm # 22757012Shm case ${isdn_enable} in 22857012Shm [Yy][Ee][Ss]) 22957012Shm if [ -r /etc/rc.isdn ]; then 23057012Shm . /etc/rc.isdn 23157012Shm fi 23257012Shm ;; 23357012Shm esac 23457012Shm 23564471Sbrian # Start user ppp if required. This must happen before natd. 23651231Ssheldonh # 23751231Ssheldonh case ${ppp_enable} in 23851231Ssheldonh [Yy][Ee][Ss]) 23951231Ssheldonh # Establish ppp mode. 24051231Ssheldonh # 24151231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 24251231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 24351231Ssheldonh -a "${ppp_mode}" != "background" ]; then 24464471Sbrian ppp_mode="auto" 24551231Ssheldonh fi 24651231Ssheldonh 24764471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 24851231Ssheldonh 24964471Sbrian # Switch on NAT mode? 25051231Ssheldonh # 25151231Ssheldonh case ${ppp_nat} in 25251231Ssheldonh [Yy][Ee][Ss]) 25364471Sbrian ppp_command="${ppp_command} -nat" 25451231Ssheldonh ;; 25551231Ssheldonh esac 25651231Ssheldonh 25764471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 25864471Sbrian 25977992Sbrian echo "Starting ppp as \"${ppp_user}\"" 26066422Sbrian su -m ${ppp_user} -c "exec ${ppp_command}" 26151231Ssheldonh ;; 26251231Ssheldonh esac 26351231Ssheldonh 26451231Ssheldonh # Initialize IP filtering using ipfw 26551231Ssheldonh # 26651231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 26751231Ssheldonh firewall_in_kernel=1 26829300Sdanny else 26951231Ssheldonh firewall_in_kernel=0 27029300Sdanny fi 27129300Sdanny 27251231Ssheldonh case ${firewall_enable} in 27351231Ssheldonh [Yy][Ee][Ss]) 27451231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 27551231Ssheldonh firewall_in_kernel=1 27670108Sdougb echo 'Kernel firewall module loaded' 27751231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 27870108Sdougb echo 'Warning: firewall kernel module failed to load' 27951231Ssheldonh fi 28051231Ssheldonh ;; 28151231Ssheldonh esac 28244992Sbrian 28351231Ssheldonh # Load the filters if required 28451231Ssheldonh # 28551231Ssheldonh case ${firewall_in_kernel} in 28651231Ssheldonh 1) 28751231Ssheldonh if [ -z "${firewall_script}" ]; then 28851231Ssheldonh firewall_script=/etc/rc.firewall 28944992Sbrian fi 29051231Ssheldonh 29151231Ssheldonh case ${firewall_enable} in 29251231Ssheldonh [Yy][Ee][Ss]) 29351426Sgreen if [ -r "${firewall_script}" ]; then 29451426Sgreen . "${firewall_script}" 29551231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 29651231Ssheldonh 29751231Ssheldonh # Network Address Translation daemon 29851231Ssheldonh # 29951231Ssheldonh case ${natd_enable} in 30051231Ssheldonh [Yy][Ee][Ss]) 30151231Ssheldonh if [ -n "${natd_interface}" ]; then 30251231Ssheldonh if echo ${natd_interface} | \ 30351231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 30451231Ssheldonh natd_ifarg="-a ${natd_interface}" 30551231Ssheldonh else 30651231Ssheldonh natd_ifarg="-n ${natd_interface}" 30751231Ssheldonh fi 30851231Ssheldonh 30951231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 31051231Ssheldonh fi 31151231Ssheldonh ;; 31251231Ssheldonh esac 31351231Ssheldonh 31451231Ssheldonh echo '.' 31551231Ssheldonh 31651231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 31770108Sdougb echo 'Warning: kernel has firewall functionality,' \ 31870108Sdougb 'but firewall rules are not enabled.' 31970108Sdougb echo ' All ip services are disabled.' 32051231Ssheldonh fi 32160103Sache 32260103Sache case ${firewall_logging} in 32360103Sache [Yy][Ee][Ss] | '') 32460103Sache echo 'Firewall logging=YES' 32560103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 32660103Sache ;; 32760103Sache *) 32860103Sache ;; 32960103Sache esac 33060103Sache 33151231Ssheldonh ;; 33251231Ssheldonh esac 33351231Ssheldonh ;; 33451231Ssheldonh esac 33551231Ssheldonh 33651231Ssheldonh # Additional ATM interface configuration 33751231Ssheldonh # 33851231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 33951231Ssheldonh atm_pass2 34029300Sdanny fi 34125184Sjkh 34251231Ssheldonh # Configure routing 34351231Ssheldonh # 34451231Ssheldonh case ${defaultrouter} in 34551231Ssheldonh [Nn][Oo] | '') 34651231Ssheldonh ;; 34751231Ssheldonh *) 34851231Ssheldonh static_routes="default ${static_routes}" 34951231Ssheldonh route_default="default ${defaultrouter}" 35051231Ssheldonh ;; 35151231Ssheldonh esac 35240006Sphk 35351231Ssheldonh # Set up any static routes. This should be done before router discovery. 35451231Ssheldonh # 35551231Ssheldonh if [ -n "${static_routes}" ]; then 35651231Ssheldonh for i in ${static_routes}; do 35751231Ssheldonh eval route_args=\$route_${i} 35851231Ssheldonh route add ${route_args} 35951231Ssheldonh done 36051231Ssheldonh fi 36129300Sdanny 36251231Ssheldonh echo -n 'Additional routing options:' 36351231Ssheldonh case ${tcp_extensions} in 36451231Ssheldonh [Yy][Ee][Ss] | '') 36551231Ssheldonh ;; 36651231Ssheldonh *) 36751231Ssheldonh echo -n ' tcp extensions=NO' 36851231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 36951231Ssheldonh ;; 37051231Ssheldonh esac 37125184Sjkh 37251231Ssheldonh case ${icmp_bmcastecho} in 37351231Ssheldonh [Yy][Ee][Ss]) 37451231Ssheldonh echo -n ' broadcast ping responses=YES' 37551231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 37651231Ssheldonh ;; 37751231Ssheldonh esac 37845096Simp 37951231Ssheldonh case ${icmp_drop_redirect} in 38051231Ssheldonh [Yy][Ee][Ss]) 38151231Ssheldonh echo -n ' ignore ICMP redirect=YES' 38251231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 38351231Ssheldonh ;; 38451231Ssheldonh esac 38539267Sjkoshy 38651231Ssheldonh case ${icmp_log_redirect} in 38751231Ssheldonh [Yy][Ee][Ss]) 38851231Ssheldonh echo -n ' log ICMP redirect=YES' 38951231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 39051231Ssheldonh ;; 39151231Ssheldonh esac 39233439Sguido 39351231Ssheldonh case ${gateway_enable} in 39451231Ssheldonh [Yy][Ee][Ss]) 39551231Ssheldonh echo -n ' IP gateway=YES' 39651231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 39751231Ssheldonh ;; 39851231Ssheldonh esac 39933439Sguido 40051231Ssheldonh case ${forward_sourceroute} in 40151231Ssheldonh [Yy][Ee][Ss]) 40251231Ssheldonh echo -n ' do source routing=YES' 40351231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 40451231Ssheldonh ;; 40551231Ssheldonh esac 40647752Sphk 40751231Ssheldonh case ${accept_sourceroute} in 40851231Ssheldonh [Yy][Ee][Ss]) 40951231Ssheldonh echo -n ' accept source routing=YES' 41051231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 41151231Ssheldonh ;; 41251231Ssheldonh esac 41351209Sdes 41451231Ssheldonh case ${tcp_keepalive} in 41551231Ssheldonh [Yy][Ee][Ss]) 41651231Ssheldonh echo -n ' TCP keepalive=YES' 41751231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 41851231Ssheldonh ;; 41951231Ssheldonh esac 42051209Sdes 42151231Ssheldonh case ${tcp_drop_synfin} in 42251231Ssheldonh [Yy][Ee][Ss]) 42351231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 42451231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 42551231Ssheldonh ;; 42651231Ssheldonh esac 42736174Sjkh 42851231Ssheldonh case ${ipxgateway_enable} in 42951231Ssheldonh [Yy][Ee][Ss]) 43051231Ssheldonh echo -n ' IPX gateway=YES' 43151231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 43251231Ssheldonh ;; 43351231Ssheldonh esac 43451231Ssheldonh 43551231Ssheldonh case ${arpproxy_all} in 43651231Ssheldonh [Yy][Ee][Ss]) 43751231Ssheldonh echo -n ' ARP proxyall=YES' 43851231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 43951231Ssheldonh ;; 44051231Ssheldonh esac 44161961Sdillon 44261961Sdillon case ${ip_portrange_first} in 44361961Sdillon [Nn][Oo] | '') 44461961Sdillon ;; 44561961Sdillon *) 44667012Sru echo -n " ip_portrange_first=$ip_portrange_first" 44761961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 44861961Sdillon ;; 44961961Sdillon esac 45061961Sdillon 45161961Sdillon case ${ip_portrange_last} in 45261961Sdillon [Nn][Oo] | '') 45364731Sjhb ;; 45461961Sdillon *) 45567012Sru echo -n " ip_portrange_last=$ip_portrange_last" 45661961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 45761961Sdillon ;; 45861961Sdillon esac 45961961Sdillon 46051231Ssheldonh echo '.' 46151231Ssheldonh 46260628Sdillon case ${ipsec_enable} in 46360628Sdillon [Yy][Ee][Ss]) 46460628Sdillon if [ -f ${ipsec_file} ]; then 46560628Sdillon echo ' ipsec: enabled' 46660628Sdillon setkey -f ${ipsec_file} 46760628Sdillon else 46860628Sdillon echo ' ipsec: file not found' 46960628Sdillon fi 47060628Sdillon ;; 47160628Sdillon esac 47260628Sdillon 47370108Sdougb echo -n 'Routing daemons:' 47451231Ssheldonh case ${router_enable} in 47551231Ssheldonh [Yy][Ee][Ss]) 47651231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 47751231Ssheldonh ;; 47851231Ssheldonh esac 47951231Ssheldonh 48051231Ssheldonh case ${ipxrouted_enable} in 48151231Ssheldonh [Yy][Ee][Ss]) 48251231Ssheldonh echo -n ' IPXrouted' 48351231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 48451231Ssheldonh ;; 48551231Ssheldonh esac 48651231Ssheldonh 48751231Ssheldonh case ${mrouted_enable} in 48851231Ssheldonh [Yy][Ee][Ss]) 48951231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 49051231Ssheldonh ;; 49151231Ssheldonh esac 49251231Ssheldonh 49351231Ssheldonh case ${rarpd_enable} in 49451231Ssheldonh [Yy][Ee][Ss]) 49551231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 49651231Ssheldonh ;; 49751231Ssheldonh esac 49851231Ssheldonh echo '.' 49951231Ssheldonh 50051231Ssheldonh # Let future generations know we made it. 50151231Ssheldonh # 50251231Ssheldonh network_pass1_done=YES 50325184Sjkh} 50425184Sjkh 50525184Sjkhnetwork_pass2() { 50651231Ssheldonh echo -n 'Doing additional network setup:' 50751231Ssheldonh case ${named_enable} in 50851231Ssheldonh [Yy][Ee][Ss]) 50951231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 51051231Ssheldonh ;; 51151231Ssheldonh esac 51225184Sjkh 51351231Ssheldonh case ${ntpdate_enable} in 51451231Ssheldonh [Yy][Ee][Ss]) 51551231Ssheldonh echo -n ' ntpdate' 51651231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 51751231Ssheldonh ;; 51851231Ssheldonh esac 51925184Sjkh 52051231Ssheldonh case ${xntpd_enable} in 52151231Ssheldonh [Yy][Ee][Ss]) 52254739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 52351231Ssheldonh ;; 52451231Ssheldonh esac 52525184Sjkh 52651231Ssheldonh case ${timed_enable} in 52751231Ssheldonh [Yy][Ee][Ss]) 52851231Ssheldonh echo -n ' timed'; timed ${timed_flags} 52951231Ssheldonh ;; 53051231Ssheldonh esac 53125184Sjkh 53251231Ssheldonh case ${portmap_enable} in 53351231Ssheldonh [Yy][Ee][Ss]) 53474462Salfred echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 53574462Salfred ${portmap_flags} 53625184Sjkh 53774462Salfred # Start ypserv if we're an NIS server. 53874462Salfred # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 53974462Salfred # 54074462Salfred case ${nis_server_enable} in 54174462Salfred [Yy][Ee][Ss]) 54274462Salfred echo -n ' ypserv'; ypserv ${nis_server_flags} 54325184Sjkh 54474462Salfred case ${nis_ypxfrd_enable} in 54574462Salfred [Yy][Ee][Ss]) 54674462Salfred echo -n ' rpc.ypxfrd' 54774462Salfred rpc.ypxfrd ${nis_ypxfrd_flags} 54874462Salfred ;; 54974462Salfred esac 55074462Salfred 55174462Salfred case ${nis_yppasswdd_enable} in 55274462Salfred [Yy][Ee][Ss]) 55374462Salfred echo -n ' rpc.yppasswdd' 55474462Salfred rpc.yppasswdd ${nis_yppasswdd_flags} 55574462Salfred ;; 55674462Salfred esac 55774462Salfred ;; 55874462Salfred esac 55974462Salfred 56074462Salfred # Start ypbind if we're an NIS client 56174462Salfred # 56274462Salfred case ${nis_client_enable} in 56351231Ssheldonh [Yy][Ee][Ss]) 56474462Salfred echo -n ' ypbind'; ypbind ${nis_client_flags} 56574462Salfred case ${nis_ypset_enable} in 56674462Salfred [Yy][Ee][Ss]) 56774462Salfred echo -n ' ypset'; ypset ${nis_ypset_flags} 56874462Salfred ;; 56974462Salfred esac 57051231Ssheldonh ;; 57151231Ssheldonh esac 57225184Sjkh 57374462Salfred # Start keyserv if we are running Secure RPC 57474462Salfred # 57574462Salfred case ${keyserv_enable} in 57651231Ssheldonh [Yy][Ee][Ss]) 57774462Salfred echo -n ' keyserv'; keyserv ${keyserv_flags} 57851231Ssheldonh ;; 57951231Ssheldonh esac 58035149Smarkm 58174462Salfred # Start ypupdated if we are running Secure RPC 58274462Salfred # and we are NIS master 58374462Salfred # 58474462Salfred case ${rpc_ypupdated_enable} in 58551231Ssheldonh [Yy][Ee][Ss]) 58674462Salfred echo -n ' rpc.ypupdated'; rpc.ypupdated 58751231Ssheldonh ;; 58851231Ssheldonh esac 58951231Ssheldonh ;; 59051231Ssheldonh esac 59140006Sphk 59251231Ssheldonh # Start ATM daemons 59351231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 59451231Ssheldonh atm_pass3 59551231Ssheldonh fi 59651231Ssheldonh 59751231Ssheldonh echo '.' 59851231Ssheldonh network_pass2_done=YES 59925184Sjkh} 60025184Sjkh 60125184Sjkhnetwork_pass3() { 60251231Ssheldonh echo -n 'Starting final network daemons:' 60325184Sjkh 60474462Salfred case ${portmap_enable} in 60551231Ssheldonh [Yy][Ee][Ss]) 60674462Salfred case ${nfs_server_enable} in 60774462Salfred [Yy][Ee][Ss]) 60874462Salfred if [ -r /etc/exports ]; then 60974462Salfred echo -n ' mountd' 61051231Ssheldonh 61174462Salfred case ${weak_mountd_authentication} in 61274462Salfred [Yy][Ee][Ss]) 61374462Salfred mountd_flags="${mountd_flags} -n" 61474462Salfred ;; 61574462Salfred esac 61651231Ssheldonh 61774462Salfred mountd ${mountd_flags} 61851231Ssheldonh 61974462Salfred case ${nfs_reserved_port_only} in 62074462Salfred [Yy][Ee][Ss]) 62174462Salfred echo -n ' NFS on reserved port only=YES' 62283656Speter sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 62374462Salfred ;; 62474462Salfred esac 62551231Ssheldonh 62674462Salfred echo -n ' nfsd'; nfsd ${nfs_server_flags} 62751231Ssheldonh 62874462Salfred case ${rpc_lockd_enable} in 62974462Salfred [Yy][Ee][Ss]) 63074462Salfred echo -n ' rpc.lockd'; rpc.lockd 63174462Salfred ;; 63274462Salfred esac 63374462Salfred 63474462Salfred case ${rpc_statd_enable} in 63574462Salfred [Yy][Ee][Ss]) 63674462Salfred echo -n ' rpc.statd'; rpc.statd 63774462Salfred ;; 63874462Salfred esac 63958710Sdillon fi 64074462Salfred ;; 64174462Salfred *) 64274462Salfred case ${single_mountd_enable} in 64374462Salfred [Yy][Ee][Ss]) 64474462Salfred if [ -r /etc/exports ]; then 64574462Salfred echo -n ' mountd' 64658710Sdillon 64774462Salfred case ${weak_mountd_authentication} in 64874462Salfred [Yy][Ee][Ss]) 64974462Salfred mountd_flags="-n" 65074462Salfred ;; 65174462Salfred esac 65274462Salfred 65374462Salfred mountd ${mountd_flags} 65474462Salfred fi 65551231Ssheldonh ;; 65651231Ssheldonh esac 65774462Salfred ;; 65874462Salfred esac 65951231Ssheldonh 66074462Salfred case ${nfs_client_enable} in 66153158Sache [Yy][Ee][Ss]) 66283656Speter #echo -n ' nfsiod'; nfsiod ${nfs_client_flags} 66383656Speter if [ -n "${nfs_access_cache}" ]; then 66483656Speter echo -n " NFS access cache time=${nfs_access_cache}" 66583656Speter sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 66653158Sache fi 66783656Speter if [ -n "${nfs_bufpackets}" ]; then 66883656Speter sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 66983656Speter fi 67053158Sache ;; 67153158Sache esac 67251231Ssheldonh 67374462Salfred # If /var/db/mounttab exists, some nfs-server has not been 67474462Salfred # sucessfully notified about a previous client shutdown. 67574462Salfred # If there is no /var/db/mounttab, we do nothing. 67674462Salfred if [ -f /var/db/mounttab ]; then 67774462Salfred rpc.umntall -k 67851231Ssheldonh fi 67925184Sjkh 68074462Salfred case ${amd_enable} in 68174462Salfred [Yy][Ee][Ss]) 68274462Salfred echo -n ' amd' 68374462Salfred case ${amd_map_program} in 68474462Salfred [Nn][Oo] | '') 68574462Salfred ;; 68674462Salfred *) 68774462Salfred amd_flags="${amd_flags} `eval\ 68874462Salfred ${amd_map_program}`" 68974462Salfred ;; 69078354Sschweikh esac 69156038Sgreen 69274462Salfred if [ -n "${amd_flags}" ]; then 69374462Salfred amd -p ${amd_flags}\ 69474462Salfred > /var/run/amd.pid 2> /dev/null 69574462Salfred else 69674462Salfred amd 2> /dev/null 69774462Salfred fi 69851231Ssheldonh ;; 69951231Ssheldonh esac 70051231Ssheldonh ;; 70151231Ssheldonh esac 70225184Sjkh 70351231Ssheldonh case ${rwhod_enable} in 70451231Ssheldonh [Yy][Ee][Ss]) 70551231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 70651231Ssheldonh ;; 70751231Ssheldonh esac 70851231Ssheldonh 70980515Smarkm # Kerberos servers run ONLY on the Kerberos server machine 71080515Smarkm case ${kerberos4_server_enable} in 71151231Ssheldonh [Yy][Ee][Ss]) 71251231Ssheldonh case ${kerberos_stash} in 71351231Ssheldonh [Yy][Ee][Ss]) 71480515Smarkm stash=-n 71551231Ssheldonh ;; 71651231Ssheldonh *) 71780515Smarkm stash= 71851231Ssheldonh ;; 71951231Ssheldonh esac 72051231Ssheldonh 72180515Smarkm echo -n ' kerberosIV' 72280515Smarkm ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 72351231Ssheldonh 72480515Smarkm case ${kadmind4_server_enable} in 72551231Ssheldonh [Yy][Ee][Ss]) 72680515Smarkm echo -n ' kadmindIV' 72780515Smarkm ( 72880515Smarkm sleep 20; 72980515Smarkm ${kadmind4_server} ${stash} >/dev/null 2>&1 & 73080515Smarkm ) & 73151231Ssheldonh ;; 73251231Ssheldonh esac 73351231Ssheldonh unset stash_flag 73451231Ssheldonh ;; 73551231Ssheldonh esac 73651231Ssheldonh 73780515Smarkm case ${kerberos5_server_enable} in 73880515Smarkm [Yy][Ee][Ss]) 73980515Smarkm echo -n ' kerberos5' 74080515Smarkm ${kerberos5_server} & 74180515Smarkm 74280515Smarkm case ${kadmind5_server_enable} in 74380515Smarkm [Yy][Ee][Ss]) 74480515Smarkm echo -n ' kadmind5' 74580515Smarkm ${kadmind5_server} & 74680515Smarkm ;; 74780515Smarkm esac 74880515Smarkm ;; 74980515Smarkm esac 75080515Smarkm 75153611Sbrian case ${pppoed_enable} in 75253611Sbrian [Yy][Ee][Ss]) 75353613Sbrian if [ -n "${pppoed_provider}" ]; then 75453611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 75553611Sbrian fi 75653611Sbrian echo -n ' pppoed'; 75753611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 75853611Sbrian ;; 75953611Sbrian esac 76053611Sbrian 76157459Smarkm case ${sshd_enable} in 76257459Smarkm [Yy][Ee][Ss]) 76376820Sobrien if [ ! -f /etc/ssh/ssh_host_key ]; then 76476820Sobrien echo ' creating ssh RSA host key'; 76576820Sobrien /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 76657567Sjkh fi 76760578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 76860578Skris echo ' creating ssh DSA host key'; 76960578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 77060578Skris fi 77160578Skris ;; 77257459Smarkm esac 77357459Smarkm 77451231Ssheldonh echo '.' 77551231Ssheldonh network_pass3_done=YES 77625184Sjkh} 77753314Sache 77853314Sachenetwork_pass4() { 77953314Sache echo -n 'Additional TCP options:' 78053314Sache case ${log_in_vain} in 78153314Sache [Nn][Oo] | '') 78253314Sache ;; 78353314Sache *) 78453314Sache echo -n ' log_in_vain=YES' 78553314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 78653314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 78753314Sache ;; 78853314Sache esac 78953314Sache 79053314Sache echo '.' 79153314Sache network_pass4_done=YES 79253314Sache} 79365532Snectar 79477651Sbriannetwork_gif_setup() { 79577651Sbrian case ${gif_interfaces} in 79677651Sbrian [Nn][Oo] | '') 79777651Sbrian ;; 79877651Sbrian *) 79977651Sbrian for i in ${gif_interfaces}; do 80077651Sbrian eval peers=\$gifconfig_$i 80177651Sbrian case ${peers} in 80277651Sbrian '') 80377651Sbrian continue 80477651Sbrian ;; 80577651Sbrian *) 80683677Sbrooks ifconfig $i create >/dev/null 2>&1 80783677Sbrooks ifconfig $i tunnel ${peers} 80877651Sbrian ;; 80977651Sbrian esac 81077651Sbrian done 81177651Sbrian ;; 81277651Sbrian esac 81377651Sbrian} 81477651Sbrian 81565532Snectarconvert_host_conf() { 81665532Snectar host_conf=$1; shift; 81765532Snectar nsswitch_conf=$1; shift; 81865532Snectar awk ' \ 81965532Snectar /^[:blank:]*#/ { next } \ 82065532Snectar /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 82165532Snectar /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 82265532Snectar /nis/ { nsswitch[c] = "nis"; c++; next } \ 82365532Snectar { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 82465532Snectar END { \ 82565532Snectar printf "hosts: "; \ 82665532Snectar for (i in nsswitch) printf "%s ", nsswitch[i]; \ 82765532Snectar printf "\n"; \ 82865532Snectar }' < $host_conf > $nsswitch_conf 82965532Snectar} 83065532Snectar 831