etc/rc.d/netoptions

100280Sgordon#!/bin/sh
25184Sjkh#
50472Speter# $FreeBSD$
66830Sobrien#
25184Sjkh
117019Smtm# PROVIDE: netoptions
169215Smtm# REQUIRE: FILESYSTEMS
197143Shrs# BEFORE: netif
136224Smtm# KEYWORD: nojail
25184Sjkh
100280Sgordon. /etc/rc.subr
197646Sume. /etc/network.subr
25184Sjkh
197143Shrsname="netoptions"
197143Shrsstart_cmd="netoptions_start"
197143Shrsstop_cmd=:
197143Shrs
179940Smtm_netoptions_initdone=
179940Smtmnetoptions_init()
179940Smtm{
179940Smtm	if [ -z "${_netoptions_initdone}" ]; then
179940Smtm		echo -n 'Additional TCP/IP options:'
179940Smtm		_netoptions_initdone=yes
179940Smtm	fi
179940Smtm}
179940Smtm
197143Shrsnetoptions_start()
197143Shrs{
197698Shrs	local _af
197698Shrs
197698Shrs	for _af in inet inet6; do
197698Shrs		afexists ${_af} && eval netoptions_${_af}
197698Shrs	done
197698Shrs	[ -n "${_netoptions_initdone}" ] && echo '.'
197698Shrs}
197698Shrs
197698Shrsnetoptions_inet()
197698Shrs{
197702Shrs	case ${log_in_vain} in
197702Shrs	[12])
197143Shrs		netoptions_init
197143Shrs		echo -n " log_in_vain=${log_in_vain}"
220153Semaste		${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null
220153Semaste		${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null
197702Shrs		;;
197702Shrs	*)
220153Semaste		${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null
220153Semaste		${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null
197702Shrs		;;
197702Shrs	esac
85831Sdes
197143Shrs	if checkyesno tcp_extensions; then
220153Semaste		${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null
197698Shrs	else
197143Shrs		netoptions_init
198383Shrs		echo -n " rfc1323 extensions=${tcp_extensions}"
220153Semaste		${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null
197143Shrs	fi
65532Snectar
197698Shrs	if checkyesno tcp_keepalive; then
220153Semaste		${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null
197698Shrs	else
197143Shrs		netoptions_init
198383Shrs		echo -n " TCP keepalive=${tcp_keepalive}"
220153Semaste		${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null
197143Shrs	fi
169217Smtm
197143Shrs	if checkyesno tcp_drop_synfin; then
197143Shrs		netoptions_init
198383Shrs		echo -n " drop SYN+FIN packets=${tcp_drop_synfin}"
220153Semaste		${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null
197698Shrs	else
220153Semaste		${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null
197143Shrs	fi
169217Smtm
197143Shrs	case ${ip_portrange_first} in
197143Shrs	[0-9]*)
197143Shrs		netoptions_init
197143Shrs		echo -n " ip_portrange_first=$ip_portrange_first"
220153Semaste		${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
197143Shrs		;;
197143Shrs	esac
169217Smtm
197143Shrs	case ${ip_portrange_last} in
197143Shrs	[0-9]*)
197143Shrs		netoptions_init
197143Shrs		echo -n " ip_portrange_last=$ip_portrange_last"
220153Semaste		${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
197143Shrs		;;
197143Shrs	esac
197698Shrs}
169217Smtm
197698Shrsnetoptions_inet6()
197698Shrs{
197698Shrs	if checkyesno ipv6_ipv4mapping; then
197698Shrs		netoptions_init
197698Shrs		echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}"
220153Semaste		${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null
197698Shrs	else
220153Semaste		${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null
197143Shrs	fi
212576Shrs
212576Shrs	if checkyesno ipv6_privacy; then
212576Shrs		netoptions_init
212576Shrs		echo -n " IPv6 Privacy Addresses"
220153Semaste		${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null
220153Semaste		${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
212576Shrs	fi
225521Shrs
225521Shrs	case $ipv6_cpe_wanif in
225521Shrs	""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
225521Shrs		${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null
225521Shrs		${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null
225521Shrs	;;
225521Shrs	*)
225521Shrs		netoptions_init
225521Shrs		echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}"
225521Shrs		${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null
225521Shrs		${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null
225521Shrs	;;
225521Shrs	esac
197143Shrs}
169217Smtm
197143Shrsload_rc_config $name
197143Shrsrun_rc_command $1