network.subr revision 85831
125184Sjkh#!/bin/sh - 225184Sjkh# 366830Sobrien# Copyright (c) 1993 The FreeBSD Project 466830Sobrien# All rights reserved. 566830Sobrien# 666830Sobrien# Redistribution and use in source and binary forms, with or without 766830Sobrien# modification, are permitted provided that the following conditions 866830Sobrien# are met: 966830Sobrien# 1. Redistributions of source code must retain the above copyright 1066830Sobrien# notice, this list of conditions and the following disclaimer. 1166830Sobrien# 2. Redistributions in binary form must reproduce the above copyright 1266830Sobrien# notice, this list of conditions and the following disclaimer in the 1366830Sobrien# documentation and/or other materials provided with the distribution. 1466830Sobrien# 1566830Sobrien# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 1666830Sobrien# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 1766830Sobrien# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 1866830Sobrien# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 1966830Sobrien# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 2066830Sobrien# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 2166830Sobrien# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 2266830Sobrien# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 2366830Sobrien# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 2466830Sobrien# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 2566830Sobrien# SUCH DAMAGE. 2666830Sobrien# 2750472Speter# $FreeBSD: head/etc/network.subr 85831 2001-11-01 12:39:01Z des $ 2825184Sjkh# From: @(#)netstart 5.9 (Berkeley) 3/30/91 2966830Sobrien# 3025184Sjkh 3151231Ssheldonh# Note that almost all of the user-configurable behavior is no longer in 3251231Ssheldonh# this file, but rather in /etc/defaults/rc.conf. Please check that file 3325184Sjkh# first before contemplating any changes here. If you do need to change 3425184Sjkh# this file for some reason, we would like to know about it. 3525184Sjkh 3625184Sjkh# First pass startup stuff. 3751231Ssheldonh# 3825184Sjkhnetwork_pass1() { 3951231Ssheldonh echo -n 'Doing initial network setup:' 4025184Sjkh 4185831Sdes # Generate host.conf for compatibility 4285831Sdes # 4385831Sdes if [ -f "/etc/nsswitch.conf" ]; then 4485831Sdes echo '' 4585831Sdes echo 'Generating /etc/host.conf for compatibility' 4685831Sdes generate_host_conf /etc/nsswitch.conf /etc/host.conf 4785831Sdes fi 4885831Sdes 4965532Snectar # Convert host.conf to nsswitch.conf if necessary 5085831Sdes # 5185831Sdes if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then 5270108Sdougb echo '' 5370108Sdougb echo 'Warning: /etc/host.conf is no longer used' 5485831Sdes echo ' /etc/nsswitch.conf will be created for you' 5585831Sdes convert_host_conf /etc/host.conf /etc/nsswitch.conf 5665532Snectar fi 5765532Snectar 5851231Ssheldonh # Set the host name if it is not already set 5951231Ssheldonh # 6051231Ssheldonh if [ -z "`hostname -s`" ]; then 6151231Ssheldonh hostname ${hostname} 6251231Ssheldonh echo -n ' hostname' 6351231Ssheldonh fi 6425184Sjkh 6566745Sdarrenr # Establish ipfilter ruleset as early as possible (best in 6666745Sdarrenr # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) 6766745Sdarrenr # 6880683Sdarrenr if /sbin/ipfstat -i > /dev/null 2>&1; then 6980683Sdarrenr ipfilter_in_kernel=1 7080683Sdarrenr else 7180683Sdarrenr ipfilter_in_kernel=0 7280683Sdarrenr fi 7380683Sdarrenr 7466745Sdarrenr case "${ipfilter_enable}" in 7566745Sdarrenr [Yy][Ee][Ss]) 7680683Sdarrenr if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 7780683Sdarrenr ipfilter_in_kernel=1 7880683Sdarrenr echo "Kernel ipfilter module loaded." 7980683Sdarrenr elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 8080683Sdarrenr echo "Warning: ipfilter kernel module failed to load." 8180683Sdarrenr fi 8280683Sdarrenr 8366745Sdarrenr if [ -r "${ipfilter_rules}" ]; then 8466745Sdarrenr echo -n ' ipfilter'; 8570129Sdougb ${ipfilter_program:-/sbin/ipf -Fa -f} \ 8670129Sdougb "${ipfilter_rules}" ${ipfilter_flags} 8766745Sdarrenr case "${ipmon_enable}" in 8866745Sdarrenr [Yy][Ee][Ss]) 8966745Sdarrenr echo -n ' ipmon' 9070129Sdougb ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} 9166745Sdarrenr ;; 9266745Sdarrenr esac 9385219Sdarrenr case "${ipfs_enable}" in 9485219Sdarrenr [Yy][Ee][Ss]) 9585219Sdarrenr if [ -r "/var/db/ipf/ipstate.ipf" ]; then 9685219Sdarrenr echo -n ' ipfs'; 9785219Sdarrenr eval ${ipfs_program:-/sbin/ipfs -R} \ 9885219Sdarrenr ${ipfs_flags} 9985219Sdarrenr fi 10085219Sdarrenr ;; 10185219Sdarrenr esac 10266745Sdarrenr else 10366745Sdarrenr ipfilter_enable="NO" 10466745Sdarrenr echo -n ' NO IPF RULES' 10566745Sdarrenr fi 10685221Sdarrenr esac 10785221Sdarrenr case "${ipnat_enable}" in 10885221Sdarrenr [Yy][Ee][Ss]) 10985221Sdarrenr if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then 11085221Sdarrenr ipfilter_in_kernel=1 11185221Sdarrenr echo "Kernel ipfilter module loaded." 11285221Sdarrenr elif [ "${ipfilter_in_kernel}" -eq 0 ]; then 11385221Sdarrenr echo "Warning: ipfilter kernel module failed to load." 11485221Sdarrenr fi 11585221Sdarrenr if [ -r "${ipnat_rules}" ]; then 11685221Sdarrenr echo -n ' ipnat'; 11785221Sdarrenr eval ${ipnat_program:-/sbin/ipnat -CF -f} \ 11885221Sdarrenr "${ipnat_rules}" ${ipnat_flags} 11985221Sdarrenr else 12085221Sdarrenr echo -n ' NO IPNAT RULES' 12185221Sdarrenr fi 12266745Sdarrenr ;; 12366745Sdarrenr esac 12466745Sdarrenr 12551231Ssheldonh # Set the domainname if we're using NIS 12651231Ssheldonh # 12751231Ssheldonh case ${nisdomainname} in 12851231Ssheldonh [Nn][Oo] | '') 12951231Ssheldonh ;; 13051231Ssheldonh *) 13151231Ssheldonh domainname ${nisdomainname} 13251231Ssheldonh echo -n ' domain' 13351231Ssheldonh ;; 13451231Ssheldonh esac 13540006Sphk 13651231Ssheldonh echo '.' 13742621Shm 13851231Ssheldonh # Initial ATM interface configuration 13951231Ssheldonh # 14051231Ssheldonh case ${atm_enable} in 14151231Ssheldonh [Yy][Ee][Ss]) 14251231Ssheldonh if [ -r /etc/rc.atm ]; then 14351231Ssheldonh . /etc/rc.atm 14451231Ssheldonh atm_pass1 14551231Ssheldonh fi 14651231Ssheldonh ;; 14751231Ssheldonh esac 14842627Sjoerg 14983677Sbrooks # Attempt to create cloned interfaces. 15083677Sbrooks for ifn in ${cloned_interfaces}; do 15183677Sbrooks ifconfig ${ifn} create 15283677Sbrooks done 15383677Sbrooks 15451231Ssheldonh # Special options for sppp(4) interfaces go here. These need 15551231Ssheldonh # to go _before_ the general ifconfig section, since in the case 15651231Ssheldonh # of hardwired (no link1 flag) but required authentication, you 15751231Ssheldonh # cannot pass auth parameters down to the already running interface. 15851231Ssheldonh # 15951231Ssheldonh for ifn in ${sppp_interfaces}; do 16051231Ssheldonh eval spppcontrol_args=\$spppconfig_${ifn} 16151231Ssheldonh if [ -n "${spppcontrol_args}" ]; then 16251231Ssheldonh # The auth secrets might contain spaces; in order 16351231Ssheldonh # to retain the quotation, we need to eval them 16451231Ssheldonh # here. 16551231Ssheldonh eval spppcontrol ${ifn} ${spppcontrol_args} 16651231Ssheldonh fi 16751231Ssheldonh done 16849122Sbrian 16977651Sbrian # gifconfig 17077651Sbrian network_gif_setup 17177651Sbrian 17251231Ssheldonh # Set up all the network interfaces, calling startup scripts if needed 17351231Ssheldonh # 17451231Ssheldonh case ${network_interfaces} in 17551231Ssheldonh [Aa][Uu][Tt][Oo]) 17651231Ssheldonh network_interfaces="`ifconfig -l`" 17751231Ssheldonh ;; 17883677Sbrooks *) 17983677Sbrooks network_interfaces="${network_interfaces} ${cloned_interfaces}" 18083677Sbrooks ;; 18151231Ssheldonh esac 18249122Sbrian 18354458Sobrien dhcp_interfaces="" 18451231Ssheldonh for ifn in ${network_interfaces}; do 18551231Ssheldonh if [ -r /etc/start_if.${ifn} ]; then 18651231Ssheldonh . /etc/start_if.${ifn} 18754458Sobrien eval showstat_$ifn=1 18851231Ssheldonh fi 18949122Sbrian 19051231Ssheldonh # Do the primary ifconfig if specified 19151231Ssheldonh # 19251231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn} 19329300Sdanny 19451231Ssheldonh case ${ifconfig_args} in 19551231Ssheldonh '') 19651231Ssheldonh ;; 19751231Ssheldonh [Dd][Hh][Cc][Pp]) 19854458Sobrien # DHCP inits are done all in one go below 19954458Sobrien dhcp_interfaces="$dhcp_interfaces $ifn" 20054458Sobrien eval showstat_$ifn=1 20151231Ssheldonh ;; 20251231Ssheldonh *) 20351231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 20454458Sobrien eval showstat_$ifn=1 20551231Ssheldonh ;; 20651231Ssheldonh esac 20754458Sobrien done 20851231Ssheldonh 20954458Sobrien if [ ! -z "${dhcp_interfaces}" ]; then 21054458Sobrien ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} 21154458Sobrien fi 21254458Sobrien 21354458Sobrien for ifn in ${network_interfaces}; do 21451231Ssheldonh # Check to see if aliases need to be added 21551231Ssheldonh # 21651231Ssheldonh alias=0 21751231Ssheldonh while : ; do 21851231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} 21951231Ssheldonh if [ -n "${ifconfig_args}" ]; then 22051231Ssheldonh ifconfig ${ifn} ${ifconfig_args} alias 22154458Sobrien eval showstat_$ifn=1 22251231Ssheldonh alias=`expr ${alias} + 1` 22351231Ssheldonh else 22451231Ssheldonh break; 22551231Ssheldonh fi 22651231Ssheldonh done 22751231Ssheldonh 22851231Ssheldonh # Do ipx address if specified 22951231Ssheldonh # 23051231Ssheldonh eval ifconfig_args=\$ifconfig_${ifn}_ipx 23151231Ssheldonh if [ -n "${ifconfig_args}" ]; then 23251231Ssheldonh ifconfig ${ifn} ${ifconfig_args} 23354458Sobrien eval showstat_$ifn=1 23451231Ssheldonh fi 23554458Sobrien done 23651231Ssheldonh 23754458Sobrien for ifn in ${network_interfaces}; do 23854458Sobrien eval showstat=\$showstat_${ifn} 23954458Sobrien if [ ! -z ${showstat} ]; then 24051231Ssheldonh ifconfig ${ifn} 24154458Sobrien fi 24251231Ssheldonh done 24351231Ssheldonh 24457012Shm # ISDN subsystem startup 24557012Shm # 24657012Shm case ${isdn_enable} in 24757012Shm [Yy][Ee][Ss]) 24857012Shm if [ -r /etc/rc.isdn ]; then 24957012Shm . /etc/rc.isdn 25057012Shm fi 25157012Shm ;; 25257012Shm esac 25357012Shm 25464471Sbrian # Start user ppp if required. This must happen before natd. 25551231Ssheldonh # 25651231Ssheldonh case ${ppp_enable} in 25751231Ssheldonh [Yy][Ee][Ss]) 25851231Ssheldonh # Establish ppp mode. 25951231Ssheldonh # 26051231Ssheldonh if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ 26151231Ssheldonh -a "${ppp_mode}" != "dedicated" \ 26251231Ssheldonh -a "${ppp_mode}" != "background" ]; then 26364471Sbrian ppp_mode="auto" 26451231Ssheldonh fi 26551231Ssheldonh 26664471Sbrian ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" 26751231Ssheldonh 26864471Sbrian # Switch on NAT mode? 26951231Ssheldonh # 27051231Ssheldonh case ${ppp_nat} in 27151231Ssheldonh [Yy][Ee][Ss]) 27264471Sbrian ppp_command="${ppp_command} -nat" 27351231Ssheldonh ;; 27451231Ssheldonh esac 27551231Ssheldonh 27664471Sbrian ppp_command="${ppp_command} ${ppp_profile}" 27764471Sbrian 27877992Sbrian echo "Starting ppp as \"${ppp_user}\"" 27966422Sbrian su -m ${ppp_user} -c "exec ${ppp_command}" 28051231Ssheldonh ;; 28151231Ssheldonh esac 28251231Ssheldonh 28385222Sdarrenr # Re-Sync ipfilter 28485222Sdarrenr # 28585222Sdarrenr case ${ipfilter_enable} in 28685222Sdarrenr [Yy][Ee][Ss]) 28785222Sdarrenr ${ipfilter_program:-/sbin/ipf -y} 28885222Sdarrenr ;; 28985222Sdarrenr *) 29085222Sdarrenr case ${ipnat_enable} in 29185222Sdarrenr [Yy][Ee][Ss]) 29285222Sdarrenr ${ipfilter_program:-/sbin/ipf -y} 29385222Sdarrenr ;; 29485222Sdarrenr esac 29585222Sdarrenr esac 29685222Sdarrenr 29751231Ssheldonh # Initialize IP filtering using ipfw 29851231Ssheldonh # 29951231Ssheldonh if /sbin/ipfw -q flush > /dev/null 2>&1; then 30051231Ssheldonh firewall_in_kernel=1 30129300Sdanny else 30251231Ssheldonh firewall_in_kernel=0 30329300Sdanny fi 30429300Sdanny 30551231Ssheldonh case ${firewall_enable} in 30651231Ssheldonh [Yy][Ee][Ss]) 30751231Ssheldonh if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then 30851231Ssheldonh firewall_in_kernel=1 30970108Sdougb echo 'Kernel firewall module loaded' 31051231Ssheldonh elif [ "${firewall_in_kernel}" -eq 0 ]; then 31170108Sdougb echo 'Warning: firewall kernel module failed to load' 31251231Ssheldonh fi 31351231Ssheldonh ;; 31451231Ssheldonh esac 31544992Sbrian 31651231Ssheldonh # Load the filters if required 31751231Ssheldonh # 31851231Ssheldonh case ${firewall_in_kernel} in 31951231Ssheldonh 1) 32051231Ssheldonh if [ -z "${firewall_script}" ]; then 32151231Ssheldonh firewall_script=/etc/rc.firewall 32244992Sbrian fi 32351231Ssheldonh 32451231Ssheldonh case ${firewall_enable} in 32551231Ssheldonh [Yy][Ee][Ss]) 32651426Sgreen if [ -r "${firewall_script}" ]; then 32751426Sgreen . "${firewall_script}" 32851231Ssheldonh echo -n 'Firewall rules loaded, starting divert daemons:' 32951231Ssheldonh 33051231Ssheldonh # Network Address Translation daemon 33151231Ssheldonh # 33251231Ssheldonh case ${natd_enable} in 33351231Ssheldonh [Yy][Ee][Ss]) 33451231Ssheldonh if [ -n "${natd_interface}" ]; then 33551231Ssheldonh if echo ${natd_interface} | \ 33651231Ssheldonh grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then 33751231Ssheldonh natd_ifarg="-a ${natd_interface}" 33851231Ssheldonh else 33951231Ssheldonh natd_ifarg="-n ${natd_interface}" 34051231Ssheldonh fi 34151231Ssheldonh 34251231Ssheldonh echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} 34351231Ssheldonh fi 34451231Ssheldonh ;; 34551231Ssheldonh esac 34651231Ssheldonh 34751231Ssheldonh echo '.' 34851231Ssheldonh 34951231Ssheldonh elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then 35070108Sdougb echo 'Warning: kernel has firewall functionality,' \ 35170108Sdougb 'but firewall rules are not enabled.' 35270108Sdougb echo ' All ip services are disabled.' 35351231Ssheldonh fi 35460103Sache 35560103Sache case ${firewall_logging} in 35660103Sache [Yy][Ee][Ss] | '') 35760103Sache echo 'Firewall logging=YES' 35860103Sache sysctl -w net.inet.ip.fw.verbose=1 >/dev/null 35960103Sache ;; 36060103Sache *) 36160103Sache ;; 36260103Sache esac 36360103Sache 36451231Ssheldonh ;; 36551231Ssheldonh esac 36651231Ssheldonh ;; 36751231Ssheldonh esac 36851231Ssheldonh 36951231Ssheldonh # Additional ATM interface configuration 37051231Ssheldonh # 37151231Ssheldonh if [ -n "${atm_pass1_done}" ]; then 37251231Ssheldonh atm_pass2 37329300Sdanny fi 37425184Sjkh 37551231Ssheldonh # Configure routing 37651231Ssheldonh # 37751231Ssheldonh case ${defaultrouter} in 37851231Ssheldonh [Nn][Oo] | '') 37951231Ssheldonh ;; 38051231Ssheldonh *) 38151231Ssheldonh static_routes="default ${static_routes}" 38251231Ssheldonh route_default="default ${defaultrouter}" 38351231Ssheldonh ;; 38451231Ssheldonh esac 38540006Sphk 38651231Ssheldonh # Set up any static routes. This should be done before router discovery. 38751231Ssheldonh # 38851231Ssheldonh if [ -n "${static_routes}" ]; then 38951231Ssheldonh for i in ${static_routes}; do 39051231Ssheldonh eval route_args=\$route_${i} 39151231Ssheldonh route add ${route_args} 39251231Ssheldonh done 39351231Ssheldonh fi 39429300Sdanny 39551231Ssheldonh echo -n 'Additional routing options:' 39651231Ssheldonh case ${tcp_extensions} in 39751231Ssheldonh [Yy][Ee][Ss] | '') 39851231Ssheldonh ;; 39951231Ssheldonh *) 40051231Ssheldonh echo -n ' tcp extensions=NO' 40151231Ssheldonh sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 40251231Ssheldonh ;; 40351231Ssheldonh esac 40425184Sjkh 40551231Ssheldonh case ${icmp_bmcastecho} in 40651231Ssheldonh [Yy][Ee][Ss]) 40751231Ssheldonh echo -n ' broadcast ping responses=YES' 40851231Ssheldonh sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 40951231Ssheldonh ;; 41051231Ssheldonh esac 41145096Simp 41251231Ssheldonh case ${icmp_drop_redirect} in 41351231Ssheldonh [Yy][Ee][Ss]) 41451231Ssheldonh echo -n ' ignore ICMP redirect=YES' 41551231Ssheldonh sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null 41651231Ssheldonh ;; 41751231Ssheldonh esac 41839267Sjkoshy 41951231Ssheldonh case ${icmp_log_redirect} in 42051231Ssheldonh [Yy][Ee][Ss]) 42151231Ssheldonh echo -n ' log ICMP redirect=YES' 42251231Ssheldonh sysctl -w net.inet.icmp.log_redirect=1 >/dev/null 42351231Ssheldonh ;; 42451231Ssheldonh esac 42533439Sguido 42651231Ssheldonh case ${gateway_enable} in 42751231Ssheldonh [Yy][Ee][Ss]) 42851231Ssheldonh echo -n ' IP gateway=YES' 42951231Ssheldonh sysctl -w net.inet.ip.forwarding=1 >/dev/null 43051231Ssheldonh ;; 43151231Ssheldonh esac 43233439Sguido 43351231Ssheldonh case ${forward_sourceroute} in 43451231Ssheldonh [Yy][Ee][Ss]) 43551231Ssheldonh echo -n ' do source routing=YES' 43651231Ssheldonh sysctl -w net.inet.ip.sourceroute=1 >/dev/null 43751231Ssheldonh ;; 43851231Ssheldonh esac 43947752Sphk 44051231Ssheldonh case ${accept_sourceroute} in 44151231Ssheldonh [Yy][Ee][Ss]) 44251231Ssheldonh echo -n ' accept source routing=YES' 44351231Ssheldonh sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 44451231Ssheldonh ;; 44551231Ssheldonh esac 44651209Sdes 44751231Ssheldonh case ${tcp_keepalive} in 44851231Ssheldonh [Yy][Ee][Ss]) 44951231Ssheldonh echo -n ' TCP keepalive=YES' 45051231Ssheldonh sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null 45151231Ssheldonh ;; 45251231Ssheldonh esac 45351209Sdes 45451231Ssheldonh case ${tcp_drop_synfin} in 45551231Ssheldonh [Yy][Ee][Ss]) 45651231Ssheldonh echo -n ' drop SYN+FIN packets=YES' 45751231Ssheldonh sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null 45851231Ssheldonh ;; 45951231Ssheldonh esac 46036174Sjkh 46151231Ssheldonh case ${ipxgateway_enable} in 46251231Ssheldonh [Yy][Ee][Ss]) 46351231Ssheldonh echo -n ' IPX gateway=YES' 46451231Ssheldonh sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 46551231Ssheldonh ;; 46651231Ssheldonh esac 46751231Ssheldonh 46851231Ssheldonh case ${arpproxy_all} in 46951231Ssheldonh [Yy][Ee][Ss]) 47051231Ssheldonh echo -n ' ARP proxyall=YES' 47151231Ssheldonh sysctl -w net.link.ether.inet.proxyall=1 >/dev/null 47251231Ssheldonh ;; 47351231Ssheldonh esac 47461961Sdillon 47561961Sdillon case ${ip_portrange_first} in 47661961Sdillon [Nn][Oo] | '') 47761961Sdillon ;; 47861961Sdillon *) 47967012Sru echo -n " ip_portrange_first=$ip_portrange_first" 48061961Sdillon sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 48161961Sdillon ;; 48261961Sdillon esac 48361961Sdillon 48461961Sdillon case ${ip_portrange_last} in 48561961Sdillon [Nn][Oo] | '') 48664731Sjhb ;; 48761961Sdillon *) 48867012Sru echo -n " ip_portrange_last=$ip_portrange_last" 48961961Sdillon sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 49061961Sdillon ;; 49161961Sdillon esac 49261961Sdillon 49351231Ssheldonh echo '.' 49451231Ssheldonh 49560628Sdillon case ${ipsec_enable} in 49660628Sdillon [Yy][Ee][Ss]) 49760628Sdillon if [ -f ${ipsec_file} ]; then 49860628Sdillon echo ' ipsec: enabled' 49960628Sdillon setkey -f ${ipsec_file} 50060628Sdillon else 50160628Sdillon echo ' ipsec: file not found' 50260628Sdillon fi 50360628Sdillon ;; 50460628Sdillon esac 50560628Sdillon 50670108Sdougb echo -n 'Routing daemons:' 50751231Ssheldonh case ${router_enable} in 50851231Ssheldonh [Yy][Ee][Ss]) 50951231Ssheldonh echo -n " ${router}"; ${router} ${router_flags} 51051231Ssheldonh ;; 51151231Ssheldonh esac 51251231Ssheldonh 51351231Ssheldonh case ${ipxrouted_enable} in 51451231Ssheldonh [Yy][Ee][Ss]) 51551231Ssheldonh echo -n ' IPXrouted' 51651231Ssheldonh IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 51751231Ssheldonh ;; 51851231Ssheldonh esac 51951231Ssheldonh 52051231Ssheldonh case ${mrouted_enable} in 52151231Ssheldonh [Yy][Ee][Ss]) 52251231Ssheldonh echo -n ' mrouted'; mrouted ${mrouted_flags} 52351231Ssheldonh ;; 52451231Ssheldonh esac 52551231Ssheldonh 52651231Ssheldonh case ${rarpd_enable} in 52751231Ssheldonh [Yy][Ee][Ss]) 52851231Ssheldonh echo -n ' rarpd'; rarpd ${rarpd_flags} 52951231Ssheldonh ;; 53051231Ssheldonh esac 53151231Ssheldonh echo '.' 53251231Ssheldonh 53351231Ssheldonh # Let future generations know we made it. 53451231Ssheldonh # 53551231Ssheldonh network_pass1_done=YES 53625184Sjkh} 53725184Sjkh 53825184Sjkhnetwork_pass2() { 53951231Ssheldonh echo -n 'Doing additional network setup:' 54051231Ssheldonh case ${named_enable} in 54151231Ssheldonh [Yy][Ee][Ss]) 54251231Ssheldonh echo -n ' named'; ${named_program:-named} ${named_flags} 54351231Ssheldonh ;; 54451231Ssheldonh esac 54525184Sjkh 54651231Ssheldonh case ${ntpdate_enable} in 54751231Ssheldonh [Yy][Ee][Ss]) 54851231Ssheldonh echo -n ' ntpdate' 54951231Ssheldonh ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 55051231Ssheldonh ;; 55151231Ssheldonh esac 55225184Sjkh 55351231Ssheldonh case ${xntpd_enable} in 55451231Ssheldonh [Yy][Ee][Ss]) 55554739Sroberto echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} 55651231Ssheldonh ;; 55751231Ssheldonh esac 55825184Sjkh 55951231Ssheldonh case ${timed_enable} in 56051231Ssheldonh [Yy][Ee][Ss]) 56151231Ssheldonh echo -n ' timed'; timed ${timed_flags} 56251231Ssheldonh ;; 56351231Ssheldonh esac 56425184Sjkh 56551231Ssheldonh case ${portmap_enable} in 56651231Ssheldonh [Yy][Ee][Ss]) 56774462Salfred echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \ 56874462Salfred ${portmap_flags} 56925184Sjkh 57074462Salfred # Start ypserv if we're an NIS server. 57174462Salfred # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. 57274462Salfred # 57374462Salfred case ${nis_server_enable} in 57474462Salfred [Yy][Ee][Ss]) 57574462Salfred echo -n ' ypserv'; ypserv ${nis_server_flags} 57625184Sjkh 57774462Salfred case ${nis_ypxfrd_enable} in 57874462Salfred [Yy][Ee][Ss]) 57974462Salfred echo -n ' rpc.ypxfrd' 58074462Salfred rpc.ypxfrd ${nis_ypxfrd_flags} 58174462Salfred ;; 58274462Salfred esac 58374462Salfred 58474462Salfred case ${nis_yppasswdd_enable} in 58574462Salfred [Yy][Ee][Ss]) 58674462Salfred echo -n ' rpc.yppasswdd' 58774462Salfred rpc.yppasswdd ${nis_yppasswdd_flags} 58874462Salfred ;; 58974462Salfred esac 59074462Salfred ;; 59174462Salfred esac 59274462Salfred 59374462Salfred # Start ypbind if we're an NIS client 59474462Salfred # 59574462Salfred case ${nis_client_enable} in 59651231Ssheldonh [Yy][Ee][Ss]) 59774462Salfred echo -n ' ypbind'; ypbind ${nis_client_flags} 59874462Salfred case ${nis_ypset_enable} in 59974462Salfred [Yy][Ee][Ss]) 60074462Salfred echo -n ' ypset'; ypset ${nis_ypset_flags} 60174462Salfred ;; 60274462Salfred esac 60351231Ssheldonh ;; 60451231Ssheldonh esac 60525184Sjkh 60674462Salfred # Start keyserv if we are running Secure RPC 60774462Salfred # 60874462Salfred case ${keyserv_enable} in 60951231Ssheldonh [Yy][Ee][Ss]) 61074462Salfred echo -n ' keyserv'; keyserv ${keyserv_flags} 61151231Ssheldonh ;; 61251231Ssheldonh esac 61335149Smarkm 61474462Salfred # Start ypupdated if we are running Secure RPC 61574462Salfred # and we are NIS master 61674462Salfred # 61774462Salfred case ${rpc_ypupdated_enable} in 61851231Ssheldonh [Yy][Ee][Ss]) 61974462Salfred echo -n ' rpc.ypupdated'; rpc.ypupdated 62051231Ssheldonh ;; 62151231Ssheldonh esac 62251231Ssheldonh ;; 62351231Ssheldonh esac 62440006Sphk 62551231Ssheldonh # Start ATM daemons 62651231Ssheldonh if [ -n "${atm_pass2_done}" ]; then 62751231Ssheldonh atm_pass3 62851231Ssheldonh fi 62951231Ssheldonh 63051231Ssheldonh echo '.' 63151231Ssheldonh network_pass2_done=YES 63225184Sjkh} 63325184Sjkh 63425184Sjkhnetwork_pass3() { 63551231Ssheldonh echo -n 'Starting final network daemons:' 63625184Sjkh 63774462Salfred case ${portmap_enable} in 63851231Ssheldonh [Yy][Ee][Ss]) 63974462Salfred case ${nfs_server_enable} in 64074462Salfred [Yy][Ee][Ss]) 64185136Sdougb # Handle absent nfs server support 64285136Sdougb nfsserver_in_kernel=0 64385136Sdougb if sysctl vfs.nfsrv >/dev/null 2>&1; then 64485136Sdougb nfsserver_in_kernel=1 64585136Sdougb else 64685136Sdougb kldload nfsserver && nfsserver_in_kernel=1 64785136Sdougb fi 64885136Sdougb 64985136Sdougb if [ -r /etc/exports -a \ 65085136Sdougb ${nfsserver_in_kernel} -eq 1 ]; then 65174462Salfred echo -n ' mountd' 65251231Ssheldonh 65374462Salfred case ${weak_mountd_authentication} in 65474462Salfred [Yy][Ee][Ss]) 65574462Salfred mountd_flags="${mountd_flags} -n" 65674462Salfred ;; 65774462Salfred esac 65851231Ssheldonh 65974462Salfred mountd ${mountd_flags} 66051231Ssheldonh 66174462Salfred case ${nfs_reserved_port_only} in 66274462Salfred [Yy][Ee][Ss]) 66374462Salfred echo -n ' NFS on reserved port only=YES' 66483656Speter sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null 66574462Salfred ;; 66674462Salfred esac 66751231Ssheldonh 66874462Salfred echo -n ' nfsd'; nfsd ${nfs_server_flags} 66951231Ssheldonh 67074462Salfred case ${rpc_lockd_enable} in 67174462Salfred [Yy][Ee][Ss]) 67274462Salfred echo -n ' rpc.lockd'; rpc.lockd 67374462Salfred ;; 67474462Salfred esac 67574462Salfred 67674462Salfred case ${rpc_statd_enable} in 67774462Salfred [Yy][Ee][Ss]) 67874462Salfred echo -n ' rpc.statd'; rpc.statd 67974462Salfred ;; 68074462Salfred esac 68185136Sdougb else 68285136Sdougb echo -n ' Warning: nfs server failed' 68358710Sdillon fi 68474462Salfred ;; 68574462Salfred *) 68674462Salfred case ${single_mountd_enable} in 68774462Salfred [Yy][Ee][Ss]) 68874462Salfred if [ -r /etc/exports ]; then 68974462Salfred echo -n ' mountd' 69058710Sdillon 69174462Salfred case ${weak_mountd_authentication} in 69274462Salfred [Yy][Ee][Ss]) 69374462Salfred mountd_flags="-n" 69474462Salfred ;; 69574462Salfred esac 69674462Salfred 69774462Salfred mountd ${mountd_flags} 69874462Salfred fi 69951231Ssheldonh ;; 70051231Ssheldonh esac 70174462Salfred ;; 70274462Salfred esac 70351231Ssheldonh 70474462Salfred case ${nfs_client_enable} in 70553158Sache [Yy][Ee][Ss]) 70683656Speter if [ -n "${nfs_access_cache}" ]; then 70783656Speter echo -n " NFS access cache time=${nfs_access_cache}" 70883656Speter sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null 70953158Sache fi 71083656Speter if [ -n "${nfs_bufpackets}" ]; then 71183656Speter sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null 71283656Speter fi 71353158Sache ;; 71453158Sache esac 71551231Ssheldonh 71674462Salfred # If /var/db/mounttab exists, some nfs-server has not been 71774462Salfred # sucessfully notified about a previous client shutdown. 71874462Salfred # If there is no /var/db/mounttab, we do nothing. 71974462Salfred if [ -f /var/db/mounttab ]; then 72074462Salfred rpc.umntall -k 72151231Ssheldonh fi 72225184Sjkh 72374462Salfred case ${amd_enable} in 72474462Salfred [Yy][Ee][Ss]) 72574462Salfred echo -n ' amd' 72674462Salfred case ${amd_map_program} in 72774462Salfred [Nn][Oo] | '') 72874462Salfred ;; 72974462Salfred *) 73074462Salfred amd_flags="${amd_flags} `eval\ 73174462Salfred ${amd_map_program}`" 73274462Salfred ;; 73378354Sschweikh esac 73456038Sgreen 73574462Salfred if [ -n "${amd_flags}" ]; then 73674462Salfred amd -p ${amd_flags}\ 73774462Salfred > /var/run/amd.pid 2> /dev/null 73874462Salfred else 73974462Salfred amd 2> /dev/null 74074462Salfred fi 74151231Ssheldonh ;; 74251231Ssheldonh esac 74351231Ssheldonh ;; 74451231Ssheldonh esac 74525184Sjkh 74651231Ssheldonh case ${rwhod_enable} in 74751231Ssheldonh [Yy][Ee][Ss]) 74851231Ssheldonh echo -n ' rwhod'; rwhod ${rwhod_flags} 74951231Ssheldonh ;; 75051231Ssheldonh esac 75151231Ssheldonh 75280515Smarkm # Kerberos servers run ONLY on the Kerberos server machine 75380515Smarkm case ${kerberos4_server_enable} in 75451231Ssheldonh [Yy][Ee][Ss]) 75551231Ssheldonh case ${kerberos_stash} in 75651231Ssheldonh [Yy][Ee][Ss]) 75780515Smarkm stash=-n 75851231Ssheldonh ;; 75951231Ssheldonh *) 76080515Smarkm stash= 76151231Ssheldonh ;; 76251231Ssheldonh esac 76351231Ssheldonh 76480515Smarkm echo -n ' kerberosIV' 76580515Smarkm ${kerberos4_server} ${stash} >> /var/log/kerberos.log & 76651231Ssheldonh 76780515Smarkm case ${kadmind4_server_enable} in 76851231Ssheldonh [Yy][Ee][Ss]) 76980515Smarkm echo -n ' kadmindIV' 77080515Smarkm ( 77180515Smarkm sleep 20; 77280515Smarkm ${kadmind4_server} ${stash} >/dev/null 2>&1 & 77380515Smarkm ) & 77451231Ssheldonh ;; 77551231Ssheldonh esac 77651231Ssheldonh unset stash_flag 77751231Ssheldonh ;; 77851231Ssheldonh esac 77951231Ssheldonh 78080515Smarkm case ${kerberos5_server_enable} in 78180515Smarkm [Yy][Ee][Ss]) 78280515Smarkm echo -n ' kerberos5' 78380515Smarkm ${kerberos5_server} & 78480515Smarkm 78580515Smarkm case ${kadmind5_server_enable} in 78680515Smarkm [Yy][Ee][Ss]) 78780515Smarkm echo -n ' kadmind5' 78880515Smarkm ${kadmind5_server} & 78980515Smarkm ;; 79080515Smarkm esac 79180515Smarkm ;; 79280515Smarkm esac 79380515Smarkm 79453611Sbrian case ${pppoed_enable} in 79553611Sbrian [Yy][Ee][Ss]) 79653613Sbrian if [ -n "${pppoed_provider}" ]; then 79753611Sbrian pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" 79853611Sbrian fi 79953611Sbrian echo -n ' pppoed'; 80053611Sbrian /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} 80153611Sbrian ;; 80253611Sbrian esac 80353611Sbrian 80457459Smarkm case ${sshd_enable} in 80557459Smarkm [Yy][Ee][Ss]) 80676820Sobrien if [ ! -f /etc/ssh/ssh_host_key ]; then 80776820Sobrien echo ' creating ssh RSA host key'; 80876820Sobrien /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key 80957567Sjkh fi 81060578Skris if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then 81160578Skris echo ' creating ssh DSA host key'; 81260578Skris /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key 81360578Skris fi 81460578Skris ;; 81557459Smarkm esac 81657459Smarkm 81751231Ssheldonh echo '.' 81851231Ssheldonh network_pass3_done=YES 81925184Sjkh} 82053314Sache 82153314Sachenetwork_pass4() { 82253314Sache echo -n 'Additional TCP options:' 82353314Sache case ${log_in_vain} in 82453314Sache [Nn][Oo] | '') 82553314Sache ;; 82653314Sache *) 82753314Sache echo -n ' log_in_vain=YES' 82853314Sache sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null 82953314Sache sysctl -w net.inet.udp.log_in_vain=1 >/dev/null 83053314Sache ;; 83153314Sache esac 83253314Sache 83353314Sache echo '.' 83453314Sache network_pass4_done=YES 83553314Sache} 83665532Snectar 83777651Sbriannetwork_gif_setup() { 83877651Sbrian case ${gif_interfaces} in 83977651Sbrian [Nn][Oo] | '') 84077651Sbrian ;; 84177651Sbrian *) 84277651Sbrian for i in ${gif_interfaces}; do 84377651Sbrian eval peers=\$gifconfig_$i 84477651Sbrian case ${peers} in 84577651Sbrian '') 84677651Sbrian continue 84777651Sbrian ;; 84877651Sbrian *) 84983677Sbrooks ifconfig $i create >/dev/null 2>&1 85083677Sbrooks ifconfig $i tunnel ${peers} 85177651Sbrian ;; 85277651Sbrian esac 85377651Sbrian done 85477651Sbrian ;; 85577651Sbrian esac 85677651Sbrian} 85777651Sbrian 85865532Snectarconvert_host_conf() { 85965532Snectar host_conf=$1; shift; 86065532Snectar nsswitch_conf=$1; shift; 86165532Snectar awk ' \ 86265532Snectar /^[:blank:]*#/ { next } \ 86365532Snectar /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \ 86465532Snectar /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \ 86565532Snectar /nis/ { nsswitch[c] = "nis"; c++; next } \ 86665532Snectar { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \ 86765532Snectar END { \ 86865532Snectar printf "hosts: "; \ 86965532Snectar for (i in nsswitch) printf "%s ", nsswitch[i]; \ 87065532Snectar printf "\n"; \ 87165532Snectar }' < $host_conf > $nsswitch_conf 87265532Snectar} 87365532Snectar 87485831Sdesgenerate_host_conf() { 87585831Sdes nsswitch_conf=$1; shift; 87685831Sdes host_conf=$1; shift; 87785831Sdes 87885831Sdes awk ' 87985831SdesBEGIN { 88085831Sdes xlat["files"] = "hosts"; 88185831Sdes xlat["dns"] = "bind"; 88285831Sdes xlat["nis"] = "nis"; 88385831Sdes} 88485831Sdes/^hosts:/ { 88585831Sdes print "# Auto-generated, do not edit"; 88685831Sdes for (n = 2; n <= NF; ++n) 88785831Sdes if ($n in xlat) 88885831Sdes print xlat[$n]; 88985831Sdes quit; 89085831Sdes} 89185831Sdes// { 89285831Sdes next; 89385831Sdes} 89485831Sdes' <$nsswitch_conf >$host_conf 89585831Sdes} 896