4 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
6 # Note that almost all of the user-configurable behavior is no longer in
7 # this file, but rather in /etc/defaults/rc.conf. Please check that file
8 # first before contemplating any changes here. If you do need to change
9 # this file for some reason, we would like to know about it.
11 # First pass startup stuff.
14 echo -n 'Doing initial network setup:'
16 # Set the host name if it is not already set
18 if [ -z "`hostname -s`" ]; then
23 # Set the domainname if we're using NIS
25 case ${nisdomainname} in
29 domainname ${nisdomainname}
36 # Initial ATM interface configuration
40 if [ -r /etc/rc.atm ]; then
47 # Special options for sppp(4) interfaces go here. These need
48 # to go _before_ the general ifconfig section, since in the case
49 # of hardwired (no link1 flag) but required authentication, you
50 # cannot pass auth parameters down to the already running interface.
52 for ifn in ${sppp_interfaces}; do
53 eval spppcontrol_args=\$spppconfig_${ifn}
54 if [ -n "${spppcontrol_args}" ]; then
55 # The auth secrets might contain spaces; in order
56 # to retain the quotation, we need to eval them
58 eval spppcontrol ${ifn} ${spppcontrol_args}
62 # Set up all the network interfaces, calling startup scripts if needed
64 case ${network_interfaces} in
66 network_interfaces="`ifconfig -l`"
71 for ifn in ${network_interfaces}; do
72 if [ -r /etc/start_if.${ifn} ]; then
73 . /etc/start_if.${ifn}
77 # Do the primary ifconfig if specified
79 eval ifconfig_args=\$ifconfig_${ifn}
81 case ${ifconfig_args} in
85 # DHCP inits are done all in one go below
86 dhcp_interfaces="$dhcp_interfaces $ifn"
90 ifconfig ${ifn} ${ifconfig_args}
96 if [ ! -z "${dhcp_interfaces}" ]; then
97 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
100 for ifn in ${network_interfaces}; do
101 # Check to see if aliases need to be added
105 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
106 if [ -n "${ifconfig_args}" ]; then
107 ifconfig ${ifn} ${ifconfig_args} alias
109 alias=`expr ${alias} + 1`
115 # Do ipx address if specified
117 eval ifconfig_args=\$ifconfig_${ifn}_ipx
118 if [ -n "${ifconfig_args}" ]; then
119 ifconfig ${ifn} ${ifconfig_args}
124 for ifn in ${network_interfaces}; do
125 eval showstat=\$showstat_${ifn}
126 if [ ! -z ${showstat} ]; then
131 # ISDN subsystem startup
133 case ${isdn_enable} in
135 if [ -r /etc/rc.isdn ]; then
141 # Warm up user ppp if required, must happen before natd.
143 case ${ppp_enable} in
145 # Establish ppp mode.
147 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
148 -a "${ppp_mode}" != "dedicated" \
149 -a "${ppp_mode}" != "background" ]; then
153 ppp_command="-${ppp_mode} ";
155 # Switch on alias mode?
159 ppp_command="${ppp_command} -nat";
163 echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
167 # Initialize IP filtering using ipfw
171 if /sbin/ipfw -q flush > /dev/null 2>&1; then
177 case ${firewall_enable} in
179 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
181 echo "Kernel firewall module loaded."
182 elif [ "${firewall_in_kernel}" -eq 0 ]; then
183 echo "Warning: firewall kernel module failed to load."
188 # Load the filters if required
190 case ${firewall_in_kernel} in
192 if [ -z "${firewall_script}" ]; then
193 firewall_script=/etc/rc.firewall
196 case ${firewall_enable} in
198 if [ -r "${firewall_script}" ]; then
199 . "${firewall_script}"
200 echo -n 'Firewall rules loaded, starting divert daemons:'
202 # Network Address Translation daemon
204 case ${natd_enable} in
206 if [ -n "${natd_interface}" ]; then
207 if echo ${natd_interface} | \
208 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
209 natd_ifarg="-a ${natd_interface}"
211 natd_ifarg="-n ${natd_interface}"
214 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
221 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
222 echo -n "Warning: kernel has firewall functionality, "
223 echo "but firewall rules are not enabled."
224 echo " All ip services are disabled."
227 case ${firewall_logging} in
229 echo 'Firewall logging=YES'
230 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
241 # Additional ATM interface configuration
243 if [ -n "${atm_pass1_done}" ]; then
249 case ${defaultrouter} in
253 static_routes="default ${static_routes}"
254 route_default="default ${defaultrouter}"
258 # Set up any static routes. This should be done before router discovery.
260 if [ -n "${static_routes}" ]; then
261 for i in ${static_routes}; do
262 eval route_args=\$route_${i}
263 route add ${route_args}
267 echo -n 'Additional routing options:'
268 case ${tcp_extensions} in
272 echo -n ' tcp extensions=NO'
273 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
277 case ${icmp_bmcastecho} in
279 echo -n ' broadcast ping responses=YES'
280 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
284 case ${icmp_drop_redirect} in
286 echo -n ' ignore ICMP redirect=YES'
287 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
291 case ${icmp_log_redirect} in
293 echo -n ' log ICMP redirect=YES'
294 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
298 case ${gateway_enable} in
300 echo -n ' IP gateway=YES'
301 sysctl -w net.inet.ip.forwarding=1 >/dev/null
305 case ${forward_sourceroute} in
307 echo -n ' do source routing=YES'
308 sysctl -w net.inet.ip.sourceroute=1 >/dev/null
312 case ${accept_sourceroute} in
314 echo -n ' accept source routing=YES'
315 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
319 case ${tcp_keepalive} in
321 echo -n ' TCP keepalive=YES'
322 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
326 case ${tcp_restrict_rst} in
328 echo -n ' restrict TCP reset=YES'
329 sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
333 case ${tcp_drop_synfin} in
335 echo -n ' drop SYN+FIN packets=YES'
336 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
340 case ${ipxgateway_enable} in
342 echo -n ' IPX gateway=YES'
343 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
347 case ${arpproxy_all} in
349 echo -n ' ARP proxyall=YES'
350 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
354 case ${ip_portrange_first} in
358 echo -n ' ip_portrange_first=$ip_portrange_first'
359 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
363 case ${ip_portrange_last} in
367 echo -n ' ip_portrange_last=$ip_portrange_last'
368 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
374 case ${ipsec_enable} in
376 if [ -f ${ipsec_file} ]; then
377 echo ' ipsec: enabled'
378 setkey -f ${ipsec_file}
380 echo ' ipsec: file not found'
385 echo -n 'routing daemons:'
386 case ${router_enable} in
388 echo -n " ${router}"; ${router} ${router_flags}
392 case ${ipxrouted_enable} in
395 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
399 case ${mrouted_enable} in
401 echo -n ' mrouted'; mrouted ${mrouted_flags}
405 case ${rarpd_enable} in
407 echo -n ' rarpd'; rarpd ${rarpd_flags}
412 # Let future generations know we made it.
414 network_pass1_done=YES
418 echo -n 'Doing additional network setup:'
419 case ${named_enable} in
421 echo -n ' named'; ${named_program:-named} ${named_flags}
425 case ${ntpdate_enable} in
428 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
432 case ${xntpd_enable} in
434 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags}
438 case ${timed_enable} in
440 echo -n ' timed'; timed ${timed_flags}
444 case ${portmap_enable} in
446 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
450 # Start ypserv if we're an NIS server.
451 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
453 case ${nis_server_enable} in
455 echo -n ' ypserv'; ypserv ${nis_server_flags}
457 case ${nis_ypxfrd_enable} in
459 echo -n ' rpc.ypxfrd'
460 rpc.ypxfrd ${nis_ypxfrd_flags}
464 case ${nis_yppasswdd_enable} in
466 echo -n ' rpc.yppasswdd'
467 rpc.yppasswdd ${nis_yppasswdd_flags}
473 # Start ypbind if we're an NIS client
475 case ${nis_client_enable} in
477 echo -n ' ypbind'; ypbind ${nis_client_flags}
478 case ${nis_ypset_enable} in
480 echo -n ' ypset'; ypset ${nis_ypset_flags}
486 # Start keyserv if we are running Secure RPC
488 case ${keyserv_enable} in
490 echo -n ' keyserv'; keyserv ${keyserv_flags}
494 # Start ypupdated if we are running Secure RPC and we are NIS master
496 case ${rpc_ypupdated_enable} in
498 echo -n ' rpc.ypupdated'; rpc.ypupdated
503 if [ -n "${atm_pass2_done}" ]; then
508 network_pass2_done=YES
512 echo -n 'Starting final network daemons:'
514 case ${nfs_server_enable} in
516 if [ -r /etc/exports ]; then
519 case ${weak_mountd_authentication} in
521 mountd_flags="${mountd_flags} -n"
525 mountd ${mountd_flags}
527 case ${nfs_reserved_port_only} in
529 echo -n ' NFS on reserved port only=YES'
530 sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
534 echo -n ' nfsd'; nfsd ${nfs_server_flags}
536 if [ -n "${nfs_bufpackets}" ]; then
537 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} \
541 case ${rpc_lockd_enable} in
543 echo -n ' rpc.lockd'; rpc.lockd
547 case ${rpc_statd_enable} in
549 echo -n ' rpc.statd'; rpc.statd
555 case ${single_mountd_enable} in
557 if [ -r /etc/exports ]; then
560 case ${weak_mountd_authentication} in
566 mountd ${mountd_flags}
573 case ${nfs_client_enable} in
575 echo -n ' nfsiod'; nfsiod ${nfs_client_flags}
576 if [ -n "${nfs_access_cache}" ]; then
577 echo -n " NFS access cache time=${nfs_access_cache}"
578 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
584 # If /var/db/mounttab exists, some nfs-server has not been
585 # sucessfully notified about a previous client shutdown.
586 # If there is no /var/db/mounttab, we do nothing.
587 if [ -f /var/db/mounttab ]; then
591 case ${amd_enable} in
594 case ${amd_map_program} in
598 amd_flags="${amd_flags} `eval ${amd_map_program}`"
602 if [ -n "${amd_flags}" ]; then
603 amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
610 case ${rwhod_enable} in
612 echo -n ' rwhod'; rwhod ${rwhod_flags}
616 # Kerberos runs ONLY on the Kerberos server machine
617 case ${kerberos_server_enable} in
619 case ${kerberos_stash} in
629 kerberos ${stash_flag} >> /var/log/kerberos.log &
631 case ${kadmind_server_enable} in
634 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
641 case ${pppoed_enable} in
643 if [ -n "${pppoed_provider}" ]; then
644 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
647 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
651 case ${sshd_enable} in
653 if [ ! -f /etc/ssh/ssh_host_key ]; then
654 echo ' creating ssh RSA host key';
655 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
657 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
658 echo ' creating ssh DSA host key';
659 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
665 network_pass3_done=YES
669 echo -n 'Additional TCP options:'
670 case ${log_in_vain} in
674 echo -n ' log_in_vain=YES'
675 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
676 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
681 network_pass4_done=YES
projects / FreeBSD / FreeBSD.git / blob