3 # Copyright (c) 1993 The FreeBSD Project
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions
9 # 1. Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # 2. Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
15 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
31 # Note that almost all of the user-configurable behavior is no longer in
32 # this file, but rather in /etc/defaults/rc.conf. Please check that file
33 # first before contemplating any changes here. If you do need to change
34 # this file for some reason, we would like to know about it.
36 # First pass startup stuff.
39 echo -n 'Doing initial network setup:'
41 # Generate host.conf for compatibility
43 if [ -f "/etc/nsswitch.conf" ]; then
45 echo 'Generating /etc/host.conf for compatibility'
46 generate_host_conf /etc/nsswitch.conf /etc/host.conf
49 # Convert host.conf to nsswitch.conf if necessary
51 if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
53 echo 'Warning: /etc/host.conf is no longer used'
54 echo ' /etc/nsswitch.conf will be created for you'
55 convert_host_conf /etc/host.conf /etc/nsswitch.conf
58 # Set the host name if it is not already set
60 if [ -z "`hostname -s`" ]; then
65 # Establish ipfilter ruleset as early as possible (best in
66 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
68 if /sbin/ipfstat -i > /dev/null 2>&1; then
74 case "${ipfilter_enable}" in
76 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
78 echo "Kernel ipfilter module loaded."
79 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
80 echo "Warning: ipfilter kernel module failed to load."
83 if [ -r "${ipfilter_rules}" ]; then
85 ${ipfilter_program:-/sbin/ipf -Fa -f} \
86 "${ipfilter_rules}" ${ipfilter_flags}
87 case "${ipmon_enable}" in
90 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
93 case "${ipfs_enable}" in
95 if [ -r "/var/db/ipf/ipstate.ipf" ]; then
97 eval ${ipfs_program:-/sbin/ipfs -R} \
104 echo -n ' NO IPF RULES'
107 case "${ipnat_enable}" in
109 if [ "${ipfilter_in_kernel}" -eq 0 ] && kldload ipl; then
111 echo "Kernel ipfilter module loaded."
112 elif [ "${ipfilter_in_kernel}" -eq 0 ]; then
113 echo "Warning: ipfilter kernel module failed to load."
115 if [ -r "${ipnat_rules}" ]; then
117 eval ${ipnat_program:-/sbin/ipnat -CF -f} \
118 "${ipnat_rules}" ${ipnat_flags}
120 echo -n ' NO IPNAT RULES'
125 # Set the domainname if we're using NIS
127 case ${nisdomainname} in
131 domainname ${nisdomainname}
138 # Initial ATM interface configuration
140 case ${atm_enable} in
142 if [ -r /etc/rc.atm ]; then
149 # Attempt to create cloned interfaces.
150 for ifn in ${cloned_interfaces}; do
151 ifconfig ${ifn} create
154 # Special options for sppp(4) interfaces go here. These need
155 # to go _before_ the general ifconfig section, since in the case
156 # of hardwired (no link1 flag) but required authentication, you
157 # cannot pass auth parameters down to the already running interface.
159 for ifn in ${sppp_interfaces}; do
160 eval spppcontrol_args=\$spppconfig_${ifn}
161 if [ -n "${spppcontrol_args}" ]; then
162 # The auth secrets might contain spaces; in order
163 # to retain the quotation, we need to eval them
165 eval spppcontrol ${ifn} ${spppcontrol_args}
172 # Set up all the network interfaces, calling startup scripts if needed
174 case ${network_interfaces} in
176 network_interfaces="`ifconfig -l`"
179 network_interfaces="${network_interfaces} ${cloned_interfaces}"
184 for ifn in ${network_interfaces}; do
185 if [ -r /etc/start_if.${ifn} ]; then
186 . /etc/start_if.${ifn}
190 # Do the primary ifconfig if specified
192 eval ifconfig_args=\$ifconfig_${ifn}
194 case ${ifconfig_args} in
198 # DHCP inits are done all in one go below
199 dhcp_interfaces="$dhcp_interfaces $ifn"
203 ifconfig ${ifn} ${ifconfig_args}
209 if [ ! -z "${dhcp_interfaces}" ]; then
210 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
213 for ifn in ${network_interfaces}; do
214 # Check to see if aliases need to be added
218 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
219 if [ -n "${ifconfig_args}" ]; then
220 ifconfig ${ifn} ${ifconfig_args} alias
222 alias=`expr ${alias} + 1`
228 # Do ipx address if specified
230 eval ifconfig_args=\$ifconfig_${ifn}_ipx
231 if [ -n "${ifconfig_args}" ]; then
232 ifconfig ${ifn} ${ifconfig_args}
237 for ifn in ${network_interfaces}; do
238 eval showstat=\$showstat_${ifn}
239 if [ ! -z ${showstat} ]; then
244 # ISDN subsystem startup
246 case ${isdn_enable} in
248 if [ -r /etc/rc.isdn ]; then
254 # Start user ppp if required. This must happen before natd.
256 case ${ppp_enable} in
258 # Establish ppp mode.
260 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
261 -a "${ppp_mode}" != "dedicated" \
262 -a "${ppp_mode}" != "background" ]; then
266 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
268 # Switch on NAT mode?
272 ppp_command="${ppp_command} -nat"
276 ppp_command="${ppp_command} ${ppp_profile}"
278 echo "Starting ppp as \"${ppp_user}\""
279 su -m ${ppp_user} -c "exec ${ppp_command}"
285 case ${ipfilter_enable} in
287 ${ipfilter_program:-/sbin/ipf -y}
290 case ${ipnat_enable} in
292 ${ipfilter_program:-/sbin/ipf -y}
297 # Initialize IP filtering using ipfw
299 if /sbin/ipfw -q flush > /dev/null 2>&1; then
305 case ${firewall_enable} in
307 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
309 echo 'Kernel firewall module loaded'
310 elif [ "${firewall_in_kernel}" -eq 0 ]; then
311 echo 'Warning: firewall kernel module failed to load'
316 # Load the filters if required
318 case ${firewall_in_kernel} in
320 if [ -z "${firewall_script}" ]; then
321 firewall_script=/etc/rc.firewall
324 case ${firewall_enable} in
326 if [ -r "${firewall_script}" ]; then
327 . "${firewall_script}"
328 echo -n 'Firewall rules loaded, starting divert daemons:'
330 # Network Address Translation daemon
332 case ${natd_enable} in
334 if [ -n "${natd_interface}" ]; then
335 if echo ${natd_interface} | \
336 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
337 natd_ifarg="-a ${natd_interface}"
339 natd_ifarg="-n ${natd_interface}"
342 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
349 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
350 echo 'Warning: kernel has firewall functionality,' \
351 'but firewall rules are not enabled.'
352 echo ' All ip services are disabled.'
355 case ${firewall_logging} in
357 echo 'Firewall logging=YES'
358 sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
369 # Additional ATM interface configuration
371 if [ -n "${atm_pass1_done}" ]; then
377 case ${defaultrouter} in
381 static_routes="default ${static_routes}"
382 route_default="default ${defaultrouter}"
386 # Set up any static routes. This should be done before router discovery.
388 if [ -n "${static_routes}" ]; then
389 for i in ${static_routes}; do
390 eval route_args=\$route_${i}
391 route add ${route_args}
395 echo -n 'Additional routing options:'
396 case ${tcp_extensions} in
400 echo -n ' tcp extensions=NO'
401 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
405 case ${icmp_bmcastecho} in
407 echo -n ' broadcast ping responses=YES'
408 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
412 case ${icmp_drop_redirect} in
414 echo -n ' ignore ICMP redirect=YES'
415 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
419 case ${icmp_log_redirect} in
421 echo -n ' log ICMP redirect=YES'
422 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
426 case ${gateway_enable} in
428 echo -n ' IP gateway=YES'
429 sysctl -w net.inet.ip.forwarding=1 >/dev/null
433 case ${forward_sourceroute} in
435 echo -n ' do source routing=YES'
436 sysctl -w net.inet.ip.sourceroute=1 >/dev/null
440 case ${accept_sourceroute} in
442 echo -n ' accept source routing=YES'
443 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
447 case ${tcp_keepalive} in
449 echo -n ' TCP keepalive=YES'
450 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
454 case ${tcp_drop_synfin} in
456 echo -n ' drop SYN+FIN packets=YES'
457 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
461 case ${ipxgateway_enable} in
463 echo -n ' IPX gateway=YES'
464 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
468 case ${arpproxy_all} in
470 echo -n ' ARP proxyall=YES'
471 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
475 case ${ip_portrange_first} in
479 echo -n " ip_portrange_first=$ip_portrange_first"
480 sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
484 case ${ip_portrange_last} in
488 echo -n " ip_portrange_last=$ip_portrange_last"
489 sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
495 case ${ipsec_enable} in
497 if [ -f ${ipsec_file} ]; then
498 echo ' ipsec: enabled'
499 setkey -f ${ipsec_file}
501 echo ' ipsec: file not found'
506 echo -n 'Routing daemons:'
507 case ${router_enable} in
509 echo -n " ${router}"; ${router} ${router_flags}
513 case ${ipxrouted_enable} in
516 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
520 case ${mrouted_enable} in
522 echo -n ' mrouted'; mrouted ${mrouted_flags}
526 case ${rarpd_enable} in
528 echo -n ' rarpd'; rarpd ${rarpd_flags}
533 # Let future generations know we made it.
535 network_pass1_done=YES
539 echo -n 'Doing additional network setup:'
540 case ${named_enable} in
542 echo -n ' named'; ${named_program:-named} ${named_flags}
546 case ${ntpdate_enable} in
549 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
553 case ${xntpd_enable} in
555 echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags}
559 case ${timed_enable} in
561 echo -n ' timed'; timed ${timed_flags}
565 case ${portmap_enable} in
567 echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \
570 # Start ypserv if we're an NIS server.
571 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
573 case ${nis_server_enable} in
575 echo -n ' ypserv'; ypserv ${nis_server_flags}
577 case ${nis_ypxfrd_enable} in
579 echo -n ' rpc.ypxfrd'
580 rpc.ypxfrd ${nis_ypxfrd_flags}
584 case ${nis_yppasswdd_enable} in
586 echo -n ' rpc.yppasswdd'
587 rpc.yppasswdd ${nis_yppasswdd_flags}
593 # Start ypbind if we're an NIS client
595 case ${nis_client_enable} in
597 echo -n ' ypbind'; ypbind ${nis_client_flags}
598 case ${nis_ypset_enable} in
600 echo -n ' ypset'; ypset ${nis_ypset_flags}
606 # Start keyserv if we are running Secure RPC
608 case ${keyserv_enable} in
610 echo -n ' keyserv'; keyserv ${keyserv_flags}
614 # Start ypupdated if we are running Secure RPC
615 # and we are NIS master
617 case ${rpc_ypupdated_enable} in
619 echo -n ' rpc.ypupdated'; rpc.ypupdated
626 if [ -n "${atm_pass2_done}" ]; then
631 network_pass2_done=YES
635 echo -n 'Starting final network daemons:'
637 case ${portmap_enable} in
639 case ${nfs_server_enable} in
641 # Handle absent nfs server support
642 nfsserver_in_kernel=0
643 if sysctl vfs.nfsrv >/dev/null 2>&1; then
644 nfsserver_in_kernel=1
646 kldload nfsserver && nfsserver_in_kernel=1
649 if [ -r /etc/exports -a \
650 ${nfsserver_in_kernel} -eq 1 ]; then
653 case ${weak_mountd_authentication} in
655 mountd_flags="${mountd_flags} -n"
659 mountd ${mountd_flags}
661 case ${nfs_reserved_port_only} in
663 echo -n ' NFS on reserved port only=YES'
664 sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
668 echo -n ' nfsd'; nfsd ${nfs_server_flags}
670 case ${rpc_lockd_enable} in
672 echo -n ' rpc.lockd'; rpc.lockd
676 case ${rpc_statd_enable} in
678 echo -n ' rpc.statd'; rpc.statd
682 echo -n ' Warning: nfs server failed'
686 case ${single_mountd_enable} in
688 if [ -r /etc/exports ]; then
691 case ${weak_mountd_authentication} in
697 mountd ${mountd_flags}
704 case ${nfs_client_enable} in
706 if [ -n "${nfs_access_cache}" ]; then
707 echo -n " NFS access cache time=${nfs_access_cache}"
708 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
710 if [ -n "${nfs_bufpackets}" ]; then
711 sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
716 # If /var/db/mounttab exists, some nfs-server has not been
717 # sucessfully notified about a previous client shutdown.
718 # If there is no /var/db/mounttab, we do nothing.
719 if [ -f /var/db/mounttab ]; then
723 case ${amd_enable} in
726 case ${amd_map_program} in
730 amd_flags="${amd_flags} `eval\
735 if [ -n "${amd_flags}" ]; then
737 > /var/run/amd.pid 2> /dev/null
746 case ${rwhod_enable} in
748 echo -n ' rwhod'; rwhod ${rwhod_flags}
752 # Kerberos servers run ONLY on the Kerberos server machine
753 case ${kerberos4_server_enable} in
755 case ${kerberos_stash} in
764 echo -n ' kerberosIV'
765 ${kerberos4_server} ${stash} >> /var/log/kerberos.log &
767 case ${kadmind4_server_enable} in
772 ${kadmind4_server} ${stash} >/dev/null 2>&1 &
780 case ${kerberos5_server_enable} in
783 ${kerberos5_server} &
785 case ${kadmind5_server_enable} in
794 case ${pppoed_enable} in
796 if [ -n "${pppoed_provider}" ]; then
797 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
800 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
804 case ${sshd_enable} in
806 if [ ! -f /etc/ssh/ssh_host_key ]; then
807 echo ' creating ssh RSA host key';
808 /usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
810 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
811 echo ' creating ssh DSA host key';
812 /usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
818 network_pass3_done=YES
822 echo -n 'Additional TCP options:'
823 case ${log_in_vain} in
827 echo -n ' log_in_vain=YES'
828 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
829 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
834 network_pass4_done=YES
837 network_gif_setup() {
838 case ${gif_interfaces} in
842 for i in ${gif_interfaces}; do
843 eval peers=\$gifconfig_$i
849 ifconfig $i create >/dev/null 2>&1
850 ifconfig $i tunnel ${peers}
858 convert_host_conf() {
860 nsswitch_conf=$1; shift;
862 /^[:blank:]*#/ { next } \
863 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \
864 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \
865 /nis/ { nsswitch[c] = "nis"; c++; next } \
866 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \
869 for (i in nsswitch) printf "%s ", nsswitch[i]; \
871 }' < $host_conf > $nsswitch_conf
874 generate_host_conf() {
875 nsswitch_conf=$1; shift;
880 xlat["files"] = "hosts";
881 xlat["dns"] = "bind";
885 print "# Auto-generated, do not edit";
886 for (n = 2; n <= NF; ++n)
894 ' <$nsswitch_conf >$host_conf
projects / FreeBSD / FreeBSD.git / blob