4 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
6 # Note that almost all of the user-configurable behavior is no longer in
7 # this file, but rather in /etc/defaults/rc.conf. Please check that file
8 # first before contemplating any changes here. If you do need to change
9 # this file for some reason, we would like to know about it.
11 # First pass startup stuff.
14 echo -n 'Doing initial network setup:'
16 # Set the host name if it is not already set
18 if [ -z "`hostname -s`" ]; then
23 # Set the domainname if we're using NIS
25 case ${nisdomainname} in
29 domainname ${nisdomainname}
36 # Initial ATM interface configuration
40 if [ -r /etc/rc.atm ]; then
47 # ISDN subsystem startup
49 case ${isdn_enable} in
51 if [ -r /etc/rc.isdn ]; then
57 # Special options for sppp(4) interfaces go here. These need
58 # to go _before_ the general ifconfig section, since in the case
59 # of hardwired (no link1 flag) but required authentication, you
60 # cannot pass auth parameters down to the already running interface.
62 for ifn in ${sppp_interfaces}; do
63 eval spppcontrol_args=\$spppconfig_${ifn}
64 if [ -n "${spppcontrol_args}" ]; then
65 # The auth secrets might contain spaces; in order
66 # to retain the quotation, we need to eval them
68 eval spppcontrol ${ifn} ${spppcontrol_args}
72 # Set up all the network interfaces, calling startup scripts if needed
74 case ${network_interfaces} in
76 network_interfaces="`ifconfig -l`"
80 for ifn in ${network_interfaces}; do
82 if [ -r /etc/start_if.${ifn} ]; then
83 . /etc/start_if.${ifn}
87 # Do the primary ifconfig if specified
89 eval ifconfig_args=\$ifconfig_${ifn}
91 case ${ifconfig_args} in
95 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn}
99 ifconfig ${ifn} ${ifconfig_args}
104 # Check to see if aliases need to be added
108 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
109 if [ -n "${ifconfig_args}" ]; then
110 ifconfig ${ifn} ${ifconfig_args} alias
112 alias=`expr ${alias} + 1`
118 # Do ipx address if specified
120 eval ifconfig_args=\$ifconfig_${ifn}_ipx
121 if [ -n "${ifconfig_args}" ]; then
122 ifconfig ${ifn} ${ifconfig_args}
133 # Warm up user ppp if required, must happen before natd.
135 case ${ppp_enable} in
137 # Establish ppp mode.
139 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
140 -a "${ppp_mode}" != "dedicated" \
141 -a "${ppp_mode}" != "background" ]; then
145 ppp_command="-${ppp_mode} ";
147 # Switch on alias mode?
151 ppp_command="${ppp_command} -nat";
155 echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
159 # Initialize IP filtering using ipfw
163 if /sbin/ipfw -q flush > /dev/null 2>&1; then
169 case ${firewall_enable} in
171 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
173 echo "Kernel firewall module loaded."
174 elif [ "${firewall_in_kernel}" -eq 0 ]; then
175 echo "Warning: firewall kernel module failed to load."
180 # Load the filters if required
182 case ${firewall_in_kernel} in
184 if [ -z "${firewall_script}" ]; then
185 firewall_script=/etc/rc.firewall
188 case ${firewall_enable} in
190 if [ -r "${firewall_script}" ]; then
191 . "${firewall_script}"
192 echo -n 'Firewall rules loaded, starting divert daemons:'
194 # Network Address Translation daemon
196 case ${natd_enable} in
198 if [ -n "${natd_interface}" ]; then
199 if echo ${natd_interface} | \
200 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
201 natd_ifarg="-a ${natd_interface}"
203 natd_ifarg="-n ${natd_interface}"
206 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
213 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
214 echo -n "Warning: kernel has firewall functionality, "
215 echo "but firewall rules are not enabled."
216 echo " All ip services are disabled."
223 # Additional ATM interface configuration
225 if [ -n "${atm_pass1_done}" ]; then
231 case ${defaultrouter} in
235 static_routes="default ${static_routes}"
236 route_default="default ${defaultrouter}"
240 # Set up any static routes. This should be done before router discovery.
242 if [ -n "${static_routes}" ]; then
243 for i in ${static_routes}; do
244 eval route_args=\$route_${i}
245 route add ${route_args}
249 echo -n 'Additional routing options:'
250 case ${tcp_extensions} in
254 echo -n ' tcp extensions=NO'
255 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
259 case ${icmp_bmcastecho} in
261 echo -n ' broadcast ping responses=YES'
262 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
266 case ${icmp_drop_redirect} in
268 echo -n ' ignore ICMP redirect=YES'
269 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
273 case ${icmp_log_redirect} in
275 echo -n ' log ICMP redirect=YES'
276 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
280 case ${gateway_enable} in
282 echo -n ' IP gateway=YES'
283 sysctl -w net.inet.ip.forwarding=1 >/dev/null
287 case ${forward_sourceroute} in
289 echo -n ' do source routing=YES'
290 sysctl -w net.inet.ip.sourceroute=1 >/dev/null
294 case ${accept_sourceroute} in
296 echo -n ' accept source routing=YES'
297 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
301 case ${tcp_keepalive} in
303 echo -n ' TCP keepalive=YES'
304 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
308 case ${tcp_restrict_rst} in
310 echo -n ' restrict TCP reset=YES'
311 sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
315 case ${tcp_drop_synfin} in
317 echo -n ' drop SYN+FIN packets=YES'
318 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
322 case ${ipxgateway_enable} in
324 echo -n ' IPX gateway=YES'
325 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
329 case ${arpproxy_all} in
331 echo -n ' ARP proxyall=YES'
332 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
337 echo -n 'routing daemons:'
338 case ${router_enable} in
340 echo -n " ${router}"; ${router} ${router_flags}
344 case ${ipxrouted_enable} in
347 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
351 case ${mrouted_enable} in
353 echo -n ' mrouted'; mrouted ${mrouted_flags}
357 case ${rarpd_enable} in
359 echo -n ' rarpd'; rarpd ${rarpd_flags}
364 # Let future generations know we made it.
366 network_pass1_done=YES
370 echo -n 'Doing additional network setup:'
371 case ${named_enable} in
373 echo -n ' named'; ${named_program:-named} ${named_flags}
377 case ${ntpdate_enable} in
380 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
384 case ${xntpd_enable} in
386 echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags}
390 case ${timed_enable} in
392 echo -n ' timed'; timed ${timed_flags}
396 case ${portmap_enable} in
398 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
402 # Start ypserv if we're an NIS server.
403 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
405 case ${nis_server_enable} in
407 echo -n ' ypserv'; ypserv ${nis_server_flags}
409 case ${nis_ypxfrd_enable} in
411 echo -n ' rpc.ypxfrd'
412 rpc.ypxfrd ${nis_ypxfrd_flags}
416 case ${nis_yppasswdd_enable} in
418 echo -n ' rpc.yppasswdd'
419 rpc.yppasswdd ${nis_yppasswdd_flags}
425 # Start ypbind if we're an NIS client
427 case ${nis_client_enable} in
429 echo -n ' ypbind'; ypbind ${nis_client_flags}
430 case ${nis_ypset_enable} in
432 echo -n ' ypset'; ypset ${nis_ypset_flags}
438 # Start keyserv if we are running Secure RPC
440 case ${keyserv_enable} in
442 echo -n ' keyserv'; keyserv ${keyserv_flags}
446 # Start ypupdated if we are running Secure RPC and we are NIS master
448 case ${rpc_ypupdated_enable} in
450 echo -n ' rpc.ypupdated'; rpc.ypupdated
455 if [ -n "${atm_pass2_done}" ]; then
460 network_pass2_done=YES
464 echo -n 'Starting final network daemons:'
466 case ${nfs_server_enable} in
468 if [ -r /etc/exports ]; then
471 case ${weak_mountd_authentication} in
477 mountd ${mountd_flags}
479 case ${nfs_reserved_port_only} in
481 echo -n ' NFS on reserved port only=YES'
482 sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
486 echo -n ' nfsd'; nfsd ${nfs_server_flags}
488 case ${rpc_lockd_enable} in
490 echo -n ' rpc.lockd'; rpc.lockd
494 case ${rpc_statd_enable} in
496 echo -n ' rpc.statd'; rpc.statd
502 case ${single_mountd_enable} in
504 if [ -r /etc/exports ]; then
507 case ${weak_mountd_authentication} in
513 mountd ${mountd_flags}
520 case ${nfs_client_enable} in
522 echo -n ' nfsiod'; nfsiod ${nfs_client_flags}
523 if [ -n "${nfs_access_cache}" ]; then
524 echo -n " NFS access cache time=${nfs_access_cache}"
525 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
531 case ${amd_enable} in
534 case ${amd_map_program} in
538 amd_flags="${amd_flags} `eval ${amd_map_program}`"
542 if [ -n "${amd_flags}" ]; then
543 amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
550 case ${rwhod_enable} in
552 echo -n ' rwhod'; rwhod ${rwhod_flags}
556 # Kerberos runs ONLY on the Kerberos server machine
557 case ${kerberos_server_enable} in
559 case ${kerberos_stash} in
569 kerberos ${stash_flag} >> /var/log/kerberos.log &
571 case ${kadmind_server_enable} in
574 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
581 case ${pppoed_enable} in
583 if [ -n "${pppoed_provider}" ]; then
584 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
587 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
592 network_pass3_done=YES
596 echo -n 'Additional TCP options:'
597 case ${log_in_vain} in
601 echo -n ' log_in_vain=YES'
602 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
603 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
608 network_pass4_done=YES
projects / FreeBSD / FreeBSD.git / blob