4 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
6 # Note that almost all of the user-configurable behavior is no longer in
7 # this file, but rather in /etc/defaults/rc.conf. Please check that file
8 # first before contemplating any changes here. If you do need to change
9 # this file for some reason, we would like to know about it.
11 # First pass startup stuff.
14 echo -n 'Doing initial network setup:'
16 # Set the host name if it is not already set
18 if [ -z "`hostname -s`" ]; then
23 # Set the domainname if we're using NIS
25 case ${nisdomainname} in
29 domainname ${nisdomainname}
36 # Initial ATM interface configuration
40 if [ -r /etc/rc.atm ]; then
47 # ISDN subsystem startup
49 case ${isdn_enable} in
51 if [ -r /etc/rc.isdn ]; then
57 # Special options for sppp(4) interfaces go here. These need
58 # to go _before_ the general ifconfig section, since in the case
59 # of hardwired (no link1 flag) but required authentication, you
60 # cannot pass auth parameters down to the already running interface.
62 for ifn in ${sppp_interfaces}; do
63 eval spppcontrol_args=\$spppconfig_${ifn}
64 if [ -n "${spppcontrol_args}" ]; then
65 # The auth secrets might contain spaces; in order
66 # to retain the quotation, we need to eval them
68 eval spppcontrol ${ifn} ${spppcontrol_args}
72 # Set up all the network interfaces, calling startup scripts if needed
74 case ${network_interfaces} in
76 network_interfaces="`ifconfig -l`"
80 for ifn in ${network_interfaces}; do
82 if [ -r /etc/start_if.${ifn} ]; then
83 . /etc/start_if.${ifn}
87 # Do the primary ifconfig if specified
89 eval ifconfig_args=\$ifconfig_${ifn}
91 case ${ifconfig_args} in
95 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn}
99 ifconfig ${ifn} ${ifconfig_args}
104 # Check to see if aliases need to be added
108 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
109 if [ -n "${ifconfig_args}" ]; then
110 ifconfig ${ifn} ${ifconfig_args} alias
112 alias=`expr ${alias} + 1`
118 # Do ipx address if specified
120 eval ifconfig_args=\$ifconfig_${ifn}_ipx
121 if [ -n "${ifconfig_args}" ]; then
122 ifconfig ${ifn} ${ifconfig_args}
133 # Warm up user ppp if required, must happen before natd.
135 case ${ppp_enable} in
137 # Establish ppp mode.
139 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
140 -a "${ppp_mode}" != "dedicated" \
141 -a "${ppp_mode}" != "background" ]; then
145 ppp_command="-${ppp_mode} ";
147 # Switch on alias mode?
151 ppp_command="${ppp_command} -nat";
155 echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile}
159 # Initialize IP filtering using ipfw
163 if /sbin/ipfw -q flush > /dev/null 2>&1; then
169 case ${firewall_enable} in
171 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
173 echo "Kernel firewall module loaded."
174 elif [ "${firewall_in_kernel}" -eq 0 ]; then
175 echo "Warning: firewall kernel module failed to load."
180 # Load the filters if required
182 case ${firewall_in_kernel} in
184 if [ -z "${firewall_script}" ]; then
185 firewall_script=/etc/rc.firewall
188 case ${firewall_enable} in
190 if [ -r "${firewall_script}" ]; then
191 . "${firewall_script}"
192 echo -n 'Firewall rules loaded, starting divert daemons:'
194 # Network Address Translation daemon
196 case ${natd_enable} in
198 if [ -n "${natd_interface}" ]; then
199 if echo ${natd_interface} | \
200 grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
201 natd_ifarg="-a ${natd_interface}"
203 natd_ifarg="-n ${natd_interface}"
206 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
213 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
214 echo -n "Warning: kernel has firewall functionality, "
215 echo "but firewall rules are not enabled."
216 echo " All ip services are disabled."
223 # Additional ATM interface configuration
225 if [ -n "${atm_pass1_done}" ]; then
231 case ${defaultrouter} in
235 static_routes="default ${static_routes}"
236 route_default="default ${defaultrouter}"
240 # Set up any static routes. This should be done before router discovery.
242 if [ -n "${static_routes}" ]; then
243 for i in ${static_routes}; do
244 eval route_args=\$route_${i}
245 route add ${route_args}
249 echo -n 'Additional routing options:'
250 case ${tcp_extensions} in
254 echo -n ' tcp extensions=NO'
255 sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
259 case ${log_in_vain} in
263 echo -n ' log_in_vain=YES'
264 sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
265 sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
269 case ${icmp_bmcastecho} in
271 echo -n ' broadcast ping responses=YES'
272 sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
276 case ${icmp_drop_redirect} in
278 echo -n ' ignore ICMP redirect=YES'
279 sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
283 case ${icmp_log_redirect} in
285 echo -n ' log ICMP redirect=YES'
286 sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
290 case ${gateway_enable} in
292 echo -n ' IP gateway=YES'
293 sysctl -w net.inet.ip.forwarding=1 >/dev/null
297 case ${forward_sourceroute} in
299 echo -n ' do source routing=YES'
300 sysctl -w net.inet.ip.sourceroute=1 >/dev/null
304 case ${accept_sourceroute} in
306 echo -n ' accept source routing=YES'
307 sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
311 case ${tcp_keepalive} in
313 echo -n ' TCP keepalive=YES'
314 sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
318 case ${tcp_restrict_rst} in
320 echo -n ' restrict TCP reset=YES'
321 sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null
325 case ${tcp_drop_synfin} in
327 echo -n ' drop SYN+FIN packets=YES'
328 sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
332 case ${ipxgateway_enable} in
334 echo -n ' IPX gateway=YES'
335 sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
339 case ${arpproxy_all} in
341 echo -n ' ARP proxyall=YES'
342 sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
347 echo -n 'routing daemons:'
348 case ${router_enable} in
350 echo -n " ${router}"; ${router} ${router_flags}
354 case ${ipxrouted_enable} in
357 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
361 case ${mrouted_enable} in
363 echo -n ' mrouted'; mrouted ${mrouted_flags}
367 case ${rarpd_enable} in
369 echo -n ' rarpd'; rarpd ${rarpd_flags}
374 # Let future generations know we made it.
376 network_pass1_done=YES
380 echo -n 'Doing additional network setup:'
381 case ${named_enable} in
383 echo -n ' named'; ${named_program:-named} ${named_flags}
387 case ${ntpdate_enable} in
390 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
394 case ${xntpd_enable} in
396 echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags}
400 case ${timed_enable} in
402 echo -n ' timed'; timed ${timed_flags}
406 case ${portmap_enable} in
408 echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags}
412 # Start ypserv if we're an NIS server.
413 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
415 case ${nis_server_enable} in
417 echo -n ' ypserv'; ypserv ${nis_server_flags}
419 case ${nis_ypxfrd_enable} in
421 echo -n ' rpc.ypxfrd'
422 rpc.ypxfrd ${nis_ypxfrd_flags}
426 case ${nis_yppasswdd_enable} in
428 echo -n ' rpc.yppasswdd'
429 rpc.yppasswdd ${nis_yppasswdd_flags}
435 # Start ypbind if we're an NIS client
437 case ${nis_client_enable} in
439 echo -n ' ypbind'; ypbind ${nis_client_flags}
440 case ${nis_ypset_enable} in
442 echo -n ' ypset'; ypset ${nis_ypset_flags}
448 # Start keyserv if we are running Secure RPC
450 case ${keyserv_enable} in
452 echo -n ' keyserv'; keyserv ${keyserv_flags}
456 # Start ypupdated if we are running Secure RPC and we are NIS master
458 case ${rpc_ypupdated_enable} in
460 echo -n ' rpc.ypupdated'; rpc.ypupdated
465 if [ -n "${atm_pass2_done}" ]; then
470 network_pass2_done=YES
474 echo -n 'Starting final network daemons:'
476 case ${nfs_server_enable} in
478 if [ -r /etc/exports ]; then
481 case ${weak_mountd_authentication} in
487 mountd ${mountd_flags}
489 case ${nfs_reserved_port_only} in
491 echo -n ' NFS on reserved port only=YES'
492 sysctl -w vfs.nfs.nfs_privport=1 >/dev/null
496 echo -n ' nfsd'; nfsd ${nfs_server_flags}
498 case ${rpc_lockd_enable} in
500 echo -n ' rpc.lockd'; rpc.lockd
504 case ${rpc_statd_enable} in
506 echo -n ' rpc.statd'; rpc.statd
513 case ${nfs_client_enable} in
515 echo -n ' nfsiod'; nfsiod ${nfs_client_flags}
516 if [ -n "${nfs_access_cache}" ]; then
517 echo -n " NFS access cache time=${nfs_access_cache}"
518 sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \
524 case ${amd_enable} in
527 case ${amd_map_program} in
531 amd_flags="${amd_flags} `eval ${amd_map_program}`"
535 if [ -n "${amd_flags}" ]; then
536 amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null
543 case ${rwhod_enable} in
545 echo -n ' rwhod'; rwhod ${rwhod_flags}
549 # Kerberos runs ONLY on the Kerberos server machine
550 case ${kerberos_server_enable} in
552 case ${kerberos_stash} in
562 kerberos ${stash_flag} >> /var/log/kerberos.log &
564 case ${kadmind_server_enable} in
567 (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) &
575 network_pass3_done=YES