3 # Copyright (c) 1993 The FreeBSD Project
6 # Redistribution and use in source and binary forms, with or without
7 # modification, are permitted provided that the following conditions
9 # 1. Redistributions of source code must retain the above copyright
10 # notice, this list of conditions and the following disclaimer.
11 # 2. Redistributions in binary form must reproduce the above copyright
12 # notice, this list of conditions and the following disclaimer in the
13 # documentation and/or other materials provided with the distribution.
15 # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19 # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 # From: @(#)netstart 5.9 (Berkeley) 3/30/91
31 # Note that almost all of the user-configurable behavior is no longer in
32 # this file, but rather in /etc/defaults/rc.conf. Please check that file
33 # first before contemplating any changes here. If you do need to change
34 # this file for some reason, we would like to know about it.
36 # First pass startup stuff.
39 echo -n 'Doing initial network setup:'
41 # Generate host.conf for compatibility
43 if [ -f "/etc/nsswitch.conf" ]; then
45 generate_host_conf /etc/nsswitch.conf /etc/host.conf
48 # Convert host.conf to nsswitch.conf if necessary
50 if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
52 echo 'Warning: /etc/host.conf is no longer used'
53 echo ' /etc/nsswitch.conf will be created for you'
54 convert_host_conf /etc/host.conf /etc/nsswitch.conf
57 # Set the host name if it is not already set
59 if [ -z "`hostname -s`" ]; then
64 # Establish ipfilter ruleset as early as possible (best in
65 # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
67 # check whether ipfilter and/or ipnat is enabled
69 case ${ipfilter_enable} in
74 case ${ipnat_enable} in
79 case ${ipfilter_active} in
81 # load ipfilter kernel module if needed
82 if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
84 echo 'IP-filter module loaded.'
86 echo 'Warning: IP-filter module failed to load.'
87 # avoid further errors
95 # start ipmon before loading any rules
96 case "${ipmon_enable}" in
99 ${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
102 case "${ipfilter_enable}" in
104 if [ -r "${ipfilter_rules}" ]; then
106 ${ipfilter_program:-/sbin/ipf} -Fa -f \
107 "${ipfilter_rules}" ${ipfilter_flags}
110 echo -n ' NO IPF RULES'
114 case "${ipnat_enable}" in
116 if [ -r "${ipnat_rules}" ]; then
118 eval ${ipnat_program:-/sbin/ipnat} -CF -f \
119 "${ipnat_rules}" ${ipnat_flags}
122 echo -n ' NO IPNAT RULES'
126 # restore filter/NAT state tables after loading the rules
127 case "${ipfs_enable}" in
129 if [ -r "/var/db/ipf/ipstate.ipf" ]; then
131 ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
132 # remove files to avoid reloading old state
133 # after an ungraceful shutdown
134 rm -f /var/db/ipf/ipstate.ipf
135 rm -f /var/db/ipf/ipnat.ipf
142 # Set the domainname if we're using NIS
144 case ${nisdomainname} in
148 domainname ${nisdomainname}
155 # Initial ATM interface configuration
157 case ${atm_enable} in
159 if [ -r /etc/rc.atm ]; then
166 # Attempt to create cloned interfaces.
167 for ifn in ${cloned_interfaces}; do
168 ifconfig ${ifn} create
171 # Special options for sppp(4) interfaces go here. These need
172 # to go _before_ the general ifconfig section, since in the case
173 # of hardwired (no link1 flag) but required authentication, you
174 # cannot pass auth parameters down to the already running interface.
176 for ifn in ${sppp_interfaces}; do
177 eval spppcontrol_args=\$spppconfig_${ifn}
178 if [ -n "${spppcontrol_args}" ]; then
179 # The auth secrets might contain spaces; in order
180 # to retain the quotation, we need to eval them
182 eval spppcontrol ${ifn} ${spppcontrol_args}
189 # Set up all the network interfaces, calling startup scripts if needed
191 case ${network_interfaces} in
193 network_interfaces="`ifconfig -l`"
196 network_interfaces="${network_interfaces} ${cloned_interfaces}"
201 for ifn in ${network_interfaces}; do
202 if [ -r /etc/start_if.${ifn} ]; then
203 . /etc/start_if.${ifn}
207 # Do the primary ifconfig if specified
209 eval ifconfig_args=\$ifconfig_${ifn}
211 case ${ifconfig_args} in
215 # DHCP inits are done all in one go below
216 dhcp_interfaces="$dhcp_interfaces $ifn"
220 ifconfig ${ifn} ${ifconfig_args}
226 if [ ! -z "${dhcp_interfaces}" ]; then
227 ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
230 for ifn in ${network_interfaces}; do
231 # Check to see if aliases need to be added
235 eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
236 if [ -n "${ifconfig_args}" ]; then
237 ifconfig ${ifn} ${ifconfig_args} alias
239 alias=$((${alias} + 1))
245 # Do ipx address if specified
247 eval ifconfig_args=\$ifconfig_${ifn}_ipx
248 if [ -n "${ifconfig_args}" ]; then
249 ifconfig ${ifn} ${ifconfig_args}
254 for ifn in ${network_interfaces}; do
255 eval showstat=\$showstat_${ifn}
256 if [ ! -z ${showstat} ]; then
261 # ISDN subsystem startup
263 case ${isdn_enable} in
265 if [ -r /etc/rc.isdn ]; then
271 # Start user ppp if required. This must happen before natd.
273 case ${ppp_enable} in
275 # Establish ppp mode.
277 if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
278 -a "${ppp_mode}" != "dedicated" \
279 -a "${ppp_mode}" != "background" ]; then
283 ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
285 # Switch on NAT mode?
289 ppp_command="${ppp_command} -nat"
293 ppp_command="${ppp_command} ${ppp_profile}"
295 echo "Starting ppp as \"${ppp_user}\""
296 su -m ${ppp_user} -c "exec ${ppp_command}"
300 # Re-Sync ipfilter so it picks up any new network interfaces
302 case ${ipfilter_active} in
304 ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null
307 unset ipfilter_active
309 # Initialize IP filtering using ipfw
311 if /sbin/ipfw -q flush > /dev/null 2>&1; then
317 case ${firewall_enable} in
319 if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
321 echo 'Kernel firewall module loaded'
322 elif [ "${firewall_in_kernel}" -eq 0 ]; then
323 echo 'Warning: firewall kernel module failed to load'
328 # Load the filters if required
330 case ${firewall_in_kernel} in
332 if [ -z "${firewall_script}" ]; then
333 firewall_script=/etc/rc.firewall
336 case ${firewall_enable} in
338 if [ -r "${firewall_script}" ]; then
339 . "${firewall_script}"
340 echo -n 'Firewall rules loaded, starting divert daemons:'
342 # Network Address Translation daemon
344 case ${natd_enable} in
346 if [ -n "${natd_interface}" ]; then
347 if echo ${natd_interface} | \
348 grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then
349 natd_flags="$natd_flags -a ${natd_interface}"
351 natd_flags="$natd_flags -n ${natd_interface}"
354 echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags}
360 elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
361 echo 'Warning: kernel has firewall functionality,' \
362 'but firewall rules are not enabled.'
363 echo ' All ip services are disabled.'
366 case ${firewall_logging} in
368 echo 'Firewall logging=YES'
369 sysctl net.inet.ip.fw.verbose=1 >/dev/null
380 # Additional ATM interface configuration
382 if [ -n "${atm_pass1_done}" ]; then
388 case ${defaultrouter} in
392 static_routes="default ${static_routes}"
393 route_default="default ${defaultrouter}"
397 # Set up any static routes. This should be done before router discovery.
399 if [ -n "${static_routes}" ]; then
400 for i in ${static_routes}; do
401 eval route_args=\$route_${i}
402 route add ${route_args}
406 echo -n 'Additional routing options:'
407 case ${tcp_extensions} in
411 echo -n ' tcp extensions=NO'
412 sysctl net.inet.tcp.rfc1323=0 >/dev/null
416 case ${icmp_bmcastecho} in
418 echo -n ' broadcast ping responses=YES'
419 sysctl net.inet.icmp.bmcastecho=1 >/dev/null
423 case ${icmp_drop_redirect} in
425 echo -n ' ignore ICMP redirect=YES'
426 sysctl net.inet.icmp.drop_redirect=1 >/dev/null
430 case ${icmp_log_redirect} in
432 echo -n ' log ICMP redirect=YES'
433 sysctl net.inet.icmp.log_redirect=1 >/dev/null
437 case ${gateway_enable} in
439 echo -n ' IP gateway=YES'
440 sysctl net.inet.ip.forwarding=1 >/dev/null
444 case ${forward_sourceroute} in
446 echo -n ' do source routing=YES'
447 sysctl net.inet.ip.sourceroute=1 >/dev/null
451 case ${accept_sourceroute} in
453 echo -n ' accept source routing=YES'
454 sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
458 case ${tcp_keepalive} in
460 echo -n ' TCP keepalive=NO'
461 sysctl net.inet.tcp.always_keepalive=0 >/dev/null
465 case ${tcp_drop_synfin} in
467 echo -n ' drop SYN+FIN packets=YES'
468 sysctl net.inet.tcp.drop_synfin=1 >/dev/null
472 case ${ipxgateway_enable} in
474 echo -n ' IPX gateway=YES'
475 sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
479 case ${arpproxy_all} in
481 echo -n ' ARP proxyall=YES'
482 sysctl net.link.ether.inet.proxyall=1 >/dev/null
486 case ${ip_portrange_first} in
490 echo -n " ip_portrange_first=$ip_portrange_first"
491 sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
495 case ${ip_portrange_last} in
499 echo -n " ip_portrange_last=$ip_portrange_last"
500 sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
506 case ${ipsec_enable} in
508 if [ -f ${ipsec_file} ]; then
509 echo ' ipsec: enabled'
510 setkey -f ${ipsec_file}
512 echo ' ipsec: file not found'
517 echo -n 'Routing daemons:'
518 case ${router_enable} in
520 echo -n " ${router}"; ${router} ${router_flags}
524 case ${ipxrouted_enable} in
527 IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
531 case ${mrouted_enable} in
533 echo -n ' mrouted'; mrouted ${mrouted_flags}
537 case ${rarpd_enable} in
539 echo -n ' rarpd'; rarpd ${rarpd_flags}
544 # Let future generations know we made it.
546 network_pass1_done=YES
550 echo -n 'Doing additional network setup:'
551 case ${named_enable} in
553 echo -n ' named'; ${named_program:-named} ${named_flags}
557 case ${ntpdate_enable} in
560 ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
564 case ${ntpd_enable} in
566 echo -n ' ntpd'; ${ntpd_program:-ntpd} ${ntpd_flags}
570 case ${timed_enable} in
572 echo -n ' timed'; timed ${timed_flags}
576 case ${rpcbind_enable} in
578 echo -n ' rpcbind'; ${rpcbind_program:-/usr/sbin/rpcbind} \
581 # Start ypserv if we're an NIS server.
582 # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
584 case ${nis_server_enable} in
586 echo -n ' ypserv'; ypserv ${nis_server_flags}
588 case ${nis_ypxfrd_enable} in
590 echo -n ' rpc.ypxfrd'
591 rpc.ypxfrd ${nis_ypxfrd_flags}
595 case ${nis_yppasswdd_enable} in
597 echo -n ' rpc.yppasswdd'
598 rpc.yppasswdd ${nis_yppasswdd_flags}
604 # Start ypbind if we're an NIS client
606 case ${nis_client_enable} in
608 echo -n ' ypbind'; ypbind ${nis_client_flags}
609 case ${nis_ypset_enable} in
611 echo -n ' ypset'; ypset ${nis_ypset_flags}
617 # Start keyserv if we are running Secure RPC
619 case ${keyserv_enable} in
621 echo -n ' keyserv'; keyserv ${keyserv_flags}
625 # Start ypupdated if we are running Secure RPC
626 # and we are NIS master
628 case ${rpc_ypupdated_enable} in
630 echo -n ' rpc.ypupdated'; rpc.ypupdated
637 if [ -n "${atm_pass2_done}" ]; then
642 network_pass2_done=YES
646 echo -n 'Starting final network daemons:'
648 case ${rpcbind_enable} in
650 case ${nfs_server_enable} in
652 # Handle absent nfs server support
653 nfsserver_in_kernel=0
654 if sysctl vfs.nfsrv >/dev/null 2>&1; then
655 nfsserver_in_kernel=1
657 kldload nfsserver && nfsserver_in_kernel=1
660 if [ -r /etc/exports -a \
661 ${nfsserver_in_kernel} -eq 1 ]; then
664 case ${weak_mountd_authentication} in
666 mountd_flags="${mountd_flags} -n"
670 mountd ${mountd_flags}
672 case ${nfs_reserved_port_only} in
674 echo -n ' NFS on reserved port only=YES'
675 sysctl vfs.nfsrv.nfs_privport=1 > /dev/null
679 echo -n ' nfsd'; nfsd ${nfs_server_flags}
681 case ${rpc_statd_enable} in
683 echo -n ' rpc.statd'; rpc.statd
687 case ${rpc_lockd_enable} in
689 echo -n ' rpc.lockd'; rpc.lockd
693 echo -n ' Warning: nfs server failed'
697 case ${mountd_enable} in
699 if [ -r /etc/exports ]; then
702 case ${weak_mountd_authentication} in
708 mountd ${mountd_flags}
715 case ${nfs_client_enable} in
717 nfsclient_in_kernel=0
718 # Handle absent nfs client support
719 if sysctl vfs.nfs >/dev/null 2>&1; then
720 nfsclient_in_kernel=1
722 kldload nfsclient && nfsclient_in_kernel=1
725 if [ ${nfsclient_in_kernel} -eq 1 ]
727 if [ -n "${nfs_access_cache}" ]; then
728 echo -n " NFS access cache time=${nfs_access_cache}"
729 sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
731 if [ -n "${nfs_bufpackets}" ]; then
732 sysctl vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
734 case ${rpc_statd_enable} in
736 echo -n ' rpc.statd'; rpc.statd
740 case ${rpc_lockd_enable} in
742 echo -n ' rpc.lockd'; rpc.lockd
746 case ${amd_enable} in
749 case ${amd_map_program} in
753 amd_flags="${amd_flags} `eval\
758 case "${amd_flags}" in
760 if [ -r /etc/amd.conf ]; then
764 echo 'Warning: amd will not load without arguments'
768 amd -p ${amd_flags} \
776 echo 'Warning: NFS client kernel module failed to load'
782 # If /var/db/mounttab exists, some nfs-server has not been
783 # successfully notified about a previous client shutdown.
784 # If there is no /var/db/mounttab, we do nothing.
785 if [ -f /var/db/mounttab ]; then
792 case ${rwhod_enable} in
794 echo -n ' rwhod'; rwhod ${rwhod_flags}
798 # Kerberos servers run ONLY on the Kerberos server machine
799 case ${kerberos4_server_enable} in
801 case ${kerberos_stash} in
810 echo -n ' kerberosIV'
811 ${kerberos4_server} ${stash} >> /var/log/kerberos.log &
813 case ${kadmind4_server_enable} in
818 ${kadmind4_server} ${stash} >/dev/null 2>&1 &
826 case ${kerberos5_server_enable} in
829 ${kerberos5_server} &
831 case ${kadmind5_server_enable} in
840 case ${pppoed_enable} in
842 if [ -n "${pppoed_provider}" ]; then
843 pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
847 /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
848 set +f; set -${_opts}
852 case ${sshd_enable} in
854 if [ -x /usr/bin/ssh-keygen ]; then
855 if [ ! -f /etc/ssh/ssh_host_key ]; then
856 echo ' creating ssh1 RSA host key';
857 /usr/bin/ssh-keygen -t rsa1 -N "" \
858 -f /etc/ssh/ssh_host_key
860 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
861 echo ' creating ssh2 RSA host key';
862 /usr/bin/ssh-keygen -t rsa -N "" \
863 -f /etc/ssh/ssh_host_rsa_key
865 if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
866 echo ' creating ssh2 DSA host key';
867 /usr/bin/ssh-keygen -t dsa -N "" \
868 -f /etc/ssh/ssh_host_dsa_key
875 network_pass3_done=YES
879 echo -n 'Additional TCP options:'
880 case ${log_in_vain} in
890 echo " invalid log_in_vain setting: ${log_in_vain}"
895 [ "${log_in_vain}" -ne 0 ] && (
896 echo -n " log_in_vain=${log_in_vain}"
897 sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null
898 sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null
901 network_pass4_done=YES
904 network_gif_setup() {
905 case ${gif_interfaces} in
909 for i in ${gif_interfaces}; do
910 eval peers=\$gifconfig_$i
916 ifconfig $i create >/dev/null 2>&1
917 ifconfig $i tunnel ${peers}
926 convert_host_conf() {
928 nsswitch_conf=$1; shift;
930 /^[:blank:]*#/ { next } \
931 /(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \
932 /(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \
933 /nis/ { nsswitch[c] = "nis"; c++; next } \
934 { printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \
937 for (i in nsswitch) printf "%s ", nsswitch[i]; \
939 }' < $host_conf > $nsswitch_conf
942 generate_host_conf() {
943 nsswitch_conf=$1; shift;
948 xlat["files"] = "hosts";
949 xlat["dns"] = "bind";
953 sub(/^[\t ]*hosts:/, "") || cont {
958 cont = sub(/\\$/, "")
962 print "# Auto-generated from nsswitch.conf, do not edit"
964 for (n = 1; n <= ns; ++n) {
969 ' <$nsswitch_conf >$host_conf
projects / FreeBSD / FreeBSD.git / blob