Add ip_portrange_first and ip_portrange_last rc.conf/rc.network

    options.  This allows you to set the standard dynamic port
    assignment range prior to any network daemons (like named) starting
    up, necessary if you are also using a firewall to restrict lower ports.
    will be MFC'd in a few days

5 files changed, 95 insertions, 0 deletions

diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions
index fc7cdd0..4a3c1ec 100644
--- a/etc/rc.d/netoptions
+++ b/etc/rc.d/netoptions
@@ -350,6 +350,25 @@ network_pass1() {
 		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
 		;;
 	esac
+
+	case ${ip_portrange_first} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		echo -n ' ip_portrange_first=$ip_portrange_first'
+		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
+		;;
+	esac
+
+	case ${ip_portrange_last} in
+	[Nn][Oo] | '')
+	    ;;
+	*)
+		echo -n ' ip_portrange_last=$ip_portrange_last'
+		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
+		;;
+	esac
+
 	echo '.'
 
 	case ${ipsec_enable} in
diff --git a/etc/rc.d/network1 b/etc/rc.d/network1
index fc7cdd0..4a3c1ec 100644
--- a/etc/rc.d/network1
+++ b/etc/rc.d/network1
@@ -350,6 +350,25 @@ network_pass1() {
 		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
 		;;
 	esac
+
+	case ${ip_portrange_first} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		echo -n ' ip_portrange_first=$ip_portrange_first'
+		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
+		;;
+	esac
+
+	case ${ip_portrange_last} in
+	[Nn][Oo] | '')
+	    ;;
+	*)
+		echo -n ' ip_portrange_last=$ip_portrange_last'
+		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
+		;;
+	esac
+
 	echo '.'
 
 	case ${ipsec_enable} in
diff --git a/etc/rc.d/network2 b/etc/rc.d/network2
index fc7cdd0..4a3c1ec 100644
--- a/etc/rc.d/network2
+++ b/etc/rc.d/network2
@@ -350,6 +350,25 @@ network_pass1() {
 		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
 		;;
 	esac
+
+	case ${ip_portrange_first} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		echo -n ' ip_portrange_first=$ip_portrange_first'
+		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
+		;;
+	esac
+
+	case ${ip_portrange_last} in
+	[Nn][Oo] | '')
+	    ;;
+	*)
+		echo -n ' ip_portrange_last=$ip_portrange_last'
+		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
+		;;
+	esac
+
 	echo '.'
 
 	case ${ipsec_enable} in
diff --git a/etc/rc.d/network3 b/etc/rc.d/network3
index fc7cdd0..4a3c1ec 100644
--- a/etc/rc.d/network3
+++ b/etc/rc.d/network3
@@ -350,6 +350,25 @@ network_pass1() {
 		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
 		;;
 	esac
+
+	case ${ip_portrange_first} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		echo -n ' ip_portrange_first=$ip_portrange_first'
+		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
+		;;
+	esac
+
+	case ${ip_portrange_last} in
+	[Nn][Oo] | '')
+	    ;;
+	*)
+		echo -n ' ip_portrange_last=$ip_portrange_last'
+		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
+		;;
+	esac
+
 	echo '.'
 
 	case ${ipsec_enable} in
diff --git a/etc/rc.d/routing b/etc/rc.d/routing
index fc7cdd0..4a3c1ec 100644
--- a/etc/rc.d/routing
+++ b/etc/rc.d/routing
@@ -350,6 +350,25 @@ network_pass1() {
 		sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
 		;;
 	esac
+
+	case ${ip_portrange_first} in
+	[Nn][Oo] | '')
+		;;
+	*)
+		echo -n ' ip_portrange_first=$ip_portrange_first'
+		sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
+		;;
+	esac
+
+	case ${ip_portrange_last} in
+	[Nn][Oo] | '')
+	    ;;
+	*)
+		echo -n ' ip_portrange_last=$ip_portrange_last'
+		sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
+		;;
+	esac
+
 	echo '.'
 
 	case ${ipsec_enable} in