diff options
author | sheldonh <sheldonh@FreeBSD.org> | 1999-09-13 15:44:20 +0000 |
---|---|---|
committer | sheldonh <sheldonh@FreeBSD.org> | 1999-09-13 15:44:20 +0000 |
commit | d8a93d30ec0f7b9de2d59dab07ac29c6f7f8f663 (patch) | |
tree | f61d8b7d858e07792674c281853167482e6806c5 /etc/rc.d | |
parent | 019fd9cb5fe17ed3ce93a28306ec3009d2a512f7 (diff) | |
download | FreeBSD-src-d8a93d30ec0f7b9de2d59dab07ac29c6f7f8f663.zip FreeBSD-src-d8a93d30ec0f7b9de2d59dab07ac29c6f7f8f663.tar.gz |
Apply a consistent style to most of the etc scripts. Particularly, use
case instead of test where appropriate, since case allows case is a sh
builtin and (as a side-effect) allows case-insensitivity.
Changes discussed on freebsd-hackers.
Submitted by: Doug Barton <Doug@gorean.org>
Diffstat (limited to 'etc/rc.d')
-rw-r--r-- | etc/rc.d/atm1 | 283 | ||||
-rw-r--r-- | etc/rc.d/atm2 | 283 | ||||
-rw-r--r-- | etc/rc.d/atm2.sh | 283 | ||||
-rw-r--r-- | etc/rc.d/atm3 | 283 | ||||
-rw-r--r-- | etc/rc.d/atm3.sh | 283 | ||||
-rw-r--r-- | etc/rc.d/diskless | 12 | ||||
-rw-r--r-- | etc/rc.d/initdiskless | 36 | ||||
-rw-r--r-- | etc/rc.d/isdnd | 60 | ||||
-rw-r--r-- | etc/rc.d/netoptions | 928 | ||||
-rw-r--r-- | etc/rc.d/network1 | 928 | ||||
-rw-r--r-- | etc/rc.d/network2 | 928 | ||||
-rw-r--r-- | etc/rc.d/network3 | 928 | ||||
-rw-r--r-- | etc/rc.d/pccard | 23 | ||||
-rw-r--r-- | etc/rc.d/resolv | 12 | ||||
-rw-r--r-- | etc/rc.d/routing | 928 | ||||
-rw-r--r-- | etc/rc.d/tmp | 12 | ||||
-rw-r--r-- | etc/rc.d/var | 12 |
17 files changed, 3616 insertions, 2606 deletions
diff --git a/etc/rc.d/atm1 b/etc/rc.d/atm1 index 57ff149..7e72aeb 100644 --- a/etc/rc.d/atm1 +++ b/etc/rc.d/atm1 @@ -10,87 +10,99 @@ # N.B. /usr is not mounted. # atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9]|hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9]|hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo "No ATM adapters found." - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld -d /etc - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo "missing network interface definition" - continue - fi + # Locate all probed ATM adapters + atmdev=`atm sh stat int | while read dev junk; do + case ${dev} in + hea[0-9] | hea[0-9][0-9]) + echo "${dev} " + ;; + hfa[0-9] | hfa[0-9][0-9]) + echo "${dev} " + ;; + *) + continue + ;; + esac + done` - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" -a "${macaddr_args}" != "NO" ]; then - atm set mac ${phy} ${macaddr_args} || continue + if [ -z "${atmdev}" ]; then + echo "No ATM adapters found." + return 0 fi - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo "missing signalling manager definition" - continue + # Load microcode into FORE adapters (if needed) + if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then + fore_dnld -d /etc fi - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo "missing NSAP prefix for UNI interface" + # Configure physical interfaces + ilmid=0 + for phy in ${atmdev}; do + echo -n "Configuring ATM device ${phy}:" + + # Define network interfaces + eval netif_args=\$atm_netif_${phy} + if [ -n "${netif_args}" ]; then + atm set netif ${phy} ${netif_args} || continue + else + echo "missing network interface definition" continue fi - if [ "${prefix_args}" = "ILMI" ]; then - ilmid=1 + + # Override physical MAC address + eval macaddr_args=\$atm_macaddr_${phy} + if [ -n "${macaddr_args}" ]; then + case ${macaddr_args} in + [Nn][Oo] | '') + ;; + *) + atm set mac ${phy} ${macaddr_args} || continue + ;; + esac + fi + + # Configure signalling manager + eval sigmgr_args=\$atm_sigmgr_${phy} + if [ -n "${sigmgr_args}" ]; then + atm attach ${phy} ${sigmgr_args} || continue else - atm set prefix ${phy} ${prefix_args} || continue + echo "missing signalling manager definition" + continue fi - fi - atm_phy="${atm_phy} ${phy}" - echo "." - done + # Configure UNI NSAP prefix + eval prefix_args=\$atm_prefix_${phy} + if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then + if [ -z "${prefix_args}" ]; then + echo "missing NSAP prefix for UNI interface" + continue + fi + + case ${prefix_args} in + ILMI) + ilmid=1 + ;; + *) + atm set prefix ${phy} ${prefix_args} || continue + ;; + esac + fi - echo -n "Starting initial ATM daemons:" - # Start ILMI daemon (if needed) - if [ ${ilmid} -eq 1 ]; then - echo -n " ilmid" - ilmid - fi + atm_phy="${atm_phy} ${phy}" + echo "." + done - echo "." - atm_pass1_done=YES + echo -n "Starting initial ATM daemons:" + # Start ILMI daemon (if needed) + case ${ilmid} in + 1) + echo -n " ilmid" + ilmid + ;; + esac + + echo "." + atm_pass1_done=YES } # @@ -98,75 +110,84 @@ atm_pass1() { # N.B. /usr is not mounted. # atm_pass2() { - echo -n "Configuring ATM network interfaces:" - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - - net="${netname}${netindx}" - netindx=`expr ${netindx} + 1` - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || continue - fi - eval scsparp_args=\$atm_scsparp_${net} - if [ "${scsparp_args}" = "YES" ]; then - if [ "${atmarp_args}" != "local" ]; then - echo "local arpserver required for SCSP" - continue + echo -n "Configuring ATM network interfaces:" + + atm_scspd=0 + atm_atmarpd="" + + # Configure network interfaces + for phy in ${atm_phy}; do + eval netif_args=\$atm_netif_${phy} + set -- ${netif_args} + netname=$1 + netcnt=$2 + netindx=0 + while [ ${netindx} -lt ${netcnt} ]; do + net="${netname}${netindx}" + netindx=`expr ${netindx} + 1` + echo -n " ${net}" + + # Configure atmarp server + eval atmarp_args=\$atm_arpserver_${net} + if [ -n "${atmarp_args}" ]; then + atm set arpserver ${net} ${atmarp_args} || + continue fi - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - fi + eval scsparp_args=\$atm_scsparp_${net} + + case ${scsparp_args} in + [Yy][Ee][Ss]) + case ${atmarp_args} in + local) + ;; + *) + echo "local arpserver required for SCSP" + continue + ;; + esac + + atm_atmarpd="${atm_atmarpd} ${net}" + atm_scspd=1 + esac + done done - done - echo "." - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi + echo "." - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES + # Define any PVCs. + if [ -n "${atm_pvcs}" ]; then + for i in ${atm_pvcs}; do + eval pvc_args=\$atm_pvc_${i} + atm add pvc ${pvc_args} + done + fi + + # Define any permanent ARP entries. + if [ -n "${atm_arps}" ]; then + for i in ${atm_arps}; do + eval arp_args=\$atm_arp_${i} + atm add arp ${arp_args} + done + fi + atm_pass2_done=YES } # # Start any necessary daemons. # atm_pass3() { - # Start SCSP daemon (if needed) - if [ "${atm_scspd}" -eq 1 ]; then - echo -n " scspd" - scspd - fi - - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n " atmarpd" - atmarpd ${atm_atmarpd} - fi - - atm_pass3_done=YES + # Start SCSP daemon (if needed) + case ${atm_scspd} in + 1) + echo -n " scspd" + scspd + ;; + esac + + # Start ATMARP daemon (if needed) + if [ -n "${atm_atmarpd}" ]; then + echo -n " atmarpd" + atmarpd ${atm_atmarpd} + fi + + atm_pass3_done=YES } diff --git a/etc/rc.d/atm2 b/etc/rc.d/atm2 index 57ff149..7e72aeb 100644 --- a/etc/rc.d/atm2 +++ b/etc/rc.d/atm2 @@ -10,87 +10,99 @@ # N.B. /usr is not mounted. # atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9]|hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9]|hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo "No ATM adapters found." - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld -d /etc - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo "missing network interface definition" - continue - fi + # Locate all probed ATM adapters + atmdev=`atm sh stat int | while read dev junk; do + case ${dev} in + hea[0-9] | hea[0-9][0-9]) + echo "${dev} " + ;; + hfa[0-9] | hfa[0-9][0-9]) + echo "${dev} " + ;; + *) + continue + ;; + esac + done` - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" -a "${macaddr_args}" != "NO" ]; then - atm set mac ${phy} ${macaddr_args} || continue + if [ -z "${atmdev}" ]; then + echo "No ATM adapters found." + return 0 fi - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo "missing signalling manager definition" - continue + # Load microcode into FORE adapters (if needed) + if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then + fore_dnld -d /etc fi - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo "missing NSAP prefix for UNI interface" + # Configure physical interfaces + ilmid=0 + for phy in ${atmdev}; do + echo -n "Configuring ATM device ${phy}:" + + # Define network interfaces + eval netif_args=\$atm_netif_${phy} + if [ -n "${netif_args}" ]; then + atm set netif ${phy} ${netif_args} || continue + else + echo "missing network interface definition" continue fi - if [ "${prefix_args}" = "ILMI" ]; then - ilmid=1 + + # Override physical MAC address + eval macaddr_args=\$atm_macaddr_${phy} + if [ -n "${macaddr_args}" ]; then + case ${macaddr_args} in + [Nn][Oo] | '') + ;; + *) + atm set mac ${phy} ${macaddr_args} || continue + ;; + esac + fi + + # Configure signalling manager + eval sigmgr_args=\$atm_sigmgr_${phy} + if [ -n "${sigmgr_args}" ]; then + atm attach ${phy} ${sigmgr_args} || continue else - atm set prefix ${phy} ${prefix_args} || continue + echo "missing signalling manager definition" + continue fi - fi - atm_phy="${atm_phy} ${phy}" - echo "." - done + # Configure UNI NSAP prefix + eval prefix_args=\$atm_prefix_${phy} + if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then + if [ -z "${prefix_args}" ]; then + echo "missing NSAP prefix for UNI interface" + continue + fi + + case ${prefix_args} in + ILMI) + ilmid=1 + ;; + *) + atm set prefix ${phy} ${prefix_args} || continue + ;; + esac + fi - echo -n "Starting initial ATM daemons:" - # Start ILMI daemon (if needed) - if [ ${ilmid} -eq 1 ]; then - echo -n " ilmid" - ilmid - fi + atm_phy="${atm_phy} ${phy}" + echo "." + done - echo "." - atm_pass1_done=YES + echo -n "Starting initial ATM daemons:" + # Start ILMI daemon (if needed) + case ${ilmid} in + 1) + echo -n " ilmid" + ilmid + ;; + esac + + echo "." + atm_pass1_done=YES } # @@ -98,75 +110,84 @@ atm_pass1() { # N.B. /usr is not mounted. # atm_pass2() { - echo -n "Configuring ATM network interfaces:" - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - - net="${netname}${netindx}" - netindx=`expr ${netindx} + 1` - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || continue - fi - eval scsparp_args=\$atm_scsparp_${net} - if [ "${scsparp_args}" = "YES" ]; then - if [ "${atmarp_args}" != "local" ]; then - echo "local arpserver required for SCSP" - continue + echo -n "Configuring ATM network interfaces:" + + atm_scspd=0 + atm_atmarpd="" + + # Configure network interfaces + for phy in ${atm_phy}; do + eval netif_args=\$atm_netif_${phy} + set -- ${netif_args} + netname=$1 + netcnt=$2 + netindx=0 + while [ ${netindx} -lt ${netcnt} ]; do + net="${netname}${netindx}" + netindx=`expr ${netindx} + 1` + echo -n " ${net}" + + # Configure atmarp server + eval atmarp_args=\$atm_arpserver_${net} + if [ -n "${atmarp_args}" ]; then + atm set arpserver ${net} ${atmarp_args} || + continue fi - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - fi + eval scsparp_args=\$atm_scsparp_${net} + + case ${scsparp_args} in + [Yy][Ee][Ss]) + case ${atmarp_args} in + local) + ;; + *) + echo "local arpserver required for SCSP" + continue + ;; + esac + + atm_atmarpd="${atm_atmarpd} ${net}" + atm_scspd=1 + esac + done done - done - echo "." - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi + echo "." - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES + # Define any PVCs. + if [ -n "${atm_pvcs}" ]; then + for i in ${atm_pvcs}; do + eval pvc_args=\$atm_pvc_${i} + atm add pvc ${pvc_args} + done + fi + + # Define any permanent ARP entries. + if [ -n "${atm_arps}" ]; then + for i in ${atm_arps}; do + eval arp_args=\$atm_arp_${i} + atm add arp ${arp_args} + done + fi + atm_pass2_done=YES } # # Start any necessary daemons. # atm_pass3() { - # Start SCSP daemon (if needed) - if [ "${atm_scspd}" -eq 1 ]; then - echo -n " scspd" - scspd - fi - - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n " atmarpd" - atmarpd ${atm_atmarpd} - fi - - atm_pass3_done=YES + # Start SCSP daemon (if needed) + case ${atm_scspd} in + 1) + echo -n " scspd" + scspd + ;; + esac + + # Start ATMARP daemon (if needed) + if [ -n "${atm_atmarpd}" ]; then + echo -n " atmarpd" + atmarpd ${atm_atmarpd} + fi + + atm_pass3_done=YES } diff --git a/etc/rc.d/atm2.sh b/etc/rc.d/atm2.sh index 57ff149..7e72aeb 100644 --- a/etc/rc.d/atm2.sh +++ b/etc/rc.d/atm2.sh @@ -10,87 +10,99 @@ # N.B. /usr is not mounted. # atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9]|hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9]|hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo "No ATM adapters found." - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld -d /etc - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo "missing network interface definition" - continue - fi + # Locate all probed ATM adapters + atmdev=`atm sh stat int | while read dev junk; do + case ${dev} in + hea[0-9] | hea[0-9][0-9]) + echo "${dev} " + ;; + hfa[0-9] | hfa[0-9][0-9]) + echo "${dev} " + ;; + *) + continue + ;; + esac + done` - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" -a "${macaddr_args}" != "NO" ]; then - atm set mac ${phy} ${macaddr_args} || continue + if [ -z "${atmdev}" ]; then + echo "No ATM adapters found." + return 0 fi - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo "missing signalling manager definition" - continue + # Load microcode into FORE adapters (if needed) + if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then + fore_dnld -d /etc fi - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo "missing NSAP prefix for UNI interface" + # Configure physical interfaces + ilmid=0 + for phy in ${atmdev}; do + echo -n "Configuring ATM device ${phy}:" + + # Define network interfaces + eval netif_args=\$atm_netif_${phy} + if [ -n "${netif_args}" ]; then + atm set netif ${phy} ${netif_args} || continue + else + echo "missing network interface definition" continue fi - if [ "${prefix_args}" = "ILMI" ]; then - ilmid=1 + + # Override physical MAC address + eval macaddr_args=\$atm_macaddr_${phy} + if [ -n "${macaddr_args}" ]; then + case ${macaddr_args} in + [Nn][Oo] | '') + ;; + *) + atm set mac ${phy} ${macaddr_args} || continue + ;; + esac + fi + + # Configure signalling manager + eval sigmgr_args=\$atm_sigmgr_${phy} + if [ -n "${sigmgr_args}" ]; then + atm attach ${phy} ${sigmgr_args} || continue else - atm set prefix ${phy} ${prefix_args} || continue + echo "missing signalling manager definition" + continue fi - fi - atm_phy="${atm_phy} ${phy}" - echo "." - done + # Configure UNI NSAP prefix + eval prefix_args=\$atm_prefix_${phy} + if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then + if [ -z "${prefix_args}" ]; then + echo "missing NSAP prefix for UNI interface" + continue + fi + + case ${prefix_args} in + ILMI) + ilmid=1 + ;; + *) + atm set prefix ${phy} ${prefix_args} || continue + ;; + esac + fi - echo -n "Starting initial ATM daemons:" - # Start ILMI daemon (if needed) - if [ ${ilmid} -eq 1 ]; then - echo -n " ilmid" - ilmid - fi + atm_phy="${atm_phy} ${phy}" + echo "." + done - echo "." - atm_pass1_done=YES + echo -n "Starting initial ATM daemons:" + # Start ILMI daemon (if needed) + case ${ilmid} in + 1) + echo -n " ilmid" + ilmid + ;; + esac + + echo "." + atm_pass1_done=YES } # @@ -98,75 +110,84 @@ atm_pass1() { # N.B. /usr is not mounted. # atm_pass2() { - echo -n "Configuring ATM network interfaces:" - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - - net="${netname}${netindx}" - netindx=`expr ${netindx} + 1` - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || continue - fi - eval scsparp_args=\$atm_scsparp_${net} - if [ "${scsparp_args}" = "YES" ]; then - if [ "${atmarp_args}" != "local" ]; then - echo "local arpserver required for SCSP" - continue + echo -n "Configuring ATM network interfaces:" + + atm_scspd=0 + atm_atmarpd="" + + # Configure network interfaces + for phy in ${atm_phy}; do + eval netif_args=\$atm_netif_${phy} + set -- ${netif_args} + netname=$1 + netcnt=$2 + netindx=0 + while [ ${netindx} -lt ${netcnt} ]; do + net="${netname}${netindx}" + netindx=`expr ${netindx} + 1` + echo -n " ${net}" + + # Configure atmarp server + eval atmarp_args=\$atm_arpserver_${net} + if [ -n "${atmarp_args}" ]; then + atm set arpserver ${net} ${atmarp_args} || + continue fi - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - fi + eval scsparp_args=\$atm_scsparp_${net} + + case ${scsparp_args} in + [Yy][Ee][Ss]) + case ${atmarp_args} in + local) + ;; + *) + echo "local arpserver required for SCSP" + continue + ;; + esac + + atm_atmarpd="${atm_atmarpd} ${net}" + atm_scspd=1 + esac + done done - done - echo "." - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi + echo "." - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES + # Define any PVCs. + if [ -n "${atm_pvcs}" ]; then + for i in ${atm_pvcs}; do + eval pvc_args=\$atm_pvc_${i} + atm add pvc ${pvc_args} + done + fi + + # Define any permanent ARP entries. + if [ -n "${atm_arps}" ]; then + for i in ${atm_arps}; do + eval arp_args=\$atm_arp_${i} + atm add arp ${arp_args} + done + fi + atm_pass2_done=YES } # # Start any necessary daemons. # atm_pass3() { - # Start SCSP daemon (if needed) - if [ "${atm_scspd}" -eq 1 ]; then - echo -n " scspd" - scspd - fi - - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n " atmarpd" - atmarpd ${atm_atmarpd} - fi - - atm_pass3_done=YES + # Start SCSP daemon (if needed) + case ${atm_scspd} in + 1) + echo -n " scspd" + scspd + ;; + esac + + # Start ATMARP daemon (if needed) + if [ -n "${atm_atmarpd}" ]; then + echo -n " atmarpd" + atmarpd ${atm_atmarpd} + fi + + atm_pass3_done=YES } diff --git a/etc/rc.d/atm3 b/etc/rc.d/atm3 index 57ff149..7e72aeb 100644 --- a/etc/rc.d/atm3 +++ b/etc/rc.d/atm3 @@ -10,87 +10,99 @@ # N.B. /usr is not mounted. # atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9]|hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9]|hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo "No ATM adapters found." - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld -d /etc - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo "missing network interface definition" - continue - fi + # Locate all probed ATM adapters + atmdev=`atm sh stat int | while read dev junk; do + case ${dev} in + hea[0-9] | hea[0-9][0-9]) + echo "${dev} " + ;; + hfa[0-9] | hfa[0-9][0-9]) + echo "${dev} " + ;; + *) + continue + ;; + esac + done` - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" -a "${macaddr_args}" != "NO" ]; then - atm set mac ${phy} ${macaddr_args} || continue + if [ -z "${atmdev}" ]; then + echo "No ATM adapters found." + return 0 fi - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo "missing signalling manager definition" - continue + # Load microcode into FORE adapters (if needed) + if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then + fore_dnld -d /etc fi - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo "missing NSAP prefix for UNI interface" + # Configure physical interfaces + ilmid=0 + for phy in ${atmdev}; do + echo -n "Configuring ATM device ${phy}:" + + # Define network interfaces + eval netif_args=\$atm_netif_${phy} + if [ -n "${netif_args}" ]; then + atm set netif ${phy} ${netif_args} || continue + else + echo "missing network interface definition" continue fi - if [ "${prefix_args}" = "ILMI" ]; then - ilmid=1 + + # Override physical MAC address + eval macaddr_args=\$atm_macaddr_${phy} + if [ -n "${macaddr_args}" ]; then + case ${macaddr_args} in + [Nn][Oo] | '') + ;; + *) + atm set mac ${phy} ${macaddr_args} || continue + ;; + esac + fi + + # Configure signalling manager + eval sigmgr_args=\$atm_sigmgr_${phy} + if [ -n "${sigmgr_args}" ]; then + atm attach ${phy} ${sigmgr_args} || continue else - atm set prefix ${phy} ${prefix_args} || continue + echo "missing signalling manager definition" + continue fi - fi - atm_phy="${atm_phy} ${phy}" - echo "." - done + # Configure UNI NSAP prefix + eval prefix_args=\$atm_prefix_${phy} + if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then + if [ -z "${prefix_args}" ]; then + echo "missing NSAP prefix for UNI interface" + continue + fi + + case ${prefix_args} in + ILMI) + ilmid=1 + ;; + *) + atm set prefix ${phy} ${prefix_args} || continue + ;; + esac + fi - echo -n "Starting initial ATM daemons:" - # Start ILMI daemon (if needed) - if [ ${ilmid} -eq 1 ]; then - echo -n " ilmid" - ilmid - fi + atm_phy="${atm_phy} ${phy}" + echo "." + done - echo "." - atm_pass1_done=YES + echo -n "Starting initial ATM daemons:" + # Start ILMI daemon (if needed) + case ${ilmid} in + 1) + echo -n " ilmid" + ilmid + ;; + esac + + echo "." + atm_pass1_done=YES } # @@ -98,75 +110,84 @@ atm_pass1() { # N.B. /usr is not mounted. # atm_pass2() { - echo -n "Configuring ATM network interfaces:" - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - - net="${netname}${netindx}" - netindx=`expr ${netindx} + 1` - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || continue - fi - eval scsparp_args=\$atm_scsparp_${net} - if [ "${scsparp_args}" = "YES" ]; then - if [ "${atmarp_args}" != "local" ]; then - echo "local arpserver required for SCSP" - continue + echo -n "Configuring ATM network interfaces:" + + atm_scspd=0 + atm_atmarpd="" + + # Configure network interfaces + for phy in ${atm_phy}; do + eval netif_args=\$atm_netif_${phy} + set -- ${netif_args} + netname=$1 + netcnt=$2 + netindx=0 + while [ ${netindx} -lt ${netcnt} ]; do + net="${netname}${netindx}" + netindx=`expr ${netindx} + 1` + echo -n " ${net}" + + # Configure atmarp server + eval atmarp_args=\$atm_arpserver_${net} + if [ -n "${atmarp_args}" ]; then + atm set arpserver ${net} ${atmarp_args} || + continue fi - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - fi + eval scsparp_args=\$atm_scsparp_${net} + + case ${scsparp_args} in + [Yy][Ee][Ss]) + case ${atmarp_args} in + local) + ;; + *) + echo "local arpserver required for SCSP" + continue + ;; + esac + + atm_atmarpd="${atm_atmarpd} ${net}" + atm_scspd=1 + esac + done done - done - echo "." - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi + echo "." - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES + # Define any PVCs. + if [ -n "${atm_pvcs}" ]; then + for i in ${atm_pvcs}; do + eval pvc_args=\$atm_pvc_${i} + atm add pvc ${pvc_args} + done + fi + + # Define any permanent ARP entries. + if [ -n "${atm_arps}" ]; then + for i in ${atm_arps}; do + eval arp_args=\$atm_arp_${i} + atm add arp ${arp_args} + done + fi + atm_pass2_done=YES } # # Start any necessary daemons. # atm_pass3() { - # Start SCSP daemon (if needed) - if [ "${atm_scspd}" -eq 1 ]; then - echo -n " scspd" - scspd - fi - - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n " atmarpd" - atmarpd ${atm_atmarpd} - fi - - atm_pass3_done=YES + # Start SCSP daemon (if needed) + case ${atm_scspd} in + 1) + echo -n " scspd" + scspd + ;; + esac + + # Start ATMARP daemon (if needed) + if [ -n "${atm_atmarpd}" ]; then + echo -n " atmarpd" + atmarpd ${atm_atmarpd} + fi + + atm_pass3_done=YES } diff --git a/etc/rc.d/atm3.sh b/etc/rc.d/atm3.sh index 57ff149..7e72aeb 100644 --- a/etc/rc.d/atm3.sh +++ b/etc/rc.d/atm3.sh @@ -10,87 +10,99 @@ # N.B. /usr is not mounted. # atm_pass1() { - # Locate all probed ATM adapters - atmdev=`atm sh stat int | while read dev junk; do - case ${dev} in - hea[0-9]|hea[0-9][0-9]) - echo "${dev} " - ;; - hfa[0-9]|hfa[0-9][0-9]) - echo "${dev} " - ;; - *) - continue - ;; - esac - done` - - if [ -z "${atmdev}" ]; then - echo "No ATM adapters found." - return 0 - fi - - # Load microcode into FORE adapters (if needed) - if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then - fore_dnld -d /etc - fi - - # Configure physical interfaces - ilmid=0 - for phy in ${atmdev}; do - echo -n "Configuring ATM device ${phy}:" - - # Define network interfaces - eval netif_args=\$atm_netif_${phy} - if [ -n "${netif_args}" ]; then - atm set netif ${phy} ${netif_args} || continue - else - echo "missing network interface definition" - continue - fi + # Locate all probed ATM adapters + atmdev=`atm sh stat int | while read dev junk; do + case ${dev} in + hea[0-9] | hea[0-9][0-9]) + echo "${dev} " + ;; + hfa[0-9] | hfa[0-9][0-9]) + echo "${dev} " + ;; + *) + continue + ;; + esac + done` - # Override physical MAC address - eval macaddr_args=\$atm_macaddr_${phy} - if [ -n "${macaddr_args}" -a "${macaddr_args}" != "NO" ]; then - atm set mac ${phy} ${macaddr_args} || continue + if [ -z "${atmdev}" ]; then + echo "No ATM adapters found." + return 0 fi - # Configure signalling manager - eval sigmgr_args=\$atm_sigmgr_${phy} - if [ -n "${sigmgr_args}" ]; then - atm attach ${phy} ${sigmgr_args} || continue - else - echo "missing signalling manager definition" - continue + # Load microcode into FORE adapters (if needed) + if [ `expr "${atmdev}" : '.*hfa.*'` -ne 0 ]; then + fore_dnld -d /etc fi - # Configure UNI NSAP prefix - eval prefix_args=\$atm_prefix_${phy} - if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then - if [ -z "${prefix_args}" ]; then - echo "missing NSAP prefix for UNI interface" + # Configure physical interfaces + ilmid=0 + for phy in ${atmdev}; do + echo -n "Configuring ATM device ${phy}:" + + # Define network interfaces + eval netif_args=\$atm_netif_${phy} + if [ -n "${netif_args}" ]; then + atm set netif ${phy} ${netif_args} || continue + else + echo "missing network interface definition" continue fi - if [ "${prefix_args}" = "ILMI" ]; then - ilmid=1 + + # Override physical MAC address + eval macaddr_args=\$atm_macaddr_${phy} + if [ -n "${macaddr_args}" ]; then + case ${macaddr_args} in + [Nn][Oo] | '') + ;; + *) + atm set mac ${phy} ${macaddr_args} || continue + ;; + esac + fi + + # Configure signalling manager + eval sigmgr_args=\$atm_sigmgr_${phy} + if [ -n "${sigmgr_args}" ]; then + atm attach ${phy} ${sigmgr_args} || continue else - atm set prefix ${phy} ${prefix_args} || continue + echo "missing signalling manager definition" + continue fi - fi - atm_phy="${atm_phy} ${phy}" - echo "." - done + # Configure UNI NSAP prefix + eval prefix_args=\$atm_prefix_${phy} + if [ `expr "${sigmgr_args}" : '[uU][nN][iI].*'` -ne 0 ]; then + if [ -z "${prefix_args}" ]; then + echo "missing NSAP prefix for UNI interface" + continue + fi + + case ${prefix_args} in + ILMI) + ilmid=1 + ;; + *) + atm set prefix ${phy} ${prefix_args} || continue + ;; + esac + fi - echo -n "Starting initial ATM daemons:" - # Start ILMI daemon (if needed) - if [ ${ilmid} -eq 1 ]; then - echo -n " ilmid" - ilmid - fi + atm_phy="${atm_phy} ${phy}" + echo "." + done - echo "." - atm_pass1_done=YES + echo -n "Starting initial ATM daemons:" + # Start ILMI daemon (if needed) + case ${ilmid} in + 1) + echo -n " ilmid" + ilmid + ;; + esac + + echo "." + atm_pass1_done=YES } # @@ -98,75 +110,84 @@ atm_pass1() { # N.B. /usr is not mounted. # atm_pass2() { - echo -n "Configuring ATM network interfaces:" - - atm_scspd=0 - atm_atmarpd="" - - # Configure network interfaces - for phy in ${atm_phy}; do - eval netif_args=\$atm_netif_${phy} - set -- ${netif_args} - netname=$1 - netcnt=$2 - netindx=0 - while [ ${netindx} -lt ${netcnt} ]; do - - net="${netname}${netindx}" - netindx=`expr ${netindx} + 1` - echo -n " ${net}" - - # Configure atmarp server - eval atmarp_args=\$atm_arpserver_${net} - if [ -n "${atmarp_args}" ]; then - atm set arpserver ${net} ${atmarp_args} || continue - fi - eval scsparp_args=\$atm_scsparp_${net} - if [ "${scsparp_args}" = "YES" ]; then - if [ "${atmarp_args}" != "local" ]; then - echo "local arpserver required for SCSP" - continue + echo -n "Configuring ATM network interfaces:" + + atm_scspd=0 + atm_atmarpd="" + + # Configure network interfaces + for phy in ${atm_phy}; do + eval netif_args=\$atm_netif_${phy} + set -- ${netif_args} + netname=$1 + netcnt=$2 + netindx=0 + while [ ${netindx} -lt ${netcnt} ]; do + net="${netname}${netindx}" + netindx=`expr ${netindx} + 1` + echo -n " ${net}" + + # Configure atmarp server + eval atmarp_args=\$atm_arpserver_${net} + if [ -n "${atmarp_args}" ]; then + atm set arpserver ${net} ${atmarp_args} || + continue fi - atm_atmarpd="${atm_atmarpd} ${net}" - atm_scspd=1 - fi + eval scsparp_args=\$atm_scsparp_${net} + + case ${scsparp_args} in + [Yy][Ee][Ss]) + case ${atmarp_args} in + local) + ;; + *) + echo "local arpserver required for SCSP" + continue + ;; + esac + + atm_atmarpd="${atm_atmarpd} ${net}" + atm_scspd=1 + esac + done done - done - echo "." - - # Define any PVCs. - if [ -n "${atm_pvcs}" ]; then - for i in ${atm_pvcs}; do - eval pvc_args=\$atm_pvc_${i} - atm add pvc ${pvc_args} - done - fi + echo "." - # Define any permanent ARP entries. - if [ -n "${atm_arps}" ]; then - for i in ${atm_arps}; do - eval arp_args=\$atm_arp_${i} - atm add arp ${arp_args} - done - fi - atm_pass2_done=YES + # Define any PVCs. + if [ -n "${atm_pvcs}" ]; then + for i in ${atm_pvcs}; do + eval pvc_args=\$atm_pvc_${i} + atm add pvc ${pvc_args} + done + fi + + # Define any permanent ARP entries. + if [ -n "${atm_arps}" ]; then + for i in ${atm_arps}; do + eval arp_args=\$atm_arp_${i} + atm add arp ${arp_args} + done + fi + atm_pass2_done=YES } # # Start any necessary daemons. # atm_pass3() { - # Start SCSP daemon (if needed) - if [ "${atm_scspd}" -eq 1 ]; then - echo -n " scspd" - scspd - fi - - # Start ATMARP daemon (if needed) - if [ -n "${atm_atmarpd}" ]; then - echo -n " atmarpd" - atmarpd ${atm_atmarpd} - fi - - atm_pass3_done=YES + # Start SCSP daemon (if needed) + case ${atm_scspd} in + 1) + echo -n " scspd" + scspd + ;; + esac + + # Start ATMARP daemon (if needed) + if [ -n "${atm_atmarpd}" ]; then + echo -n " atmarpd" + atmarpd ${atm_atmarpd} + fi + + atm_pass3_done=YES } diff --git a/etc/rc.d/diskless b/etc/rc.d/diskless index a7f0a50..2d777e5 100644 --- a/etc/rc.d/diskless +++ b/etc/rc.d/diskless @@ -1,11 +1,14 @@ +# +#$FreeBSD$ +# # PROVIDE: diskless # REQUIRE: initdiskless mountcritlocal if [ -n "$4" ]; then bpi="-i $4" -if [ -f /etc/defaults/rc.conf ]; then + fi /sbin/mdconfig -a -t malloc -s $1 -u $3 -elif [ -f /etc/rc.conf ]; then + /sbin/newfs $bpi /dev/md$3c /sbin/mount /dev/md$3c $2 } @@ -29,10 +32,9 @@ mkdir /var/spool/output/lpd chown -R root.daemon /var/spool/output chgrp daemon /var/spool/lpd -( cd /; find -x dev | cpio -o -H newc ) > /tmp/dev.tmp +(cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_mfs -s 4096 -i 512 -T qp120at dummy /dev -( cd /; cpio -i -H newc -d < /tmp/dev.tmp ) - +(cd /; cpio -i -H newc -d < /tmp/dev.tmp) # extract a list of device entries, then copy them to a writable fs (cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_md 4096 /dev 3 512 diff --git a/etc/rc.d/initdiskless b/etc/rc.d/initdiskless index 0f80c43..d93e36e 100644 --- a/etc/rc.d/initdiskless +++ b/etc/rc.d/initdiskless @@ -1,4 +1,6 @@ # +# $FreeBSD$ +# # /etc/rc.diskless - general BOOTP startup # # BOOTP has mounted / for us. Assume a read-only mount. We must then @@ -10,14 +12,14 @@ # set by the system operator on the server to be softlinks to # /conf/ME/fstab and /conf/ME/rc.conf.local. The system operator may # choose to retarget other files as well. The server itself boots -# properly with its default /conf/ME softlink pointing to -# /conf/server.host.name. +# properly with its default /conf/ME softlink pointing to +# /conf/server.host.name. # # During a diskless boot, we retarget the /conf/ME softlink to point # to /conf/DISKLESS.CLIENT.IP.ADDRESS. Thus, various system config # files that are softlinks through /conf/ME also get retargeted. # -# SEE SAMPLE FILES IN /usr/share/examples/diskless. +# SEE SAMPLE FILES IN /usr/share/examples/diskless. # chkerr: # @@ -25,27 +27,31 @@ # # checks error code and drops into shell on failure. # if shell exits, terminates script as well as /etc/rc. - +# chkerr() { - if [ $1 != 0 ]; then + case $1 in + 0) + ;; + *) echo "$2 failed: dropping into /bin/sh" /bin/sh # RESUME - fi + ;; + esac } # DEBUGGING # set -v -# Figure out where the root mount is coming from, synthesize a mount -# for /usr and mount it. +# Figure out where the root mount is coming from, synthesize a mount +# for /usr and mount it. # -# e.g. nfs_root might wind up as "A.B.C.D:/" +# e.g. nfs_root might wind up as "A.B.C.D:/" # -# NOTE! the /usr mount is only temporary so we can access commands necessary -# to retarget /conf/ME. The actual /usr mount should be part of the -# retargeted /etc/fstab. See instructions in /usr/share/examples/diskless. +# NOTE! the /usr mount is only temporary so we can access commands necessary +# to retarget /conf/ME. The actual /usr mount should be part of the +# retargeted /etc/fstab. See instructions in /usr/share/examples/diskless. # set `/bin/df /` nfs_root=$8 @@ -53,7 +59,7 @@ mount_nfs -o ro ${nfs_root}/usr /usr chkerr $? "mount of /usr" -# Figure out our interface and IP. +# Figure out our interface and IP. # bootp_ifc=`route -n get default | fgrep interface | awk '{ print $2; }'` @@ -74,7 +80,7 @@ umount /usr # # WARNING! null mounts cannot handle mmap, and since many programs # use mmap (such as 'cp'), we have to copy. - +# mount_mfs -s 256 -T qp120at -o union dummy /conf chkerr $? "MFS mount on /conf" @@ -91,7 +97,7 @@ sysctl -w kern.bootfile=/conf/ME/kernel # else. # # This script is responsible for setting up the -# diskless mount environment. This can be +# diskless mount environment. This can be # overriden by /conf/ME/rc.conf.local if, for # example, you do not want to run the standard # system /etc/rc.diskless2 diff --git a/etc/rc.d/isdnd b/etc/rc.d/isdnd index 11e140a..1302102 100644 --- a/etc/rc.d/isdnd +++ b/etc/rc.d/isdnd @@ -10,39 +10,53 @@ # #--------------------------------------------------------------------------- -if [ "${isdn_enable}" = "YES" ] ; then - +case ${isdn_enable} in +[Yy][Ee][Ss]) echo -n 'ISDN subsystem setup:' - # terminal type for fullscreen mode, default to syscons driver + # Terminal type for fullscreen mode, default to syscons driver + # isdn_ttype=cons25 - # check for pcvt driver (VT100/VT220 emulator) - if [ -x /usr/sbin/ispcvt ] ; then - if /usr/sbin/ispcvt ; then + # Check for pcvt driver (VT100/VT220 emulator) + # + if [ -x /usr/sbin/ispcvt ]; then + if /usr/sbin/ispcvt; then isdn_ttype=pcvt25 fi fi - - if [ "${isdn_flags}" = "NO" ] ; then - isdn_flags="" - fi - - # start the isdn daemon - if [ -x /usr/sbin/isdnd ] ; then + + case ${isdn_flags} in + [Nn][Oo] | '') + isdn_flags='' + ;; + esac + + # Start the isdn daemon + # + if [ -x /usr/sbin/isdnd ]; then echo -n ' isdnd' - if [ "${isdn_fsdev}" = "NO" ] ; then - /usr/sbin/isdnd ${isdn_flags} - else + case ${isdn_fsdev} in + [Nn][Oo] | '') + /usr/sbin/isdnd ${isdn_flags} + ;; + *) /usr/sbin/isdnd ${isdn_flags} -f -r ${isdn_fsdev} -t ${isdn_ttype} - fi + ;; + esac fi - # start isdntrace - if [ "${isdn_trace}" = "YES" -a -x /usr/sbin/isdntrace ] ; then - echo -n ' isdntrace' - nohup /usr/sbin/isdntrace ${isdn_traceflags} >/dev/null 2>&1 & - fi + # Start isdntrace + # + case ${isdn_trace} in + [Yy][Ee][Ss]) + if [ -x /usr/sbin/isdntrace ]; then + echo -n ' isdntrace' + nohup /usr/sbin/isdntrace ${isdn_traceflags} >/dev/null 2>&1 & + fi + ;; + esac echo '.' -fi + ;; +esac diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index 781c73f..5ddce80 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -3,400 +3,574 @@ # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 -# Note that almost all the user-configurable behavior is no longer in -# this file, but rather in /etc/rc.conf. Please check that file +# Note that almost all of the user-configurable behavior is no longer in +# this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. - +# network_pass1() { - echo -n 'Doing initial network setup:' - # Set the host name if it is not already set - if [ -z "`hostname -s`" ] ; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Set the domainname if we're using NIS - if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then - domainname ${nisdomainname} - echo -n ' domain' - fi - echo '.' - - # Initial ATM interface configuration - if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - - # ISDN subsystem startup - if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ] ; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # Set up all the network interfaces, calling startup scripts if needed - if [ "${network_interfaces}" = "auto" ]; then - network_interfaces="`ifconfig -l`" - fi - for ifn in ${network_interfaces}; do - showstat=false - if [ -e /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - showstat=true - fi - # Do the primary ifconfig if specified - eval ifconfig_args=\$ifconfig_${ifn} - if [ -n "${ifconfig_args}" ] ; then - # See if we are using DHCP - if [ "${ifconfig_args}" = "DHCP" ]; then - ${dhcp_program} ${dhcp_flags} ${ifn} - else - ifconfig ${ifn} ${ifconfig_args} - fi - showstat=true - fi - # Check to see if aliases need to be added - alias=0 - while : - do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - showstat=true - alias=`expr ${alias} + 1` - else - break; - fi - done - # Do ipx address if specified - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - showstat=true - fi - if [ "${showstat}" = "true" ] - then - ifconfig ${ifn} - fi - done - - # Warm up user ppp if required, must happen before natd. - if [ "${ppp_enable}" = "YES" ]; then - # Establish ppp mode. - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto"; - fi - ppp_command="-${ppp_mode} "; - - # Switch on alias mode? - if [ "${ppp_nat}" = "YES" ]; then - ppp_command="${ppp_command} -nat"; - fi - - echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} - fi - - # Initialize IP filtering using ipfw - echo "" - /sbin/ipfw -q flush > /dev/null 2>&1 - if [ $? = 0 ] ; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then - if kldload ipfw; then - firewall_in_kernel=1 # module loaded successfully - echo "Kernel firewall module loaded." - else - echo "Warning: firewall kernel module failed to load." - fi - fi + echo -n 'Doing initial network setup:' - # Load the filters if required - if [ ${firewall_in_kernel} = 1 ]; then - if [ -z "${firewall_script}" ] ; then - firewall_script="/etc/rc.firewall" + # Set the host name if it is not already set + # + if [ -z "`hostname -s`" ]; then + hostname ${hostname} + echo -n ' hostname' fi - if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then - . ${firewall_script} - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then - natd_ifarg="-a ${natd_interface}" - else - natd_ifarg="-n ${natd_interface}" + + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo] | '') + ;; + *) + domainname ${nisdomainname} + echo -n ' domain' + ;; + esac + + echo '.' + + # Initial ATM interface configuration + # + case ${atm_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.atm ]; then + . /etc/rc.atm + atm_pass1 + fi + ;; + esac + + # ISDN subsystem startup + # + case ${isdn_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.isdn ]; then + . /etc/rc.isdn + fi + ;; + esac + + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig section, since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done + + # Set up all the network interfaces, calling startup scripts if needed + # + case ${network_interfaces} in + [Aa][Uu][Tt][Oo]) + network_interfaces="`ifconfig -l`" + ;; + esac + + for ifn in ${network_interfaces}; do + showstat=false + if [ -r /etc/start_if.${ifn} ]; then + . /etc/start_if.${ifn} + showstat=true fi - echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} - fi - echo '.' + + # Do the primary ifconfig if specified + # + eval ifconfig_args=\$ifconfig_${ifn} + + case ${ifconfig_args} in + '') + ;; + [Dd][Hh][Cc][Pp]) + ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn} + showstat=true + ;; + *) + ifconfig ${ifn} ${ifconfig_args} + showstat=true + ;; + esac + + # Check to see if aliases need to be added + # + alias=0 + while : ; do + eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} alias + showstat=true + alias=`expr ${alias} + 1` + else + break; + fi + done + + # Do ipx address if specified + # + eval ifconfig_args=\$ifconfig_${ifn}_ipx + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} + showstat=true + fi + + case ${showstat} in + true) + ifconfig ${ifn} + ;; + esac + done + + # Warm up user ppp if required, must happen before natd. + # + case ${ppp_enable} in + [Yy][Ee][Ss]) + # Establish ppp mode. + # + if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ + -a "${ppp_mode}" != "dedicated" \ + -a "${ppp_mode}" != "background" ]; then + ppp_mode="auto"; + fi + + ppp_command="-${ppp_mode} "; + + # Switch on alias mode? + # + case ${ppp_nat} in + [Yy][Ee][Ss]) + ppp_command="${ppp_command} -nat"; + ;; + esac + + echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} + ;; + esac + + # Initialize IP filtering using ipfw + # + echo '' + + if /sbin/ipfw -q flush > /dev/null 2>&1; then + firewall_in_kernel=1 else - IPFW_DEFAULT=`ipfw l 65535` - if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then - echo -n "Warning: kernel has firewall functionality, " - echo "but firewall rules are not enabled." - echo " All ip services are disabled." - fi + firewall_in_kernel=0 fi - fi - - # Additional ATM interface configuration - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - - if [ "${defaultrouter}" != "NO" ] ; then - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - fi - - # Set up any static routes. This should be done before router discovery. - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then - echo -n ' tcp extensions=NO' - sysctl -w net.inet.tcp.rfc1323=0 >/dev/null - fi - - if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - fi - - if [ "${icmp_bmcastecho}" = "YES" ]; then - echo -n ' broadcast ping responses=YES' - sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null - fi - - if [ "${icmp_drop_redirect}" = "YES" ]; then - echo -n ' ignore ICMP redirect=YES' - sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null - fi - - if [ "${icmp_log_redirect}" = "YES" ]; then - echo -n ' log ICMP redirect=YES' - sysctl -w net.inet.icmp.log_redirect=1 >/dev/null - fi - - if [ "${gateway_enable}" = "YES" ]; then - echo -n ' IP gateway=YES' - sysctl -w net.inet.ip.forwarding=1 >/dev/null - fi - - if [ "${forward_sourceroute}" = "YES" ]; then - echo -n ' do source routing=YES' - sysctl -w net.inet.ip.sourceroute=1 >/dev/null - fi - - if [ "${accept_sourceroute}" = "YES" ]; then - echo -n ' accept source routing=YES' - sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null - fi - - if [ "${tcp_keepalive}" = "YES" ]; then - echo -n ' TCP keepalive=YES' - sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null - fi - - if [ "X$tcp_restrict_rst" = X"YES" ]; then - echo -n ' restrict TCP reset=YES' - sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null - fi - - if [ "X$tcp_drop_synfin" = X"YES" ]; then - echo -n ' drop SYN+FIN packets=YES' - sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null - fi - - if [ "${ipxgateway_enable}" = "YES" ]; then - echo -n ' IPX gateway=YES' - sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null - fi - - if [ "${arpproxy_all}" = "YES" ]; then - echo -n ' ARP proxyall=YES' - sysctl -w net.link.ether.inet.proxyall=1 >/dev/null - fi - echo '.' - - echo -n 'routing daemons:' - if [ "${router_enable}" = "YES" ]; then - echo -n " ${router}"; ${router} ${router_flags} - fi - - if [ "${ipxrouted_enable}" = "YES" ]; then - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - fi - - if [ "${mrouted_enable}" = "YES" ]; then - echo -n ' mrouted'; mrouted ${mrouted_flags} - fi - - if [ "${rarpd_enable}" = "YES" ]; then - echo -n ' rarpd'; rarpd ${rarpd_flags} - fi - echo '.' - network_pass1_done=YES # Let future generations know we made it. + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then + firewall_in_kernel=1 + echo "Kernel firewall module loaded." + elif [ "${firewall_in_kernel}" -eq 0 ]; then + echo "Warning: firewall kernel module failed to load." + fi + ;; + esac + + # Load the filters if required + # + case ${firewall_in_kernel} in + 1) + if [ -z "${firewall_script}" ]; then + firewall_script=/etc/rc.firewall + fi + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ -r ${firewall_script} ]; then + . ${firewall_script} + echo -n 'Firewall rules loaded, starting divert daemons:' + + # Network Address Translation daemon + # + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + if echo ${natd_interface} | \ + grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then + natd_ifarg="-a ${natd_interface}" + else + natd_ifarg="-n ${natd_interface}" + fi + + echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} + fi + ;; + esac + + echo '.' + + elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then + echo -n "Warning: kernel has firewall functionality, " + echo "but firewall rules are not enabled." + echo " All ip services are disabled." + fi + ;; + esac + ;; + esac + + # Additional ATM interface configuration + # + if [ -n "${atm_pass1_done}" ]; then + atm_pass2 + fi + + # Configure routing + # + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + # Set up any static routes. This should be done before router discovery. + # + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi + + echo -n 'Additional routing options:' + case ${tcp_extensions} in + [Yy][Ee][Ss] | '') + ;; + *) + echo -n ' tcp extensions=NO' + sysctl -w net.inet.tcp.rfc1323=0 >/dev/null + ;; + esac + + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + case ${icmp_bmcastecho} in + [Yy][Ee][Ss]) + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null + ;; + esac + + case ${icmp_drop_redirect} in + [Yy][Ee][Ss]) + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + ;; + esac + + case ${icmp_log_redirect} in + [Yy][Ee][Ss]) + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + ;; + esac + + case ${gateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IP gateway=YES' + sysctl -w net.inet.ip.forwarding=1 >/dev/null + ;; + esac + + case ${forward_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' do source routing=YES' + sysctl -w net.inet.ip.sourceroute=1 >/dev/null + ;; + esac + + case ${accept_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' accept source routing=YES' + sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null + ;; + esac + + case ${tcp_keepalive} in + [Yy][Ee][Ss]) + echo -n ' TCP keepalive=YES' + sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null + ;; + esac + + case ${tcp_restrict_rst} in + [Yy][Ee][Ss]) + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + ;; + esac + + case ${tcp_drop_synfin} in + [Yy][Ee][Ss]) + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + ;; + esac + + case ${ipxgateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IPX gateway=YES' + sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null + ;; + esac + + case ${arpproxy_all} in + [Yy][Ee][Ss]) + echo -n ' ARP proxyall=YES' + sysctl -w net.link.ether.inet.proxyall=1 >/dev/null + ;; + esac + echo '.' + + echo -n 'routing daemons:' + case ${router_enable} in + [Yy][Ee][Ss]) + echo -n " ${router}"; ${router} ${router_flags} + ;; + esac + + case ${ipxrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' IPXrouted' + IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 + ;; + esac + + case ${mrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' mrouted'; mrouted ${mrouted_flags} + ;; + esac + + case ${rarpd_enable} in + [Yy][Ee][Ss]) + echo -n ' rarpd'; rarpd ${rarpd_flags} + ;; + esac + echo '.' + + # Let future generations know we made it. + # + network_pass1_done=YES } network_pass2() { - echo -n 'Doing additional network setup:' - if [ "${named_enable}" = "YES" ]; then - echo -n ' named'; ${named_program-"named"} ${named_flags} - fi - - if [ "${ntpdate_enable}" = "YES" ]; then - echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 - fi - - if [ "${xntpd_enable}" = "YES" ]; then - echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} - fi - - if [ "${timed_enable}" = "YES" ]; then - echo -n ' timed'; timed ${timed_flags} - fi - - if [ "${portmap_enable}" = "YES" ]; then - echo -n ' portmap'; ${portmap_program} ${portmap_flags} - fi - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - if [ "${nis_server_enable}" = "YES" ]; then - echo -n ' ypserv'; ypserv ${nis_server_flags} - - if [ "${nis_ypxfrd_enable}" = "YES" ]; then - echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} - fi - - if [ "${nis_yppasswdd_enable}" = "YES" ]; then - echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} - fi - fi - - # Start ypbind if we're an NIS client - if [ "${nis_client_enable}" = "YES" ]; then - echo -n ' ypbind'; ypbind ${nis_client_flags} - if [ "${nis_ypset_enable}" = "YES" ]; then - echo -n ' ypset'; ypset ${nis_ypset_flags} - fi - fi - - # Start keyserv if we are running Secure RPC - if [ "${keyserv_enable}" = "YES" ]; then - echo -n ' keyserv'; keyserv ${keyserv_flags} - fi - # Start ypupdated if we are running Secure RPC and we are NIS master - if [ "${rpc_ypupdated_enable}" = "YES" ]; then - echo -n ' rpc.ypupdated'; rpc.ypupdated - fi - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES + echo -n 'Doing additional network setup:' + case ${named_enable} in + [Yy][Ee][Ss]) + echo -n ' named'; ${named_program:-named} ${named_flags} + ;; + esac + + case ${ntpdate_enable} in + [Yy][Ee][Ss]) + echo -n ' ntpdate' + ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 + ;; + esac + + case ${xntpd_enable} in + [Yy][Ee][Ss]) + echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags} + ;; + esac + + case ${timed_enable} in + [Yy][Ee][Ss]) + echo -n ' timed'; timed ${timed_flags} + ;; + esac + + case ${portmap_enable} in + [Yy][Ee][Ss]) + echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} + ;; + esac + + # Start ypserv if we're an NIS server. + # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. + # + case ${nis_server_enable} in + [Yy][Ee][Ss]) + echo -n ' ypserv'; ypserv ${nis_server_flags} + + case ${nis_ypxfrd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypxfrd' + rpc.ypxfrd ${nis_ypxfrd_flags} + ;; + esac + + case ${nis_yppasswdd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.yppasswdd' + rpc.yppasswdd ${nis_yppasswdd_flags} + ;; + esac + ;; + esac + + # Start ypbind if we're an NIS client + # + case ${nis_client_enable} in + [Yy][Ee][Ss]) + echo -n ' ypbind'; ypbind ${nis_client_flags} + case ${nis_ypset_enable} in + [Yy][Ee][Ss]) + echo -n ' ypset'; ypset ${nis_ypset_flags} + ;; + esac + ;; + esac + + # Start keyserv if we are running Secure RPC + # + case ${keyserv_enable} in + [Yy][Ee][Ss]) + echo -n ' keyserv'; keyserv ${keyserv_flags} + ;; + esac + + # Start ypupdated if we are running Secure RPC and we are NIS master + # + case ${rpc_ypupdated_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypupdated'; rpc.ypupdated + ;; + esac + + # Start ATM daemons + if [ -n "${atm_pass2_done}" ]; then + atm_pass3 + fi + + echo '.' + network_pass2_done=YES } network_pass3() { - echo -n 'Starting final network daemons:' - - if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then - echo -n ' mountd' - if [ "${weak_mountd_authentication}" = "YES" ]; then - mountd_flags="-n" - fi - mountd ${mountd_flags} - if [ "${nfs_reserved_port_only}" = "YES" ]; then - echo -n ' NFS on reserved port only=YES' - sysctl -w vfs.nfs.nfs_privport=1 >/dev/null - fi - echo -n ' nfsd'; nfsd ${nfs_server_flags} - if [ "${rpc_lockd_enable}" = "YES" ]; then - echo -n ' rpc.lockd'; rpc.lockd - fi - if [ "${rpc_statd_enable}" = "YES" ]; then - echo -n ' rpc.statd'; rpc.statd - fi - fi - - if [ "${nfs_client_enable}" = "YES" ]; then - echo -n ' nfsiod'; nfsiod ${nfs_client_flags} - if [ "${nfs_access_cache}" != "X" ]; then + echo -n 'Starting final network daemons:' + + case ${nfs_server_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/exports ]; then + echo -n ' mountd' + + case ${weak_mountd_authentication} in + [Yy][Ee][Ss]) + mountd_flags="-n" + ;; + esac + + mountd ${mountd_flags} + + case ${nfs_reserved_port_only} in + [Yy][Ee][Ss]) + echo -n ' NFS on reserved port only=YES' + sysctl -w vfs.nfs.nfs_privport=1 >/dev/null + ;; + esac + + echo -n ' nfsd'; nfsd ${nfs_server_flags} + + case ${rpc_lockd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.lockd'; rpc.lockd + ;; + esac + + case ${rpc_statd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.statd'; rpc.statd + ;; + esac + fi + ;; + esac + + case ${nfs_client_enable} in + [Yy][Ee][Ss]) + echo -n ' nfsiod'; nfsiod ${nfs_client_flags} + if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ - >/dev/null - fi - fi - - if [ "${amd_enable}" = "YES" ]; then - echo -n ' amd' - if [ "${amd_map_program}" != "NO" ]; then - amd_flags="${amd_flags} `eval ${amd_map_program}`" - fi - if [ -n "${amd_flags}" ] - then - amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null - else - amd 2> /dev/null - fi - fi - - if [ "${rwhod_enable}" = "YES" ]; then - echo -n ' rwhod'; rwhod ${rwhod_flags} - fi - - # Kerberos runs ONLY on the Kerberos server machine - if [ "${kerberos_server_enable}" = "YES" ]; then - if [ "${kerberos_stash}" = "YES" ]; then - stash_flag=-n - else - stash_flag= - fi - echo -n ' kerberos'; \ + >/dev/null + fi + ;; + esac + + case ${amd_enable} in + [Yy][Ee][Ss]) + echo -n ' amd' + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + amd_flags="${amd_flags} `eval ${amd_map_program}`" + ;; + esac + + if [ -n "${amd_flags}" ]; then + amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null + else + amd 2> /dev/null + fi + ;; + esac + + case ${rwhod_enable} in + [Yy][Ee][Ss]) + echo -n ' rwhod'; rwhod ${rwhod_flags} + ;; + esac + + # Kerberos runs ONLY on the Kerberos server machine + case ${kerberos_server_enable} in + [Yy][Ee][Ss]) + case ${kerberos_stash} in + [Yy][Ee][Ss]) + stash_flag=-n + ;; + *) + stash_flag= + ;; + esac + + echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & - if [ "${kadmind_server_enable}" = "YES" ]; then - echo -n ' kadmind'; \ - (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & - fi - unset stash_flag - fi - - echo '.' - network_pass3_done=YES + + case ${kadmind_server_enable} in + [Yy][Ee][Ss]) + echo -n ' kadmind' + (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & + ;; + esac + unset stash_flag + ;; + esac + + echo '.' + network_pass3_done=YES } diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index 781c73f..5ddce80 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -3,400 +3,574 @@ # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 -# Note that almost all the user-configurable behavior is no longer in -# this file, but rather in /etc/rc.conf. Please check that file +# Note that almost all of the user-configurable behavior is no longer in +# this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. - +# network_pass1() { - echo -n 'Doing initial network setup:' - # Set the host name if it is not already set - if [ -z "`hostname -s`" ] ; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Set the domainname if we're using NIS - if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then - domainname ${nisdomainname} - echo -n ' domain' - fi - echo '.' - - # Initial ATM interface configuration - if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - - # ISDN subsystem startup - if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ] ; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # Set up all the network interfaces, calling startup scripts if needed - if [ "${network_interfaces}" = "auto" ]; then - network_interfaces="`ifconfig -l`" - fi - for ifn in ${network_interfaces}; do - showstat=false - if [ -e /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - showstat=true - fi - # Do the primary ifconfig if specified - eval ifconfig_args=\$ifconfig_${ifn} - if [ -n "${ifconfig_args}" ] ; then - # See if we are using DHCP - if [ "${ifconfig_args}" = "DHCP" ]; then - ${dhcp_program} ${dhcp_flags} ${ifn} - else - ifconfig ${ifn} ${ifconfig_args} - fi - showstat=true - fi - # Check to see if aliases need to be added - alias=0 - while : - do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - showstat=true - alias=`expr ${alias} + 1` - else - break; - fi - done - # Do ipx address if specified - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - showstat=true - fi - if [ "${showstat}" = "true" ] - then - ifconfig ${ifn} - fi - done - - # Warm up user ppp if required, must happen before natd. - if [ "${ppp_enable}" = "YES" ]; then - # Establish ppp mode. - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto"; - fi - ppp_command="-${ppp_mode} "; - - # Switch on alias mode? - if [ "${ppp_nat}" = "YES" ]; then - ppp_command="${ppp_command} -nat"; - fi - - echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} - fi - - # Initialize IP filtering using ipfw - echo "" - /sbin/ipfw -q flush > /dev/null 2>&1 - if [ $? = 0 ] ; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then - if kldload ipfw; then - firewall_in_kernel=1 # module loaded successfully - echo "Kernel firewall module loaded." - else - echo "Warning: firewall kernel module failed to load." - fi - fi + echo -n 'Doing initial network setup:' - # Load the filters if required - if [ ${firewall_in_kernel} = 1 ]; then - if [ -z "${firewall_script}" ] ; then - firewall_script="/etc/rc.firewall" + # Set the host name if it is not already set + # + if [ -z "`hostname -s`" ]; then + hostname ${hostname} + echo -n ' hostname' fi - if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then - . ${firewall_script} - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then - natd_ifarg="-a ${natd_interface}" - else - natd_ifarg="-n ${natd_interface}" + + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo] | '') + ;; + *) + domainname ${nisdomainname} + echo -n ' domain' + ;; + esac + + echo '.' + + # Initial ATM interface configuration + # + case ${atm_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.atm ]; then + . /etc/rc.atm + atm_pass1 + fi + ;; + esac + + # ISDN subsystem startup + # + case ${isdn_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.isdn ]; then + . /etc/rc.isdn + fi + ;; + esac + + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig section, since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done + + # Set up all the network interfaces, calling startup scripts if needed + # + case ${network_interfaces} in + [Aa][Uu][Tt][Oo]) + network_interfaces="`ifconfig -l`" + ;; + esac + + for ifn in ${network_interfaces}; do + showstat=false + if [ -r /etc/start_if.${ifn} ]; then + . /etc/start_if.${ifn} + showstat=true fi - echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} - fi - echo '.' + + # Do the primary ifconfig if specified + # + eval ifconfig_args=\$ifconfig_${ifn} + + case ${ifconfig_args} in + '') + ;; + [Dd][Hh][Cc][Pp]) + ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn} + showstat=true + ;; + *) + ifconfig ${ifn} ${ifconfig_args} + showstat=true + ;; + esac + + # Check to see if aliases need to be added + # + alias=0 + while : ; do + eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} alias + showstat=true + alias=`expr ${alias} + 1` + else + break; + fi + done + + # Do ipx address if specified + # + eval ifconfig_args=\$ifconfig_${ifn}_ipx + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} + showstat=true + fi + + case ${showstat} in + true) + ifconfig ${ifn} + ;; + esac + done + + # Warm up user ppp if required, must happen before natd. + # + case ${ppp_enable} in + [Yy][Ee][Ss]) + # Establish ppp mode. + # + if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ + -a "${ppp_mode}" != "dedicated" \ + -a "${ppp_mode}" != "background" ]; then + ppp_mode="auto"; + fi + + ppp_command="-${ppp_mode} "; + + # Switch on alias mode? + # + case ${ppp_nat} in + [Yy][Ee][Ss]) + ppp_command="${ppp_command} -nat"; + ;; + esac + + echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} + ;; + esac + + # Initialize IP filtering using ipfw + # + echo '' + + if /sbin/ipfw -q flush > /dev/null 2>&1; then + firewall_in_kernel=1 else - IPFW_DEFAULT=`ipfw l 65535` - if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then - echo -n "Warning: kernel has firewall functionality, " - echo "but firewall rules are not enabled." - echo " All ip services are disabled." - fi + firewall_in_kernel=0 fi - fi - - # Additional ATM interface configuration - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - - if [ "${defaultrouter}" != "NO" ] ; then - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - fi - - # Set up any static routes. This should be done before router discovery. - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then - echo -n ' tcp extensions=NO' - sysctl -w net.inet.tcp.rfc1323=0 >/dev/null - fi - - if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - fi - - if [ "${icmp_bmcastecho}" = "YES" ]; then - echo -n ' broadcast ping responses=YES' - sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null - fi - - if [ "${icmp_drop_redirect}" = "YES" ]; then - echo -n ' ignore ICMP redirect=YES' - sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null - fi - - if [ "${icmp_log_redirect}" = "YES" ]; then - echo -n ' log ICMP redirect=YES' - sysctl -w net.inet.icmp.log_redirect=1 >/dev/null - fi - - if [ "${gateway_enable}" = "YES" ]; then - echo -n ' IP gateway=YES' - sysctl -w net.inet.ip.forwarding=1 >/dev/null - fi - - if [ "${forward_sourceroute}" = "YES" ]; then - echo -n ' do source routing=YES' - sysctl -w net.inet.ip.sourceroute=1 >/dev/null - fi - - if [ "${accept_sourceroute}" = "YES" ]; then - echo -n ' accept source routing=YES' - sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null - fi - - if [ "${tcp_keepalive}" = "YES" ]; then - echo -n ' TCP keepalive=YES' - sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null - fi - - if [ "X$tcp_restrict_rst" = X"YES" ]; then - echo -n ' restrict TCP reset=YES' - sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null - fi - - if [ "X$tcp_drop_synfin" = X"YES" ]; then - echo -n ' drop SYN+FIN packets=YES' - sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null - fi - - if [ "${ipxgateway_enable}" = "YES" ]; then - echo -n ' IPX gateway=YES' - sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null - fi - - if [ "${arpproxy_all}" = "YES" ]; then - echo -n ' ARP proxyall=YES' - sysctl -w net.link.ether.inet.proxyall=1 >/dev/null - fi - echo '.' - - echo -n 'routing daemons:' - if [ "${router_enable}" = "YES" ]; then - echo -n " ${router}"; ${router} ${router_flags} - fi - - if [ "${ipxrouted_enable}" = "YES" ]; then - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - fi - - if [ "${mrouted_enable}" = "YES" ]; then - echo -n ' mrouted'; mrouted ${mrouted_flags} - fi - - if [ "${rarpd_enable}" = "YES" ]; then - echo -n ' rarpd'; rarpd ${rarpd_flags} - fi - echo '.' - network_pass1_done=YES # Let future generations know we made it. + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then + firewall_in_kernel=1 + echo "Kernel firewall module loaded." + elif [ "${firewall_in_kernel}" -eq 0 ]; then + echo "Warning: firewall kernel module failed to load." + fi + ;; + esac + + # Load the filters if required + # + case ${firewall_in_kernel} in + 1) + if [ -z "${firewall_script}" ]; then + firewall_script=/etc/rc.firewall + fi + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ -r ${firewall_script} ]; then + . ${firewall_script} + echo -n 'Firewall rules loaded, starting divert daemons:' + + # Network Address Translation daemon + # + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + if echo ${natd_interface} | \ + grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then + natd_ifarg="-a ${natd_interface}" + else + natd_ifarg="-n ${natd_interface}" + fi + + echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} + fi + ;; + esac + + echo '.' + + elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then + echo -n "Warning: kernel has firewall functionality, " + echo "but firewall rules are not enabled." + echo " All ip services are disabled." + fi + ;; + esac + ;; + esac + + # Additional ATM interface configuration + # + if [ -n "${atm_pass1_done}" ]; then + atm_pass2 + fi + + # Configure routing + # + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + # Set up any static routes. This should be done before router discovery. + # + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi + + echo -n 'Additional routing options:' + case ${tcp_extensions} in + [Yy][Ee][Ss] | '') + ;; + *) + echo -n ' tcp extensions=NO' + sysctl -w net.inet.tcp.rfc1323=0 >/dev/null + ;; + esac + + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + case ${icmp_bmcastecho} in + [Yy][Ee][Ss]) + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null + ;; + esac + + case ${icmp_drop_redirect} in + [Yy][Ee][Ss]) + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + ;; + esac + + case ${icmp_log_redirect} in + [Yy][Ee][Ss]) + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + ;; + esac + + case ${gateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IP gateway=YES' + sysctl -w net.inet.ip.forwarding=1 >/dev/null + ;; + esac + + case ${forward_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' do source routing=YES' + sysctl -w net.inet.ip.sourceroute=1 >/dev/null + ;; + esac + + case ${accept_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' accept source routing=YES' + sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null + ;; + esac + + case ${tcp_keepalive} in + [Yy][Ee][Ss]) + echo -n ' TCP keepalive=YES' + sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null + ;; + esac + + case ${tcp_restrict_rst} in + [Yy][Ee][Ss]) + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + ;; + esac + + case ${tcp_drop_synfin} in + [Yy][Ee][Ss]) + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + ;; + esac + + case ${ipxgateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IPX gateway=YES' + sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null + ;; + esac + + case ${arpproxy_all} in + [Yy][Ee][Ss]) + echo -n ' ARP proxyall=YES' + sysctl -w net.link.ether.inet.proxyall=1 >/dev/null + ;; + esac + echo '.' + + echo -n 'routing daemons:' + case ${router_enable} in + [Yy][Ee][Ss]) + echo -n " ${router}"; ${router} ${router_flags} + ;; + esac + + case ${ipxrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' IPXrouted' + IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 + ;; + esac + + case ${mrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' mrouted'; mrouted ${mrouted_flags} + ;; + esac + + case ${rarpd_enable} in + [Yy][Ee][Ss]) + echo -n ' rarpd'; rarpd ${rarpd_flags} + ;; + esac + echo '.' + + # Let future generations know we made it. + # + network_pass1_done=YES } network_pass2() { - echo -n 'Doing additional network setup:' - if [ "${named_enable}" = "YES" ]; then - echo -n ' named'; ${named_program-"named"} ${named_flags} - fi - - if [ "${ntpdate_enable}" = "YES" ]; then - echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 - fi - - if [ "${xntpd_enable}" = "YES" ]; then - echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} - fi - - if [ "${timed_enable}" = "YES" ]; then - echo -n ' timed'; timed ${timed_flags} - fi - - if [ "${portmap_enable}" = "YES" ]; then - echo -n ' portmap'; ${portmap_program} ${portmap_flags} - fi - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - if [ "${nis_server_enable}" = "YES" ]; then - echo -n ' ypserv'; ypserv ${nis_server_flags} - - if [ "${nis_ypxfrd_enable}" = "YES" ]; then - echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} - fi - - if [ "${nis_yppasswdd_enable}" = "YES" ]; then - echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} - fi - fi - - # Start ypbind if we're an NIS client - if [ "${nis_client_enable}" = "YES" ]; then - echo -n ' ypbind'; ypbind ${nis_client_flags} - if [ "${nis_ypset_enable}" = "YES" ]; then - echo -n ' ypset'; ypset ${nis_ypset_flags} - fi - fi - - # Start keyserv if we are running Secure RPC - if [ "${keyserv_enable}" = "YES" ]; then - echo -n ' keyserv'; keyserv ${keyserv_flags} - fi - # Start ypupdated if we are running Secure RPC and we are NIS master - if [ "${rpc_ypupdated_enable}" = "YES" ]; then - echo -n ' rpc.ypupdated'; rpc.ypupdated - fi - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES + echo -n 'Doing additional network setup:' + case ${named_enable} in + [Yy][Ee][Ss]) + echo -n ' named'; ${named_program:-named} ${named_flags} + ;; + esac + + case ${ntpdate_enable} in + [Yy][Ee][Ss]) + echo -n ' ntpdate' + ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 + ;; + esac + + case ${xntpd_enable} in + [Yy][Ee][Ss]) + echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags} + ;; + esac + + case ${timed_enable} in + [Yy][Ee][Ss]) + echo -n ' timed'; timed ${timed_flags} + ;; + esac + + case ${portmap_enable} in + [Yy][Ee][Ss]) + echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} + ;; + esac + + # Start ypserv if we're an NIS server. + # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. + # + case ${nis_server_enable} in + [Yy][Ee][Ss]) + echo -n ' ypserv'; ypserv ${nis_server_flags} + + case ${nis_ypxfrd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypxfrd' + rpc.ypxfrd ${nis_ypxfrd_flags} + ;; + esac + + case ${nis_yppasswdd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.yppasswdd' + rpc.yppasswdd ${nis_yppasswdd_flags} + ;; + esac + ;; + esac + + # Start ypbind if we're an NIS client + # + case ${nis_client_enable} in + [Yy][Ee][Ss]) + echo -n ' ypbind'; ypbind ${nis_client_flags} + case ${nis_ypset_enable} in + [Yy][Ee][Ss]) + echo -n ' ypset'; ypset ${nis_ypset_flags} + ;; + esac + ;; + esac + + # Start keyserv if we are running Secure RPC + # + case ${keyserv_enable} in + [Yy][Ee][Ss]) + echo -n ' keyserv'; keyserv ${keyserv_flags} + ;; + esac + + # Start ypupdated if we are running Secure RPC and we are NIS master + # + case ${rpc_ypupdated_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypupdated'; rpc.ypupdated + ;; + esac + + # Start ATM daemons + if [ -n "${atm_pass2_done}" ]; then + atm_pass3 + fi + + echo '.' + network_pass2_done=YES } network_pass3() { - echo -n 'Starting final network daemons:' - - if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then - echo -n ' mountd' - if [ "${weak_mountd_authentication}" = "YES" ]; then - mountd_flags="-n" - fi - mountd ${mountd_flags} - if [ "${nfs_reserved_port_only}" = "YES" ]; then - echo -n ' NFS on reserved port only=YES' - sysctl -w vfs.nfs.nfs_privport=1 >/dev/null - fi - echo -n ' nfsd'; nfsd ${nfs_server_flags} - if [ "${rpc_lockd_enable}" = "YES" ]; then - echo -n ' rpc.lockd'; rpc.lockd - fi - if [ "${rpc_statd_enable}" = "YES" ]; then - echo -n ' rpc.statd'; rpc.statd - fi - fi - - if [ "${nfs_client_enable}" = "YES" ]; then - echo -n ' nfsiod'; nfsiod ${nfs_client_flags} - if [ "${nfs_access_cache}" != "X" ]; then + echo -n 'Starting final network daemons:' + + case ${nfs_server_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/exports ]; then + echo -n ' mountd' + + case ${weak_mountd_authentication} in + [Yy][Ee][Ss]) + mountd_flags="-n" + ;; + esac + + mountd ${mountd_flags} + + case ${nfs_reserved_port_only} in + [Yy][Ee][Ss]) + echo -n ' NFS on reserved port only=YES' + sysctl -w vfs.nfs.nfs_privport=1 >/dev/null + ;; + esac + + echo -n ' nfsd'; nfsd ${nfs_server_flags} + + case ${rpc_lockd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.lockd'; rpc.lockd + ;; + esac + + case ${rpc_statd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.statd'; rpc.statd + ;; + esac + fi + ;; + esac + + case ${nfs_client_enable} in + [Yy][Ee][Ss]) + echo -n ' nfsiod'; nfsiod ${nfs_client_flags} + if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ - >/dev/null - fi - fi - - if [ "${amd_enable}" = "YES" ]; then - echo -n ' amd' - if [ "${amd_map_program}" != "NO" ]; then - amd_flags="${amd_flags} `eval ${amd_map_program}`" - fi - if [ -n "${amd_flags}" ] - then - amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null - else - amd 2> /dev/null - fi - fi - - if [ "${rwhod_enable}" = "YES" ]; then - echo -n ' rwhod'; rwhod ${rwhod_flags} - fi - - # Kerberos runs ONLY on the Kerberos server machine - if [ "${kerberos_server_enable}" = "YES" ]; then - if [ "${kerberos_stash}" = "YES" ]; then - stash_flag=-n - else - stash_flag= - fi - echo -n ' kerberos'; \ + >/dev/null + fi + ;; + esac + + case ${amd_enable} in + [Yy][Ee][Ss]) + echo -n ' amd' + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + amd_flags="${amd_flags} `eval ${amd_map_program}`" + ;; + esac + + if [ -n "${amd_flags}" ]; then + amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null + else + amd 2> /dev/null + fi + ;; + esac + + case ${rwhod_enable} in + [Yy][Ee][Ss]) + echo -n ' rwhod'; rwhod ${rwhod_flags} + ;; + esac + + # Kerberos runs ONLY on the Kerberos server machine + case ${kerberos_server_enable} in + [Yy][Ee][Ss]) + case ${kerberos_stash} in + [Yy][Ee][Ss]) + stash_flag=-n + ;; + *) + stash_flag= + ;; + esac + + echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & - if [ "${kadmind_server_enable}" = "YES" ]; then - echo -n ' kadmind'; \ - (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & - fi - unset stash_flag - fi - - echo '.' - network_pass3_done=YES + + case ${kadmind_server_enable} in + [Yy][Ee][Ss]) + echo -n ' kadmind' + (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & + ;; + esac + unset stash_flag + ;; + esac + + echo '.' + network_pass3_done=YES } diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index 781c73f..5ddce80 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -3,400 +3,574 @@ # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 -# Note that almost all the user-configurable behavior is no longer in -# this file, but rather in /etc/rc.conf. Please check that file +# Note that almost all of the user-configurable behavior is no longer in +# this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. - +# network_pass1() { - echo -n 'Doing initial network setup:' - # Set the host name if it is not already set - if [ -z "`hostname -s`" ] ; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Set the domainname if we're using NIS - if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then - domainname ${nisdomainname} - echo -n ' domain' - fi - echo '.' - - # Initial ATM interface configuration - if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - - # ISDN subsystem startup - if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ] ; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # Set up all the network interfaces, calling startup scripts if needed - if [ "${network_interfaces}" = "auto" ]; then - network_interfaces="`ifconfig -l`" - fi - for ifn in ${network_interfaces}; do - showstat=false - if [ -e /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - showstat=true - fi - # Do the primary ifconfig if specified - eval ifconfig_args=\$ifconfig_${ifn} - if [ -n "${ifconfig_args}" ] ; then - # See if we are using DHCP - if [ "${ifconfig_args}" = "DHCP" ]; then - ${dhcp_program} ${dhcp_flags} ${ifn} - else - ifconfig ${ifn} ${ifconfig_args} - fi - showstat=true - fi - # Check to see if aliases need to be added - alias=0 - while : - do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - showstat=true - alias=`expr ${alias} + 1` - else - break; - fi - done - # Do ipx address if specified - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - showstat=true - fi - if [ "${showstat}" = "true" ] - then - ifconfig ${ifn} - fi - done - - # Warm up user ppp if required, must happen before natd. - if [ "${ppp_enable}" = "YES" ]; then - # Establish ppp mode. - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto"; - fi - ppp_command="-${ppp_mode} "; - - # Switch on alias mode? - if [ "${ppp_nat}" = "YES" ]; then - ppp_command="${ppp_command} -nat"; - fi - - echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} - fi - - # Initialize IP filtering using ipfw - echo "" - /sbin/ipfw -q flush > /dev/null 2>&1 - if [ $? = 0 ] ; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then - if kldload ipfw; then - firewall_in_kernel=1 # module loaded successfully - echo "Kernel firewall module loaded." - else - echo "Warning: firewall kernel module failed to load." - fi - fi + echo -n 'Doing initial network setup:' - # Load the filters if required - if [ ${firewall_in_kernel} = 1 ]; then - if [ -z "${firewall_script}" ] ; then - firewall_script="/etc/rc.firewall" + # Set the host name if it is not already set + # + if [ -z "`hostname -s`" ]; then + hostname ${hostname} + echo -n ' hostname' fi - if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then - . ${firewall_script} - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then - natd_ifarg="-a ${natd_interface}" - else - natd_ifarg="-n ${natd_interface}" + + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo] | '') + ;; + *) + domainname ${nisdomainname} + echo -n ' domain' + ;; + esac + + echo '.' + + # Initial ATM interface configuration + # + case ${atm_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.atm ]; then + . /etc/rc.atm + atm_pass1 + fi + ;; + esac + + # ISDN subsystem startup + # + case ${isdn_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.isdn ]; then + . /etc/rc.isdn + fi + ;; + esac + + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig section, since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done + + # Set up all the network interfaces, calling startup scripts if needed + # + case ${network_interfaces} in + [Aa][Uu][Tt][Oo]) + network_interfaces="`ifconfig -l`" + ;; + esac + + for ifn in ${network_interfaces}; do + showstat=false + if [ -r /etc/start_if.${ifn} ]; then + . /etc/start_if.${ifn} + showstat=true fi - echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} - fi - echo '.' + + # Do the primary ifconfig if specified + # + eval ifconfig_args=\$ifconfig_${ifn} + + case ${ifconfig_args} in + '') + ;; + [Dd][Hh][Cc][Pp]) + ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn} + showstat=true + ;; + *) + ifconfig ${ifn} ${ifconfig_args} + showstat=true + ;; + esac + + # Check to see if aliases need to be added + # + alias=0 + while : ; do + eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} alias + showstat=true + alias=`expr ${alias} + 1` + else + break; + fi + done + + # Do ipx address if specified + # + eval ifconfig_args=\$ifconfig_${ifn}_ipx + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} + showstat=true + fi + + case ${showstat} in + true) + ifconfig ${ifn} + ;; + esac + done + + # Warm up user ppp if required, must happen before natd. + # + case ${ppp_enable} in + [Yy][Ee][Ss]) + # Establish ppp mode. + # + if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ + -a "${ppp_mode}" != "dedicated" \ + -a "${ppp_mode}" != "background" ]; then + ppp_mode="auto"; + fi + + ppp_command="-${ppp_mode} "; + + # Switch on alias mode? + # + case ${ppp_nat} in + [Yy][Ee][Ss]) + ppp_command="${ppp_command} -nat"; + ;; + esac + + echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} + ;; + esac + + # Initialize IP filtering using ipfw + # + echo '' + + if /sbin/ipfw -q flush > /dev/null 2>&1; then + firewall_in_kernel=1 else - IPFW_DEFAULT=`ipfw l 65535` - if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then - echo -n "Warning: kernel has firewall functionality, " - echo "but firewall rules are not enabled." - echo " All ip services are disabled." - fi + firewall_in_kernel=0 fi - fi - - # Additional ATM interface configuration - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - - if [ "${defaultrouter}" != "NO" ] ; then - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - fi - - # Set up any static routes. This should be done before router discovery. - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then - echo -n ' tcp extensions=NO' - sysctl -w net.inet.tcp.rfc1323=0 >/dev/null - fi - - if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - fi - - if [ "${icmp_bmcastecho}" = "YES" ]; then - echo -n ' broadcast ping responses=YES' - sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null - fi - - if [ "${icmp_drop_redirect}" = "YES" ]; then - echo -n ' ignore ICMP redirect=YES' - sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null - fi - - if [ "${icmp_log_redirect}" = "YES" ]; then - echo -n ' log ICMP redirect=YES' - sysctl -w net.inet.icmp.log_redirect=1 >/dev/null - fi - - if [ "${gateway_enable}" = "YES" ]; then - echo -n ' IP gateway=YES' - sysctl -w net.inet.ip.forwarding=1 >/dev/null - fi - - if [ "${forward_sourceroute}" = "YES" ]; then - echo -n ' do source routing=YES' - sysctl -w net.inet.ip.sourceroute=1 >/dev/null - fi - - if [ "${accept_sourceroute}" = "YES" ]; then - echo -n ' accept source routing=YES' - sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null - fi - - if [ "${tcp_keepalive}" = "YES" ]; then - echo -n ' TCP keepalive=YES' - sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null - fi - - if [ "X$tcp_restrict_rst" = X"YES" ]; then - echo -n ' restrict TCP reset=YES' - sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null - fi - - if [ "X$tcp_drop_synfin" = X"YES" ]; then - echo -n ' drop SYN+FIN packets=YES' - sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null - fi - - if [ "${ipxgateway_enable}" = "YES" ]; then - echo -n ' IPX gateway=YES' - sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null - fi - - if [ "${arpproxy_all}" = "YES" ]; then - echo -n ' ARP proxyall=YES' - sysctl -w net.link.ether.inet.proxyall=1 >/dev/null - fi - echo '.' - - echo -n 'routing daemons:' - if [ "${router_enable}" = "YES" ]; then - echo -n " ${router}"; ${router} ${router_flags} - fi - - if [ "${ipxrouted_enable}" = "YES" ]; then - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - fi - - if [ "${mrouted_enable}" = "YES" ]; then - echo -n ' mrouted'; mrouted ${mrouted_flags} - fi - - if [ "${rarpd_enable}" = "YES" ]; then - echo -n ' rarpd'; rarpd ${rarpd_flags} - fi - echo '.' - network_pass1_done=YES # Let future generations know we made it. + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then + firewall_in_kernel=1 + echo "Kernel firewall module loaded." + elif [ "${firewall_in_kernel}" -eq 0 ]; then + echo "Warning: firewall kernel module failed to load." + fi + ;; + esac + + # Load the filters if required + # + case ${firewall_in_kernel} in + 1) + if [ -z "${firewall_script}" ]; then + firewall_script=/etc/rc.firewall + fi + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ -r ${firewall_script} ]; then + . ${firewall_script} + echo -n 'Firewall rules loaded, starting divert daemons:' + + # Network Address Translation daemon + # + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + if echo ${natd_interface} | \ + grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then + natd_ifarg="-a ${natd_interface}" + else + natd_ifarg="-n ${natd_interface}" + fi + + echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} + fi + ;; + esac + + echo '.' + + elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then + echo -n "Warning: kernel has firewall functionality, " + echo "but firewall rules are not enabled." + echo " All ip services are disabled." + fi + ;; + esac + ;; + esac + + # Additional ATM interface configuration + # + if [ -n "${atm_pass1_done}" ]; then + atm_pass2 + fi + + # Configure routing + # + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + # Set up any static routes. This should be done before router discovery. + # + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi + + echo -n 'Additional routing options:' + case ${tcp_extensions} in + [Yy][Ee][Ss] | '') + ;; + *) + echo -n ' tcp extensions=NO' + sysctl -w net.inet.tcp.rfc1323=0 >/dev/null + ;; + esac + + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + case ${icmp_bmcastecho} in + [Yy][Ee][Ss]) + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null + ;; + esac + + case ${icmp_drop_redirect} in + [Yy][Ee][Ss]) + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + ;; + esac + + case ${icmp_log_redirect} in + [Yy][Ee][Ss]) + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + ;; + esac + + case ${gateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IP gateway=YES' + sysctl -w net.inet.ip.forwarding=1 >/dev/null + ;; + esac + + case ${forward_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' do source routing=YES' + sysctl -w net.inet.ip.sourceroute=1 >/dev/null + ;; + esac + + case ${accept_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' accept source routing=YES' + sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null + ;; + esac + + case ${tcp_keepalive} in + [Yy][Ee][Ss]) + echo -n ' TCP keepalive=YES' + sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null + ;; + esac + + case ${tcp_restrict_rst} in + [Yy][Ee][Ss]) + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + ;; + esac + + case ${tcp_drop_synfin} in + [Yy][Ee][Ss]) + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + ;; + esac + + case ${ipxgateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IPX gateway=YES' + sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null + ;; + esac + + case ${arpproxy_all} in + [Yy][Ee][Ss]) + echo -n ' ARP proxyall=YES' + sysctl -w net.link.ether.inet.proxyall=1 >/dev/null + ;; + esac + echo '.' + + echo -n 'routing daemons:' + case ${router_enable} in + [Yy][Ee][Ss]) + echo -n " ${router}"; ${router} ${router_flags} + ;; + esac + + case ${ipxrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' IPXrouted' + IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 + ;; + esac + + case ${mrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' mrouted'; mrouted ${mrouted_flags} + ;; + esac + + case ${rarpd_enable} in + [Yy][Ee][Ss]) + echo -n ' rarpd'; rarpd ${rarpd_flags} + ;; + esac + echo '.' + + # Let future generations know we made it. + # + network_pass1_done=YES } network_pass2() { - echo -n 'Doing additional network setup:' - if [ "${named_enable}" = "YES" ]; then - echo -n ' named'; ${named_program-"named"} ${named_flags} - fi - - if [ "${ntpdate_enable}" = "YES" ]; then - echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 - fi - - if [ "${xntpd_enable}" = "YES" ]; then - echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} - fi - - if [ "${timed_enable}" = "YES" ]; then - echo -n ' timed'; timed ${timed_flags} - fi - - if [ "${portmap_enable}" = "YES" ]; then - echo -n ' portmap'; ${portmap_program} ${portmap_flags} - fi - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - if [ "${nis_server_enable}" = "YES" ]; then - echo -n ' ypserv'; ypserv ${nis_server_flags} - - if [ "${nis_ypxfrd_enable}" = "YES" ]; then - echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} - fi - - if [ "${nis_yppasswdd_enable}" = "YES" ]; then - echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} - fi - fi - - # Start ypbind if we're an NIS client - if [ "${nis_client_enable}" = "YES" ]; then - echo -n ' ypbind'; ypbind ${nis_client_flags} - if [ "${nis_ypset_enable}" = "YES" ]; then - echo -n ' ypset'; ypset ${nis_ypset_flags} - fi - fi - - # Start keyserv if we are running Secure RPC - if [ "${keyserv_enable}" = "YES" ]; then - echo -n ' keyserv'; keyserv ${keyserv_flags} - fi - # Start ypupdated if we are running Secure RPC and we are NIS master - if [ "${rpc_ypupdated_enable}" = "YES" ]; then - echo -n ' rpc.ypupdated'; rpc.ypupdated - fi - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES + echo -n 'Doing additional network setup:' + case ${named_enable} in + [Yy][Ee][Ss]) + echo -n ' named'; ${named_program:-named} ${named_flags} + ;; + esac + + case ${ntpdate_enable} in + [Yy][Ee][Ss]) + echo -n ' ntpdate' + ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 + ;; + esac + + case ${xntpd_enable} in + [Yy][Ee][Ss]) + echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags} + ;; + esac + + case ${timed_enable} in + [Yy][Ee][Ss]) + echo -n ' timed'; timed ${timed_flags} + ;; + esac + + case ${portmap_enable} in + [Yy][Ee][Ss]) + echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} + ;; + esac + + # Start ypserv if we're an NIS server. + # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. + # + case ${nis_server_enable} in + [Yy][Ee][Ss]) + echo -n ' ypserv'; ypserv ${nis_server_flags} + + case ${nis_ypxfrd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypxfrd' + rpc.ypxfrd ${nis_ypxfrd_flags} + ;; + esac + + case ${nis_yppasswdd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.yppasswdd' + rpc.yppasswdd ${nis_yppasswdd_flags} + ;; + esac + ;; + esac + + # Start ypbind if we're an NIS client + # + case ${nis_client_enable} in + [Yy][Ee][Ss]) + echo -n ' ypbind'; ypbind ${nis_client_flags} + case ${nis_ypset_enable} in + [Yy][Ee][Ss]) + echo -n ' ypset'; ypset ${nis_ypset_flags} + ;; + esac + ;; + esac + + # Start keyserv if we are running Secure RPC + # + case ${keyserv_enable} in + [Yy][Ee][Ss]) + echo -n ' keyserv'; keyserv ${keyserv_flags} + ;; + esac + + # Start ypupdated if we are running Secure RPC and we are NIS master + # + case ${rpc_ypupdated_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypupdated'; rpc.ypupdated + ;; + esac + + # Start ATM daemons + if [ -n "${atm_pass2_done}" ]; then + atm_pass3 + fi + + echo '.' + network_pass2_done=YES } network_pass3() { - echo -n 'Starting final network daemons:' - - if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then - echo -n ' mountd' - if [ "${weak_mountd_authentication}" = "YES" ]; then - mountd_flags="-n" - fi - mountd ${mountd_flags} - if [ "${nfs_reserved_port_only}" = "YES" ]; then - echo -n ' NFS on reserved port only=YES' - sysctl -w vfs.nfs.nfs_privport=1 >/dev/null - fi - echo -n ' nfsd'; nfsd ${nfs_server_flags} - if [ "${rpc_lockd_enable}" = "YES" ]; then - echo -n ' rpc.lockd'; rpc.lockd - fi - if [ "${rpc_statd_enable}" = "YES" ]; then - echo -n ' rpc.statd'; rpc.statd - fi - fi - - if [ "${nfs_client_enable}" = "YES" ]; then - echo -n ' nfsiod'; nfsiod ${nfs_client_flags} - if [ "${nfs_access_cache}" != "X" ]; then + echo -n 'Starting final network daemons:' + + case ${nfs_server_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/exports ]; then + echo -n ' mountd' + + case ${weak_mountd_authentication} in + [Yy][Ee][Ss]) + mountd_flags="-n" + ;; + esac + + mountd ${mountd_flags} + + case ${nfs_reserved_port_only} in + [Yy][Ee][Ss]) + echo -n ' NFS on reserved port only=YES' + sysctl -w vfs.nfs.nfs_privport=1 >/dev/null + ;; + esac + + echo -n ' nfsd'; nfsd ${nfs_server_flags} + + case ${rpc_lockd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.lockd'; rpc.lockd + ;; + esac + + case ${rpc_statd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.statd'; rpc.statd + ;; + esac + fi + ;; + esac + + case ${nfs_client_enable} in + [Yy][Ee][Ss]) + echo -n ' nfsiod'; nfsiod ${nfs_client_flags} + if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ - >/dev/null - fi - fi - - if [ "${amd_enable}" = "YES" ]; then - echo -n ' amd' - if [ "${amd_map_program}" != "NO" ]; then - amd_flags="${amd_flags} `eval ${amd_map_program}`" - fi - if [ -n "${amd_flags}" ] - then - amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null - else - amd 2> /dev/null - fi - fi - - if [ "${rwhod_enable}" = "YES" ]; then - echo -n ' rwhod'; rwhod ${rwhod_flags} - fi - - # Kerberos runs ONLY on the Kerberos server machine - if [ "${kerberos_server_enable}" = "YES" ]; then - if [ "${kerberos_stash}" = "YES" ]; then - stash_flag=-n - else - stash_flag= - fi - echo -n ' kerberos'; \ + >/dev/null + fi + ;; + esac + + case ${amd_enable} in + [Yy][Ee][Ss]) + echo -n ' amd' + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + amd_flags="${amd_flags} `eval ${amd_map_program}`" + ;; + esac + + if [ -n "${amd_flags}" ]; then + amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null + else + amd 2> /dev/null + fi + ;; + esac + + case ${rwhod_enable} in + [Yy][Ee][Ss]) + echo -n ' rwhod'; rwhod ${rwhod_flags} + ;; + esac + + # Kerberos runs ONLY on the Kerberos server machine + case ${kerberos_server_enable} in + [Yy][Ee][Ss]) + case ${kerberos_stash} in + [Yy][Ee][Ss]) + stash_flag=-n + ;; + *) + stash_flag= + ;; + esac + + echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & - if [ "${kadmind_server_enable}" = "YES" ]; then - echo -n ' kadmind'; \ - (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & - fi - unset stash_flag - fi - - echo '.' - network_pass3_done=YES + + case ${kadmind_server_enable} in + [Yy][Ee][Ss]) + echo -n ' kadmind' + (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & + ;; + esac + unset stash_flag + ;; + esac + + echo '.' + network_pass3_done=YES } diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index 781c73f..5ddce80 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -3,400 +3,574 @@ # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 -# Note that almost all the user-configurable behavior is no longer in -# this file, but rather in /etc/rc.conf. Please check that file +# Note that almost all of the user-configurable behavior is no longer in +# this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. - +# network_pass1() { - echo -n 'Doing initial network setup:' - # Set the host name if it is not already set - if [ -z "`hostname -s`" ] ; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Set the domainname if we're using NIS - if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then - domainname ${nisdomainname} - echo -n ' domain' - fi - echo '.' - - # Initial ATM interface configuration - if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - - # ISDN subsystem startup - if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ] ; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # Set up all the network interfaces, calling startup scripts if needed - if [ "${network_interfaces}" = "auto" ]; then - network_interfaces="`ifconfig -l`" - fi - for ifn in ${network_interfaces}; do - showstat=false - if [ -e /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - showstat=true - fi - # Do the primary ifconfig if specified - eval ifconfig_args=\$ifconfig_${ifn} - if [ -n "${ifconfig_args}" ] ; then - # See if we are using DHCP - if [ "${ifconfig_args}" = "DHCP" ]; then - ${dhcp_program} ${dhcp_flags} ${ifn} - else - ifconfig ${ifn} ${ifconfig_args} - fi - showstat=true - fi - # Check to see if aliases need to be added - alias=0 - while : - do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - showstat=true - alias=`expr ${alias} + 1` - else - break; - fi - done - # Do ipx address if specified - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - showstat=true - fi - if [ "${showstat}" = "true" ] - then - ifconfig ${ifn} - fi - done - - # Warm up user ppp if required, must happen before natd. - if [ "${ppp_enable}" = "YES" ]; then - # Establish ppp mode. - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto"; - fi - ppp_command="-${ppp_mode} "; - - # Switch on alias mode? - if [ "${ppp_nat}" = "YES" ]; then - ppp_command="${ppp_command} -nat"; - fi - - echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} - fi - - # Initialize IP filtering using ipfw - echo "" - /sbin/ipfw -q flush > /dev/null 2>&1 - if [ $? = 0 ] ; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then - if kldload ipfw; then - firewall_in_kernel=1 # module loaded successfully - echo "Kernel firewall module loaded." - else - echo "Warning: firewall kernel module failed to load." - fi - fi + echo -n 'Doing initial network setup:' - # Load the filters if required - if [ ${firewall_in_kernel} = 1 ]; then - if [ -z "${firewall_script}" ] ; then - firewall_script="/etc/rc.firewall" + # Set the host name if it is not already set + # + if [ -z "`hostname -s`" ]; then + hostname ${hostname} + echo -n ' hostname' fi - if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then - . ${firewall_script} - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then - natd_ifarg="-a ${natd_interface}" - else - natd_ifarg="-n ${natd_interface}" + + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo] | '') + ;; + *) + domainname ${nisdomainname} + echo -n ' domain' + ;; + esac + + echo '.' + + # Initial ATM interface configuration + # + case ${atm_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.atm ]; then + . /etc/rc.atm + atm_pass1 + fi + ;; + esac + + # ISDN subsystem startup + # + case ${isdn_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.isdn ]; then + . /etc/rc.isdn + fi + ;; + esac + + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig section, since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done + + # Set up all the network interfaces, calling startup scripts if needed + # + case ${network_interfaces} in + [Aa][Uu][Tt][Oo]) + network_interfaces="`ifconfig -l`" + ;; + esac + + for ifn in ${network_interfaces}; do + showstat=false + if [ -r /etc/start_if.${ifn} ]; then + . /etc/start_if.${ifn} + showstat=true fi - echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} - fi - echo '.' + + # Do the primary ifconfig if specified + # + eval ifconfig_args=\$ifconfig_${ifn} + + case ${ifconfig_args} in + '') + ;; + [Dd][Hh][Cc][Pp]) + ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn} + showstat=true + ;; + *) + ifconfig ${ifn} ${ifconfig_args} + showstat=true + ;; + esac + + # Check to see if aliases need to be added + # + alias=0 + while : ; do + eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} alias + showstat=true + alias=`expr ${alias} + 1` + else + break; + fi + done + + # Do ipx address if specified + # + eval ifconfig_args=\$ifconfig_${ifn}_ipx + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} + showstat=true + fi + + case ${showstat} in + true) + ifconfig ${ifn} + ;; + esac + done + + # Warm up user ppp if required, must happen before natd. + # + case ${ppp_enable} in + [Yy][Ee][Ss]) + # Establish ppp mode. + # + if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ + -a "${ppp_mode}" != "dedicated" \ + -a "${ppp_mode}" != "background" ]; then + ppp_mode="auto"; + fi + + ppp_command="-${ppp_mode} "; + + # Switch on alias mode? + # + case ${ppp_nat} in + [Yy][Ee][Ss]) + ppp_command="${ppp_command} -nat"; + ;; + esac + + echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} + ;; + esac + + # Initialize IP filtering using ipfw + # + echo '' + + if /sbin/ipfw -q flush > /dev/null 2>&1; then + firewall_in_kernel=1 else - IPFW_DEFAULT=`ipfw l 65535` - if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then - echo -n "Warning: kernel has firewall functionality, " - echo "but firewall rules are not enabled." - echo " All ip services are disabled." - fi + firewall_in_kernel=0 fi - fi - - # Additional ATM interface configuration - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - - if [ "${defaultrouter}" != "NO" ] ; then - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - fi - - # Set up any static routes. This should be done before router discovery. - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then - echo -n ' tcp extensions=NO' - sysctl -w net.inet.tcp.rfc1323=0 >/dev/null - fi - - if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - fi - - if [ "${icmp_bmcastecho}" = "YES" ]; then - echo -n ' broadcast ping responses=YES' - sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null - fi - - if [ "${icmp_drop_redirect}" = "YES" ]; then - echo -n ' ignore ICMP redirect=YES' - sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null - fi - - if [ "${icmp_log_redirect}" = "YES" ]; then - echo -n ' log ICMP redirect=YES' - sysctl -w net.inet.icmp.log_redirect=1 >/dev/null - fi - - if [ "${gateway_enable}" = "YES" ]; then - echo -n ' IP gateway=YES' - sysctl -w net.inet.ip.forwarding=1 >/dev/null - fi - - if [ "${forward_sourceroute}" = "YES" ]; then - echo -n ' do source routing=YES' - sysctl -w net.inet.ip.sourceroute=1 >/dev/null - fi - - if [ "${accept_sourceroute}" = "YES" ]; then - echo -n ' accept source routing=YES' - sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null - fi - - if [ "${tcp_keepalive}" = "YES" ]; then - echo -n ' TCP keepalive=YES' - sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null - fi - - if [ "X$tcp_restrict_rst" = X"YES" ]; then - echo -n ' restrict TCP reset=YES' - sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null - fi - - if [ "X$tcp_drop_synfin" = X"YES" ]; then - echo -n ' drop SYN+FIN packets=YES' - sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null - fi - - if [ "${ipxgateway_enable}" = "YES" ]; then - echo -n ' IPX gateway=YES' - sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null - fi - - if [ "${arpproxy_all}" = "YES" ]; then - echo -n ' ARP proxyall=YES' - sysctl -w net.link.ether.inet.proxyall=1 >/dev/null - fi - echo '.' - - echo -n 'routing daemons:' - if [ "${router_enable}" = "YES" ]; then - echo -n " ${router}"; ${router} ${router_flags} - fi - - if [ "${ipxrouted_enable}" = "YES" ]; then - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - fi - - if [ "${mrouted_enable}" = "YES" ]; then - echo -n ' mrouted'; mrouted ${mrouted_flags} - fi - - if [ "${rarpd_enable}" = "YES" ]; then - echo -n ' rarpd'; rarpd ${rarpd_flags} - fi - echo '.' - network_pass1_done=YES # Let future generations know we made it. + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then + firewall_in_kernel=1 + echo "Kernel firewall module loaded." + elif [ "${firewall_in_kernel}" -eq 0 ]; then + echo "Warning: firewall kernel module failed to load." + fi + ;; + esac + + # Load the filters if required + # + case ${firewall_in_kernel} in + 1) + if [ -z "${firewall_script}" ]; then + firewall_script=/etc/rc.firewall + fi + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ -r ${firewall_script} ]; then + . ${firewall_script} + echo -n 'Firewall rules loaded, starting divert daemons:' + + # Network Address Translation daemon + # + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + if echo ${natd_interface} | \ + grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then + natd_ifarg="-a ${natd_interface}" + else + natd_ifarg="-n ${natd_interface}" + fi + + echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} + fi + ;; + esac + + echo '.' + + elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then + echo -n "Warning: kernel has firewall functionality, " + echo "but firewall rules are not enabled." + echo " All ip services are disabled." + fi + ;; + esac + ;; + esac + + # Additional ATM interface configuration + # + if [ -n "${atm_pass1_done}" ]; then + atm_pass2 + fi + + # Configure routing + # + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + # Set up any static routes. This should be done before router discovery. + # + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi + + echo -n 'Additional routing options:' + case ${tcp_extensions} in + [Yy][Ee][Ss] | '') + ;; + *) + echo -n ' tcp extensions=NO' + sysctl -w net.inet.tcp.rfc1323=0 >/dev/null + ;; + esac + + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + case ${icmp_bmcastecho} in + [Yy][Ee][Ss]) + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null + ;; + esac + + case ${icmp_drop_redirect} in + [Yy][Ee][Ss]) + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + ;; + esac + + case ${icmp_log_redirect} in + [Yy][Ee][Ss]) + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + ;; + esac + + case ${gateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IP gateway=YES' + sysctl -w net.inet.ip.forwarding=1 >/dev/null + ;; + esac + + case ${forward_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' do source routing=YES' + sysctl -w net.inet.ip.sourceroute=1 >/dev/null + ;; + esac + + case ${accept_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' accept source routing=YES' + sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null + ;; + esac + + case ${tcp_keepalive} in + [Yy][Ee][Ss]) + echo -n ' TCP keepalive=YES' + sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null + ;; + esac + + case ${tcp_restrict_rst} in + [Yy][Ee][Ss]) + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + ;; + esac + + case ${tcp_drop_synfin} in + [Yy][Ee][Ss]) + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + ;; + esac + + case ${ipxgateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IPX gateway=YES' + sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null + ;; + esac + + case ${arpproxy_all} in + [Yy][Ee][Ss]) + echo -n ' ARP proxyall=YES' + sysctl -w net.link.ether.inet.proxyall=1 >/dev/null + ;; + esac + echo '.' + + echo -n 'routing daemons:' + case ${router_enable} in + [Yy][Ee][Ss]) + echo -n " ${router}"; ${router} ${router_flags} + ;; + esac + + case ${ipxrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' IPXrouted' + IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 + ;; + esac + + case ${mrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' mrouted'; mrouted ${mrouted_flags} + ;; + esac + + case ${rarpd_enable} in + [Yy][Ee][Ss]) + echo -n ' rarpd'; rarpd ${rarpd_flags} + ;; + esac + echo '.' + + # Let future generations know we made it. + # + network_pass1_done=YES } network_pass2() { - echo -n 'Doing additional network setup:' - if [ "${named_enable}" = "YES" ]; then - echo -n ' named'; ${named_program-"named"} ${named_flags} - fi - - if [ "${ntpdate_enable}" = "YES" ]; then - echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 - fi - - if [ "${xntpd_enable}" = "YES" ]; then - echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} - fi - - if [ "${timed_enable}" = "YES" ]; then - echo -n ' timed'; timed ${timed_flags} - fi - - if [ "${portmap_enable}" = "YES" ]; then - echo -n ' portmap'; ${portmap_program} ${portmap_flags} - fi - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - if [ "${nis_server_enable}" = "YES" ]; then - echo -n ' ypserv'; ypserv ${nis_server_flags} - - if [ "${nis_ypxfrd_enable}" = "YES" ]; then - echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} - fi - - if [ "${nis_yppasswdd_enable}" = "YES" ]; then - echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} - fi - fi - - # Start ypbind if we're an NIS client - if [ "${nis_client_enable}" = "YES" ]; then - echo -n ' ypbind'; ypbind ${nis_client_flags} - if [ "${nis_ypset_enable}" = "YES" ]; then - echo -n ' ypset'; ypset ${nis_ypset_flags} - fi - fi - - # Start keyserv if we are running Secure RPC - if [ "${keyserv_enable}" = "YES" ]; then - echo -n ' keyserv'; keyserv ${keyserv_flags} - fi - # Start ypupdated if we are running Secure RPC and we are NIS master - if [ "${rpc_ypupdated_enable}" = "YES" ]; then - echo -n ' rpc.ypupdated'; rpc.ypupdated - fi - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES + echo -n 'Doing additional network setup:' + case ${named_enable} in + [Yy][Ee][Ss]) + echo -n ' named'; ${named_program:-named} ${named_flags} + ;; + esac + + case ${ntpdate_enable} in + [Yy][Ee][Ss]) + echo -n ' ntpdate' + ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 + ;; + esac + + case ${xntpd_enable} in + [Yy][Ee][Ss]) + echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags} + ;; + esac + + case ${timed_enable} in + [Yy][Ee][Ss]) + echo -n ' timed'; timed ${timed_flags} + ;; + esac + + case ${portmap_enable} in + [Yy][Ee][Ss]) + echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} + ;; + esac + + # Start ypserv if we're an NIS server. + # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. + # + case ${nis_server_enable} in + [Yy][Ee][Ss]) + echo -n ' ypserv'; ypserv ${nis_server_flags} + + case ${nis_ypxfrd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypxfrd' + rpc.ypxfrd ${nis_ypxfrd_flags} + ;; + esac + + case ${nis_yppasswdd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.yppasswdd' + rpc.yppasswdd ${nis_yppasswdd_flags} + ;; + esac + ;; + esac + + # Start ypbind if we're an NIS client + # + case ${nis_client_enable} in + [Yy][Ee][Ss]) + echo -n ' ypbind'; ypbind ${nis_client_flags} + case ${nis_ypset_enable} in + [Yy][Ee][Ss]) + echo -n ' ypset'; ypset ${nis_ypset_flags} + ;; + esac + ;; + esac + + # Start keyserv if we are running Secure RPC + # + case ${keyserv_enable} in + [Yy][Ee][Ss]) + echo -n ' keyserv'; keyserv ${keyserv_flags} + ;; + esac + + # Start ypupdated if we are running Secure RPC and we are NIS master + # + case ${rpc_ypupdated_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypupdated'; rpc.ypupdated + ;; + esac + + # Start ATM daemons + if [ -n "${atm_pass2_done}" ]; then + atm_pass3 + fi + + echo '.' + network_pass2_done=YES } network_pass3() { - echo -n 'Starting final network daemons:' - - if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then - echo -n ' mountd' - if [ "${weak_mountd_authentication}" = "YES" ]; then - mountd_flags="-n" - fi - mountd ${mountd_flags} - if [ "${nfs_reserved_port_only}" = "YES" ]; then - echo -n ' NFS on reserved port only=YES' - sysctl -w vfs.nfs.nfs_privport=1 >/dev/null - fi - echo -n ' nfsd'; nfsd ${nfs_server_flags} - if [ "${rpc_lockd_enable}" = "YES" ]; then - echo -n ' rpc.lockd'; rpc.lockd - fi - if [ "${rpc_statd_enable}" = "YES" ]; then - echo -n ' rpc.statd'; rpc.statd - fi - fi - - if [ "${nfs_client_enable}" = "YES" ]; then - echo -n ' nfsiod'; nfsiod ${nfs_client_flags} - if [ "${nfs_access_cache}" != "X" ]; then + echo -n 'Starting final network daemons:' + + case ${nfs_server_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/exports ]; then + echo -n ' mountd' + + case ${weak_mountd_authentication} in + [Yy][Ee][Ss]) + mountd_flags="-n" + ;; + esac + + mountd ${mountd_flags} + + case ${nfs_reserved_port_only} in + [Yy][Ee][Ss]) + echo -n ' NFS on reserved port only=YES' + sysctl -w vfs.nfs.nfs_privport=1 >/dev/null + ;; + esac + + echo -n ' nfsd'; nfsd ${nfs_server_flags} + + case ${rpc_lockd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.lockd'; rpc.lockd + ;; + esac + + case ${rpc_statd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.statd'; rpc.statd + ;; + esac + fi + ;; + esac + + case ${nfs_client_enable} in + [Yy][Ee][Ss]) + echo -n ' nfsiod'; nfsiod ${nfs_client_flags} + if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ - >/dev/null - fi - fi - - if [ "${amd_enable}" = "YES" ]; then - echo -n ' amd' - if [ "${amd_map_program}" != "NO" ]; then - amd_flags="${amd_flags} `eval ${amd_map_program}`" - fi - if [ -n "${amd_flags}" ] - then - amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null - else - amd 2> /dev/null - fi - fi - - if [ "${rwhod_enable}" = "YES" ]; then - echo -n ' rwhod'; rwhod ${rwhod_flags} - fi - - # Kerberos runs ONLY on the Kerberos server machine - if [ "${kerberos_server_enable}" = "YES" ]; then - if [ "${kerberos_stash}" = "YES" ]; then - stash_flag=-n - else - stash_flag= - fi - echo -n ' kerberos'; \ + >/dev/null + fi + ;; + esac + + case ${amd_enable} in + [Yy][Ee][Ss]) + echo -n ' amd' + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + amd_flags="${amd_flags} `eval ${amd_map_program}`" + ;; + esac + + if [ -n "${amd_flags}" ]; then + amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null + else + amd 2> /dev/null + fi + ;; + esac + + case ${rwhod_enable} in + [Yy][Ee][Ss]) + echo -n ' rwhod'; rwhod ${rwhod_flags} + ;; + esac + + # Kerberos runs ONLY on the Kerberos server machine + case ${kerberos_server_enable} in + [Yy][Ee][Ss]) + case ${kerberos_stash} in + [Yy][Ee][Ss]) + stash_flag=-n + ;; + *) + stash_flag= + ;; + esac + + echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & - if [ "${kadmind_server_enable}" = "YES" ]; then - echo -n ' kadmind'; \ - (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & - fi - unset stash_flag - fi - - echo '.' - network_pass3_done=YES + + case ${kadmind_server_enable} in + [Yy][Ee][Ss]) + echo -n ' kadmind' + (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & + ;; + esac + unset stash_flag + ;; + esac + + echo '.' + network_pass3_done=YES } diff --git a/etc/rc.d/pccard b/etc/rc.d/pccard index 92a4ee3..a68323b 100644 --- a/etc/rc.d/pccard +++ b/etc/rc.d/pccard @@ -2,15 +2,22 @@ # PC-card startup script # $FreeBSD$ -if [ "${pccard_enable}" = "YES" ] ; then - if [ "${pccard_mem}" != "DEFAULT" ] ; then - pccardc pccardmem ${pccard_mem} - else +case ${pccard_enable} in +[Yy][Ee][Ss]) + case ${pccard_mem} in + [Dd][Ee][Ff][Aa][Uu][Ll][Tt]) pccardc pccardmem 0xd0000 - fi - if [ -n "${pccard_conf}" ] ; then + ;; + *) + pccardc pccardmem ${pccard_mem} + ;; + esac + + if [ -n "${pccard_conf}" ]; then pccardd_flags="${pccardd_flags} -f ${pccard_conf}" fi - echo -n "Enable PC-card." + + echo -n "Enable PC-card." pccardd ${pccardd_flags} 2>&1 > /var/log/pccardd.debug -fi + ;; +esac diff --git a/etc/rc.d/resolv b/etc/rc.d/resolv index a7f0a50..2d777e5 100644 --- a/etc/rc.d/resolv +++ b/etc/rc.d/resolv @@ -1,11 +1,14 @@ +# +#$FreeBSD$ +# # PROVIDE: diskless # REQUIRE: initdiskless mountcritlocal if [ -n "$4" ]; then bpi="-i $4" -if [ -f /etc/defaults/rc.conf ]; then + fi /sbin/mdconfig -a -t malloc -s $1 -u $3 -elif [ -f /etc/rc.conf ]; then + /sbin/newfs $bpi /dev/md$3c /sbin/mount /dev/md$3c $2 } @@ -29,10 +32,9 @@ mkdir /var/spool/output/lpd chown -R root.daemon /var/spool/output chgrp daemon /var/spool/lpd -( cd /; find -x dev | cpio -o -H newc ) > /tmp/dev.tmp +(cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_mfs -s 4096 -i 512 -T qp120at dummy /dev -( cd /; cpio -i -H newc -d < /tmp/dev.tmp ) - +(cd /; cpio -i -H newc -d < /tmp/dev.tmp) # extract a list of device entries, then copy them to a writable fs (cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_md 4096 /dev 3 512 diff --git a/etc/rc.d/routing b/etc/rc.d/routing index 781c73f..5ddce80 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -3,400 +3,574 @@ # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 -# Note that almost all the user-configurable behavior is no longer in -# this file, but rather in /etc/rc.conf. Please check that file +# Note that almost all of the user-configurable behavior is no longer in +# this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. - +# network_pass1() { - echo -n 'Doing initial network setup:' - # Set the host name if it is not already set - if [ -z "`hostname -s`" ] ; then - hostname ${hostname} - echo -n ' hostname' - fi - - # Set the domainname if we're using NIS - if [ -n "${nisdomainname}" -a "${nisdomainname}" != "NO" ] ; then - domainname ${nisdomainname} - echo -n ' domain' - fi - echo '.' - - # Initial ATM interface configuration - if [ "${atm_enable}" = "YES" -a -f /etc/rc.atm ]; then - . /etc/rc.atm - atm_pass1 - fi - - # ISDN subsystem startup - if [ "${isdn_enable}" = "YES" -a -f /etc/rc.isdn ]; then - . /etc/rc.isdn - fi - - # Special options for sppp(4) interfaces go here. These need - # to go _before_ the general ifconfig section, since in the case - # of hardwired (no link1 flag) but required authentication, you - # cannot pass auth parameters down to the already running interface. - for ifn in ${sppp_interfaces}; do - eval spppcontrol_args=\$spppconfig_${ifn} - if [ -n "${spppcontrol_args}" ] ; then - # The auth secrets might contain spaces; in order - # to retain the quotation, we need to eval them - # here. - eval spppcontrol ${ifn} ${spppcontrol_args} - fi - done - - # Set up all the network interfaces, calling startup scripts if needed - if [ "${network_interfaces}" = "auto" ]; then - network_interfaces="`ifconfig -l`" - fi - for ifn in ${network_interfaces}; do - showstat=false - if [ -e /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - showstat=true - fi - # Do the primary ifconfig if specified - eval ifconfig_args=\$ifconfig_${ifn} - if [ -n "${ifconfig_args}" ] ; then - # See if we are using DHCP - if [ "${ifconfig_args}" = "DHCP" ]; then - ${dhcp_program} ${dhcp_flags} ${ifn} - else - ifconfig ${ifn} ${ifconfig_args} - fi - showstat=true - fi - # Check to see if aliases need to be added - alias=0 - while : - do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - showstat=true - alias=`expr ${alias} + 1` - else - break; - fi - done - # Do ipx address if specified - eval ifconfig_args=\$ifconfig_${ifn}_ipx - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} - showstat=true - fi - if [ "${showstat}" = "true" ] - then - ifconfig ${ifn} - fi - done - - # Warm up user ppp if required, must happen before natd. - if [ "${ppp_enable}" = "YES" ]; then - # Establish ppp mode. - if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ - -a "${ppp_mode}" != "dedicated" \ - -a "${ppp_mode}" != "background" ]; then - ppp_mode="auto"; - fi - ppp_command="-${ppp_mode} "; - - # Switch on alias mode? - if [ "${ppp_nat}" = "YES" ]; then - ppp_command="${ppp_command} -nat"; - fi - - echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} - fi - - # Initialize IP filtering using ipfw - echo "" - /sbin/ipfw -q flush > /dev/null 2>&1 - if [ $? = 0 ] ; then - firewall_in_kernel=1 - else - firewall_in_kernel=0 - fi - - if [ ${firewall_in_kernel} = 0 -a "${firewall_enable}" = "YES" ] ; then - if kldload ipfw; then - firewall_in_kernel=1 # module loaded successfully - echo "Kernel firewall module loaded." - else - echo "Warning: firewall kernel module failed to load." - fi - fi + echo -n 'Doing initial network setup:' - # Load the filters if required - if [ ${firewall_in_kernel} = 1 ]; then - if [ -z "${firewall_script}" ] ; then - firewall_script="/etc/rc.firewall" + # Set the host name if it is not already set + # + if [ -z "`hostname -s`" ]; then + hostname ${hostname} + echo -n ' hostname' fi - if [ -f ${firewall_script} -a "${firewall_enable}" = "YES" ]; then - . ${firewall_script} - echo -n 'Firewall rules loaded, starting divert daemons:' - - # Network Address Translation daemon - if [ "${natd_enable}" = "YES" -a -n "${natd_interface}" ]; then - if echo ${natd_interface} | \ - grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then - natd_ifarg="-a ${natd_interface}" - else - natd_ifarg="-n ${natd_interface}" + + # Set the domainname if we're using NIS + # + case ${nisdomainname} in + [Nn][Oo] | '') + ;; + *) + domainname ${nisdomainname} + echo -n ' domain' + ;; + esac + + echo '.' + + # Initial ATM interface configuration + # + case ${atm_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.atm ]; then + . /etc/rc.atm + atm_pass1 + fi + ;; + esac + + # ISDN subsystem startup + # + case ${isdn_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/rc.isdn ]; then + . /etc/rc.isdn + fi + ;; + esac + + # Special options for sppp(4) interfaces go here. These need + # to go _before_ the general ifconfig section, since in the case + # of hardwired (no link1 flag) but required authentication, you + # cannot pass auth parameters down to the already running interface. + # + for ifn in ${sppp_interfaces}; do + eval spppcontrol_args=\$spppconfig_${ifn} + if [ -n "${spppcontrol_args}" ]; then + # The auth secrets might contain spaces; in order + # to retain the quotation, we need to eval them + # here. + eval spppcontrol ${ifn} ${spppcontrol_args} + fi + done + + # Set up all the network interfaces, calling startup scripts if needed + # + case ${network_interfaces} in + [Aa][Uu][Tt][Oo]) + network_interfaces="`ifconfig -l`" + ;; + esac + + for ifn in ${network_interfaces}; do + showstat=false + if [ -r /etc/start_if.${ifn} ]; then + . /etc/start_if.${ifn} + showstat=true fi - echo -n ' natd'; ${natd_program} ${natd_flags} ${natd_ifarg} - fi - echo '.' + + # Do the primary ifconfig if specified + # + eval ifconfig_args=\$ifconfig_${ifn} + + case ${ifconfig_args} in + '') + ;; + [Dd][Hh][Cc][Pp]) + ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${ifn} + showstat=true + ;; + *) + ifconfig ${ifn} ${ifconfig_args} + showstat=true + ;; + esac + + # Check to see if aliases need to be added + # + alias=0 + while : ; do + eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} alias + showstat=true + alias=`expr ${alias} + 1` + else + break; + fi + done + + # Do ipx address if specified + # + eval ifconfig_args=\$ifconfig_${ifn}_ipx + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} + showstat=true + fi + + case ${showstat} in + true) + ifconfig ${ifn} + ;; + esac + done + + # Warm up user ppp if required, must happen before natd. + # + case ${ppp_enable} in + [Yy][Ee][Ss]) + # Establish ppp mode. + # + if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ + -a "${ppp_mode}" != "dedicated" \ + -a "${ppp_mode}" != "background" ]; then + ppp_mode="auto"; + fi + + ppp_command="-${ppp_mode} "; + + # Switch on alias mode? + # + case ${ppp_nat} in + [Yy][Ee][Ss]) + ppp_command="${ppp_command} -nat"; + ;; + esac + + echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} + ;; + esac + + # Initialize IP filtering using ipfw + # + echo '' + + if /sbin/ipfw -q flush > /dev/null 2>&1; then + firewall_in_kernel=1 else - IPFW_DEFAULT=`ipfw l 65535` - if [ "${IPFW_DEFAULT}" = "65535 deny ip from any to any" ]; then - echo -n "Warning: kernel has firewall functionality, " - echo "but firewall rules are not enabled." - echo " All ip services are disabled." - fi + firewall_in_kernel=0 fi - fi - - # Additional ATM interface configuration - if [ -n "${atm_pass1_done}" ]; then - atm_pass2 - fi - - # Configure routing - - if [ "${defaultrouter}" != "NO" ] ; then - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" - fi - - # Set up any static routes. This should be done before router discovery. - if [ -n "${static_routes}" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done - fi - - echo -n 'Additional routing options:' - if [ -n "${tcp_extensions}" -a "${tcp_extensions}" != "YES" ] ; then - echo -n ' tcp extensions=NO' - sysctl -w net.inet.tcp.rfc1323=0 >/dev/null - fi - - if [ -n "${log_in_vain}" -a "${log_in_vain}" != "NO" ] ; then - echo -n ' log_in_vain=YES' - sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null - sysctl -w net.inet.udp.log_in_vain=1 >/dev/null - fi - - if [ "${icmp_bmcastecho}" = "YES" ]; then - echo -n ' broadcast ping responses=YES' - sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null - fi - - if [ "${icmp_drop_redirect}" = "YES" ]; then - echo -n ' ignore ICMP redirect=YES' - sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null - fi - - if [ "${icmp_log_redirect}" = "YES" ]; then - echo -n ' log ICMP redirect=YES' - sysctl -w net.inet.icmp.log_redirect=1 >/dev/null - fi - - if [ "${gateway_enable}" = "YES" ]; then - echo -n ' IP gateway=YES' - sysctl -w net.inet.ip.forwarding=1 >/dev/null - fi - - if [ "${forward_sourceroute}" = "YES" ]; then - echo -n ' do source routing=YES' - sysctl -w net.inet.ip.sourceroute=1 >/dev/null - fi - - if [ "${accept_sourceroute}" = "YES" ]; then - echo -n ' accept source routing=YES' - sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null - fi - - if [ "${tcp_keepalive}" = "YES" ]; then - echo -n ' TCP keepalive=YES' - sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null - fi - - if [ "X$tcp_restrict_rst" = X"YES" ]; then - echo -n ' restrict TCP reset=YES' - sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null - fi - - if [ "X$tcp_drop_synfin" = X"YES" ]; then - echo -n ' drop SYN+FIN packets=YES' - sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null - fi - - if [ "${ipxgateway_enable}" = "YES" ]; then - echo -n ' IPX gateway=YES' - sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null - fi - - if [ "${arpproxy_all}" = "YES" ]; then - echo -n ' ARP proxyall=YES' - sysctl -w net.link.ether.inet.proxyall=1 >/dev/null - fi - echo '.' - - echo -n 'routing daemons:' - if [ "${router_enable}" = "YES" ]; then - echo -n " ${router}"; ${router} ${router_flags} - fi - - if [ "${ipxrouted_enable}" = "YES" ]; then - echo -n ' IPXrouted' - IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 - fi - - if [ "${mrouted_enable}" = "YES" ]; then - echo -n ' mrouted'; mrouted ${mrouted_flags} - fi - - if [ "${rarpd_enable}" = "YES" ]; then - echo -n ' rarpd'; rarpd ${rarpd_flags} - fi - echo '.' - network_pass1_done=YES # Let future generations know we made it. + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then + firewall_in_kernel=1 + echo "Kernel firewall module loaded." + elif [ "${firewall_in_kernel}" -eq 0 ]; then + echo "Warning: firewall kernel module failed to load." + fi + ;; + esac + + # Load the filters if required + # + case ${firewall_in_kernel} in + 1) + if [ -z "${firewall_script}" ]; then + firewall_script=/etc/rc.firewall + fi + + case ${firewall_enable} in + [Yy][Ee][Ss]) + if [ -r ${firewall_script} ]; then + . ${firewall_script} + echo -n 'Firewall rules loaded, starting divert daemons:' + + # Network Address Translation daemon + # + case ${natd_enable} in + [Yy][Ee][Ss]) + if [ -n "${natd_interface}" ]; then + if echo ${natd_interface} | \ + grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then + natd_ifarg="-a ${natd_interface}" + else + natd_ifarg="-n ${natd_interface}" + fi + + echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} + fi + ;; + esac + + echo '.' + + elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then + echo -n "Warning: kernel has firewall functionality, " + echo "but firewall rules are not enabled." + echo " All ip services are disabled." + fi + ;; + esac + ;; + esac + + # Additional ATM interface configuration + # + if [ -n "${atm_pass1_done}" ]; then + atm_pass2 + fi + + # Configure routing + # + case ${defaultrouter} in + [Nn][Oo] | '') + ;; + *) + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" + ;; + esac + + # Set up any static routes. This should be done before router discovery. + # + if [ -n "${static_routes}" ]; then + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done + fi + + echo -n 'Additional routing options:' + case ${tcp_extensions} in + [Yy][Ee][Ss] | '') + ;; + *) + echo -n ' tcp extensions=NO' + sysctl -w net.inet.tcp.rfc1323=0 >/dev/null + ;; + esac + + case ${log_in_vain} in + [Nn][Oo] | '') + ;; + *) + echo -n ' log_in_vain=YES' + sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null + sysctl -w net.inet.udp.log_in_vain=1 >/dev/null + ;; + esac + + case ${icmp_bmcastecho} in + [Yy][Ee][Ss]) + echo -n ' broadcast ping responses=YES' + sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null + ;; + esac + + case ${icmp_drop_redirect} in + [Yy][Ee][Ss]) + echo -n ' ignore ICMP redirect=YES' + sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null + ;; + esac + + case ${icmp_log_redirect} in + [Yy][Ee][Ss]) + echo -n ' log ICMP redirect=YES' + sysctl -w net.inet.icmp.log_redirect=1 >/dev/null + ;; + esac + + case ${gateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IP gateway=YES' + sysctl -w net.inet.ip.forwarding=1 >/dev/null + ;; + esac + + case ${forward_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' do source routing=YES' + sysctl -w net.inet.ip.sourceroute=1 >/dev/null + ;; + esac + + case ${accept_sourceroute} in + [Yy][Ee][Ss]) + echo -n ' accept source routing=YES' + sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null + ;; + esac + + case ${tcp_keepalive} in + [Yy][Ee][Ss]) + echo -n ' TCP keepalive=YES' + sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null + ;; + esac + + case ${tcp_restrict_rst} in + [Yy][Ee][Ss]) + echo -n ' restrict TCP reset=YES' + sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null + ;; + esac + + case ${tcp_drop_synfin} in + [Yy][Ee][Ss]) + echo -n ' drop SYN+FIN packets=YES' + sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null + ;; + esac + + case ${ipxgateway_enable} in + [Yy][Ee][Ss]) + echo -n ' IPX gateway=YES' + sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null + ;; + esac + + case ${arpproxy_all} in + [Yy][Ee][Ss]) + echo -n ' ARP proxyall=YES' + sysctl -w net.link.ether.inet.proxyall=1 >/dev/null + ;; + esac + echo '.' + + echo -n 'routing daemons:' + case ${router_enable} in + [Yy][Ee][Ss]) + echo -n " ${router}"; ${router} ${router_flags} + ;; + esac + + case ${ipxrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' IPXrouted' + IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 + ;; + esac + + case ${mrouted_enable} in + [Yy][Ee][Ss]) + echo -n ' mrouted'; mrouted ${mrouted_flags} + ;; + esac + + case ${rarpd_enable} in + [Yy][Ee][Ss]) + echo -n ' rarpd'; rarpd ${rarpd_flags} + ;; + esac + echo '.' + + # Let future generations know we made it. + # + network_pass1_done=YES } network_pass2() { - echo -n 'Doing additional network setup:' - if [ "${named_enable}" = "YES" ]; then - echo -n ' named'; ${named_program-"named"} ${named_flags} - fi - - if [ "${ntpdate_enable}" = "YES" ]; then - echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 - fi - - if [ "${xntpd_enable}" = "YES" ]; then - echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} - fi - - if [ "${timed_enable}" = "YES" ]; then - echo -n ' timed'; timed ${timed_flags} - fi - - if [ "${portmap_enable}" = "YES" ]; then - echo -n ' portmap'; ${portmap_program} ${portmap_flags} - fi - - # Start ypserv if we're an NIS server. - # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. - if [ "${nis_server_enable}" = "YES" ]; then - echo -n ' ypserv'; ypserv ${nis_server_flags} - - if [ "${nis_ypxfrd_enable}" = "YES" ]; then - echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} - fi - - if [ "${nis_yppasswdd_enable}" = "YES" ]; then - echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} - fi - fi - - # Start ypbind if we're an NIS client - if [ "${nis_client_enable}" = "YES" ]; then - echo -n ' ypbind'; ypbind ${nis_client_flags} - if [ "${nis_ypset_enable}" = "YES" ]; then - echo -n ' ypset'; ypset ${nis_ypset_flags} - fi - fi - - # Start keyserv if we are running Secure RPC - if [ "${keyserv_enable}" = "YES" ]; then - echo -n ' keyserv'; keyserv ${keyserv_flags} - fi - # Start ypupdated if we are running Secure RPC and we are NIS master - if [ "${rpc_ypupdated_enable}" = "YES" ]; then - echo -n ' rpc.ypupdated'; rpc.ypupdated - fi - - # Start ATM daemons - if [ -n "${atm_pass2_done}" ]; then - atm_pass3 - fi - - echo '.' - network_pass2_done=YES + echo -n 'Doing additional network setup:' + case ${named_enable} in + [Yy][Ee][Ss]) + echo -n ' named'; ${named_program:-named} ${named_flags} + ;; + esac + + case ${ntpdate_enable} in + [Yy][Ee][Ss]) + echo -n ' ntpdate' + ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 + ;; + esac + + case ${xntpd_enable} in + [Yy][Ee][Ss]) + echo -n ' xntpd'; ${xntpd_program:-xntpd} ${xntpd_flags} + ;; + esac + + case ${timed_enable} in + [Yy][Ee][Ss]) + echo -n ' timed'; timed ${timed_flags} + ;; + esac + + case ${portmap_enable} in + [Yy][Ee][Ss]) + echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} + ;; + esac + + # Start ypserv if we're an NIS server. + # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. + # + case ${nis_server_enable} in + [Yy][Ee][Ss]) + echo -n ' ypserv'; ypserv ${nis_server_flags} + + case ${nis_ypxfrd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypxfrd' + rpc.ypxfrd ${nis_ypxfrd_flags} + ;; + esac + + case ${nis_yppasswdd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.yppasswdd' + rpc.yppasswdd ${nis_yppasswdd_flags} + ;; + esac + ;; + esac + + # Start ypbind if we're an NIS client + # + case ${nis_client_enable} in + [Yy][Ee][Ss]) + echo -n ' ypbind'; ypbind ${nis_client_flags} + case ${nis_ypset_enable} in + [Yy][Ee][Ss]) + echo -n ' ypset'; ypset ${nis_ypset_flags} + ;; + esac + ;; + esac + + # Start keyserv if we are running Secure RPC + # + case ${keyserv_enable} in + [Yy][Ee][Ss]) + echo -n ' keyserv'; keyserv ${keyserv_flags} + ;; + esac + + # Start ypupdated if we are running Secure RPC and we are NIS master + # + case ${rpc_ypupdated_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.ypupdated'; rpc.ypupdated + ;; + esac + + # Start ATM daemons + if [ -n "${atm_pass2_done}" ]; then + atm_pass3 + fi + + echo '.' + network_pass2_done=YES } network_pass3() { - echo -n 'Starting final network daemons:' - - if [ "${nfs_server_enable}" = "YES" -a -r /etc/exports ]; then - echo -n ' mountd' - if [ "${weak_mountd_authentication}" = "YES" ]; then - mountd_flags="-n" - fi - mountd ${mountd_flags} - if [ "${nfs_reserved_port_only}" = "YES" ]; then - echo -n ' NFS on reserved port only=YES' - sysctl -w vfs.nfs.nfs_privport=1 >/dev/null - fi - echo -n ' nfsd'; nfsd ${nfs_server_flags} - if [ "${rpc_lockd_enable}" = "YES" ]; then - echo -n ' rpc.lockd'; rpc.lockd - fi - if [ "${rpc_statd_enable}" = "YES" ]; then - echo -n ' rpc.statd'; rpc.statd - fi - fi - - if [ "${nfs_client_enable}" = "YES" ]; then - echo -n ' nfsiod'; nfsiod ${nfs_client_flags} - if [ "${nfs_access_cache}" != "X" ]; then + echo -n 'Starting final network daemons:' + + case ${nfs_server_enable} in + [Yy][Ee][Ss]) + if [ -r /etc/exports ]; then + echo -n ' mountd' + + case ${weak_mountd_authentication} in + [Yy][Ee][Ss]) + mountd_flags="-n" + ;; + esac + + mountd ${mountd_flags} + + case ${nfs_reserved_port_only} in + [Yy][Ee][Ss]) + echo -n ' NFS on reserved port only=YES' + sysctl -w vfs.nfs.nfs_privport=1 >/dev/null + ;; + esac + + echo -n ' nfsd'; nfsd ${nfs_server_flags} + + case ${rpc_lockd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.lockd'; rpc.lockd + ;; + esac + + case ${rpc_statd_enable} in + [Yy][Ee][Ss]) + echo -n ' rpc.statd'; rpc.statd + ;; + esac + fi + ;; + esac + + case ${nfs_client_enable} in + [Yy][Ee][Ss]) + echo -n ' nfsiod'; nfsiod ${nfs_client_flags} + if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ - >/dev/null - fi - fi - - if [ "${amd_enable}" = "YES" ]; then - echo -n ' amd' - if [ "${amd_map_program}" != "NO" ]; then - amd_flags="${amd_flags} `eval ${amd_map_program}`" - fi - if [ -n "${amd_flags}" ] - then - amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null - else - amd 2> /dev/null - fi - fi - - if [ "${rwhod_enable}" = "YES" ]; then - echo -n ' rwhod'; rwhod ${rwhod_flags} - fi - - # Kerberos runs ONLY on the Kerberos server machine - if [ "${kerberos_server_enable}" = "YES" ]; then - if [ "${kerberos_stash}" = "YES" ]; then - stash_flag=-n - else - stash_flag= - fi - echo -n ' kerberos'; \ + >/dev/null + fi + ;; + esac + + case ${amd_enable} in + [Yy][Ee][Ss]) + echo -n ' amd' + case ${amd_map_program} in + [Nn][Oo] | '') + ;; + *) + amd_flags="${amd_flags} `eval ${amd_map_program}`" + ;; + esac + + if [ -n "${amd_flags}" ]; then + amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null + else + amd 2> /dev/null + fi + ;; + esac + + case ${rwhod_enable} in + [Yy][Ee][Ss]) + echo -n ' rwhod'; rwhod ${rwhod_flags} + ;; + esac + + # Kerberos runs ONLY on the Kerberos server machine + case ${kerberos_server_enable} in + [Yy][Ee][Ss]) + case ${kerberos_stash} in + [Yy][Ee][Ss]) + stash_flag=-n + ;; + *) + stash_flag= + ;; + esac + + echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & - if [ "${kadmind_server_enable}" = "YES" ]; then - echo -n ' kadmind'; \ - (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & - fi - unset stash_flag - fi - - echo '.' - network_pass3_done=YES + + case ${kadmind_server_enable} in + [Yy][Ee][Ss]) + echo -n ' kadmind' + (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & + ;; + esac + unset stash_flag + ;; + esac + + echo '.' + network_pass3_done=YES } diff --git a/etc/rc.d/tmp b/etc/rc.d/tmp index a7f0a50..2d777e5 100644 --- a/etc/rc.d/tmp +++ b/etc/rc.d/tmp @@ -1,11 +1,14 @@ +# +#$FreeBSD$ +# # PROVIDE: diskless # REQUIRE: initdiskless mountcritlocal if [ -n "$4" ]; then bpi="-i $4" -if [ -f /etc/defaults/rc.conf ]; then + fi /sbin/mdconfig -a -t malloc -s $1 -u $3 -elif [ -f /etc/rc.conf ]; then + /sbin/newfs $bpi /dev/md$3c /sbin/mount /dev/md$3c $2 } @@ -29,10 +32,9 @@ mkdir /var/spool/output/lpd chown -R root.daemon /var/spool/output chgrp daemon /var/spool/lpd -( cd /; find -x dev | cpio -o -H newc ) > /tmp/dev.tmp +(cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_mfs -s 4096 -i 512 -T qp120at dummy /dev -( cd /; cpio -i -H newc -d < /tmp/dev.tmp ) - +(cd /; cpio -i -H newc -d < /tmp/dev.tmp) # extract a list of device entries, then copy them to a writable fs (cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_md 4096 /dev 3 512 diff --git a/etc/rc.d/var b/etc/rc.d/var index a7f0a50..2d777e5 100644 --- a/etc/rc.d/var +++ b/etc/rc.d/var @@ -1,11 +1,14 @@ +# +#$FreeBSD$ +# # PROVIDE: diskless # REQUIRE: initdiskless mountcritlocal if [ -n "$4" ]; then bpi="-i $4" -if [ -f /etc/defaults/rc.conf ]; then + fi /sbin/mdconfig -a -t malloc -s $1 -u $3 -elif [ -f /etc/rc.conf ]; then + /sbin/newfs $bpi /dev/md$3c /sbin/mount /dev/md$3c $2 } @@ -29,10 +32,9 @@ mkdir /var/spool/output/lpd chown -R root.daemon /var/spool/output chgrp daemon /var/spool/lpd -( cd /; find -x dev | cpio -o -H newc ) > /tmp/dev.tmp +(cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_mfs -s 4096 -i 512 -T qp120at dummy /dev -( cd /; cpio -i -H newc -d < /tmp/dev.tmp ) - +(cd /; cpio -i -H newc -d < /tmp/dev.tmp) # extract a list of device entries, then copy them to a writable fs (cd /; find -x dev | cpio -o -H newc) > /tmp/dev.tmp mount_md 4096 /dev 3 512 |