diff options
| author | luigi <luigi@FreeBSD.org> | 2002-03-08 05:15:08 +0000 |
|---|---|---|
| committer | luigi <luigi@FreeBSD.org> | 2002-03-08 05:15:08 +0000 |
| commit | 6b229a1455c9cd14021328f87387a7c0532f3518 (patch) | |
| tree | 506f66a3786a1893b9abda8f1b8fb30b4dd58932 /release | |
| parent | fa65eefffdeccf45bd61757c1bdc59d175666493 (diff) | |
| download | FreeBSD-src-6b229a1455c9cd14021328f87387a7c0532f3518.zip FreeBSD-src-6b229a1455c9cd14021328f87387a7c0532f3518.tar.gz | |
Major cleanup of PicoBSD startup scripts, which now should be
closer to doing "the right thing".
The structure is now the following:
* /etc/rc (from MFS) loads the rest of /etc and /root from
/fd and then from floppy (if present), then transfers control
to /etc/rc1
* /etc/rc1 loads defaults from /etc/rc.conf.defaults, tries to
set the hostname basing on the MAC address of the first ethernet
interface, and then sources /etc/rc.conf and /etc/rc.conf.local
for local configurations
* The rest of the startup process is then performed (rc.network and so on).
Everything except the initial /etc/rc (from MFS) can be overridden with
a local version loaded from floppy. But in most cases, you should only need
to customize the following files in /etc:
rc.conf rc.firewall hosts
Previously there were a number of inconsistencies in the calling
between files, and also a lot of clutter in rc.conf and rc.firewall.
Also, "rc1" was called "rc" and would overwrite the initial /etc/rc
from MFS, making it really hard to figure out what was going on in
case of bugs.
Diffstat (limited to 'release')
| -rw-r--r-- | release/picobsd/floppy.tree/etc/networks | 2 | ||||
| -rw-r--r-- | release/picobsd/floppy.tree/etc/rc | 69 | ||||
| -rw-r--r-- | release/picobsd/floppy.tree/etc/rc.conf | 162 | ||||
| -rw-r--r-- | release/picobsd/floppy.tree/etc/rc.conf.defaults | 177 | ||||
| -rw-r--r-- | release/picobsd/floppy.tree/etc/rc.firewall | 94 | ||||
| -rw-r--r-- | release/picobsd/floppy.tree/etc/rc1 | 52 | ||||
| -rw-r--r-- | release/picobsd/mfs_tree/etc/rc | 28 | ||||
| -rw-r--r-- | release/picobsd/mfs_tree/etc/rc.network | 86 |
8 files changed, 323 insertions, 347 deletions
diff --git a/release/picobsd/floppy.tree/etc/networks b/release/picobsd/floppy.tree/etc/networks index b391f91..c32b68b 100644 --- a/release/picobsd/floppy.tree/etc/networks +++ b/release/picobsd/floppy.tree/etc/networks @@ -1,4 +1,4 @@ -ample networks file. Picobsd scripts will look for entries of the form +# Sample networks file. Picobsd scripts will look for entries of the form # hostname-netmask 255.255.255.0 # when searching for masks vm-netmask 255.255.255.0 diff --git a/release/picobsd/floppy.tree/etc/rc b/release/picobsd/floppy.tree/etc/rc deleted file mode 100644 index b461e6e..0000000 --- a/release/picobsd/floppy.tree/etc/rc +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/sh -# $FreeBSD$ -############################################ -### Special setup for one floppy PICOBSD ### -### THIS IS NOT THE NORMAL /etc/rc !!!!! ### -############################################ -mount -a -t nonfs -# before calling rc.conf, try to identify the system by using the -# ethernet address and name of the first interface. This is available -# to rc.conf and others as $main_eth $main_if for further processing. - -main_ether="" -for main_if in `ifconfig -l` ; do - set `ifconfig $main_if` - while [ "$1" != "" ] ; do - if [ $1 = "ether" ] ; then - main_ether=$2 - break 2 - else - shift - fi - done -done - -if [ -f /etc/rc.conf ]; then - . /etc/rc.conf - set_main_interface - set_all_interfaces -fi -rm -f /var/run/* -if [ "x$swapfile" != "xNO" -a -w "$swapfile" -a -b /dev/vn0b ]; then - echo "Adding $swapfile as additional swap." - vnconfig /dev/vn0b $swapfile && swapon /dev/vn0b -fi -# configure serial devices -if [ -f /etc/rc.serial ]; then - . /etc/rc.serial -fi -# start up the initial network configuration. -if [ -f /etc/rc.network ]; then - . /etc/rc.network - network_pass1 -fi -mount -a -t nfs -chmod 666 /dev/tty[pqrsPQRS]* -# clean up left-over files -(cd /var/run && { cp /dev/null utmp; chmod 644 utmp; }) -if [ -n "$network_pass1_done" ]; then - network_pass2 -fi -if [ -n "$network_pass2_done" ]; then - network_pass3 -fi -if [ "X${inetd_enable}" = X"YES" -a -f /stand/inetd ]; then - echo "Starting inetd."; inetd ${inetd_flags} -fi - -[ "X${sshd_enable}" = "XYES" ] && [ -f /stand/sshd ] && \ - sshd -f /etc/sshd_config - -dev_mkdb - -echo '' -if [ "x$swapfile" = "xNO" ]; then - echo "WARNING: no swap partition!" - echo "Don't run too many programs at the same time..." -fi -cat /etc/motd -exit 0 diff --git a/release/picobsd/floppy.tree/etc/rc.conf b/release/picobsd/floppy.tree/etc/rc.conf index 40e88d1..d0717cd 100644 --- a/release/picobsd/floppy.tree/etc/rc.conf +++ b/release/picobsd/floppy.tree/etc/rc.conf @@ -1,154 +1,8 @@ -#!/bin/sh -# $FreeBSD$ -# -# rc.conf for picobsd. -# $main_ether and $main_if are set from rc to the ethernet address and -# name of the first ethernet interface, if available, so a simple -# here-document below can be used for autoconfiguration. -# Remaining parameters are set using a switch. - -rc_conf_set_defaults() { -syslogd_enable="NO" -pccard_enable="NO" -swapfile="NO" # Set to name of swapfile if aux swapfile desired. -firewall_enable="NO" # firewall type (see /etc/rc.firewall) or NO -tcp_extensions="NO" # Allow RFC1323 & RFC1644 extensions (or NO). -ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. -#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. -### Network daemons options: ### -sshd_enable="YES" # if present... -inetd_enable="YES" # Run the network daemon dispatcher (or NO) -inetd_flags="" # Optional flags to inetd -snmpd_enable="NO" # Run the SNMP daemon (or NO) -snmpd_flags="-C -c /etc/snmpd.conf" # Optional flags to snmpd -### Network routing options: ### -defaultrouter="NO" # Set to default gateway (or NO). -static_routes="" # Set to static route list (or leave empty). -gateway_enable="NO" # Set to YES if this host will be a gateway. -arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. -default_mask="0xffffff00" -} - -# the following lets the user specify a name and ip for his system -read_address() { - echo "Please enter a hostname and IP address for your system $main_ether" - read hostname the_ip - if [ "X$hostname" != "X" ] ; then - echo "# $main_ether $hostname" >> /etc/hosts - echo "$the_ip $hostname" >> /etc/hosts - else - hostname=default - fi -} - -# set "ether" using $1 (interface name) as search key -get_ether() { - local key - key=$1 - ether="" - set `ifconfig ${key}` - while [ "$1" != "" ] ; do - if [ "$1" = "ether" ] ; then - ether=$2 - break - else - shift - fi - done -} - -# read content from /etc/hosts into an array (needed later in fetch_hostname) -read_hosts() { - local i a b c key junk - i="" - while read a b c junk ; do - if [ "$a" = "#ethertable" ] ; then - i=0 - elif [ "$i" != "" -a "X$a" = "X#" -a "$b" != "" ] ; then - eval eth_${i}=$b - eval eth_host_${i}=$c - i=$(($i+1)) - fi - done < /etc/hosts -} - -# set "hostname" using $1 (ethernet address) as search key in /etc/hosts -fetch_hostname() { - local i b key - key=$1 - i=0 - b="x" - if [ "${eth_0}" = "" ] ; then - read_hosts - fi - hostname="" - while [ "$b" != "" -a "${hostname}" = "" ] ; do - eval b=\${eth_${i}} - case X${key} in - X${b} ) # so we can use wildcards - eval hostname=\${eth_host_${i}} - break - ;; - esac - i=$(($i+1)) - done - echo "fetch_hostname for <${key}> returns <${hostname}>" -} - -# sets "mask" using $1 (netmask name) as the search key in /etc/networks -fetch_mask() { - local a b key junk - key=$1 # search key, typically hostname-netmask - mask="" - while read a b junk; do # key mask otherstuff - case X${key} in - X${a} ) # we can use wildcards - mask=$b - break - ;; - esac - done < /etc/networks - if [ "${mask}" = "" ] ; then - mask=${default_mask} - fi - echo "fetch_mask for <${key}> returns <${mask}>" -} - - -set_main_interface() { - fetch_hostname ${main_ether} - - if [ "X$hostname" = "X" -o "X$hostname" = "X." ] ; then - if [ "X$main_ether" = "X" ] ; then - echo "No ethernets found, using localhost" - hostname=localhost - else - read_address - fi - fi - fetch_mask ${hostname}-netmask - - eval ifconfig_${main_if}=\" \${hostname} netmask \${mask}\" - network_interfaces=`ifconfig -l` -} - -set_all_interfaces() { - local i ether hostname mask - - for i in `ifconfig -l` ; do - get_ether $i - fetch_hostname ${ether} - fetch_mask ${hostname}-netmask - if [ "${ether}" != "" -a "${hostname}" != "" ] ; then - eval ifconfig_${i}=\" \${hostname} netmask \${mask}\" - fi - done -} - -rc_conf_set_defaults - -### Allow local configuration override at the very end here ## -### can make use of a case statement to set per-host things. -if [ -f /etc/rc.conf.local ]; then - . /etc/rc.conf.local -fi +# Sample rc.conf file for PicoBSD +# you should mostly set variables here, see rc.conf.defaults. + +case ${hostname} in +*) + echo "processing rc.conf for ${hostname}" + ;; +esac diff --git a/release/picobsd/floppy.tree/etc/rc.conf.defaults b/release/picobsd/floppy.tree/etc/rc.conf.defaults new file mode 100644 index 0000000..6cb1131 --- /dev/null +++ b/release/picobsd/floppy.tree/etc/rc.conf.defaults @@ -0,0 +1,177 @@ +#!/bin/sh +# $FreeBSD$ +# +# rc.conf for picobsd. This is sourced from /etc/rc1, and is supposed to +# contain only shell functions that are used later in /etc/rc1. + +# set default values for variables. Boolean values should be either +# NO or YES -- other values are not guaranteed to work. + +rc_conf_set_defaults() { +hostname="" # Should not need to set it +syslogd_enable="NO" +pccard_enable="NO" +swapfile="" # name of swapfile if aux swapfile desired. + +# Network interface configurations: ifconfig_${interface}[_aliasNN] +ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. +#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. + +### Network daemons options: they are only run if present. +sshd_enable="YES" # if present... +inetd_enable="YES" # Run the network daemon dispatcher (or NO) +inetd_flags="" # Optional flags to inetd +snmpd_enable="NO" # Run the SNMP daemon (or NO) +snmpd_flags="-C -c /etc/snmpd.conf" # Optional flags to snmpd + +### Network routing options: ### +defaultrouter="NO" # Set to default gateway (or NO). +static_routes="" # Set to static route list (or leave empty). +gateway_enable="NO" # Set to YES if this host will be a gateway. +arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. +default_mask="0xffffff00" + +# Other network features +firewall_enable="NO" +firewall_quiet="NO" # be quiet if set. +firewall_type="" # Standard types or absolute pathname. +tcp_extensions="NO" # Allow RFC1323 & RFC1644 extensions (or NO). +} + +# Try to identify the system by using the MAC address and name of the +# first ethernet interface, made available as $main_eth $main_if +find_system_id() { + main_ether="" + for main_if in `ifconfig -l` ; do + set `ifconfig $main_if` + while [ "$1" != "" ] ; do + if [ $1 = "ether" ] ; then + main_ether=$2 + break 2 + else + shift + fi + done + done +} + +# the following lets the user specify a name and ip for his system +read_address() { + echo "Please enter a hostname and IP address for your system $main_ether" + read hostname the_ip + if [ "${hostname}" != "" ] ; then + echo "# $main_ether $hostname" >> /etc/hosts + echo "$the_ip $hostname" >> /etc/hosts + else + hostname=default + fi +} + +# set "ether" using $1 (interface name) as search key +get_ether() { + local key + key=$1 + ether="" + set `ifconfig ${key}` + while [ "$1" != "" ] ; do + if [ "$1" = "ether" ] ; then + ether=$2 + break + else + shift + fi + done +} + +# read content from /etc/hosts into a couple of arrays +# (needed later in fetch_hostname) +read_hosts() { + local i a b c key junk + i="" + while read a b c junk ; do + if [ "$a" = "#ethertable" ] ; then + i=0 + elif [ "$i" != "" -a "$a" = "#" -a "$b" != "" ] ; then + eval eth_${i}=$b + eval eth_host_${i}=$c + i=$(($i+1)) + fi + done < /etc/hosts +} + +# set ${hostname} using $1 (MAC address) as search key in /etc/hosts +# Returns empty value if $1 is empty +fetch_hostname() { + local i b key + hostname="" + [ "$1" = "" ] && return + key=$1 + i=0 + b="x" + [ "${eth_0}" = "" ] && read_hosts # fill cache. + while [ "$b" != "" -a "${hostname}" = "" ] ; do + eval b=\${eth_${i}} + case X${key} in + X${b} ) # so we can use wildcards + eval hostname=\${eth_host_${i}} + break + ;; + esac + i=$(($i+1)) + done + echo "fetch_hostname for <${key}> returns <${hostname}>" +} + +# sets "mask" using $1 (netmask name) as the search key in /etc/networks +fetch_mask() { + local a b key junk + key=$1 # search key, typically hostname-netmask + mask="" + while read a b junk; do # key mask otherstuff + case X${key} in + X${a} ) # The X is so we can use wildcards in ${a} + mask=$b + break + ;; + esac + done < /etc/networks + if [ "${mask}" = "" ] ; then + mask=${default_mask} + fi + echo "fetch_mask for <${key}> returns <${mask}>" +} + +# set hostname, and ifconfig_${main_if} (whose MAC is ${main_ether}) +# if not found, read from console +set_main_interface() { + if [ -z "${hostname}" ] ; then + if [ -z "${main_ether}" ] ; then + echo "No ethernets found, using localhost" + hostname=localhost + return + fi + fetch_hostname ${main_ether} + fi + + [ -z "${hostname}" -o "${hostname}" = "." ] && read_address + + fetch_mask ${hostname}-netmask + + eval ifconfig_${main_if}=\" \${hostname} netmask \${mask}\" + network_interfaces=`ifconfig -l` +} + +# set ifconfig_${interface} for all other interfaces +set_all_interfaces() { + local i ether hostname mask + + for i in `ifconfig -l` ; do + if [ "$i" != "${main_if}" ] ; then + get_ether $i + fetch_hostname ${ether} + fetch_mask ${hostname}-netmask + [ -n "${ether}" -a -n "${hostname}" ] && \ + eval ifconfig_${i}=\" \${hostname} netmask \${mask}\" + fi + done +} diff --git a/release/picobsd/floppy.tree/etc/rc.firewall b/release/picobsd/floppy.tree/etc/rc.firewall index c2860ba..408fe60 100644 --- a/release/picobsd/floppy.tree/etc/rc.firewall +++ b/release/picobsd/floppy.tree/etc/rc.firewall @@ -1,65 +1,20 @@ -############ -# Setup system for firewall service. # $FreeBSD$ -############ -# Define the firewall type in /etc/rc.conf. Valid values are: +# Setup system for firewall service, with some sample configurations. +# Select one using ${firewall_type} which you can set in /etc/rc.conf.local. +# +# If you override this file with your own copy, you can use ${hostname} +# as the key for the case statement. On entry, the firewall will be flushed +# and $fwcmd will point to the appropriate command (usually /sbin/ipfw) +# +# Sample configurations are: # open - will allow anyone in -# client - will try to protect just this machine -# simple - will try to protect a whole network +# client - will try to protect just this machine (should be customized). +# simple - will try to protect a whole network (should be customized). # closed - totally disables IP services except via lo0 interface # UNKNOWN - disables the loading of firewall rules. # filename - will load the rules in the given filename (full path required) # -# For ``client'' and ``simple'' the entries below should be customized -# appropriately. - -############ -# -# If you don't know enough about packet filtering, we suggest that you -# take time to read this book: -# -# Building Internet Firewalls -# Brent Chapman and Elizabeth Zwicky -# -# O'Reilly & Associates, Inc -# ISBN 1-56592-124-0 -# http://www.ora.com/ -# -# For a more advanced treatment of Internet Security read: -# -# Firewalls & Internet Security -# Repelling the wily hacker -# William R. Cheswick, Steven M. Bellowin -# -# Addison-Wesley -# ISBN 0-201-6337-4 -# http://www.awl.com/ -# - -if [ "x$1" != "x" ]; then - firewall_type=$1 -fi - -############ -# Set quiet mode if requested -if [ "x$firewall_quiet" = "xYES" ]; then - fwcmd="/sbin/ipfw -q" -else - fwcmd="/sbin/ipfw" -fi - -############ -# Flush out the list before we begin. -$fwcmd -f flush - -############ -# If you just configured ipfw in the kernel as a tool to solve network -# problems or you just want to disallow some particular kinds of traffic -# they you will want to change the default policy to open. You can also -# do this as your only action by setting the firewall_type to ``open''. - -# $fwcmd add 65000 pass all from any to any ############ # Only in rare cases do you want to change these rules @@ -68,11 +23,12 @@ $fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8 # Prototype setups. -if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then +case "${firewall_type}" in +open|OPEN) + $fwcmd add 65000 pass all from any to any + ;; - $fwcmd add 65000 pass all from any to any - -elif [ "${firewall_type}" = "client" ]; then +client) ############ # This is a prototype setup that will protect your system somewhat against @@ -109,8 +65,10 @@ elif [ "${firewall_type}" = "client" ]; then $fwcmd add pass udp from ${ip} to any 123 # Everything else is denied as default. + $fwcmd add 65000 deny all from any to any + ;; -elif [ "${firewall_type}" = "simple" ]; then +simple) ############ # This is a prototype setup for a simple firewall. Configure this machine @@ -166,7 +124,19 @@ elif [ "${firewall_type}" = "simple" ]; then $fwcmd add pass udp from ${oip} to any 123 # Everything else is denied as default. + $fwcmd add 65000 deny all from any to any + ;; + +UNKNOWN|"") + echo "WARNING: firewall rules not loaded." + ;; -elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then +*) # an absolute pathname ? + if [ -f "${firewall_type}" ] ; then $fwcmd ${firewall_type} -fi + else + echo "WARNING: firewall config script (${firewall_type}) not found," + echo " firewall rules not loaded." + fi + ;; +esac diff --git a/release/picobsd/floppy.tree/etc/rc1 b/release/picobsd/floppy.tree/etc/rc1 new file mode 100644 index 0000000..07051a9 --- /dev/null +++ b/release/picobsd/floppy.tree/etc/rc1 @@ -0,0 +1,52 @@ +#!/bin/sh +# $FreeBSD$ +### rc1, next stage 'rc' for PicoBSD -- THIS IS NOT THE NORMAL /etc/rc + +pwd_mkdb -p ./master.passwd + +. /etc/rc.conf.defaults # Load default procedures +rc_conf_set_defaults # Assign default values to variables. +find_system_id # Set $main_eth $main_if +set_main_interface # Set ${hostname} and ${ifconfig_${main_if}} +set_all_interfaces # Set ${ifconfig_${if}} for other interfaces. + +# Now process local configurations if present. ${hostname} should be set now, +# so rc.conf[.local] can make use of a case statement to set per-host things. + +[ -f /etc/rc.conf ] && . /etc/rc.conf +[ -f /etc/rc.conf.local ] && . /etc/rc.conf.local + +rm -f /var/run/* +if [ "x$swapfile" != "xNO" -a -w "$swapfile" -a -b /dev/vn0b ]; then + echo "Adding $swapfile as additional swap." + vnconfig /dev/vn0b $swapfile && swapon /dev/vn0b +else + echo "No swap partition available!" +fi +# configure serial devices +[ -f /etc/rc.serial ] && . /etc/rc.serial + +# start up the initial network configuration. +if [ -f /etc/rc.network ]; then + . /etc/rc.network + network_pass1 +fi +mount -a -t nfs +chmod 666 /dev/tty[pqrsPQRS]* +# clean up left-over files +(cd /var/run && { cp /dev/null utmp; chmod 644 utmp; }) + +[ -n "$network_pass1_done" ] && network_pass2 +[ -n "$network_pass2_done" ] && network_pass3 + +[ "${inetd_enable}" = "YES" -a -f /stand/inetd ] && \ + { echo "Starting inetd."; inetd ${inetd_flags} ; } + +[ "${sshd_enable}" = "YES" -a -f /stand/sshd ] && \ + { echo "Starting sshd..." ; sshd -f /etc/sshd_config ; } + +dev_mkdb + +echo '' +cat /etc/motd +exit 0 diff --git a/release/picobsd/mfs_tree/etc/rc b/release/picobsd/mfs_tree/etc/rc index ae55787..e59af75 100644 --- a/release/picobsd/mfs_tree/etc/rc +++ b/release/picobsd/mfs_tree/etc/rc @@ -1,36 +1,24 @@ #!/bin/sh -# $FreeBSD$ -### Special setup for one floppy PICOBSD ### -# WARNING !!! We overwrite this file during execution with a new rc file. -# Awful things happen if this file's size is > 1024B stty status '^T' trap : 2 trap : 3 HOME=/; export HOME -PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin -export PATH +PATH=/sbin:/bin:/usr/sbin:/usr/bin; export PATH dev="/dev/fd0" -cp -p /etc/rc /etc/rc.master trap "echo 'Reboot interrupted'; exit 1" 3 -echo "Reading from MFS ..." -cd /fd; cp -Rp etc root / ; cd / -ls /dev -echo "Reading /etc from ${dev}..." -mount -o rdonly ${dev} /fd -cd /fd; cp -Rp etc root / ; cd / ; umount /fd +echo "Loading /etc from MFS:/fd ..." +cp -Rp /fd/* / +echo "Updating /etc from ${dev}..." +mount -o rdonly ${dev} /fd && \ +{ cd /fd; cp -Rp etc root / ; cd / ; umount /fd ; } cd /etc #rm files to stop overwrite warning for i in *; do - if [ -f $i.gz ]; then - rm $i - fi + [ -f $i.gz ] && rm $i done gzip -d *.gz -pwd_mkdb -p ./master.passwd -echo "Ok. (Now you can remove ${dev} if you like)" -echo "" -. rc +. rc1 exit 0 diff --git a/release/picobsd/mfs_tree/etc/rc.network b/release/picobsd/mfs_tree/etc/rc.network index 235db0a..d7ec035 100644 --- a/release/picobsd/mfs_tree/etc/rc.network +++ b/release/picobsd/mfs_tree/etc/rc.network @@ -1,70 +1,74 @@ #!/bin/sh - # $FreeBSD$ + network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then - hostname $hostname - echo ' hostname' + hostname $hostname + echo ' hostname' fi # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do - if [ -e /etc/start_if.${ifn} ]; then - . /etc/start_if.${ifn} - fi - # Do the primary ifconfig if specified - eval ifconfig_args=\$ifconfig_${ifn} - if [ -n "${ifconfig_args}" ] ; then - ifconfig ${ifn} ${ifconfig_args} + [ -e /etc/start_if.${ifn} ] && . /etc/start_if.${ifn} + # Do the primary ifconfig if specified + eval ifconfig_args=\$ifconfig_${ifn} + [ -n "${ifconfig_args}" ] && ifconfig ${ifn} ${ifconfig_args} + # Check to see if aliases need to be added + alias=0 + while : + do + eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} + if [ -n "${ifconfig_args}" ]; then + ifconfig ${ifn} ${ifconfig_args} alias + alias=`expr ${alias} + 1` + else + break; fi - # Check to see if aliases need to be added - alias=0 - while : - do - eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} - if [ -n "${ifconfig_args}" ]; then - ifconfig ${ifn} ${ifconfig_args} alias - alias=`expr ${alias} + 1` - else - break; - fi - done - ifconfig ${ifn} + done + ifconfig ${ifn} done # Load the filters if required - if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ - "x$firewall_enable" = "xYES" ] ; then - . /etc/rc.firewall - echo "Firewall rules loaded." + if [ -f /etc/rc.firewall -a "${firewall_enable}" = "YES" ] ; then + # Set quiet mode if requested + if [ "${firewall_quiet}" = "YES" ]; then + fwcmd="/sbin/ipfw -q" + else + fwcmd="/sbin/ipfw" + fi + $fwcmd -f flush # Flush out the list before we begin. + + . /etc/rc.firewall + echo "Firewall rules loaded." else - echo "Warning: kernel has firewall functionality, but firewall rules weren't loaded." - echo " All ip services are ENABLED by default." + echo "Warning: kernel has firewall functionality, but firewall rules weren't loaded." + echo " All ip services are ENABLED by default." fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then - static_routes="default ${static_routes}" - route_default="default ${defaultrouter}" + static_routes="default ${static_routes}" + route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then - for i in ${static_routes}; do - eval route_args=\$route_${i} - route add ${route_args} - done + for i in ${static_routes}; do + eval route_args=\$route_${i} + route add ${route_args} + done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then - echo -n ' tcp_extensions=NO' - sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 - sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1 + echo -n ' tcp_extensions=NO' + sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 + sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then - echo -n ' IP_gateway=YES' - sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 + echo -n ' IP_gateway=YES' + sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then - echo -n ' turning on ARP_PROXY_ALL: ' - sysctl -w net.link.ether.inet.proxyall=1 2>&1 + echo -n ' turning on ARP_PROXY_ALL: ' + sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' network_pass1_done=YES # Let future generations know we made it. |
