diff --git a/etc/Makefile b/etc/Makefile index 6756cbb54e31..513bfb22a423 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,159 +1,164 @@ # from: @(#)Makefile 5.11 (Berkeley) 5/21/91 # $FreeBSD$ SUBDIR= sendmail BIN1= aliases amd.map apmd.conf auth.conf \ crontab csh.cshrc csh.login csh.logout \ dhclient.conf dm.conf fbtab ftpusers gettytab group \ hosts hosts.allow host.conf hosts.equiv hosts.lpd \ inetd.conf login.access login.conf \ motd modems networks newsyslog.conf \ pam.conf pccard.conf.sample phones printcap profile protocols \ rc rc.atm rc.devfs rc.diskless1 rc.diskless2 rc.firewall rc.isdn \ rc.network rc.network6 rc.pccard rc.serial rc.shutdown rc.sysctl \ remote rpc security services shells syslog.conf usbd.conf \ etc.${MACHINE_ARCH}/disktab \ etc.${MACHINE_ARCH}/rc.${MACHINE_ARCH} \ etc.${MACHINE_ARCH}/ttys \ ${.CURDIR}/../gnu/usr.bin/man/manpath/manpath.config \ ${.CURDIR}/../usr.bin/mail/misc/mail.rc \ ${.CURDIR}/../usr.bin/locate/locate/locate.rc +.if !defined(NO_OPENSSH) +BIN1+= ${.CURDIR}/../crypto/openssh/ssh_config \ + ${.CURDIR}/../crypto/openssh/sshd_config +.endif + # -rwxr-xr-x root.wheel, for the new cron root.wheel BIN2= netstart pccard_ether rc.suspend rc.resume MTREE= BSD.include.dist BSD.local.dist BSD.root.dist BSD.usr.dist \ BSD.var.dist BSD.x11.dist NAMEDB= PROTO.localhost.rev named.conf named.root make-localhost PPPCNF= ppp.deny ppp.shells.sample PPPCF2= ppp.conf NOSPAM= Makefile README mailer.conf # Special top level files for FreeBSD COPYRIGHT= COPYRIGHT FREEBSD= FREEBSD+= ${COPYRIGHT} etc: distribute: cd ${.CURDIR} ; ${MAKE} distribution DESTDIR=${DISTDIR}/bin .if defined(OBJFORMAT) echo OBJFORMAT=${OBJFORMAT} > ${DISTDIR}/bin/etc/objformat .endif @echo distribution: (cd ${.CURDIR}; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 ${BIN1} ${DESTDIR}/etc; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 755 ${BIN2} ${DESTDIR}/etc; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 defaults/rc.conf ${DESTDIR}/etc/defaults/; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 defaults/make.conf ${DESTDIR}/etc/defaults/; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ ${DESTDIR}/var/log/cron; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 \ master.passwd ${DESTDIR}/etc; \ ( cd ${.CURDIR}/periodic; ${MAKE} install );\ ( cd ${.CURDIR}/../gnu/usr.bin/send-pr; ${MAKE} etc-gnats-freefall );\ ( cd ${.CURDIR}/../gnu/libexec/uucp/sample; ${MAKE} install ); \ ( cd ${.CURDIR}/../share/termcap; ${MAKE} etc-termcap ); \ ( cd ${.CURDIR}/../usr.sbin/rmt; ${MAKE} etc-rmt ); \ ( cd ${.CURDIR}/sendmail; ${MAKE} etc-sendmail.cf ); \ ( cd ${.CURDIR}/isdn; ${MAKE} install );\ pwd_mkdb -p -d ${DESTDIR}/etc ${DESTDIR}/etc/master.passwd; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 555 \ MAKEDEV.local MAKEDEV ${DESTDIR}/dev ) .if !defined(NO_MAKEDEV) (cd ${DESTDIR}/dev; sh MAKEDEV all) ; .endif (cd ${.CURDIR}/root; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 dot.cshrc \ ${DESTDIR}/root/.cshrc; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 dot.klogin \ ${DESTDIR}/root/.klogin; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 dot.login \ ${DESTDIR}/root/.login; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 dot.profile \ ${DESTDIR}/root/.profile; \ rm -f ${DESTDIR}/.cshrc ${DESTDIR}/.profile; \ ln ${DESTDIR}/root/.cshrc ${DESTDIR}/.cshrc; \ ln ${DESTDIR}/root/.profile ${DESTDIR}/.profile) cd ${.CURDIR}/mtree; ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 \ ${MTREE} ${DESTDIR}/etc/mtree cd ${.CURDIR}/namedb; ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 \ ${NAMEDB} ${DESTDIR}/etc/namedb cd ${.CURDIR}/ppp; ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 \ ${PPPCNF} ${DESTDIR}/etc/ppp cd ${.CURDIR}/ppp; ${INSTALL} -c -o root -g ${BINGRP} -m 600 \ ${PPPCF2} ${DESTDIR}/etc/ppp cd ${.CURDIR}/mail; ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 644 \ ${NOSPAM} ${DESTDIR}/etc/mail ${INSTALL} -c -o ${BINOWN} -g operator -m 664 /dev/null \ ${DESTDIR}/etc/dumpdates ${INSTALL} -c -o nobody -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/db/locate.database ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/log/lpd-errs ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/log/maillog ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/log/lastlog ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/log/messages ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ ${DESTDIR}/var/log/security ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ ${DESTDIR}/var/log/slip.log ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 600 /dev/null \ ${DESTDIR}/var/log/ppp.log ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/log/wtmp ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 /dev/null \ ${DESTDIR}/var/run/utmp ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 ${.CURDIR}/minfree \ ${DESTDIR}/var/crash (cd ${.CURDIR}/..; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 ${FREEBSD} \ ${DESTDIR}/) (cd ${.CURDIR}/../share/man; ${MAKE} makedb; ) distrib-dirs: mtree -deU -f ${.CURDIR}/mtree/BSD.root.dist -p ${DESTDIR}/ mtree -deU -f ${.CURDIR}/mtree/BSD.var.dist -p ${DESTDIR}/var mtree -deU -f ${.CURDIR}/mtree/BSD.usr.dist -p ${DESTDIR}/usr mtree -deU -f ${.CURDIR}/mtree/BSD.include.dist \ -p ${DESTDIR}/usr/include mtree -deU -f ${.CURDIR}/mtree/BSD.include.dist \ -p ${DESTDIR}/usr/libdata/perl/5.00503/mach cd ${DESTDIR}/; rm -f ${DESTDIR}/sys; ln -s usr/src/sys sys cd ${DESTDIR}/usr/share/locale; \ set - `cat ${.CURDIR}/locale.alias`; \ while [ $$# -gt 0 ] ; \ do \ rm -rf "$$1"; \ ln -s "$$2" "$$1"; \ shift; shift; \ done cd ${DESTDIR}/usr/share/nls; \ set - `cat ${.CURDIR}/locale.alias`; \ while [ $$# -gt 0 ] ; \ do \ rm -rf "$$1"; \ ln -s "$$2" "$$1"; \ shift; shift; \ done; \ rm -rf POSIX; \ ln -s C POSIX etc-examples: (cd ${.CURDIR}; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 ${BIN1} ${BIN2} \ ${DESTDIR}/usr/share/examples/etc; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 defaults/rc.conf \ ${DESTDIR}/usr/share/examples/etc/defaults; \ ${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 444 defaults/make.conf \ ${DESTDIR}/usr/share/examples/etc/defaults) .include diff --git a/etc/network.subr b/etc/network.subr index b42bd655242f..3b0771ce4b87 100644 --- a/etc/network.subr +++ b/etc/network.subr @@ -1,624 +1,631 @@ #!/bin/sh - # # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Warm up user ppp if required, must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto"; fi ppp_command="-${ppp_mode} "; # Switch on alias mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat"; ;; esac echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ;; esac # Initialize IP filtering using ipfw # echo '' if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl -w net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_restrict_rst} in [Yy][Ee][Ss]) echo -n ' restrict TCP reset=YES' sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl -w net.link.ether.inet.proxyall=1 >/dev/null ;; esac echo '.' echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl -w vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval ${amd_map_program}`" ;; esac if [ -n "${amd_flags}" ]; then amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null else amd 2> /dev/null fi ;; esac case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos runs ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind' (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & ;; esac unset stash_flag ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} ;; esac + case ${sshd_enable} in + [Yy][Ee][Ss]) + echo -n ' sshd'; + ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} + ;; + esac + echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') ;; *) echo -n ' log_in_vain=YES' sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null sysctl -w net.inet.udp.log_in_vain=1 >/dev/null ;; esac echo '.' network_pass4_done=YES } diff --git a/etc/rc.d/netoptions b/etc/rc.d/netoptions index b42bd655242f..3b0771ce4b87 100644 --- a/etc/rc.d/netoptions +++ b/etc/rc.d/netoptions @@ -1,624 +1,631 @@ #!/bin/sh - # # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Warm up user ppp if required, must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto"; fi ppp_command="-${ppp_mode} "; # Switch on alias mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat"; ;; esac echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ;; esac # Initialize IP filtering using ipfw # echo '' if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl -w net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_restrict_rst} in [Yy][Ee][Ss]) echo -n ' restrict TCP reset=YES' sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl -w net.link.ether.inet.proxyall=1 >/dev/null ;; esac echo '.' echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl -w vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval ${amd_map_program}`" ;; esac if [ -n "${amd_flags}" ]; then amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null else amd 2> /dev/null fi ;; esac case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos runs ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind' (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & ;; esac unset stash_flag ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} ;; esac + case ${sshd_enable} in + [Yy][Ee][Ss]) + echo -n ' sshd'; + ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} + ;; + esac + echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') ;; *) echo -n ' log_in_vain=YES' sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null sysctl -w net.inet.udp.log_in_vain=1 >/dev/null ;; esac echo '.' network_pass4_done=YES } diff --git a/etc/rc.d/network1 b/etc/rc.d/network1 index b42bd655242f..3b0771ce4b87 100644 --- a/etc/rc.d/network1 +++ b/etc/rc.d/network1 @@ -1,624 +1,631 @@ #!/bin/sh - # # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Warm up user ppp if required, must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto"; fi ppp_command="-${ppp_mode} "; # Switch on alias mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat"; ;; esac echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ;; esac # Initialize IP filtering using ipfw # echo '' if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl -w net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_restrict_rst} in [Yy][Ee][Ss]) echo -n ' restrict TCP reset=YES' sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl -w net.link.ether.inet.proxyall=1 >/dev/null ;; esac echo '.' echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl -w vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval ${amd_map_program}`" ;; esac if [ -n "${amd_flags}" ]; then amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null else amd 2> /dev/null fi ;; esac case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos runs ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind' (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & ;; esac unset stash_flag ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} ;; esac + case ${sshd_enable} in + [Yy][Ee][Ss]) + echo -n ' sshd'; + ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} + ;; + esac + echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') ;; *) echo -n ' log_in_vain=YES' sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null sysctl -w net.inet.udp.log_in_vain=1 >/dev/null ;; esac echo '.' network_pass4_done=YES } diff --git a/etc/rc.d/network2 b/etc/rc.d/network2 index b42bd655242f..3b0771ce4b87 100644 --- a/etc/rc.d/network2 +++ b/etc/rc.d/network2 @@ -1,624 +1,631 @@ #!/bin/sh - # # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Warm up user ppp if required, must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto"; fi ppp_command="-${ppp_mode} "; # Switch on alias mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat"; ;; esac echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ;; esac # Initialize IP filtering using ipfw # echo '' if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl -w net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_restrict_rst} in [Yy][Ee][Ss]) echo -n ' restrict TCP reset=YES' sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl -w net.link.ether.inet.proxyall=1 >/dev/null ;; esac echo '.' echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl -w vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval ${amd_map_program}`" ;; esac if [ -n "${amd_flags}" ]; then amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null else amd 2> /dev/null fi ;; esac case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos runs ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind' (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & ;; esac unset stash_flag ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} ;; esac + case ${sshd_enable} in + [Yy][Ee][Ss]) + echo -n ' sshd'; + ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} + ;; + esac + echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') ;; *) echo -n ' log_in_vain=YES' sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null sysctl -w net.inet.udp.log_in_vain=1 >/dev/null ;; esac echo '.' network_pass4_done=YES } diff --git a/etc/rc.d/network3 b/etc/rc.d/network3 index b42bd655242f..3b0771ce4b87 100644 --- a/etc/rc.d/network3 +++ b/etc/rc.d/network3 @@ -1,624 +1,631 @@ #!/bin/sh - # # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Warm up user ppp if required, must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto"; fi ppp_command="-${ppp_mode} "; # Switch on alias mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat"; ;; esac echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ;; esac # Initialize IP filtering using ipfw # echo '' if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl -w net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_restrict_rst} in [Yy][Ee][Ss]) echo -n ' restrict TCP reset=YES' sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl -w net.link.ether.inet.proxyall=1 >/dev/null ;; esac echo '.' echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl -w vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval ${amd_map_program}`" ;; esac if [ -n "${amd_flags}" ]; then amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null else amd 2> /dev/null fi ;; esac case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos runs ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind' (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & ;; esac unset stash_flag ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} ;; esac + case ${sshd_enable} in + [Yy][Ee][Ss]) + echo -n ' sshd'; + ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} + ;; + esac + echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') ;; *) echo -n ' log_in_vain=YES' sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null sysctl -w net.inet.udp.log_in_vain=1 >/dev/null ;; esac echo '.' network_pass4_done=YES } diff --git a/etc/rc.d/routing b/etc/rc.d/routing index b42bd655242f..3b0771ce4b87 100644 --- a/etc/rc.d/routing +++ b/etc/rc.d/routing @@ -1,624 +1,631 @@ #!/bin/sh - # # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Warm up user ppp if required, must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto"; fi ppp_command="-${ppp_mode} "; # Switch on alias mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat"; ;; esac echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ;; esac # Initialize IP filtering using ipfw # echo '' if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl -w net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_restrict_rst} in [Yy][Ee][Ss]) echo -n ' restrict TCP reset=YES' sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl -w net.link.ether.inet.proxyall=1 >/dev/null ;; esac echo '.' echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl -w vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval ${amd_map_program}`" ;; esac if [ -n "${amd_flags}" ]; then amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null else amd 2> /dev/null fi ;; esac case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos runs ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind' (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & ;; esac unset stash_flag ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} ;; esac + case ${sshd_enable} in + [Yy][Ee][Ss]) + echo -n ' sshd'; + ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} + ;; + esac + echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') ;; *) echo -n ' log_in_vain=YES' sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null sysctl -w net.inet.udp.log_in_vain=1 >/dev/null ;; esac echo '.' network_pass4_done=YES } diff --git a/etc/rc.network b/etc/rc.network index b42bd655242f..3b0771ce4b87 100644 --- a/etc/rc.network +++ b/etc/rc.network @@ -1,624 +1,631 @@ #!/bin/sh - # # $FreeBSD$ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`hostname -s`" ]; then hostname ${hostname} echo -n ' hostname' fi # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Warm up user ppp if required, must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto"; fi ppp_command="-${ppp_mode} "; # Switch on alias mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat"; ;; esac echo -n 'Starting ppp: '; ppp ${ppp_command} -quiet ${ppp_profile} ;; esac # Initialize IP filtering using ipfw # echo '' if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo "Kernel firewall module loaded." elif [ "${firewall_in_kernel}" -eq 0 ]; then echo "Warning: firewall kernel module failed to load." fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg} fi ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl -w net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_restrict_rst} in [Yy][Ee][Ss]) echo -n ' restrict TCP reset=YES' sysctl -w net.inet.tcp.restrict_rst=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl -w net.link.ether.inet.proxyall=1 >/dev/null ;; esac echo '.' echo -n 'routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl -w vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. if [ -f /var/db/mounttab ]; then rpc.umntall -k fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval ${amd_map_program}`" ;; esac if [ -n "${amd_flags}" ]; then amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null else amd 2> /dev/null fi ;; esac case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos runs ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberos' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind' (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & ;; esac unset stash_flag ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} ;; esac + case ${sshd_enable} in + [Yy][Ee][Ss]) + echo -n ' sshd'; + ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} + ;; + esac + echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') ;; *) echo -n ' log_in_vain=YES' sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null sysctl -w net.inet.udp.log_in_vain=1 >/dev/null ;; esac echo '.' network_pass4_done=YES }