Index: head/etc/defaults/rc.conf =================================================================== --- head/etc/defaults/rc.conf (revision 44667) +++ head/etc/defaults/rc.conf (revision 44668) @@ -1,214 +1,216 @@ #!/bin/sh # # This is rc.conf - a file full of useful variables that you can set # to change the default startup behavior of your system. You should # not edit this file! Put any overrides into one of the ${rc_conf_files} # instead and you will be able to update these defaults later without # spamming your local configuration information. # # All arguments must be in double or single quotes. # -# $Id: rc.conf,v 1.1 1999/02/09 22:15:18 jkh Exp $ +# $Id: rc.conf,v 1.2 1999/03/03 15:04:33 phk Exp $ ############################################################## ### Important initial Boot-time options ##################### ############################################################## swapfile="NO" # Set to name of swapfile if aux swapfile desired. apm_enable="NO" # Set to YES if you want APM enabled. pccard_enable="NO" # Set to YES if you want to configure PCCARD devices. pccard_mem="DEFAULT" # If pccard_enable=YES, this is card memory address. pccard_ifconfig="NO" # Specialized pccard ethernet configuration (or NO). local_startup="/usr/local/etc/rc.d /usr/X11R6/etc/rc.d" # startup script dirs. local_periodic="/usr/local/etc/periodic /usr/X11R6/etc/periodic" # periodic script dirs rc_conf_files="/etc/rc.conf /etc/rc.conf.local" ############################################################## ### Network configuration sub-section ###################### ############################################################## ### Basic network options: ### hostname="myname.my.domain" # Set this! nisdomainname="NO" # Set to NIS domain if using NIS (or NO). firewall_enable="NO" # Set to YES to enable firewall functionality firewall_type="UNKNOWN" # Firewall type (see /etc/rc.firewall) firewall_quiet="NO" # Set to YES to suppress rule display natd_enable="NO" # Enable natd (if firewall_enable == YES). natd_interface="fxp0" # Public interface to use with natd. natd_flags="" # Additional flags for natd. tcp_extensions="NO" # Disallow RFC1323 extensions (or YES). network_interfaces="lo0" # List of network interfaces (lo0 is loopback). ifconfig_lo0="inet 127.0.0.1" # default loopback device configuration. #ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry. # # If you have any sppp(4) interfaces above, you might also want to set # the following parameters. Refer to spppcontrol(8) for their meaning. sppp_interfaces="" # List of sppp interfaces. #sppp_interfaces="isp0" # example: sppp over ISDN #spppconfig_isp0="authproto=chap myauthname=foo myauthsecret='top secret' hisauthname=some-gw hisauthsecret='another secret'" ### Network daemon (miscellaneous) & NFS options: ### syslogd_enable="YES" # Run syslog daemon (or NO). syslogd_flags="" # Flags to syslogd (if enabled). inetd_enable="YES" # Run the network daemon dispatcher (or NO). inetd_flags="" # Optional flags to inetd. # # named. It may be possible to run named in a sandbox, man security for # details. # named_enable="NO" # Run named, the DNS server (or NO). named_program="named" # path to named, if you want a different one. named_flags="" # Flags for named #named_flags="-u bind -g bind" # Flags for named kerberos_server_enable="NO" # Run a kerberos master server (or NO). kadmind_server_enable="NO" # Run kadmind (or NO) -- do not run on # a slave kerberos server kerberos_stash="" # Is the kerberos master key stashed? rwhod_enable="NO" # Run the rwho daemon (or NO). rwhod_flags="" # Flags for rwhod amd_enable="NO" # Run amd service with $amd_flags (or NO). amd_flags="-a /net -c 1800 -k i386 -d my.domain -l syslog /host /etc/amd.map" amd_map_program="NO" # Can be set to "ypcat -k amd.master" nfs_client_enable="NO" # This host is an NFS client (or NO). nfs_client_flags="-n 4" # Flags to nfsiod (if enabled). nfs_access_cache="2" # Client cache timeout in seconds nfs_server_enable="NO" # This host is an NFS server (or NO). nfs_server_flags="-u -t -n 4" # Flags to nfsd (if enabled). mountd_flags="-r" # Flags to mountd (if NFS server enabled). nfs_reserved_port_only="NO" # Provide NFS only on secure port (or NO). rpc_lockd_enable="NO" # Run NFS rpc.lockd (*broken!*) if nfs_server. rpc_statd_enable="YES" # Run NFS rpc.statd if nfs_server (or NO). portmap_enable="YES" # Run the portmapper service (or NO). +portmap_program="/usr/sbin/portmap" # path to portmap, if you want a different one. portmap_flags="" # Flags to portmap (if enabled). rpc_ypupdated_enable="NO" # Run if NIS master and SecureRPC (or NO). keyserv_enable="NO" # Run the SecureRPC keyserver (or NO). keyserv_flags="" # Flags to keyserv (if enabled). rarpd_enable="NO" # Run rarpd (or NO). rarpd_flags="" # Flags to rarpd. xtend_enable="NO" # Run the X-10 power controller daemon. xtend_flags="" # Flags to xtend (if enabled). ### Network Time Services options: ### timed_enable="NO" # Run the time daemon (or NO). timed_flags="" # Flags to timed (if enabled). ntpdate_enable="NO" # Run the ntpdate to sync time (or NO). ntpdate_program="ntpdate" # path to ntpdate, if you want a different one. ntpdate_flags="" # Flags to ntpdate (if enabled). xntpd_enable="NO" # Run xntpd Network Time Protocol (or NO). xntpd_program="xntpd" # path to xntpd, if you want a different one. xntpd_flags="-p /var/run/xntpd.pid" # Flags to xntpd (if enabled). # Network Information Services (NIS) options: ### nis_client_enable="NO" # We're an NIS client (or NO). nis_client_flags="" # Flags to ypbind (if enabled). nis_ypset_enable="NO" # Run ypset at boot time (or NO). nis_ypset_flags="" # Flags to ypset (if enabled). nis_server_enable="NO" # We're an NIS server (or NO). nis_server_flags="" # Flags to ypserv (if enabled). nis_ypxfrd_enable="NO" # Run rpc.ypxfrd at boot time (or NO). nis_ypxfrd_flags="" # Flags to rpc.ypxfrd (if enabled). nis_yppasswdd_enable="NO" # Run rpc.yppasswdd at boot time (or NO). nis_yppasswdd_flags="" # Flags to rpc.yppasswdd (if enabled). ### Network routing options: ### defaultrouter="NO" # Set to default gateway (or NO). static_routes="" # Set to static route list (or leave empty). gateway_enable="NO" # Set to YES if this host will be a gateway. router_enable="NO" # Set to YES to enable a routing daemon. router="routed" # Name of routing daemon to use if enabled. router_flags="-q" # Flags for routing daemon. mrouted_enable="NO" # Do multicast routing (see /etc/mrouted.conf). mrouted_flags="" # Flags for multicast routing daemon. ipxgateway_enable="NO" # Set to YES to enable IPX routing. ipxrouted_enable="NO" # Set to YES to run the IPX routing daemon. ipxrouted_flags="" # Flags for IPX routing daemon. arpproxy_all="" # replaces obsolete kernel option ARP_PROXYALL. forward_sourceroute="NO" # do source routing (only if gateway_enable is set to "YES") accept_sourceroute="NO" # accept source routed packets to us ### ATM interface options: ### atm_enable="NO" # Configure ATM interfaces (or NO). #atm_netif_hea0="atm 1" # Network interfaces for physical interface. #atm_sigmgr_hea0="uni31" # Signalling manager for physical interface. #atm_prefix_hea0="ILMI" # NSAP prefix (UNI interfaces only) (or ILMI). #atm_macaddr_hea0="NO" # Override physical MAC address (or NO). #atm_arpserver_atm0="0x47.0005.80.999999.9999.9999.9999.999999999999.00" # ATMARP server address (or local). #atm_scsparp_atm0="NO" # Run SCSP/ATMARP on network interface (or NO). atm_pvcs="" # Set to PVC list (or leave empty). atm_arps="" # Set to permanent ARP list (or leave empty). ### ISDN interface options: ### isdn_enable="NO" # Enable the ISDN subsystem (or NO). isdn_fsdev="/dev/ttyv4" # Output device for fullscreen mode (or NO for daemon mode). isdn_flags="-dn -d0x1f9" # Flags for isdnd isdn_trace="NO" # Enable the ISDN trace subsystem (or NO). isdn_traceflags="-f /var/tmp/isdntrace0" # Flags for isdntrace ### Miscellaneous network options: ### icmp_bmcastecho="NO" # respond to broadcast ping packets ############################################################## ### System console options ################################# ############################################################## keymap="NO" # keymap in /usr/share/syscons/keymaps/* (or NO). keyrate="NO" # keyboard rate to: slow, normal, fast (or NO). keybell="NO" # bell to duration.pitch or normal or visual (or NO). keychange="NO" # function keys default values (or NO). cursor="NO" # cursor type {normal|blink|destructive} (or NO). scrnmap="NO" # screen map in /usr/share/syscons/scrnmaps/* (or NO). font8x16="NO" # font 8x16 from /usr/share/syscons/fonts/* (or NO). font8x14="NO" # font 8x14 from /usr/share/syscons/fonts/* (or NO). font8x8="NO" # font 8x8 from /usr/share/syscons/fonts/* (or NO). blanktime="300" # blank time (in seconds) or "NO" to turn it off. saver="NO" # screen saver: Uses /modules/${saver}_saver.ko moused_enable="NO" # Run the mouse daemon. moused_type="auto" # See man page for rc.conf(5) for available settings. moused_port="/dev/cuaa0" # Set to your mouse port. moused_flags="" # Any additional flags to moused. allscreens_flags="" # Set this vidcontrol mode for all virtual screens ############################################################## ### Miscellaneous administrative options ################### ############################################################## cron_enable="YES" # Run the periodic job daemon. lpd_enable="NO" # Run the line printer daemon. +lpd_program="/usr/sbin/lpd" # path to lpd, if you want a different one. lpd_flags="" # Flags to lpd (if enabled). usbd_enable="NO" # Run the usbd daemon. usbd_flags="" # Flags to usbd (if enabled). sendmail_enable="YES" # Run the sendmail daemon (or NO). sendmail_flags="-bd -q30m" # Flags to sendmail (if enabled) dumpdev="NO" # Device name to crashdump to (if enabled). check_quotas="NO" # Check quotas (or NO). accounting_enable="NO" # Turn on process accounting (or NO). ibcs2_enable="NO" # Ibcs2 (SCO) emulation loaded at startup (or NO). linux_enable="NO" # Linux emulation loaded at startup (or NO). svr4_enable="NO" # SysVR4 emulation loaded at startup (or NO). rand_irqs="NO" # Stir the entropy pool (like "5 11" or NO). clear_tmp_enable="NO" # Clear /tmp at startup. ldconfig_paths="/usr/lib/compat /usr/X11R6/lib /usr/local/lib" # shared library search paths ldconfig_paths_aout="/usr/lib/compat/aout /usr/X11R6/lib/aout /usr/local/lib/aout" # a.out shared library search paths kern_securelevel_enable="NO" # kernel security level (see init(8)), kern_securelevel="-1" # range: -1..3 ; `-1' is the most insecure update_motd="YES" # update version info in /etc/motd (or NO) vinum_drives="" # put in names of disks containing vinum drives ############################################################## ### Allow local configuration override at the very end here ## ############################################################## # # for i in ${rc_conf_files}; do if [ -f $i ]; then . $i fi done Index: head/etc/network.subr =================================================================== --- head/etc/network.subr (revision 44667) +++ head/etc/network.subr (revision 44668) @@ -1,328 +1,328 @@ #!/bin/sh - # -# $Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $ +# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then hostname $hostname echo -n ' hostname' fi # Set the domainname if we're using NIS if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then domainname $nisdomainname echo -n ' domain' fi echo '.' # Initial ATM interface configuration if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi # ISDN subsystem startup if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then . /etc/rc.isdn fi # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ] ; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do if [ -e /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} fi # Do the primary ifconfig if specified eval ifconfig_args=\$ifconfig_${ifn} if [ -n "${ifconfig_args}" ] ; then ifconfig ${ifn} ${ifconfig_args} fi # Check to see if aliases need to be added alias=0 while : do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} fi ifconfig ${ifn} done # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 if [ $? = 0 ] ; then firewall_in_kernel=1 else firewall_in_kernel=0 fi if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then if kldload ipfw; then firewall_in_kernel=1 # module loaded successfully echo "Kernel firewall module loaded." else echo "Warning: firewall kernel module failed to load." fi fi # Load the filters if required if [ $firewall_in_kernel = 1 ]; then if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ "x$firewall_enable" = "xYES" ] ; then . /etc/rc.firewall echo "Firewall rules loaded." else IPFW_DEFAULT=`ipfw l 65535` if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi fi fi # Additional ATM interface configuration if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi if [ X"$icmp_bmcastecho" = X"YES" ]; then echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$forward_sourceroute" = X"YES" ]; then echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 fi if [ "X$accept_sourceroute" = X"YES" ]; then echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 fi if [ "X$ipxgateway_enable" = X"YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then echo -n ' enabling ARP_PROXY_ALL: ' sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' echo -n 'routing daemons:' if [ "X$router_enable" = X"YES" ]; then echo -n " ${router}"; ${router} ${router_flags} fi if [ "X$ipxrouted_enable" = X"YES" ]; then echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 fi if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi if [ "X$rarpd_enable" = X"YES" ]; then echo -n ' rarpd'; rarpd ${rarpd_flags} fi echo '.' network_pass1_done=YES # Let future generations know we made it. } network_pass2() { echo -n 'Doing additional network setup:' if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi if [ "X${ntpdate_enable}" = X"YES" ]; then echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 fi if [ "X${xntpd_enable}" = X"YES" ]; then echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} fi if [ "X${timed_enable}" = X"YES" ]; then echo -n ' timed'; timed ${timed_flags} fi if [ "X${portmap_enable}" = X"YES" ]; then - echo -n ' portmap'; portmap ${portmap_flags} + echo -n ' portmap'; ${portmap_program} ${portmap_flags} fi # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. if [ "X${nis_server_enable}" = X"YES" ]; then echo -n ' ypserv'; ypserv ${nis_server_flags} if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} fi if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} fi fi # Start ypbind if we're an NIS client if [ "X${nis_client_enable}" = X"YES" ]; then echo -n ' ypbind'; ypbind ${nis_client_flags} if [ "X${nis_ypset_enable}" = X"YES" ]; then echo -n ' ypset'; ypset ${nis_ypset_flags} fi fi # Start keyserv if we are running Secure RPC if [ "X${keyserv_enable}" = X"YES" ]; then echo -n ' keyserv'; keyserv ${keyserv_flags} fi # Start ypupdated if we are running Secure RPC and we are NIS master if [ "X$rpc_ypupdated_enable" = X"YES" ]; then echo -n ' rpc.ypupdated'; rpc.ypupdated fi # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then echo -n ' mountd' if [ "X${weak_mountd_authentication}" = X"YES" ]; then mountd_flags="-n" fi mountd ${mountd_flags} if [ "X${nfs_reserved_port_only}" = X"YES" ]; then sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 fi echo -n ' nfsd'; nfsd ${nfs_server_flags} if [ "X$rpc_lockd_enable" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd fi if [ "X$rpc_statd_enable" = X"YES" ]; then echo -n ' rpc.statd'; rpc.statd fi fi if [ "X${nfs_client_enable}" = X"YES" ]; then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ "X${nfs_access_cache}" != X ]; then sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null 2>&1 fi fi if [ "X${amd_enable}" = X"YES" ]; then echo -n ' amd' if [ "X${amd_map_program}" != X"NO" ]; then amd_flags="${amd_flags} `eval ${amd_map_program}`" fi amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null fi if [ "X${rwhod_enable}" = X"YES" ]; then echo -n ' rwhod'; rwhod ${rwhod_flags} fi # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then if [ "X${kerberos_stash}" = "XYES" ]; then stash_flag=-n else stash_flag= fi echo -n ' kerberos'; \ kerberos ${stash_flag} >> /var/log/kerberos.log & if [ "X${kadmind_server_enable}" = "XYES" ]; then echo -n ' kadmind'; \ (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & fi unset stash_flag fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} fi echo '.' network_pass3_done=YES } Index: head/etc/rc =================================================================== --- head/etc/rc (revision 44667) +++ head/etc/rc (revision 44668) @@ -1,426 +1,426 @@ #!/bin/sh -# $Id: rc,v 1.178 1999/02/10 18:08:16 jkh Exp $ +# $Id: rc,v 1.179 1999/02/13 05:30:49 jkh Exp $ # From: @(#)rc 5.27 (Berkeley) 6/5/91 # System startup script run by init on autoboot # or after single-user. # Output and error are redirected to console by init, # and the console is the controlling terminal. # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check this file # first before contemplating any changes here. stty status '^T' # Set shell to ignore SIGINT (2), but not children; # shell catches SIGQUIT (3) and returns to single user after fsck. trap : 2 trap : 3 # shouldn't be needed HOME=/; export HOME PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin export PATH # BOOTP diskless boot. We have to run the rc file early in order to # retarget various config files. # if [ -f /etc/rc.diskless1 ]; then dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` if [ ${dlv:=0} != 0 ]; then . /etc/rc.diskless1 fi fi # If there is a global system configuration file, suck it in. # if [ -f /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf elif [ -f /etc/rc.conf ]; then . /etc/rc.conf fi # Configure ccd devices. if [ -f /etc/ccd.conf ]; then ccdconfig -C fi if [ -n "$vinum_drives" ]; then vinum read $vinum_drives fi swapon -a if [ $1x = autobootx ]; then echo Automatic reboot in progress... fsck -p case $? in 0) ;; 2) exit 1 ;; 4) reboot echo "reboot failed... help!" exit 1 ;; 8) echo "Automatic file system check failed... help!" exit 1 ;; 12) echo "Reboot interrupted" exit 1 ;; 130) # interrupt before catcher installed exit 1 ;; *) echo "Unknown error in reboot" exit 1 ;; esac else echo Skipping disk checks ... fi trap "echo 'Reboot interrupted'; exit 1" 3 # root normally must be read/write, but if this is a BOOTP NFS # diskless boot it does not have to be. # if [ "X$root_rw_mount" != "XNO" ]; then mount -u -o rw / fi if [ $? != 0 ]; then echo "Filesystem mount failed, startup aborted" exit 1 fi umount -a >/dev/null 2>&1 if [ "X$early_nfs_mounts" != "XYES" ]; then mount -a -t nonfs else mount -a fi if [ $? != 0 ]; then echo "Filesystem mount failed, startup aborted" exit 1 fi # Run custom disk mounting function here # if [ "X$diskless_mount" != "X" ]; then if [ -f $diskless_mount ]; then sh $diskless_mount fi fi adjkerntz -i clean_var() { if [ ! -f /var/run/clean_var ]; then rm -rf /var/run/* rm -f /var/spool/lock/* rm -rf /var/spool/uucp/.Temp/* # Keep a copy of the boot messages around dmesg >/var/run/dmesg.boot # And an initial utmp file (cd /var/run && cp /dev/null utmp && chmod 644 utmp; ) >/var/run/clean_var fi } if [ -d /var/run -a -d /var/spool/lock -a -d /var/spool/uucp/.Temp ]; then # network_pass1() *may* end up writing stuff to /var - we don't want to # remove it immediately afterwards - *nor* to we want to fail to clean # an nfs-mounted /var. clean_var fi # Add additional swapfile, if configured. if [ "x$swapfile" != "xNO" -a -w "$swapfile" -a -b /dev/vn0b ]; then echo "Adding $swapfile as additional swap." vnconfig /dev/vn0b $swapfile && swapon /dev/vn0b fi # configure serial devices if [ -f /etc/rc.serial ]; then . /etc/rc.serial fi # start up PC-card configuration if [ -f /etc/rc.pccard ]; then . /etc/rc.pccard fi # start up the initial network configuration. if [ -f /etc/rc.network ]; then . /etc/rc.network # We only need to do this once. network_pass1 fi echo -n "Mounting NFS file systems" mount -a -t nfs echo . # Whack the pty perms back into shape. chmod 666 /dev/tty[pqrsPQRS]* # clean up left-over files clean_var # If it hasn't already been done rm /var/run/clean_var # # Clearing /tmp at boot-time seems to have a long tradition. It doesn't # help in any way for long-living systems, and it might accidentally # clobber files you would rather like to have preserved after a crash # (if not using mfs /tmp anyway). # # See also the example of another cleanup policy in /etc/periodic/daily. # if [ "X${clear_tmp_enable}" = X"YES" ]; then echo clearing /tmp # prune quickly with one rm, then use find to clean up /tmp/[lq]* # (not needed with mfs /tmp, but doesn't hurt there...) (cd /tmp && rm -rf [a-km-pr-zA-Z]* && find -d . ! -name . ! -name lost+found ! -name quotas -exec rm -rf -- {} \;) fi # Remove X lock files, since they will prevent you from restarting X11 # after a system crash. rm -f /tmp/.X*-lock /tmp/.X11-unix/* # snapshot any kernel -c changes back to disk here # this has changed with ELF and /kernel.config. echo -n 'additional daemons:' # start system logging and name service (named needs to start before syslogd # if you don't have a /etc/resolv.conf) # if [ "X${syslogd_enable}" = X"YES" ]; then # Transitional symlink (for the next couple of years :) until all # binaries had a chance to move towards /var/run/log. if [ ! -h /dev/log ] ; then # might complain for r/o root f/s ln -sf /var/run/log /dev/log fi rm -f /var/run/log echo -n ' syslogd'; syslogd ${syslogd_flags} fi echo '.' # enable dumpdev so that savecore can see it # /var/crash should be a directory or a symbolic link # to the crash directory if core dumps are to be saved. if [ "X${dumpdev}" != X"NO" -a -e ${dumpdev} -a -d /var/crash ]; then dumpon ${dumpdev} echo -n checking for core dump... savecore /var/crash fi if [ -n "$network_pass1_done" ]; then network_pass2 fi # Check the quotas (must be after ypbind if using NIS) if [ "X${check_quotas}" = X"YES" ]; then echo -n 'checking quotas:' quotacheck -a echo ' done.' quotaon -a fi if [ -n "$network_pass2_done" ]; then network_pass3 fi # build ps databases kvm_mkdb dev_mkdb # check the password temp/lock file if [ -f /etc/ptmp ] then logger -s -p auth.err \ "password file may be incorrect -- /etc/ptmp exists" fi if [ "X${accounting_enable}" = X"YES" -a -d /var/account ]; then echo 'turning on accounting' if [ ! -e /var/account/acct ]; then touch /var/account/acct fi accton /var/account/acct fi # Make shared lib searching a little faster. Leave /usr/lib first if you # add your own entries or you may come to grief. if [ -x /sbin/ldconfig ]; then if [ X"`/usr/bin/objformat`" = X"elf" ]; then _LDC=/usr/lib for i in $ldconfig_paths; do if test -d $i; then _LDC="${_LDC} $i" fi done echo 'setting ELF ldconfig path:' ${_LDC} ldconfig -elf ${_LDC} fi # Legacy aout support for i386 only if [ X"`sysctl -n hw.machine`" = X"i386" ]; then # Default the a.out ldconfig path. : ${ldconfig_paths_aout=${ldconfig_paths}} _LDC=/usr/lib/aout for i in $ldconfig_paths_aout; do if test -d $i; then _LDC="${_LDC} $i" fi done echo 'setting a.out ldconfig path:' ${_LDC} ldconfig -aout ${_LDC} fi fi # Now start up miscellaneous daemons that don't belong anywhere else # echo -n starting standard daemons: if [ "X${inetd_enable}" != X"NO" ]; then echo -n ' inetd'; inetd ${inetd_flags} fi if [ "X${cron_enable}" != X"NO" ]; then echo -n ' cron'; cron fi if [ "X${lpd_enable}" = X"YES" ]; then - echo -n ' printer'; lpd ${lpd_flags} + echo -n ' printer'; ${lpd_program} ${lpd_flags} fi if [ "X${sendmail_enable}" = X"YES" -a -r /etc/sendmail.cf ]; then echo -n ' sendmail'; /usr/sbin/sendmail ${sendmail_flags} fi if [ "X${usbd_enable}" = X"YES" ]; then echo -n ' usbd'; /usr/sbin/usbd ${usbd_flags} fi echo '.' # configure implementation specific stuff arch=`uname -m` if [ -f /etc/rc.${arch} ]; then . /etc/rc.${arch} fi # Recover vi editor files. vibackup=`echo /var/tmp/vi.recover/vi.*` if [ "$vibackup" != '/var/tmp/vi.recover/vi.*' ]; then echo 'Recovering vi editor sessions' for i in $vibackup; do # Only test files that are readable. if test ! -r $i; then continue fi # Unmodified nvi editor backup files either have the # execute bit set or are zero length. Delete them. if test -x $i -o ! -s $i; then rm -f $i fi done # It is possible to get incomplete recovery files, if the editor # crashes at the right time. virecovery=`echo /var/tmp/vi.recover/recover.*` if [ "$virecovery" != "/var/tmp/vi.recover/recover.*" ]; then for i in $virecovery; do # Only test files that are readable. if test ! -r $i; then continue fi # Delete any recovery files that are zero length, # corrupted, or that have no corresponding backup file. # Else send mail to the user. recfile=`awk '/^X-vi-recover-path:/{print $2}' < $i` if test -n "$recfile" -a -s "$recfile"; then sendmail -t < $i else rm -f $i fi done fi fi # make a bounds file for msgs(1) if there isn't one already if [ ! -f /var/msgs/bounds ]; then echo 0 > /var/msgs/bounds fi # for each valid dir in $local_startup, search for init scripts matching *.sh if [ "X${local_startup}" != X"NO" ]; then echo -n 'Local package initialization:' for dir in ${local_startup}; do [ -d ${dir} ] && for script in ${dir}/*.sh; do [ -x ${script} ] && \ (trap 'exit 1' 2 ; ${script} start ; echo -n) done done echo . fi if [ "X${update_motd}" != X"NO" ]; then T=/tmp/_motd rm -f $T uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > $T awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> $T cp $T /etc/motd chmod 644 /etc/motd rm -f $T fi # Run rc.devfs if present to customify devfs [ -f /etc/rc.devfs ] && sh /etc/rc.devfs # Do traditional (but rather obsolete) rc.local file if it exists. If you # use this file and want to make it programmatic, source /etc/defaults/rc.conf # in /etc/rc.local and add your custom variables to /etc/rc.conf, as # shown below. Please do not put local extensions into /etc/rc itself. # Use /etc/rc.local # # ---- rc.local ---- # if [ -f /etc/defaults/rc.conf ]; then # . /etc/defaults/rc.conf # fi # # ... additional startup conditionals ... # ---- rc.local ---- # if [ -f /etc/rc.local ]; then echo -n 'starting local daemons:' sh /etc/rc.local echo '.' fi # Raise kernel security level. This should be done only after `fsck' has # repaired local file systems if you want the securelevel to be greater than 1. if [ "X${kern_securelevel_enable}" = X"YES" -a "${kern_securelevel}" -ge 0 ]; then echo 'Raising kernel security level' sysctl -w kern.securelevel=${kern_securelevel} fi date exit 0 Index: head/etc/rc.d/netoptions =================================================================== --- head/etc/rc.d/netoptions (revision 44667) +++ head/etc/rc.d/netoptions (revision 44668) @@ -1,328 +1,328 @@ #!/bin/sh - # -# $Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $ +# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then hostname $hostname echo -n ' hostname' fi # Set the domainname if we're using NIS if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then domainname $nisdomainname echo -n ' domain' fi echo '.' # Initial ATM interface configuration if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi # ISDN subsystem startup if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then . /etc/rc.isdn fi # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ] ; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do if [ -e /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} fi # Do the primary ifconfig if specified eval ifconfig_args=\$ifconfig_${ifn} if [ -n "${ifconfig_args}" ] ; then ifconfig ${ifn} ${ifconfig_args} fi # Check to see if aliases need to be added alias=0 while : do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} fi ifconfig ${ifn} done # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 if [ $? = 0 ] ; then firewall_in_kernel=1 else firewall_in_kernel=0 fi if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then if kldload ipfw; then firewall_in_kernel=1 # module loaded successfully echo "Kernel firewall module loaded." else echo "Warning: firewall kernel module failed to load." fi fi # Load the filters if required if [ $firewall_in_kernel = 1 ]; then if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ "x$firewall_enable" = "xYES" ] ; then . /etc/rc.firewall echo "Firewall rules loaded." else IPFW_DEFAULT=`ipfw l 65535` if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi fi fi # Additional ATM interface configuration if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi if [ X"$icmp_bmcastecho" = X"YES" ]; then echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$forward_sourceroute" = X"YES" ]; then echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 fi if [ "X$accept_sourceroute" = X"YES" ]; then echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 fi if [ "X$ipxgateway_enable" = X"YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then echo -n ' enabling ARP_PROXY_ALL: ' sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' echo -n 'routing daemons:' if [ "X$router_enable" = X"YES" ]; then echo -n " ${router}"; ${router} ${router_flags} fi if [ "X$ipxrouted_enable" = X"YES" ]; then echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 fi if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi if [ "X$rarpd_enable" = X"YES" ]; then echo -n ' rarpd'; rarpd ${rarpd_flags} fi echo '.' network_pass1_done=YES # Let future generations know we made it. } network_pass2() { echo -n 'Doing additional network setup:' if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi if [ "X${ntpdate_enable}" = X"YES" ]; then echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 fi if [ "X${xntpd_enable}" = X"YES" ]; then echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} fi if [ "X${timed_enable}" = X"YES" ]; then echo -n ' timed'; timed ${timed_flags} fi if [ "X${portmap_enable}" = X"YES" ]; then - echo -n ' portmap'; portmap ${portmap_flags} + echo -n ' portmap'; ${portmap_program} ${portmap_flags} fi # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. if [ "X${nis_server_enable}" = X"YES" ]; then echo -n ' ypserv'; ypserv ${nis_server_flags} if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} fi if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} fi fi # Start ypbind if we're an NIS client if [ "X${nis_client_enable}" = X"YES" ]; then echo -n ' ypbind'; ypbind ${nis_client_flags} if [ "X${nis_ypset_enable}" = X"YES" ]; then echo -n ' ypset'; ypset ${nis_ypset_flags} fi fi # Start keyserv if we are running Secure RPC if [ "X${keyserv_enable}" = X"YES" ]; then echo -n ' keyserv'; keyserv ${keyserv_flags} fi # Start ypupdated if we are running Secure RPC and we are NIS master if [ "X$rpc_ypupdated_enable" = X"YES" ]; then echo -n ' rpc.ypupdated'; rpc.ypupdated fi # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then echo -n ' mountd' if [ "X${weak_mountd_authentication}" = X"YES" ]; then mountd_flags="-n" fi mountd ${mountd_flags} if [ "X${nfs_reserved_port_only}" = X"YES" ]; then sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 fi echo -n ' nfsd'; nfsd ${nfs_server_flags} if [ "X$rpc_lockd_enable" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd fi if [ "X$rpc_statd_enable" = X"YES" ]; then echo -n ' rpc.statd'; rpc.statd fi fi if [ "X${nfs_client_enable}" = X"YES" ]; then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ "X${nfs_access_cache}" != X ]; then sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null 2>&1 fi fi if [ "X${amd_enable}" = X"YES" ]; then echo -n ' amd' if [ "X${amd_map_program}" != X"NO" ]; then amd_flags="${amd_flags} `eval ${amd_map_program}`" fi amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null fi if [ "X${rwhod_enable}" = X"YES" ]; then echo -n ' rwhod'; rwhod ${rwhod_flags} fi # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then if [ "X${kerberos_stash}" = "XYES" ]; then stash_flag=-n else stash_flag= fi echo -n ' kerberos'; \ kerberos ${stash_flag} >> /var/log/kerberos.log & if [ "X${kadmind_server_enable}" = "XYES" ]; then echo -n ' kadmind'; \ (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & fi unset stash_flag fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} fi echo '.' network_pass3_done=YES } Index: head/etc/rc.d/network1 =================================================================== --- head/etc/rc.d/network1 (revision 44667) +++ head/etc/rc.d/network1 (revision 44668) @@ -1,328 +1,328 @@ #!/bin/sh - # -# $Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $ +# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then hostname $hostname echo -n ' hostname' fi # Set the domainname if we're using NIS if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then domainname $nisdomainname echo -n ' domain' fi echo '.' # Initial ATM interface configuration if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi # ISDN subsystem startup if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then . /etc/rc.isdn fi # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ] ; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do if [ -e /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} fi # Do the primary ifconfig if specified eval ifconfig_args=\$ifconfig_${ifn} if [ -n "${ifconfig_args}" ] ; then ifconfig ${ifn} ${ifconfig_args} fi # Check to see if aliases need to be added alias=0 while : do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} fi ifconfig ${ifn} done # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 if [ $? = 0 ] ; then firewall_in_kernel=1 else firewall_in_kernel=0 fi if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then if kldload ipfw; then firewall_in_kernel=1 # module loaded successfully echo "Kernel firewall module loaded." else echo "Warning: firewall kernel module failed to load." fi fi # Load the filters if required if [ $firewall_in_kernel = 1 ]; then if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ "x$firewall_enable" = "xYES" ] ; then . /etc/rc.firewall echo "Firewall rules loaded." else IPFW_DEFAULT=`ipfw l 65535` if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi fi fi # Additional ATM interface configuration if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi if [ X"$icmp_bmcastecho" = X"YES" ]; then echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$forward_sourceroute" = X"YES" ]; then echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 fi if [ "X$accept_sourceroute" = X"YES" ]; then echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 fi if [ "X$ipxgateway_enable" = X"YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then echo -n ' enabling ARP_PROXY_ALL: ' sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' echo -n 'routing daemons:' if [ "X$router_enable" = X"YES" ]; then echo -n " ${router}"; ${router} ${router_flags} fi if [ "X$ipxrouted_enable" = X"YES" ]; then echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 fi if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi if [ "X$rarpd_enable" = X"YES" ]; then echo -n ' rarpd'; rarpd ${rarpd_flags} fi echo '.' network_pass1_done=YES # Let future generations know we made it. } network_pass2() { echo -n 'Doing additional network setup:' if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi if [ "X${ntpdate_enable}" = X"YES" ]; then echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 fi if [ "X${xntpd_enable}" = X"YES" ]; then echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} fi if [ "X${timed_enable}" = X"YES" ]; then echo -n ' timed'; timed ${timed_flags} fi if [ "X${portmap_enable}" = X"YES" ]; then - echo -n ' portmap'; portmap ${portmap_flags} + echo -n ' portmap'; ${portmap_program} ${portmap_flags} fi # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. if [ "X${nis_server_enable}" = X"YES" ]; then echo -n ' ypserv'; ypserv ${nis_server_flags} if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} fi if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} fi fi # Start ypbind if we're an NIS client if [ "X${nis_client_enable}" = X"YES" ]; then echo -n ' ypbind'; ypbind ${nis_client_flags} if [ "X${nis_ypset_enable}" = X"YES" ]; then echo -n ' ypset'; ypset ${nis_ypset_flags} fi fi # Start keyserv if we are running Secure RPC if [ "X${keyserv_enable}" = X"YES" ]; then echo -n ' keyserv'; keyserv ${keyserv_flags} fi # Start ypupdated if we are running Secure RPC and we are NIS master if [ "X$rpc_ypupdated_enable" = X"YES" ]; then echo -n ' rpc.ypupdated'; rpc.ypupdated fi # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then echo -n ' mountd' if [ "X${weak_mountd_authentication}" = X"YES" ]; then mountd_flags="-n" fi mountd ${mountd_flags} if [ "X${nfs_reserved_port_only}" = X"YES" ]; then sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 fi echo -n ' nfsd'; nfsd ${nfs_server_flags} if [ "X$rpc_lockd_enable" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd fi if [ "X$rpc_statd_enable" = X"YES" ]; then echo -n ' rpc.statd'; rpc.statd fi fi if [ "X${nfs_client_enable}" = X"YES" ]; then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ "X${nfs_access_cache}" != X ]; then sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null 2>&1 fi fi if [ "X${amd_enable}" = X"YES" ]; then echo -n ' amd' if [ "X${amd_map_program}" != X"NO" ]; then amd_flags="${amd_flags} `eval ${amd_map_program}`" fi amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null fi if [ "X${rwhod_enable}" = X"YES" ]; then echo -n ' rwhod'; rwhod ${rwhod_flags} fi # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then if [ "X${kerberos_stash}" = "XYES" ]; then stash_flag=-n else stash_flag= fi echo -n ' kerberos'; \ kerberos ${stash_flag} >> /var/log/kerberos.log & if [ "X${kadmind_server_enable}" = "XYES" ]; then echo -n ' kadmind'; \ (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & fi unset stash_flag fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} fi echo '.' network_pass3_done=YES } Index: head/etc/rc.d/network2 =================================================================== --- head/etc/rc.d/network2 (revision 44667) +++ head/etc/rc.d/network2 (revision 44668) @@ -1,328 +1,328 @@ #!/bin/sh - # -# $Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $ +# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then hostname $hostname echo -n ' hostname' fi # Set the domainname if we're using NIS if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then domainname $nisdomainname echo -n ' domain' fi echo '.' # Initial ATM interface configuration if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi # ISDN subsystem startup if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then . /etc/rc.isdn fi # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ] ; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do if [ -e /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} fi # Do the primary ifconfig if specified eval ifconfig_args=\$ifconfig_${ifn} if [ -n "${ifconfig_args}" ] ; then ifconfig ${ifn} ${ifconfig_args} fi # Check to see if aliases need to be added alias=0 while : do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} fi ifconfig ${ifn} done # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 if [ $? = 0 ] ; then firewall_in_kernel=1 else firewall_in_kernel=0 fi if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then if kldload ipfw; then firewall_in_kernel=1 # module loaded successfully echo "Kernel firewall module loaded." else echo "Warning: firewall kernel module failed to load." fi fi # Load the filters if required if [ $firewall_in_kernel = 1 ]; then if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ "x$firewall_enable" = "xYES" ] ; then . /etc/rc.firewall echo "Firewall rules loaded." else IPFW_DEFAULT=`ipfw l 65535` if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi fi fi # Additional ATM interface configuration if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi if [ X"$icmp_bmcastecho" = X"YES" ]; then echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$forward_sourceroute" = X"YES" ]; then echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 fi if [ "X$accept_sourceroute" = X"YES" ]; then echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 fi if [ "X$ipxgateway_enable" = X"YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then echo -n ' enabling ARP_PROXY_ALL: ' sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' echo -n 'routing daemons:' if [ "X$router_enable" = X"YES" ]; then echo -n " ${router}"; ${router} ${router_flags} fi if [ "X$ipxrouted_enable" = X"YES" ]; then echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 fi if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi if [ "X$rarpd_enable" = X"YES" ]; then echo -n ' rarpd'; rarpd ${rarpd_flags} fi echo '.' network_pass1_done=YES # Let future generations know we made it. } network_pass2() { echo -n 'Doing additional network setup:' if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi if [ "X${ntpdate_enable}" = X"YES" ]; then echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 fi if [ "X${xntpd_enable}" = X"YES" ]; then echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} fi if [ "X${timed_enable}" = X"YES" ]; then echo -n ' timed'; timed ${timed_flags} fi if [ "X${portmap_enable}" = X"YES" ]; then - echo -n ' portmap'; portmap ${portmap_flags} + echo -n ' portmap'; ${portmap_program} ${portmap_flags} fi # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. if [ "X${nis_server_enable}" = X"YES" ]; then echo -n ' ypserv'; ypserv ${nis_server_flags} if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} fi if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} fi fi # Start ypbind if we're an NIS client if [ "X${nis_client_enable}" = X"YES" ]; then echo -n ' ypbind'; ypbind ${nis_client_flags} if [ "X${nis_ypset_enable}" = X"YES" ]; then echo -n ' ypset'; ypset ${nis_ypset_flags} fi fi # Start keyserv if we are running Secure RPC if [ "X${keyserv_enable}" = X"YES" ]; then echo -n ' keyserv'; keyserv ${keyserv_flags} fi # Start ypupdated if we are running Secure RPC and we are NIS master if [ "X$rpc_ypupdated_enable" = X"YES" ]; then echo -n ' rpc.ypupdated'; rpc.ypupdated fi # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then echo -n ' mountd' if [ "X${weak_mountd_authentication}" = X"YES" ]; then mountd_flags="-n" fi mountd ${mountd_flags} if [ "X${nfs_reserved_port_only}" = X"YES" ]; then sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 fi echo -n ' nfsd'; nfsd ${nfs_server_flags} if [ "X$rpc_lockd_enable" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd fi if [ "X$rpc_statd_enable" = X"YES" ]; then echo -n ' rpc.statd'; rpc.statd fi fi if [ "X${nfs_client_enable}" = X"YES" ]; then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ "X${nfs_access_cache}" != X ]; then sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null 2>&1 fi fi if [ "X${amd_enable}" = X"YES" ]; then echo -n ' amd' if [ "X${amd_map_program}" != X"NO" ]; then amd_flags="${amd_flags} `eval ${amd_map_program}`" fi amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null fi if [ "X${rwhod_enable}" = X"YES" ]; then echo -n ' rwhod'; rwhod ${rwhod_flags} fi # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then if [ "X${kerberos_stash}" = "XYES" ]; then stash_flag=-n else stash_flag= fi echo -n ' kerberos'; \ kerberos ${stash_flag} >> /var/log/kerberos.log & if [ "X${kadmind_server_enable}" = "XYES" ]; then echo -n ' kadmind'; \ (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & fi unset stash_flag fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} fi echo '.' network_pass3_done=YES } Index: head/etc/rc.d/network3 =================================================================== --- head/etc/rc.d/network3 (revision 44667) +++ head/etc/rc.d/network3 (revision 44668) @@ -1,328 +1,328 @@ #!/bin/sh - # -# $Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $ +# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then hostname $hostname echo -n ' hostname' fi # Set the domainname if we're using NIS if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then domainname $nisdomainname echo -n ' domain' fi echo '.' # Initial ATM interface configuration if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi # ISDN subsystem startup if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then . /etc/rc.isdn fi # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ] ; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do if [ -e /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} fi # Do the primary ifconfig if specified eval ifconfig_args=\$ifconfig_${ifn} if [ -n "${ifconfig_args}" ] ; then ifconfig ${ifn} ${ifconfig_args} fi # Check to see if aliases need to be added alias=0 while : do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} fi ifconfig ${ifn} done # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 if [ $? = 0 ] ; then firewall_in_kernel=1 else firewall_in_kernel=0 fi if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then if kldload ipfw; then firewall_in_kernel=1 # module loaded successfully echo "Kernel firewall module loaded." else echo "Warning: firewall kernel module failed to load." fi fi # Load the filters if required if [ $firewall_in_kernel = 1 ]; then if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ "x$firewall_enable" = "xYES" ] ; then . /etc/rc.firewall echo "Firewall rules loaded." else IPFW_DEFAULT=`ipfw l 65535` if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi fi fi # Additional ATM interface configuration if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi if [ X"$icmp_bmcastecho" = X"YES" ]; then echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$forward_sourceroute" = X"YES" ]; then echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 fi if [ "X$accept_sourceroute" = X"YES" ]; then echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 fi if [ "X$ipxgateway_enable" = X"YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then echo -n ' enabling ARP_PROXY_ALL: ' sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' echo -n 'routing daemons:' if [ "X$router_enable" = X"YES" ]; then echo -n " ${router}"; ${router} ${router_flags} fi if [ "X$ipxrouted_enable" = X"YES" ]; then echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 fi if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi if [ "X$rarpd_enable" = X"YES" ]; then echo -n ' rarpd'; rarpd ${rarpd_flags} fi echo '.' network_pass1_done=YES # Let future generations know we made it. } network_pass2() { echo -n 'Doing additional network setup:' if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi if [ "X${ntpdate_enable}" = X"YES" ]; then echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 fi if [ "X${xntpd_enable}" = X"YES" ]; then echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} fi if [ "X${timed_enable}" = X"YES" ]; then echo -n ' timed'; timed ${timed_flags} fi if [ "X${portmap_enable}" = X"YES" ]; then - echo -n ' portmap'; portmap ${portmap_flags} + echo -n ' portmap'; ${portmap_program} ${portmap_flags} fi # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. if [ "X${nis_server_enable}" = X"YES" ]; then echo -n ' ypserv'; ypserv ${nis_server_flags} if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} fi if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} fi fi # Start ypbind if we're an NIS client if [ "X${nis_client_enable}" = X"YES" ]; then echo -n ' ypbind'; ypbind ${nis_client_flags} if [ "X${nis_ypset_enable}" = X"YES" ]; then echo -n ' ypset'; ypset ${nis_ypset_flags} fi fi # Start keyserv if we are running Secure RPC if [ "X${keyserv_enable}" = X"YES" ]; then echo -n ' keyserv'; keyserv ${keyserv_flags} fi # Start ypupdated if we are running Secure RPC and we are NIS master if [ "X$rpc_ypupdated_enable" = X"YES" ]; then echo -n ' rpc.ypupdated'; rpc.ypupdated fi # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then echo -n ' mountd' if [ "X${weak_mountd_authentication}" = X"YES" ]; then mountd_flags="-n" fi mountd ${mountd_flags} if [ "X${nfs_reserved_port_only}" = X"YES" ]; then sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 fi echo -n ' nfsd'; nfsd ${nfs_server_flags} if [ "X$rpc_lockd_enable" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd fi if [ "X$rpc_statd_enable" = X"YES" ]; then echo -n ' rpc.statd'; rpc.statd fi fi if [ "X${nfs_client_enable}" = X"YES" ]; then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ "X${nfs_access_cache}" != X ]; then sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null 2>&1 fi fi if [ "X${amd_enable}" = X"YES" ]; then echo -n ' amd' if [ "X${amd_map_program}" != X"NO" ]; then amd_flags="${amd_flags} `eval ${amd_map_program}`" fi amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null fi if [ "X${rwhod_enable}" = X"YES" ]; then echo -n ' rwhod'; rwhod ${rwhod_flags} fi # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then if [ "X${kerberos_stash}" = "XYES" ]; then stash_flag=-n else stash_flag= fi echo -n ' kerberos'; \ kerberos ${stash_flag} >> /var/log/kerberos.log & if [ "X${kadmind_server_enable}" = "XYES" ]; then echo -n ' kadmind'; \ (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & fi unset stash_flag fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} fi echo '.' network_pass3_done=YES } Index: head/etc/rc.d/routing =================================================================== --- head/etc/rc.d/routing (revision 44667) +++ head/etc/rc.d/routing (revision 44668) @@ -1,328 +1,328 @@ #!/bin/sh - # -# $Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $ +# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then hostname $hostname echo -n ' hostname' fi # Set the domainname if we're using NIS if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then domainname $nisdomainname echo -n ' domain' fi echo '.' # Initial ATM interface configuration if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi # ISDN subsystem startup if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then . /etc/rc.isdn fi # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ] ; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do if [ -e /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} fi # Do the primary ifconfig if specified eval ifconfig_args=\$ifconfig_${ifn} if [ -n "${ifconfig_args}" ] ; then ifconfig ${ifn} ${ifconfig_args} fi # Check to see if aliases need to be added alias=0 while : do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} fi ifconfig ${ifn} done # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 if [ $? = 0 ] ; then firewall_in_kernel=1 else firewall_in_kernel=0 fi if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then if kldload ipfw; then firewall_in_kernel=1 # module loaded successfully echo "Kernel firewall module loaded." else echo "Warning: firewall kernel module failed to load." fi fi # Load the filters if required if [ $firewall_in_kernel = 1 ]; then if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ "x$firewall_enable" = "xYES" ] ; then . /etc/rc.firewall echo "Firewall rules loaded." else IPFW_DEFAULT=`ipfw l 65535` if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi fi fi # Additional ATM interface configuration if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi if [ X"$icmp_bmcastecho" = X"YES" ]; then echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$forward_sourceroute" = X"YES" ]; then echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 fi if [ "X$accept_sourceroute" = X"YES" ]; then echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 fi if [ "X$ipxgateway_enable" = X"YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then echo -n ' enabling ARP_PROXY_ALL: ' sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' echo -n 'routing daemons:' if [ "X$router_enable" = X"YES" ]; then echo -n " ${router}"; ${router} ${router_flags} fi if [ "X$ipxrouted_enable" = X"YES" ]; then echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 fi if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi if [ "X$rarpd_enable" = X"YES" ]; then echo -n ' rarpd'; rarpd ${rarpd_flags} fi echo '.' network_pass1_done=YES # Let future generations know we made it. } network_pass2() { echo -n 'Doing additional network setup:' if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi if [ "X${ntpdate_enable}" = X"YES" ]; then echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 fi if [ "X${xntpd_enable}" = X"YES" ]; then echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} fi if [ "X${timed_enable}" = X"YES" ]; then echo -n ' timed'; timed ${timed_flags} fi if [ "X${portmap_enable}" = X"YES" ]; then - echo -n ' portmap'; portmap ${portmap_flags} + echo -n ' portmap'; ${portmap_program} ${portmap_flags} fi # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. if [ "X${nis_server_enable}" = X"YES" ]; then echo -n ' ypserv'; ypserv ${nis_server_flags} if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} fi if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} fi fi # Start ypbind if we're an NIS client if [ "X${nis_client_enable}" = X"YES" ]; then echo -n ' ypbind'; ypbind ${nis_client_flags} if [ "X${nis_ypset_enable}" = X"YES" ]; then echo -n ' ypset'; ypset ${nis_ypset_flags} fi fi # Start keyserv if we are running Secure RPC if [ "X${keyserv_enable}" = X"YES" ]; then echo -n ' keyserv'; keyserv ${keyserv_flags} fi # Start ypupdated if we are running Secure RPC and we are NIS master if [ "X$rpc_ypupdated_enable" = X"YES" ]; then echo -n ' rpc.ypupdated'; rpc.ypupdated fi # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then echo -n ' mountd' if [ "X${weak_mountd_authentication}" = X"YES" ]; then mountd_flags="-n" fi mountd ${mountd_flags} if [ "X${nfs_reserved_port_only}" = X"YES" ]; then sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 fi echo -n ' nfsd'; nfsd ${nfs_server_flags} if [ "X$rpc_lockd_enable" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd fi if [ "X$rpc_statd_enable" = X"YES" ]; then echo -n ' rpc.statd'; rpc.statd fi fi if [ "X${nfs_client_enable}" = X"YES" ]; then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ "X${nfs_access_cache}" != X ]; then sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null 2>&1 fi fi if [ "X${amd_enable}" = X"YES" ]; then echo -n ' amd' if [ "X${amd_map_program}" != X"NO" ]; then amd_flags="${amd_flags} `eval ${amd_map_program}`" fi amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null fi if [ "X${rwhod_enable}" = X"YES" ]; then echo -n ' rwhod'; rwhod ${rwhod_flags} fi # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then if [ "X${kerberos_stash}" = "XYES" ]; then stash_flag=-n else stash_flag= fi echo -n ' kerberos'; \ kerberos ${stash_flag} >> /var/log/kerberos.log & if [ "X${kadmind_server_enable}" = "XYES" ]; then echo -n ' kadmind'; \ (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & fi unset stash_flag fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} fi echo '.' network_pass3_done=YES } Index: head/etc/rc.network =================================================================== --- head/etc/rc.network (revision 44667) +++ head/etc/rc.network (revision 44668) @@ -1,328 +1,328 @@ #!/bin/sh - # -# $Id: rc.network,v 1.38 1999/01/13 08:20:55 hm Exp $ +# $Id: rc.network,v 1.39 1999/01/13 17:32:37 joerg Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # Note that almost all the user-configurable behavior is no longer in # this file, but rather in /etc/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set if [ -z "`hostname -s`" ] ; then hostname $hostname echo -n ' hostname' fi # Set the domainname if we're using NIS if [ -n "$nisdomainname" -a "x$nisdomainname" != "xNO" ] ; then domainname $nisdomainname echo -n ' domain' fi echo '.' # Initial ATM interface configuration if [ "X${atm_enable}" = X"YES" -a -f /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi # ISDN subsystem startup if [ "X${isdn_enable}" = X"YES" -a -f /etc/rc.isdn ]; then . /etc/rc.isdn fi # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ] ; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # Set up all the network interfaces, calling startup scripts if needed for ifn in ${network_interfaces}; do if [ -e /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} fi # Do the primary ifconfig if specified eval ifconfig_args=\$ifconfig_${ifn} if [ -n "${ifconfig_args}" ] ; then ifconfig ${ifn} ${ifconfig_args} fi # Check to see if aliases need to be added alias=0 while : do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias alias=`expr ${alias} + 1` else break; fi done # Do ipx address if specified eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} fi ifconfig ${ifn} done # Initialize IP filtering using ipfw echo "" /sbin/ipfw -q flush > /dev/null 2>&1 if [ $? = 0 ] ; then firewall_in_kernel=1 else firewall_in_kernel=0 fi if [ $firewall_in_kernel = 0 -a "x$firewall_enable" = "xYES" ] ; then if kldload ipfw; then firewall_in_kernel=1 # module loaded successfully echo "Kernel firewall module loaded." else echo "Warning: firewall kernel module failed to load." fi fi # Load the filters if required if [ $firewall_in_kernel = 1 ]; then if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \ "x$firewall_enable" = "xYES" ] ; then . /etc/rc.firewall echo "Firewall rules loaded." else IPFW_DEFAULT=`ipfw l 65535` if [ "$IPFW_DEFAULT" = "65535 deny ip from any to any" ]; then echo -n "Warning: kernel has firewall functionality, " echo "but firewall rules are not enabled." echo " All ip services are disabled." fi fi fi # Additional ATM interface configuration if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing if [ "x$defaultrouter" != "xNO" ] ; then static_routes="default ${static_routes}" route_default="default ${defaultrouter}" fi # Set up any static routes. This should be done before router discovery. if [ "x${static_routes}" != "x" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then echo -n ' tcp extensions=NO' sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1 fi if [ X"$icmp_bmcastecho" = X"YES" ]; then echo -n ' broadcast ping responses=YES' sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null 2>&1 fi if [ "X$gateway_enable" = X"YES" ]; then echo -n ' IP gateway=YES' sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1 fi if [ "X$forward_sourceroute" = X"YES" ]; then echo -n ' do source routing=YES' sysctl -w net.inet.ip.sourceroute=1 >/dev/null 2>&1 fi if [ "X$accept_sourceroute" = X"YES" ]; then echo -n ' accept source routing=YES' sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null 2>&1 fi if [ "X$ipxgateway_enable" = X"YES" ]; then echo -n ' IPX gateway=YES' sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null 2>&1 fi if [ "X$arpproxy_all" = X"YES" ]; then echo -n ' enabling ARP_PROXY_ALL: ' sysctl -w net.link.ether.inet.proxyall=1 2>&1 fi echo '.' echo -n 'routing daemons:' if [ "X$router_enable" = X"YES" ]; then echo -n " ${router}"; ${router} ${router_flags} fi if [ "X$ipxrouted_enable" = X"YES" ]; then echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 fi if [ "X${mrouted_enable}" = X"YES" ]; then echo -n ' mrouted'; mrouted ${mrouted_flags} fi if [ "X$rarpd_enable" = X"YES" ]; then echo -n ' rarpd'; rarpd ${rarpd_flags} fi echo '.' network_pass1_done=YES # Let future generations know we made it. } network_pass2() { echo -n 'Doing additional network setup:' if [ "X${named_enable}" = X"YES" ]; then echo -n ' named'; ${named_program-"named"} ${named_flags} fi if [ "X${ntpdate_enable}" = X"YES" ]; then echo -n ' ntpdate'; ${ntpdate_program} ${ntpdate_flags} >/dev/null 2>&1 fi if [ "X${xntpd_enable}" = X"YES" ]; then echo -n ' xntpd'; ${xntpd_program} ${xntpd_flags} fi if [ "X${timed_enable}" = X"YES" ]; then echo -n ' timed'; timed ${timed_flags} fi if [ "X${portmap_enable}" = X"YES" ]; then - echo -n ' portmap'; portmap ${portmap_flags} + echo -n ' portmap'; ${portmap_program} ${portmap_flags} fi # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. if [ "X${nis_server_enable}" = X"YES" ]; then echo -n ' ypserv'; ypserv ${nis_server_flags} if [ "X${nis_ypxfrd_enable}" = X"YES" ]; then echo -n ' rpc.ypxfrd'; rpc.ypxfrd ${nis_ypxfrd_flags} fi if [ "X${nis_yppasswdd_enable}" = X"YES" ]; then echo -n ' rpc.yppasswdd'; rpc.yppasswdd ${nis_yppasswdd_flags} fi fi # Start ypbind if we're an NIS client if [ "X${nis_client_enable}" = X"YES" ]; then echo -n ' ypbind'; ypbind ${nis_client_flags} if [ "X${nis_ypset_enable}" = X"YES" ]; then echo -n ' ypset'; ypset ${nis_ypset_flags} fi fi # Start keyserv if we are running Secure RPC if [ "X${keyserv_enable}" = X"YES" ]; then echo -n ' keyserv'; keyserv ${keyserv_flags} fi # Start ypupdated if we are running Secure RPC and we are NIS master if [ "X$rpc_ypupdated_enable" = X"YES" ]; then echo -n ' rpc.ypupdated'; rpc.ypupdated fi # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' if [ "X${nfs_server_enable}" = X"YES" -a -r /etc/exports ]; then echo -n ' mountd' if [ "X${weak_mountd_authentication}" = X"YES" ]; then mountd_flags="-n" fi mountd ${mountd_flags} if [ "X${nfs_reserved_port_only}" = X"YES" ]; then sysctl -w vfs.nfs.nfs_privport=1 >/dev/null 2>&1 fi echo -n ' nfsd'; nfsd ${nfs_server_flags} if [ "X$rpc_lockd_enable" = X"YES" ]; then echo -n ' rpc.lockd'; rpc.lockd fi if [ "X$rpc_statd_enable" = X"YES" ]; then echo -n ' rpc.statd'; rpc.statd fi fi if [ "X${nfs_client_enable}" = X"YES" ]; then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ "X${nfs_access_cache}" != X ]; then sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} \ >/dev/null 2>&1 fi fi if [ "X${amd_enable}" = X"YES" ]; then echo -n ' amd' if [ "X${amd_map_program}" != X"NO" ]; then amd_flags="${amd_flags} `eval ${amd_map_program}`" fi amd -p ${amd_flags} > /var/run/amd.pid 2> /dev/null fi if [ "X${rwhod_enable}" = X"YES" ]; then echo -n ' rwhod'; rwhod ${rwhod_flags} fi # Kerberos runs ONLY on the Kerberos server machine if [ "X${kerberos_server_enable}" = X"YES" ]; then if [ "X${kerberos_stash}" = "XYES" ]; then stash_flag=-n else stash_flag= fi echo -n ' kerberos'; \ kerberos ${stash_flag} >> /var/log/kerberos.log & if [ "X${kadmind_server_enable}" = "XYES" ]; then echo -n ' kadmind'; \ (sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 &) & fi unset stash_flag fi # Network Address Translation daemon if [ "X${natd_enable}" = X"YES" -a X"${natd_interface}" != X"" \ -a X"${firewall_enable}" = X"YES" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then natd_ifarg="-a ${natd_interface}" else natd_ifarg="-n ${natd_interface}" fi echo -n ' natd'; natd ${natd_flags} ${natd_ifarg} fi echo '.' network_pass3_done=YES }