1997-04-27 03:59:19 +00:00
|
|
|
#!/bin/sh -
|
|
|
|
|
#
|
2000-10-08 19:20:36 +00:00
|
|
|
# Copyright (c) 1993 The FreeBSD Project
|
|
|
|
|
# All rights reserved.
|
|
|
|
|
#
|
|
|
|
|
# Redistribution and use in source and binary forms, with or without
|
|
|
|
|
# modification, are permitted provided that the following conditions
|
|
|
|
|
# are met:
|
|
|
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
# notice, this list of conditions and the following disclaimer.
|
|
|
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
# documentation and/or other materials provided with the distribution.
|
|
|
|
|
#
|
|
|
|
|
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
# SUCH DAMAGE.
|
|
|
|
|
#
|
1999-08-27 23:37:10 +00:00
|
|
|
# $FreeBSD$
|
1997-04-27 03:59:19 +00:00
|
|
|
# From: @(#)netstart 5.9 (Berkeley) 3/30/91
|
2000-10-08 19:20:36 +00:00
|
|
|
#
|
1997-04-27 03:59:19 +00:00
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
# Note that almost all of the user-configurable behavior is no longer in
|
|
|
|
|
# this file, but rather in /etc/defaults/rc.conf. Please check that file
|
1997-04-27 03:59:19 +00:00
|
|
|
# first before contemplating any changes here. If you do need to change
|
|
|
|
|
# this file for some reason, we would like to know about it.
|
|
|
|
|
|
|
|
|
|
# First pass startup stuff.
|
1999-09-13 15:44:20 +00:00
|
|
|
#
|
1997-04-27 03:59:19 +00:00
|
|
|
network_pass1() {
|
1999-09-13 15:44:20 +00:00
|
|
|
echo -n 'Doing initial network setup:'
|
1997-09-11 10:59:02 +00:00
|
|
|
|
2001-11-01 12:39:01 +00:00
|
|
|
# Generate host.conf for compatibility
|
|
|
|
|
#
|
|
|
|
|
if [ -f "/etc/nsswitch.conf" ]; then
|
2001-11-07 00:33:56 +00:00
|
|
|
echo -n ' host.conf'
|
2001-11-01 12:39:01 +00:00
|
|
|
generate_host_conf /etc/nsswitch.conf /etc/host.conf
|
|
|
|
|
fi
|
|
|
|
|
|
Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
2000-09-06 18:16:48 +00:00
|
|
|
# Convert host.conf to nsswitch.conf if necessary
|
2001-11-01 12:39:01 +00:00
|
|
|
#
|
|
|
|
|
if [ -f "/etc/host.conf" -a ! -f "/etc/nsswitch.conf" ]; then
|
2000-12-17 08:16:06 +00:00
|
|
|
echo ''
|
|
|
|
|
echo 'Warning: /etc/host.conf is no longer used'
|
2001-11-01 12:39:01 +00:00
|
|
|
echo ' /etc/nsswitch.conf will be created for you'
|
|
|
|
|
convert_host_conf /etc/host.conf /etc/nsswitch.conf
|
Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
2000-09-06 18:16:48 +00:00
|
|
|
fi
|
|
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
# Set the host name if it is not already set
|
|
|
|
|
#
|
|
|
|
|
if [ -z "`hostname -s`" ]; then
|
|
|
|
|
hostname ${hostname}
|
|
|
|
|
echo -n ' hostname'
|
1999-04-10 10:56:58 +00:00
|
|
|
fi
|
1999-09-13 15:44:20 +00:00
|
|
|
|
2000-10-06 12:24:45 +00:00
|
|
|
# Establish ipfilter ruleset as early as possible (best in
|
|
|
|
|
# addition to IPFILTER_DEFAULT_BLOCK in the kernel config file)
|
2001-07-30 23:12:02 +00:00
|
|
|
|
2001-11-24 13:48:30 +00:00
|
|
|
# check whether ipfilter and/or ipnat is enabled
|
|
|
|
|
ipfilter_active="NO"
|
|
|
|
|
case ${ipfilter_enable} in
|
2000-10-06 12:24:45 +00:00
|
|
|
[Yy][Ee][Ss])
|
2001-11-24 13:48:30 +00:00
|
|
|
ipfilter_active="YES"
|
|
|
|
|
;;
|
2001-10-20 04:41:47 +00:00
|
|
|
esac
|
2001-11-24 13:48:30 +00:00
|
|
|
case ${ipnat_enable} in
|
2001-10-20 04:41:47 +00:00
|
|
|
[Yy][Ee][Ss])
|
2001-11-24 13:48:30 +00:00
|
|
|
ipfilter_active="YES"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
case ${ipfilter_active} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
# load ipfilter kernel module if needed
|
|
|
|
|
if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then
|
|
|
|
|
if kldload ipl; then
|
|
|
|
|
echo 'IP-filter module loaded.'
|
|
|
|
|
else
|
|
|
|
|
echo 'Warning: IP-filter module failed to load.'
|
|
|
|
|
# avoid further errors
|
|
|
|
|
ipmon_enable="NO"
|
|
|
|
|
ipfilter_enable="NO"
|
|
|
|
|
ipnat_enable="NO"
|
|
|
|
|
ipfs_enable="NO"
|
|
|
|
|
fi
|
2001-10-20 04:41:47 +00:00
|
|
|
fi
|
2001-11-24 13:48:30 +00:00
|
|
|
# start ipmon before loading any rules
|
|
|
|
|
case "${ipmon_enable}" in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' ipmon'
|
|
|
|
|
${ipmon_program:-/sbin/ipmon} ${ipmon_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
case "${ipfilter_enable}" in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -r "${ipfilter_rules}" ]; then
|
|
|
|
|
echo -n ' ipfilter'
|
|
|
|
|
${ipfilter_program:-/sbin/ipf} -Fa -f \
|
|
|
|
|
"${ipfilter_rules}" ${ipfilter_flags}
|
|
|
|
|
else
|
|
|
|
|
ipfilter_enable="NO"
|
|
|
|
|
echo -n ' NO IPF RULES'
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
case "${ipnat_enable}" in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -r "${ipnat_rules}" ]; then
|
|
|
|
|
echo -n ' ipnat'
|
|
|
|
|
eval ${ipnat_program:-/sbin/ipnat} -CF -f \
|
|
|
|
|
"${ipnat_rules}" ${ipnat_flags}
|
|
|
|
|
else
|
|
|
|
|
ipnat_enable="NO"
|
|
|
|
|
echo -n ' NO IPNAT RULES'
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
# restore filter/NAT state tables after loading the rules
|
|
|
|
|
case "${ipfs_enable}" in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -r "/var/db/ipf/ipstate.ipf" ]; then
|
|
|
|
|
echo -n ' ipfs'
|
|
|
|
|
${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags}
|
|
|
|
|
# remove files to avoid reloading old state
|
|
|
|
|
# after an ungraceful shutdown
|
|
|
|
|
rm -f /var/db/ipf/ipstate.ipf
|
|
|
|
|
rm -f /var/db/ipf/ipnat.ipf
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2000-10-06 12:24:45 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
# Set the domainname if we're using NIS
|
|
|
|
|
#
|
|
|
|
|
case ${nisdomainname} in
|
|
|
|
|
[Nn][Oo] | '')
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
domainname ${nisdomainname}
|
|
|
|
|
echo -n ' domain'
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
echo '.'
|
|
|
|
|
|
|
|
|
|
# Initial ATM interface configuration
|
|
|
|
|
#
|
|
|
|
|
case ${atm_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -r /etc/rc.atm ]; then
|
|
|
|
|
. /etc/rc.atm
|
|
|
|
|
atm_pass1
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2001-09-19 21:27:27 +00:00
|
|
|
# Attempt to create cloned interfaces.
|
|
|
|
|
for ifn in ${cloned_interfaces}; do
|
|
|
|
|
ifconfig ${ifn} create
|
|
|
|
|
done
|
|
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
# Special options for sppp(4) interfaces go here. These need
|
|
|
|
|
# to go _before_ the general ifconfig section, since in the case
|
|
|
|
|
# of hardwired (no link1 flag) but required authentication, you
|
|
|
|
|
# cannot pass auth parameters down to the already running interface.
|
|
|
|
|
#
|
|
|
|
|
for ifn in ${sppp_interfaces}; do
|
|
|
|
|
eval spppcontrol_args=\$spppconfig_${ifn}
|
|
|
|
|
if [ -n "${spppcontrol_args}" ]; then
|
|
|
|
|
# The auth secrets might contain spaces; in order
|
|
|
|
|
# to retain the quotation, we need to eval them
|
|
|
|
|
# here.
|
|
|
|
|
eval spppcontrol ${ifn} ${spppcontrol_args}
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
2001-06-03 12:26:56 +00:00
|
|
|
# gifconfig
|
|
|
|
|
network_gif_setup
|
|
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
# Set up all the network interfaces, calling startup scripts if needed
|
|
|
|
|
#
|
|
|
|
|
case ${network_interfaces} in
|
|
|
|
|
[Aa][Uu][Tt][Oo])
|
|
|
|
|
network_interfaces="`ifconfig -l`"
|
|
|
|
|
;;
|
2001-09-19 21:27:27 +00:00
|
|
|
*)
|
|
|
|
|
network_interfaces="${network_interfaces} ${cloned_interfaces}"
|
|
|
|
|
;;
|
1999-09-13 15:44:20 +00:00
|
|
|
esac
|
|
|
|
|
|
1999-12-12 01:58:30 +00:00
|
|
|
dhcp_interfaces=""
|
1999-09-13 15:44:20 +00:00
|
|
|
for ifn in ${network_interfaces}; do
|
|
|
|
|
if [ -r /etc/start_if.${ifn} ]; then
|
|
|
|
|
. /etc/start_if.${ifn}
|
1999-12-12 01:58:30 +00:00
|
|
|
eval showstat_$ifn=1
|
1999-03-24 10:28:49 +00:00
|
|
|
fi
|
1999-09-13 15:44:20 +00:00
|
|
|
|
|
|
|
|
# Do the primary ifconfig if specified
|
|
|
|
|
#
|
|
|
|
|
eval ifconfig_args=\$ifconfig_${ifn}
|
|
|
|
|
|
|
|
|
|
case ${ifconfig_args} in
|
|
|
|
|
'')
|
|
|
|
|
;;
|
|
|
|
|
[Dd][Hh][Cc][Pp])
|
1999-12-12 01:58:30 +00:00
|
|
|
# DHCP inits are done all in one go below
|
|
|
|
|
dhcp_interfaces="$dhcp_interfaces $ifn"
|
|
|
|
|
eval showstat_$ifn=1
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
ifconfig ${ifn} ${ifconfig_args}
|
1999-12-12 01:58:30 +00:00
|
|
|
eval showstat_$ifn=1
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
1999-12-12 01:58:30 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
|
|
if [ ! -z "${dhcp_interfaces}" ]; then
|
|
|
|
|
${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces}
|
|
|
|
|
fi
|
1999-09-13 15:44:20 +00:00
|
|
|
|
1999-12-12 01:58:30 +00:00
|
|
|
for ifn in ${network_interfaces}; do
|
1999-09-13 15:44:20 +00:00
|
|
|
# Check to see if aliases need to be added
|
|
|
|
|
#
|
|
|
|
|
alias=0
|
|
|
|
|
while : ; do
|
|
|
|
|
eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
|
|
|
|
|
if [ -n "${ifconfig_args}" ]; then
|
|
|
|
|
ifconfig ${ifn} ${ifconfig_args} alias
|
1999-12-12 01:58:30 +00:00
|
|
|
eval showstat_$ifn=1
|
2001-11-14 06:35:43 +00:00
|
|
|
alias=$((${alias} + 1))
|
1999-09-13 15:44:20 +00:00
|
|
|
else
|
|
|
|
|
break;
|
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
|
|
|
|
|
# Do ipx address if specified
|
|
|
|
|
#
|
|
|
|
|
eval ifconfig_args=\$ifconfig_${ifn}_ipx
|
|
|
|
|
if [ -n "${ifconfig_args}" ]; then
|
|
|
|
|
ifconfig ${ifn} ${ifconfig_args}
|
1999-12-12 01:58:30 +00:00
|
|
|
eval showstat_$ifn=1
|
1999-09-13 15:44:20 +00:00
|
|
|
fi
|
1999-12-12 01:58:30 +00:00
|
|
|
done
|
1999-09-13 15:44:20 +00:00
|
|
|
|
1999-12-12 01:58:30 +00:00
|
|
|
for ifn in ${network_interfaces}; do
|
|
|
|
|
eval showstat=\$showstat_${ifn}
|
|
|
|
|
if [ ! -z ${showstat} ]; then
|
1999-09-13 15:44:20 +00:00
|
|
|
ifconfig ${ifn}
|
1999-12-12 01:58:30 +00:00
|
|
|
fi
|
1999-09-13 15:44:20 +00:00
|
|
|
done
|
|
|
|
|
|
2000-02-06 16:33:54 +00:00
|
|
|
# ISDN subsystem startup
|
|
|
|
|
#
|
|
|
|
|
case ${isdn_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -r /etc/rc.isdn ]; then
|
|
|
|
|
. /etc/rc.isdn
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2000-08-10 00:13:02 +00:00
|
|
|
# Start user ppp if required. This must happen before natd.
|
1999-09-13 15:44:20 +00:00
|
|
|
#
|
|
|
|
|
case ${ppp_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
# Establish ppp mode.
|
|
|
|
|
#
|
|
|
|
|
if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \
|
|
|
|
|
-a "${ppp_mode}" != "dedicated" \
|
|
|
|
|
-a "${ppp_mode}" != "background" ]; then
|
2000-08-10 00:13:02 +00:00
|
|
|
ppp_mode="auto"
|
1999-09-13 15:44:20 +00:00
|
|
|
fi
|
|
|
|
|
|
2000-08-10 00:13:02 +00:00
|
|
|
ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}"
|
1999-09-13 15:44:20 +00:00
|
|
|
|
2000-08-10 00:13:02 +00:00
|
|
|
# Switch on NAT mode?
|
1999-09-13 15:44:20 +00:00
|
|
|
#
|
|
|
|
|
case ${ppp_nat} in
|
|
|
|
|
[Yy][Ee][Ss])
|
2000-08-10 00:13:02 +00:00
|
|
|
ppp_command="${ppp_command} -nat"
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2000-08-10 00:13:02 +00:00
|
|
|
ppp_command="${ppp_command} ${ppp_profile}"
|
|
|
|
|
|
2001-06-10 16:21:56 +00:00
|
|
|
echo "Starting ppp as \"${ppp_user}\""
|
2000-09-28 05:43:44 +00:00
|
|
|
su -m ${ppp_user} -c "exec ${ppp_command}"
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2001-11-24 13:48:30 +00:00
|
|
|
# Re-Sync ipfilter so it picks up any new network interfaces
|
2001-10-20 04:46:32 +00:00
|
|
|
#
|
2001-11-24 13:48:30 +00:00
|
|
|
case ${ipfilter_active} in
|
2001-10-20 04:46:32 +00:00
|
|
|
[Yy][Ee][Ss])
|
2001-11-24 13:48:30 +00:00
|
|
|
${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags}
|
2001-10-20 04:46:32 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
2001-11-24 13:48:30 +00:00
|
|
|
unset ipfilter_active
|
2001-10-20 04:46:32 +00:00
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
# Initialize IP filtering using ipfw
|
|
|
|
|
#
|
|
|
|
|
if /sbin/ipfw -q flush > /dev/null 2>&1; then
|
|
|
|
|
firewall_in_kernel=1
|
1997-09-11 10:59:02 +00:00
|
|
|
else
|
1999-09-13 15:44:20 +00:00
|
|
|
firewall_in_kernel=0
|
1997-09-11 10:59:02 +00:00
|
|
|
fi
|
1999-09-13 15:44:20 +00:00
|
|
|
|
|
|
|
|
case ${firewall_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then
|
|
|
|
|
firewall_in_kernel=1
|
2000-12-17 08:16:06 +00:00
|
|
|
echo 'Kernel firewall module loaded'
|
1999-09-13 15:44:20 +00:00
|
|
|
elif [ "${firewall_in_kernel}" -eq 0 ]; then
|
2000-12-17 08:16:06 +00:00
|
|
|
echo 'Warning: firewall kernel module failed to load'
|
1999-09-13 15:44:20 +00:00
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
# Load the filters if required
|
|
|
|
|
#
|
|
|
|
|
case ${firewall_in_kernel} in
|
|
|
|
|
1)
|
|
|
|
|
if [ -z "${firewall_script}" ]; then
|
|
|
|
|
firewall_script=/etc/rc.firewall
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
case ${firewall_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
1999-09-19 21:32:42 +00:00
|
|
|
if [ -r "${firewall_script}" ]; then
|
|
|
|
|
. "${firewall_script}"
|
1999-09-13 15:44:20 +00:00
|
|
|
echo -n 'Firewall rules loaded, starting divert daemons:'
|
|
|
|
|
|
|
|
|
|
# Network Address Translation daemon
|
|
|
|
|
#
|
|
|
|
|
case ${natd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -n "${natd_interface}" ]; then
|
|
|
|
|
if echo ${natd_interface} | \
|
|
|
|
|
grep -q -E '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
|
|
|
|
|
natd_ifarg="-a ${natd_interface}"
|
|
|
|
|
else
|
|
|
|
|
natd_ifarg="-n ${natd_interface}"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ${natd_ifarg}
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
echo '.'
|
|
|
|
|
|
|
|
|
|
elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then
|
2000-12-17 08:16:06 +00:00
|
|
|
echo 'Warning: kernel has firewall functionality,' \
|
|
|
|
|
'but firewall rules are not enabled.'
|
|
|
|
|
echo ' All ip services are disabled.'
|
1999-09-13 15:44:20 +00:00
|
|
|
fi
|
2000-05-06 17:18:19 +00:00
|
|
|
|
|
|
|
|
case ${firewall_logging} in
|
|
|
|
|
[Yy][Ee][Ss] | '')
|
|
|
|
|
echo 'Firewall logging=YES'
|
|
|
|
|
sysctl -w net.inet.ip.fw.verbose=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
# Additional ATM interface configuration
|
|
|
|
|
#
|
|
|
|
|
if [ -n "${atm_pass1_done}" ]; then
|
|
|
|
|
atm_pass2
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Configure routing
|
|
|
|
|
#
|
|
|
|
|
case ${defaultrouter} in
|
|
|
|
|
[Nn][Oo] | '')
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
static_routes="default ${static_routes}"
|
|
|
|
|
route_default="default ${defaultrouter}"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
# Set up any static routes. This should be done before router discovery.
|
|
|
|
|
#
|
|
|
|
|
if [ -n "${static_routes}" ]; then
|
|
|
|
|
for i in ${static_routes}; do
|
|
|
|
|
eval route_args=\$route_${i}
|
|
|
|
|
route add ${route_args}
|
|
|
|
|
done
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo -n 'Additional routing options:'
|
|
|
|
|
case ${tcp_extensions} in
|
|
|
|
|
[Yy][Ee][Ss] | '')
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo -n ' tcp extensions=NO'
|
|
|
|
|
sysctl -w net.inet.tcp.rfc1323=0 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${icmp_bmcastecho} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' broadcast ping responses=YES'
|
|
|
|
|
sysctl -w net.inet.icmp.bmcastecho=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${icmp_drop_redirect} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' ignore ICMP redirect=YES'
|
|
|
|
|
sysctl -w net.inet.icmp.drop_redirect=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${icmp_log_redirect} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' log ICMP redirect=YES'
|
|
|
|
|
sysctl -w net.inet.icmp.log_redirect=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${gateway_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' IP gateway=YES'
|
|
|
|
|
sysctl -w net.inet.ip.forwarding=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${forward_sourceroute} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' do source routing=YES'
|
|
|
|
|
sysctl -w net.inet.ip.sourceroute=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${accept_sourceroute} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' accept source routing=YES'
|
|
|
|
|
sysctl -w net.inet.ip.accept_sourceroute=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${tcp_keepalive} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' TCP keepalive=YES'
|
|
|
|
|
sysctl -w net.inet.tcp.always_keepalive=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${tcp_drop_synfin} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' drop SYN+FIN packets=YES'
|
|
|
|
|
sysctl -w net.inet.tcp.drop_synfin=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${ipxgateway_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' IPX gateway=YES'
|
|
|
|
|
sysctl -w net.ipx.ipx.ipxforwarding=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${arpproxy_all} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' ARP proxyall=YES'
|
|
|
|
|
sysctl -w net.link.ether.inet.proxyall=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
2000-06-22 17:40:53 +00:00
|
|
|
|
|
|
|
|
case ${ip_portrange_first} in
|
|
|
|
|
[Nn][Oo] | '')
|
|
|
|
|
;;
|
|
|
|
|
*)
|
2000-10-12 11:25:57 +00:00
|
|
|
echo -n " ip_portrange_first=$ip_portrange_first"
|
2000-06-22 17:40:53 +00:00
|
|
|
sysctl -w net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${ip_portrange_last} in
|
|
|
|
|
[Nn][Oo] | '')
|
2000-08-16 23:08:28 +00:00
|
|
|
;;
|
2000-06-22 17:40:53 +00:00
|
|
|
*)
|
2000-10-12 11:25:57 +00:00
|
|
|
echo -n " ip_portrange_last=$ip_portrange_last"
|
2000-06-22 17:40:53 +00:00
|
|
|
sysctl -w net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
echo '.'
|
|
|
|
|
|
2000-05-16 06:52:11 +00:00
|
|
|
case ${ipsec_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -f ${ipsec_file} ]; then
|
|
|
|
|
echo ' ipsec: enabled'
|
|
|
|
|
setkey -f ${ipsec_file}
|
|
|
|
|
else
|
|
|
|
|
echo ' ipsec: file not found'
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2000-12-17 08:16:06 +00:00
|
|
|
echo -n 'Routing daemons:'
|
1999-09-13 15:44:20 +00:00
|
|
|
case ${router_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n " ${router}"; ${router} ${router_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${ipxrouted_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' IPXrouted'
|
|
|
|
|
IPXrouted ${ipxrouted_flags} > /dev/null 2>&1
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${mrouted_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' mrouted'; mrouted ${mrouted_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${rarpd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' rarpd'; rarpd ${rarpd_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
echo '.'
|
|
|
|
|
|
|
|
|
|
# Let future generations know we made it.
|
|
|
|
|
#
|
|
|
|
|
network_pass1_done=YES
|
1997-04-27 03:59:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
network_pass2() {
|
1999-09-13 15:44:20 +00:00
|
|
|
echo -n 'Doing additional network setup:'
|
|
|
|
|
case ${named_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' named'; ${named_program:-named} ${named_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${ntpdate_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' ntpdate'
|
|
|
|
|
${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${xntpd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
1999-12-17 13:36:40 +00:00
|
|
|
echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags}
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${timed_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' timed'; timed ${timed_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${portmap_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
echo -n ' rpcbind'; ${portmap_program:-/usr/sbin/rpcbind} \
|
|
|
|
|
${portmap_flags}
|
1999-09-13 15:44:20 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
# Start ypserv if we're an NIS server.
|
|
|
|
|
# Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server.
|
|
|
|
|
#
|
|
|
|
|
case ${nis_server_enable} in
|
1999-09-13 15:44:20 +00:00
|
|
|
[Yy][Ee][Ss])
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
echo -n ' ypserv'; ypserv ${nis_server_flags}
|
|
|
|
|
|
|
|
|
|
case ${nis_ypxfrd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' rpc.ypxfrd'
|
|
|
|
|
rpc.ypxfrd ${nis_ypxfrd_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${nis_yppasswdd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' rpc.yppasswdd'
|
|
|
|
|
rpc.yppasswdd ${nis_yppasswdd_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
# Start ypbind if we're an NIS client
|
|
|
|
|
#
|
|
|
|
|
case ${nis_client_enable} in
|
1999-09-13 15:44:20 +00:00
|
|
|
[Yy][Ee][Ss])
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
echo -n ' ypbind'; ypbind ${nis_client_flags}
|
|
|
|
|
case ${nis_ypset_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' ypset'; ypset ${nis_ypset_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
# Start keyserv if we are running Secure RPC
|
|
|
|
|
#
|
|
|
|
|
case ${keyserv_enable} in
|
1999-09-13 15:44:20 +00:00
|
|
|
[Yy][Ee][Ss])
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
echo -n ' keyserv'; keyserv ${keyserv_flags}
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
# Start ypupdated if we are running Secure RPC
|
|
|
|
|
# and we are NIS master
|
|
|
|
|
#
|
|
|
|
|
case ${rpc_ypupdated_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' rpc.ypupdated'; rpc.ypupdated
|
|
|
|
|
;;
|
|
|
|
|
esac
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
# Start ATM daemons
|
|
|
|
|
if [ -n "${atm_pass2_done}" ]; then
|
|
|
|
|
atm_pass3
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
echo '.'
|
|
|
|
|
network_pass2_done=YES
|
1997-04-27 03:59:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
network_pass3() {
|
1999-09-13 15:44:20 +00:00
|
|
|
echo -n 'Starting final network daemons:'
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${portmap_enable} in
|
1999-09-13 15:44:20 +00:00
|
|
|
[Yy][Ee][Ss])
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${nfs_server_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
2001-10-19 06:50:52 +00:00
|
|
|
# Handle absent nfs server support
|
|
|
|
|
nfsserver_in_kernel=0
|
|
|
|
|
if sysctl vfs.nfsrv >/dev/null 2>&1; then
|
|
|
|
|
nfsserver_in_kernel=1
|
|
|
|
|
else
|
|
|
|
|
kldload nfsserver && nfsserver_in_kernel=1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ -r /etc/exports -a \
|
|
|
|
|
${nfsserver_in_kernel} -eq 1 ]; then
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
echo -n ' mountd'
|
1999-09-13 15:44:20 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${weak_mountd_authentication} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
mountd_flags="${mountd_flags} -n"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
1999-09-13 15:44:20 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
mountd ${mountd_flags}
|
1999-09-13 15:44:20 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${nfs_reserved_port_only} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' NFS on reserved port only=YES'
|
2001-09-19 00:22:26 +00:00
|
|
|
sysctl -w vfs.nfsrv.nfs_privport=1 > /dev/null
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
1999-09-13 15:44:20 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
echo -n ' nfsd'; nfsd ${nfs_server_flags}
|
2000-03-27 21:38:35 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${rpc_lockd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' rpc.lockd'; rpc.lockd
|
|
|
|
|
;;
|
|
|
|
|
esac
|
1999-11-14 21:28:13 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${rpc_statd_enable} in
|
1999-11-14 21:28:13 +00:00
|
|
|
[Yy][Ee][Ss])
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
echo -n ' rpc.statd'; rpc.statd
|
1999-11-14 21:28:13 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
2001-10-19 06:50:52 +00:00
|
|
|
else
|
|
|
|
|
echo -n ' Warning: nfs server failed'
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
case ${single_mountd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
if [ -r /etc/exports ]; then
|
|
|
|
|
echo -n ' mountd'
|
1999-11-14 21:28:13 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${weak_mountd_authentication} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
mountd_flags="-n"
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
mountd ${mountd_flags}
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${nfs_client_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
2001-09-19 00:22:26 +00:00
|
|
|
if [ -n "${nfs_access_cache}" ]; then
|
|
|
|
|
echo -n " NFS access cache time=${nfs_access_cache}"
|
|
|
|
|
sysctl -w vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null
|
|
|
|
|
fi
|
|
|
|
|
if [ -n "${nfs_bufpackets}" ]; then
|
|
|
|
|
sysctl -w vfs.nfs.bufpackets=${nfs_bufpackets} > /dev/null
|
1999-11-14 21:28:13 +00:00
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
esac
|
1999-09-13 15:44:20 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
# If /var/db/mounttab exists, some nfs-server has not been
|
2001-11-24 23:41:32 +00:00
|
|
|
# successfully notified about a previous client shutdown.
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
# If there is no /var/db/mounttab, we do nothing.
|
|
|
|
|
if [ -f /var/db/mounttab ]; then
|
|
|
|
|
rpc.umntall -k
|
1999-09-13 15:44:20 +00:00
|
|
|
fi
|
|
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
case ${amd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' amd'
|
|
|
|
|
case ${amd_map_program} in
|
|
|
|
|
[Nn][Oo] | '')
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
amd_flags="${amd_flags} `eval\
|
|
|
|
|
${amd_map_program}`"
|
|
|
|
|
;;
|
2001-06-16 15:48:43 +00:00
|
|
|
esac
|
2000-01-15 14:28:14 +00:00
|
|
|
|
Bring in a hybrid of SunSoft's transport-independent RPC (TI-RPC) and
associated changes that had to happen to make this possible as well as
bugs fixed along the way.
Bring in required TLI library routines to support this.
Since we don't support TLI we've essentially copied what NetBSD
has done, adding a thin layer to emulate direct the TLI calls
into BSD socket calls.
This is mostly from Sun's tirpc release that was made in 1994,
however some fixes were backported from the 1999 release (supposedly
only made available after this porting effort was underway).
The submitter has agreed to continue on and bring us up to the
1999 release.
Several key features are introduced with this update:
Client calls are thread safe. (1999 code has server side thread
safe)
Updated, a more modern interface.
Many userland updates were done to bring the code up to par with
the recent RPC API.
There is an update to the pthreads library, a function
pthread_main_np() was added to emulate a function of Sun's threads
library.
While we're at it, bring in NetBSD's lockd, it's been far too
long of a wait.
New rpcbind(8) replaces portmap(8) (supporting communication over
an authenticated Unix-domain socket, and by default only allowing
set and unset requests over that channel). It's much more secure
than the old portmapper.
Umount(8), mountd(8), mount_nfs(8), nfsd(8) have also been upgraded
to support TI-RPC and to support IPV6.
Umount(8) is also fixed to unmount pathnames longer than 80 chars,
which are currently truncated by the Kernel statfs structure.
Submitted by: Martin Blapp <mb@imp.ch>
Manpage review: ru
Secure RPC implemented by: wpaul
2001-03-19 12:50:13 +00:00
|
|
|
if [ -n "${amd_flags}" ]; then
|
|
|
|
|
amd -p ${amd_flags}\
|
|
|
|
|
> /var/run/amd.pid 2> /dev/null
|
|
|
|
|
else
|
|
|
|
|
amd 2> /dev/null
|
|
|
|
|
fi
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
case ${rwhod_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' rwhod'; rwhod ${rwhod_flags}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2001-07-28 19:57:57 +00:00
|
|
|
# Kerberos servers run ONLY on the Kerberos server machine
|
|
|
|
|
case ${kerberos4_server_enable} in
|
1999-09-13 15:44:20 +00:00
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
case ${kerberos_stash} in
|
|
|
|
|
[Yy][Ee][Ss])
|
2001-07-28 19:57:57 +00:00
|
|
|
stash=-n
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
*)
|
2001-07-28 19:57:57 +00:00
|
|
|
stash=
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2001-07-28 19:57:57 +00:00
|
|
|
echo -n ' kerberosIV'
|
|
|
|
|
${kerberos4_server} ${stash} >> /var/log/kerberos.log &
|
1999-09-13 15:44:20 +00:00
|
|
|
|
2001-07-28 19:57:57 +00:00
|
|
|
case ${kadmind4_server_enable} in
|
1999-09-13 15:44:20 +00:00
|
|
|
[Yy][Ee][Ss])
|
2001-07-28 19:57:57 +00:00
|
|
|
echo -n ' kadmindIV'
|
|
|
|
|
(
|
|
|
|
|
sleep 20;
|
|
|
|
|
${kadmind4_server} ${stash} >/dev/null 2>&1 &
|
|
|
|
|
) &
|
1999-09-13 15:44:20 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
unset stash_flag
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2001-07-28 19:57:57 +00:00
|
|
|
case ${kerberos5_server_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' kerberos5'
|
|
|
|
|
${kerberos5_server} &
|
|
|
|
|
|
|
|
|
|
case ${kadmind5_server_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
|
|
|
|
echo -n ' kadmind5'
|
|
|
|
|
${kadmind5_server} &
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
1999-11-23 00:22:25 +00:00
|
|
|
case ${pppoed_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
1999-11-23 00:26:03 +00:00
|
|
|
if [ -n "${pppoed_provider}" ]; then
|
1999-11-23 00:22:25 +00:00
|
|
|
pppoed_flags="${pppoed_flags} -p ${pppoed_provider}"
|
|
|
|
|
fi
|
|
|
|
|
echo -n ' pppoed';
|
|
|
|
|
/usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface}
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
2000-02-24 23:12:04 +00:00
|
|
|
case ${sshd_enable} in
|
|
|
|
|
[Yy][Ee][Ss])
|
2001-05-18 18:10:02 +00:00
|
|
|
if [ ! -f /etc/ssh/ssh_host_key ]; then
|
|
|
|
|
echo ' creating ssh RSA host key';
|
|
|
|
|
/usr/bin/ssh-keygen -N "" -f /etc/ssh/ssh_host_key
|
2000-02-28 19:21:05 +00:00
|
|
|
fi
|
2000-05-15 05:40:27 +00:00
|
|
|
if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then
|
|
|
|
|
echo ' creating ssh DSA host key';
|
|
|
|
|
/usr/bin/ssh-keygen -d -N "" -f /etc/ssh/ssh_host_dsa_key
|
|
|
|
|
fi
|
|
|
|
|
;;
|
2000-02-24 23:12:04 +00:00
|
|
|
esac
|
|
|
|
|
|
1999-09-13 15:44:20 +00:00
|
|
|
echo '.'
|
|
|
|
|
network_pass3_done=YES
|
1997-04-27 03:59:19 +00:00
|
|
|
}
|
1999-11-17 22:38:02 +00:00
|
|
|
|
|
|
|
|
network_pass4() {
|
|
|
|
|
echo -n 'Additional TCP options:'
|
|
|
|
|
case ${log_in_vain} in
|
|
|
|
|
[Nn][Oo] | '')
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
echo -n ' log_in_vain=YES'
|
|
|
|
|
sysctl -w net.inet.tcp.log_in_vain=1 >/dev/null
|
|
|
|
|
sysctl -w net.inet.udp.log_in_vain=1 >/dev/null
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
|
|
|
|
|
echo '.'
|
|
|
|
|
network_pass4_done=YES
|
|
|
|
|
}
|
Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
2000-09-06 18:16:48 +00:00
|
|
|
|
2001-06-03 12:26:56 +00:00
|
|
|
network_gif_setup() {
|
|
|
|
|
case ${gif_interfaces} in
|
|
|
|
|
[Nn][Oo] | '')
|
|
|
|
|
;;
|
|
|
|
|
*)
|
|
|
|
|
for i in ${gif_interfaces}; do
|
|
|
|
|
eval peers=\$gifconfig_$i
|
|
|
|
|
case ${peers} in
|
|
|
|
|
'')
|
|
|
|
|
continue
|
|
|
|
|
;;
|
|
|
|
|
*)
|
2001-09-19 21:27:27 +00:00
|
|
|
ifconfig $i create >/dev/null 2>&1
|
|
|
|
|
ifconfig $i tunnel ${peers}
|
2001-06-03 12:26:56 +00:00
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
done
|
|
|
|
|
;;
|
|
|
|
|
esac
|
|
|
|
|
}
|
|
|
|
|
|
Add nsswitch support. By creating an /etc/nsswitch.conf file, you can
configure FreeBSD so that various databases such as passwd and group can be
looked up using flat files, NIS, or Hesiod.
= Hesiod has been added to libc (see hesiod(3)).
= A library routine for parsing nsswitch.conf and invoking callback
functions as specified has been added to libc (see nsdispatch(3)).
= The following C library functions have been modified to use nsdispatch:
. getgrent, getgrnam, getgrgid
. getpwent, getpwnam, getpwuid
. getusershell
. getaddrinfo
. gethostbyname, gethostbyname2, gethostbyaddr
. getnetbyname, getnetbyaddr
. getipnodebyname, getipnodebyaddr, getnodebyname, getnodebyaddr
= host.conf has been removed from src/etc. rc.network has been modified
to warn that host.conf is no longer used at boot time. In addition, if
there is a host.conf but no nsswitch.conf, the latter is created at boot
time from the former.
Obtained from: NetBSD
2000-09-06 18:16:48 +00:00
|
|
|
convert_host_conf() {
|
|
|
|
|
host_conf=$1; shift;
|
|
|
|
|
nsswitch_conf=$1; shift;
|
|
|
|
|
awk ' \
|
|
|
|
|
/^[:blank:]*#/ { next } \
|
|
|
|
|
/(hosts|local|file)/ { nsswitch[c] = "files"; c++; next } \
|
|
|
|
|
/(dns|bind)/ { nsswitch[c] = "dns"; c++; next } \
|
|
|
|
|
/nis/ { nsswitch[c] = "nis"; c++; next } \
|
|
|
|
|
{ printf "Warning: unrecognized line [%s]", $0 > "/dev/stderr" } \
|
|
|
|
|
END { \
|
|
|
|
|
printf "hosts: "; \
|
|
|
|
|
for (i in nsswitch) printf "%s ", nsswitch[i]; \
|
|
|
|
|
printf "\n"; \
|
|
|
|
|
}' < $host_conf > $nsswitch_conf
|
|
|
|
|
}
|
|
|
|
|
|
2001-11-01 12:39:01 +00:00
|
|
|
generate_host_conf() {
|
|
|
|
|
nsswitch_conf=$1; shift;
|
|
|
|
|
host_conf=$1; shift;
|
|
|
|
|
|
|
|
|
|
awk '
|
|
|
|
|
BEGIN {
|
|
|
|
|
xlat["files"] = "hosts";
|
|
|
|
|
xlat["dns"] = "bind";
|
|
|
|
|
xlat["nis"] = "nis";
|
2001-11-07 00:33:56 +00:00
|
|
|
cont = 0;
|
2001-11-01 12:39:01 +00:00
|
|
|
}
|
2001-11-07 00:33:56 +00:00
|
|
|
sub(/^[\t ]*hosts:/, "") || cont {
|
|
|
|
|
if (!cont)
|
|
|
|
|
srcs = ""
|
|
|
|
|
sub(/#.*/, "")
|
|
|
|
|
gsub(/[][]/, " & ")
|
|
|
|
|
cont = sub(/\\$/, "")
|
|
|
|
|
srcs = srcs " " $0
|
2001-11-01 12:39:01 +00:00
|
|
|
}
|
2001-11-07 00:33:56 +00:00
|
|
|
END {
|
|
|
|
|
print "# Auto-generated from nsswitch.conf, do not edit"
|
|
|
|
|
ns = split(srcs, s)
|
|
|
|
|
for (n = 1; n <= ns; ++n) {
|
|
|
|
|
if (s[n] in xlat)
|
|
|
|
|
print xlat[s[n]]
|
|
|
|
|
}
|
2001-11-01 12:39:01 +00:00
|
|
|
}
|
|
|
|
|
' <$nsswitch_conf >$host_conf
|
|
|
|
|
}
|
