Major cleanup of PicoBSD startup scripts, which now should be

closer to doing "the right thing". The structure is now the following: * /etc/rc (from MFS) loads the rest of /etc and /root from /fd and then from floppy (if present), then transfers control to /etc/rc1 * /etc/rc1 loads defaults from /etc/rc.conf.defaults, tries to set the hostname basing on the MAC address of the first ethernet interface, and then sources /etc/rc.conf and /etc/rc.conf.local for local configurations * The rest of the startup process is then performed (rc.network and so on). Everything except the initial /etc/rc (from MFS) can be overridden with a local version loaded from floppy. But in most cases, you should only need to customize the following files in /etc: rc.conf rc.firewall hosts Previously there were a number of inconsistencies in the calling between files, and also a lot of clutter in rc.conf and rc.firewall. Also, "rc1" was called "rc" and would overwrite the initial /etc/rc from MFS, making it really hard to figure out what was going on in case of bugs.
2002-03-08 05:15:08 +00:00 · 2002-03-08 05:15:08 +00:00 · 107a6eaf0a
commit 107a6eaf0a
parent 7a70e8e1f4
8 changed files with 322 additions and 346 deletions
--- a/release/picobsd/floppy.tree/etc/networks
+++ b/release/picobsd/floppy.tree/etc/networks
@ -1,4 +1,4 @@
-ample networks file. Picobsd scripts will look for entries of the form
+# Sample networks file. Picobsd scripts will look for entries of the form
 # hostname-netmask      255.255.255.0
 # when searching for masks
 vm-netmask              255.255.255.0
--- a/release/picobsd/floppy.tree/etc/rc
+++ b/release/picobsd/floppy.tree/etc/rc
@ -1,69 +0,0 @@
-#!/bin/sh
-# $FreeBSD$
-############################################
-### Special setup for one floppy PICOBSD ###
-### THIS IS NOT THE NORMAL /etc/rc !!!!! ###
-############################################
-mount -a -t nonfs
-# before calling rc.conf, try to identify the system by using the
-# ethernet address and name of the first interface. This is available
-# to rc.conf and others as $main_eth $main_if for further processing.
-
-main_ether=""
-for main_if in `ifconfig -l` ; do
-    set `ifconfig $main_if`
-    while [ "$1" != "" ] ; do
-	if [ $1 = "ether" ] ; then
-	    main_ether=$2
-	    break 2
-	else
-	    shift
-	fi
-    done
-done
-
-if [ -f /etc/rc.conf ]; then
-    . /etc/rc.conf
-    set_main_interface
-    set_all_interfaces
-fi
-rm -f /var/run/*
-if [ "x$swapfile" != "xNO" -a -w "$swapfile" -a -b /dev/vn0b ]; then
-	echo "Adding $swapfile as additional swap."
-	vnconfig /dev/vn0b $swapfile && swapon /dev/vn0b
-fi
-# configure serial devices
-if [ -f /etc/rc.serial ]; then
-	. /etc/rc.serial
-fi
-# start up the initial network configuration.
-if [ -f /etc/rc.network ]; then
-	. /etc/rc.network
-	network_pass1
-fi
-mount -a -t nfs
-chmod 666 /dev/tty[pqrsPQRS]*
-# clean up left-over files
-(cd /var/run && { cp /dev/null utmp; chmod 644 utmp; })
-if [ -n "$network_pass1_done" ]; then
-    network_pass2
-fi
-if [ -n "$network_pass2_done" ]; then
-    network_pass3
-fi
-if [ "X${inetd_enable}" = X"YES" -a -f /stand/inetd ]; then
-	echo "Starting inetd."; inetd ${inetd_flags}
-fi
-
-[ "X${sshd_enable}" = "XYES" ] && [ -f /stand/sshd ] && \
-	sshd -f /etc/sshd_config
-
-dev_mkdb
-
-echo ''
-if [ "x$swapfile" = "xNO" ]; then
-	echo "WARNING: no swap partition!"
-	echo "Don't run too many programs at the same time..."
-fi
-cat /etc/motd
-exit 0
--- a/release/picobsd/floppy.tree/etc/rc.conf
+++ b/release/picobsd/floppy.tree/etc/rc.conf
@ -1,154 +1,8 @@
-#!/bin/sh
-# $FreeBSD$
-#
-# rc.conf for picobsd.
-# $main_ether and $main_if are set from rc to the ethernet address and
-# name of the first ethernet interface, if available, so a simple
-# here-document below can be used for autoconfiguration.
-# Remaining parameters are set using a switch.
+# Sample rc.conf file for PicoBSD
+# you should mostly set variables here, see rc.conf.defaults.

-rc_conf_set_defaults() {
-syslogd_enable="NO"
-pccard_enable="NO"
-swapfile="NO"		# Set to name of swapfile if aux swapfile desired.
-firewall_enable="NO"		# firewall type (see /etc/rc.firewall) or NO
-tcp_extensions="NO"		# Allow RFC1323 & RFC1644 extensions (or NO).
-ifconfig_lo0="inet 127.0.0.1"	# default loopback device configuration.
-#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
-### Network daemons options: ###
-sshd_enable="YES"		# if present...
-inetd_enable="YES"		# Run the network daemon dispatcher (or NO)
-inetd_flags=""			# Optional flags to inetd
-snmpd_enable="NO"		# Run the SNMP daemon (or NO)
-snmpd_flags="-C -c /etc/snmpd.conf"	# Optional flags to snmpd
-### Network routing options: ###
-defaultrouter="NO"		# Set to default gateway (or NO).
-static_routes=""		# Set to static route list (or leave empty).
-gateway_enable="NO"		# Set to YES if this host will be a gateway.
-arpproxy_all=""			# replaces obsolete kernel option ARP_PROXYALL.
-default_mask="0xffffff00"
-}
-
-# the following lets the user specify a name and ip for his system
-read_address() {
-    echo "Please enter a hostname and IP address for your system $main_ether"
-    read hostname the_ip
-    if [ "X$hostname" != "X" ] ; then
-	echo "# $main_ether $hostname" >> /etc/hosts
-	echo "$the_ip $hostname" >> /etc/hosts
-    else
-	hostname=default
-    fi
-}
-
-# set "ether" using $1 (interface name) as search key
-get_ether() {
-    local key
-    key=$1
-    ether=""
-    set `ifconfig ${key}`
-    while [ "$1" != "" ] ; do
-        if [ "$1" = "ether" ] ; then
-            ether=$2
-            break
-        else
-            shift
-        fi
-    done
-}
-
-# read content from /etc/hosts into an array (needed later in fetch_hostname)
-read_hosts() {
-    local i a b c key junk
-    i=""
-    while read a b c junk ; do
-        if [ "$a" = "#ethertable" ] ; then
-            i=0
-        elif [ "$i" != "" -a "X$a" = "X#" -a "$b" != "" ] ; then
-            eval eth_${i}=$b
-            eval eth_host_${i}=$c
-            i=$(($i+1))
-        fi
-    done < /etc/hosts
-}
-
-# set "hostname" using $1 (ethernet address) as search key in /etc/hosts
-fetch_hostname() {
-    local i b key
-    key=$1
-    i=0
-    b="x"
-    if [ "${eth_0}" = "" ] ; then
-	read_hosts
-    fi
-    hostname=""
-    while [ "$b" != "" -a "${hostname}" = "" ] ; do
-        eval b=\${eth_${i}}
-        case X${key} in
-        X${b} ) # so we can use wildcards
-            eval hostname=\${eth_host_${i}}
-            break
-            ;;
-        esac
-        i=$(($i+1))
-    done
-    echo "fetch_hostname for <${key}> returns <${hostname}>"
-}
-
-# sets "mask" using $1 (netmask name) as the search key in /etc/networks
-fetch_mask() {
-    local a b key junk
-    key=$1	# search key, typically hostname-netmask
-    mask=""
-    while read a b junk; do # key mask otherstuff
-	case X${key} in
-	X${a} )	# we can use wildcards
-	    mask=$b
-	    break
-	    ;;
-	esac
-    done < /etc/networks
-    if [ "${mask}" = "" ] ; then
-	mask=${default_mask}
-    fi
-    echo "fetch_mask for <${key}> returns <${mask}>"
-}
-
-
-set_main_interface() {
-    fetch_hostname ${main_ether}
-
-    if [ "X$hostname" = "X" -o "X$hostname" = "X." ] ; then
-	if [ "X$main_ether" = "X" ] ; then
-	    echo "No ethernets found, using localhost"
-	    hostname=localhost
-	else
-	    read_address
-	fi
-    fi
-    fetch_mask ${hostname}-netmask
-
-    eval ifconfig_${main_if}=\" \${hostname} netmask \${mask}\"
-    network_interfaces=`ifconfig -l`
-}
-
-set_all_interfaces() {
-    local i ether hostname mask
-
-    for i in `ifconfig -l` ; do
-	get_ether $i
-	fetch_hostname ${ether}
-	fetch_mask ${hostname}-netmask
-	if [ "${ether}" != "" -a "${hostname}" != "" ] ; then
-	    eval ifconfig_${i}=\" \${hostname} netmask \${mask}\"
-	fi
-    done
-}
-
-rc_conf_set_defaults
-
-### Allow local configuration override at the very end here ##
-### can make use of a case statement to set per-host things.
-if [ -f /etc/rc.conf.local ]; then
-	. /etc/rc.conf.local
-fi
+case ${hostname} in
+*)
+	echo "processing rc.conf for ${hostname}"
+	;;
+esac
--- a/release/picobsd/floppy.tree/etc/rc.conf.defaults
+++ b/release/picobsd/floppy.tree/etc/rc.conf.defaults
@ -0,0 +1,177 @@
+#!/bin/sh
+# $FreeBSD$
+#
+# rc.conf for picobsd. This is sourced from /etc/rc1, and is supposed to
+# contain only shell functions that are used later in /etc/rc1.
+
+# set default values for variables. Boolean values should be either
+# NO or YES -- other values are not guaranteed to work.
+
+rc_conf_set_defaults() {
+hostname=""			# Should not need to set it
+syslogd_enable="NO"
+pccard_enable="NO"
+swapfile=""			# name of swapfile if aux swapfile desired.
+
+# Network interface configurations: ifconfig_${interface}[_aliasNN]
+ifconfig_lo0="inet 127.0.0.1"	# default loopback device configuration.
+#ifconfig_lo0_alias0="inet 127.0.0.254 netmask 0xffffffff" # Sample alias entry.
+
+### Network daemons options: they are only run if present.
+sshd_enable="YES"		# if present...
+inetd_enable="YES"		# Run the network daemon dispatcher (or NO)
+inetd_flags=""			# Optional flags to inetd
+snmpd_enable="NO"		# Run the SNMP daemon (or NO)
+snmpd_flags="-C -c /etc/snmpd.conf"	# Optional flags to snmpd
+
+### Network routing options: ###
+defaultrouter="NO"		# Set to default gateway (or NO).
+static_routes=""		# Set to static route list (or leave empty).
+gateway_enable="NO"		# Set to YES if this host will be a gateway.
+arpproxy_all=""			# replaces obsolete kernel option ARP_PROXYALL.
+default_mask="0xffffff00"
+
+# Other network features
+firewall_enable="NO"
+firewall_quiet="NO"		# be quiet if set.
+firewall_type=""		# Standard types or absolute pathname.
+tcp_extensions="NO"		# Allow RFC1323 & RFC1644 extensions (or NO).
+}
+
+# Try to identify the system by using the MAC address and name of the
+# first ethernet interface, made available as $main_eth $main_if
+find_system_id() {
+    main_ether=""
+    for main_if in `ifconfig -l` ; do
+	set `ifconfig $main_if`
+	while [ "$1" != "" ] ; do
+	    if [ $1 = "ether" ] ; then
+		main_ether=$2
+		break 2
+	    else
+		shift
+	    fi
+	done
+    done
+}
+
+# the following lets the user specify a name and ip for his system
+read_address() {
+    echo "Please enter a hostname and IP address for your system $main_ether"
+    read hostname the_ip
+    if [ "${hostname}" != "" ] ; then
+	echo "# $main_ether $hostname" >> /etc/hosts
+	echo "$the_ip $hostname" >> /etc/hosts
+    else
+	hostname=default
+    fi
+}
+
+# set "ether" using $1 (interface name) as search key
+get_ether() {
+    local key
+    key=$1
+    ether=""
+    set `ifconfig ${key}`
+    while [ "$1" != "" ] ; do
+        if [ "$1" = "ether" ] ; then
+            ether=$2
+            break
+        else
+            shift
+        fi
+    done
+}
+
+# read content from /etc/hosts into a couple of arrays
+# (needed later in fetch_hostname)
+read_hosts() {
+    local i a b c key junk
+    i=""
+    while read a b c junk ; do
+        if [ "$a" = "#ethertable" ] ; then
+            i=0
+        elif [ "$i" != "" -a "$a" = "#" -a "$b" != "" ] ; then
+            eval eth_${i}=$b
+            eval eth_host_${i}=$c
+            i=$(($i+1))
+        fi
+    done < /etc/hosts
+}
+
+# set ${hostname} using $1 (MAC address) as search key in /etc/hosts
+# Returns empty value if $1 is empty
+fetch_hostname() {
+    local i b key
+    hostname=""
+    [ "$1" = "" ] && return
+    key=$1
+    i=0
+    b="x"
+    [ "${eth_0}" = "" ] && read_hosts # fill cache.
+    while [ "$b" != "" -a "${hostname}" = "" ] ; do
+        eval b=\${eth_${i}}
+        case X${key} in
+        X${b} ) # so we can use wildcards
+            eval hostname=\${eth_host_${i}}
+            break
+            ;;
+        esac
+        i=$(($i+1))
+    done
+    echo "fetch_hostname for <${key}> returns <${hostname}>"
+}
+
+# sets "mask" using $1 (netmask name) as the search key in /etc/networks
+fetch_mask() {
+    local a b key junk
+    key=$1	# search key, typically hostname-netmask
+    mask=""
+    while read a b junk; do # key mask otherstuff
+	case X${key} in
+	X${a} )	# The X is so we can use wildcards in ${a}
+	    mask=$b
+	    break
+	    ;;
+	esac
+    done < /etc/networks
+    if [ "${mask}" = "" ] ; then
+	mask=${default_mask}
+    fi
+    echo "fetch_mask for <${key}> returns <${mask}>"
+}
+
+# set hostname, and ifconfig_${main_if} (whose MAC is ${main_ether})
+# if not found, read from console
+set_main_interface() {
+    if [ -z "${hostname}" ] ; then
+	if [ -z "${main_ether}" ] ; then
+	    echo "No ethernets found, using localhost"
+	    hostname=localhost
+	    return
+	fi
+	fetch_hostname ${main_ether}
+    fi
+
+    [ -z "${hostname}" -o "${hostname}" = "." ] && read_address
+    
+    fetch_mask ${hostname}-netmask
+
+    eval ifconfig_${main_if}=\" \${hostname} netmask \${mask}\"
+    network_interfaces=`ifconfig -l`
+}
+
+# set ifconfig_${interface} for all other interfaces
+set_all_interfaces() {
+    local i ether hostname mask
+
+    for i in `ifconfig -l` ; do
+	if [ "$i" != "${main_if}" ] ; then
+	    get_ether $i
+	    fetch_hostname ${ether}
+	    fetch_mask ${hostname}-netmask
+	    [ -n "${ether}" -a -n "${hostname}" ] && \
+		eval ifconfig_${i}=\" \${hostname} netmask \${mask}\"
+	fi
+    done
+}
--- a/release/picobsd/floppy.tree/etc/rc.firewall
+++ b/release/picobsd/floppy.tree/etc/rc.firewall
@ -1,65 +1,20 @@
-############
-# Setup system for firewall service.
 # $FreeBSD$

-############
-# Define the firewall type in /etc/rc.conf.  Valid values are:
+# Setup system for firewall service, with some sample configurations.
+# Select one using ${firewall_type} which you can set in /etc/rc.conf.local.
+#
+# If you override this file with your own copy, you can use ${hostname}
+# as the key for the case statement. On entry, the firewall will be flushed
+# and $fwcmd will point to the appropriate command (usually /sbin/ipfw)
+#
+# Sample configurations are:
 #   open     - will allow anyone in
-#   client   - will try to protect just this machine
-#   simple   - will try to protect a whole network
+#   client   - will try to protect just this machine (should be customized).
+#   simple   - will try to protect a whole network (should be customized).
 #   closed   - totally disables IP services except via lo0 interface
 #   UNKNOWN  - disables the loading of firewall rules.
 #   filename - will load the rules in the given filename (full path required)
 #
-# For ``client'' and ``simple'' the entries below should be customized 
-# appropriately.
-
-############
-#
-# If you don't know enough about packet filtering, we suggest that you
-# take time to read this book:
-#
-#	Building Internet Firewalls
-#	Brent Chapman and Elizabeth Zwicky
-#
-#	O'Reilly & Associates, Inc
-#	ISBN 1-56592-124-0
-#	http://www.ora.com/
-#
-# For a more advanced treatment of Internet Security read:
-#
-#	Firewalls & Internet Security
-#	Repelling the wily hacker
-#	William R. Cheswick, Steven M. Bellowin
-#
-#	Addison-Wesley
-#	ISBN 0-201-6337-4
-#	http://www.awl.com/
-#
-
-if [ "x$1" != "x" ]; then
-	firewall_type=$1
-fi
-
-############
-# Set quiet mode if requested
-if [ "x$firewall_quiet" = "xYES" ]; then
-	fwcmd="/sbin/ipfw -q"
-else
-	fwcmd="/sbin/ipfw"
-fi
-
-############
-# Flush out the list before we begin.
-$fwcmd -f flush
-
-############
-# If you just configured ipfw in the kernel as a tool to solve network
-# problems or you just want to disallow some particular kinds of traffic
-# they you will want to change the default policy to open.  You can also
-# do this as your only action by setting the firewall_type to ``open''.
-
-# $fwcmd add 65000 pass all from any to any

 ############
 # Only in rare cases do you want to change these rules
@ -68,11 +23,12 @@ $fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8


 # Prototype setups.
-if [ "${firewall_type}" = "open" -o "${firewall_type}" = "OPEN" ]; then
+case "${firewall_type}" in
+open|OPEN)
+    $fwcmd add 65000 pass all from any to any
+    ;;

-	$fwcmd add 65000 pass all from any to any
-
-elif [ "${firewall_type}" = "client" ]; then
+client)

    ############
    # This is a prototype setup that will protect your system somewhat against
@ -109,8 +65,10 @@ elif [ "${firewall_type}" = "client" ]; then
    $fwcmd add pass udp from ${ip} to any 123

    # Everything else is denied as default.
+    $fwcmd add 65000 deny all from any to any
+    ;;

-elif [ "${firewall_type}" = "simple" ]; then
+simple)

    ############
    # This is a prototype setup for a simple firewall.  Configure this machine 
@ -166,7 +124,19 @@ elif [ "${firewall_type}" = "simple" ]; then
    $fwcmd add pass udp from ${oip} to any 123

    # Everything else is denied as default.
+    $fwcmd add 65000 deny all from any to any
+    ;;

-elif [ "${firewall_type}" != "UNKNOWN" -a -r "${firewall_type}" ]; then
+UNKNOWN|"")
+    echo "WARNING: firewall rules not loaded."
+    ;;
+
+*)  # an absolute pathname ?
+    if [ -f "${firewall_type}" ] ; then
 	$fwcmd ${firewall_type}
-fi
+    else
+	echo "WARNING: firewall config script (${firewall_type}) not found,"
+	echo "         firewall rules not loaded."
+    fi
+    ;;
+esac
--- a/release/picobsd/floppy.tree/etc/rc1
+++ b/release/picobsd/floppy.tree/etc/rc1
@ -0,0 +1,52 @@
+#!/bin/sh
+# $FreeBSD$
+### rc1, next stage 'rc' for PicoBSD -- THIS IS NOT THE NORMAL /etc/rc 
+
+pwd_mkdb -p ./master.passwd
+
+. /etc/rc.conf.defaults		# Load default procedures
+rc_conf_set_defaults		# Assign default values to variables.
+find_system_id			# Set $main_eth $main_if
+set_main_interface		# Set ${hostname} and ${ifconfig_${main_if}}
+set_all_interfaces		# Set ${ifconfig_${if}} for other interfaces.
+
+# Now process local configurations if present. ${hostname} should be set now,
+# so rc.conf[.local] can make use of a case statement to set per-host things.
+
+[ -f /etc/rc.conf ] && . /etc/rc.conf
+[ -f /etc/rc.conf.local ] && . /etc/rc.conf.local
+
+rm -f /var/run/*
+if [ "x$swapfile" != "xNO" -a -w "$swapfile" -a -b /dev/vn0b ]; then
+	echo "Adding $swapfile as additional swap."
+	vnconfig /dev/vn0b $swapfile && swapon /dev/vn0b
+else
+	echo "No swap partition available!"
+fi
+# configure serial devices
+[ -f /etc/rc.serial ] && . /etc/rc.serial
+
+# start up the initial network configuration.
+if [ -f /etc/rc.network ]; then
+	. /etc/rc.network
+	network_pass1
+fi
+mount -a -t nfs
+chmod 666 /dev/tty[pqrsPQRS]*
+# clean up left-over files
+(cd /var/run && { cp /dev/null utmp; chmod 644 utmp; })
+
+[ -n "$network_pass1_done" ] && network_pass2
+[ -n "$network_pass2_done" ] && network_pass3
+
+[ "${inetd_enable}" = "YES" -a -f /stand/inetd ] && \
+	{ echo "Starting inetd."; inetd ${inetd_flags} ; }
+
+[ "${sshd_enable}" = "YES" -a -f /stand/sshd ] && \
+	{ echo "Starting sshd..." ; sshd -f /etc/sshd_config ; }
+
+dev_mkdb
+
+echo ''
+cat /etc/motd
+exit 0
--- a/release/picobsd/mfs_tree/etc/rc
+++ b/release/picobsd/mfs_tree/etc/rc
@ -1,36 +1,24 @@
 #!/bin/sh
-# $FreeBSD$
-### Special setup for one floppy PICOBSD ###
-# WARNING !!! We overwrite this file during execution with a new rc file.
-# Awful things happen if this file's size is > 1024B

 stty status '^T'
 trap : 2
 trap : 3

 HOME=/; export HOME
-PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin
-export PATH
+PATH=/sbin:/bin:/usr/sbin:/usr/bin; export PATH
 dev="/dev/fd0"
-cp -p /etc/rc /etc/rc.master

 trap "echo 'Reboot interrupted'; exit 1" 3
-echo "Reading from MFS ..."
-cd /fd; cp -Rp etc root / ; cd /
-ls /dev
-echo "Reading /etc from ${dev}..."
-mount -o rdonly ${dev} /fd
-cd /fd; cp -Rp etc root / ; cd / ; umount /fd
+echo "Loading /etc from MFS:/fd ..."
+cp -Rp /fd/* /
+echo "Updating /etc from ${dev}..."
+mount -o rdonly ${dev} /fd && \
+{ cd /fd; cp -Rp etc root / ; cd / ; umount /fd ; }
 cd /etc
 #rm files to stop overwrite warning
 for i in *; do
-    if [ -f $i.gz ]; then
-	rm $i
-    fi
+    [ -f $i.gz ] && rm $i
 done
 gzip -d *.gz
-pwd_mkdb -p ./master.passwd
-echo "Ok. (Now you can remove ${dev} if you like)"
-echo ""
-. rc
+. rc1
 exit 0
--- a/release/picobsd/mfs_tree/etc/rc.network
+++ b/release/picobsd/mfs_tree/etc/rc.network
@ -1,70 +1,74 @@
 #!/bin/sh -
 # $FreeBSD$
+
 network_pass1() {
    echo -n 'Doing initial network setup:'
    # Set the host name if it is not already set
    if [ -z "`hostname -s`" ] ; then
-	    hostname $hostname
-	    echo ' hostname'
+	hostname $hostname
+	echo ' hostname'
    fi
    # Set up all the network interfaces, calling startup scripts if needed
    for ifn in ${network_interfaces}; do
-	    if [ -e /etc/start_if.${ifn} ]; then
-		    . /etc/start_if.${ifn}
+	[ -e /etc/start_if.${ifn} ] && . /etc/start_if.${ifn}
+	# Do the primary ifconfig if specified
+	eval ifconfig_args=\$ifconfig_${ifn}
+	[ -n "${ifconfig_args}" ] && ifconfig ${ifn} ${ifconfig_args}
+	# Check to see if aliases need to be added
+	alias=0
+	while :
+	do
+	    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
+	    if [ -n "${ifconfig_args}" ]; then
+		ifconfig ${ifn} ${ifconfig_args} alias
+		alias=`expr ${alias} + 1`
+	    else
+		break;
 	    fi
-	    # Do the primary ifconfig if specified
-	    eval ifconfig_args=\$ifconfig_${ifn}
-	    if [ -n "${ifconfig_args}" ] ; then
-		    ifconfig ${ifn} ${ifconfig_args}
-	    fi
-	    # Check to see if aliases need to be added
-	    alias=0
-	    while :
-	    do
-		    eval ifconfig_args=\$ifconfig_${ifn}_alias${alias}
-		    if [ -n "${ifconfig_args}" ]; then
-			    ifconfig ${ifn} ${ifconfig_args} alias
-			    alias=`expr ${alias} + 1`
-		    else
-			    break;
-		    fi
-	    done
-	    ifconfig ${ifn}
+	done
+	ifconfig ${ifn}
    done
    # Load the filters if required
-    if [ -n "$firewall_enable" -a -f /etc/rc.firewall -a \
-    	"x$firewall_enable" = "xYES" ] ; then
-    		. /etc/rc.firewall
-    		echo "Firewall rules loaded."
+    if [ -f /etc/rc.firewall -a "${firewall_enable}" = "YES" ] ; then
+	# Set quiet mode if requested
+	if [ "${firewall_quiet}" = "YES" ]; then
+	    fwcmd="/sbin/ipfw -q"
+	else
+	    fwcmd="/sbin/ipfw"
+	fi
+	$fwcmd -f flush	# Flush out the list before we begin.
+
+	. /etc/rc.firewall
+	echo "Firewall rules loaded."
    else
-	    echo "Warning: kernel has firewall functionality, but firewall rules weren't loaded."
-	    echo "         All ip services are ENABLED by default."
+	echo "Warning: kernel has firewall functionality, but firewall rules weren't loaded."
+	echo "         All ip services are ENABLED by default."
    fi
    # Configure routing
    if [ "x$defaultrouter" != "xNO" ] ; then
-	    static_routes="default ${static_routes}"
-	    route_default="default ${defaultrouter}"
+	static_routes="default ${static_routes}"
+	route_default="default ${defaultrouter}"
    fi
    # Set up any static routes.  This should be done before router discovery.
    if [ "x${static_routes}" != "x" ]; then
-	    for i in ${static_routes}; do
-		    eval route_args=\$route_${i}
-		    route add ${route_args}
-	    done
+	for i in ${static_routes}; do
+	    eval route_args=\$route_${i}
+	    route add ${route_args}
+	done
    fi
    echo -n 'Additional routing options:'
    if [ -n "$tcp_extensions" -a "x$tcp_extensions" != "xYES" ] ; then
-	    echo -n ' tcp_extensions=NO'
-	    sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
-	    sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
+	echo -n ' tcp_extensions=NO'
+	sysctl -w net.inet.tcp.rfc1323=0 >/dev/null 2>&1
+	sysctl -w net.inet.tcp.rfc1644=0 >/dev/null 2>&1
    fi
    if [ "X$gateway_enable" = X"YES" ]; then
-	    echo -n ' IP_gateway=YES'
-	    sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
+	echo -n ' IP_gateway=YES'
+	sysctl -w net.inet.ip.forwarding=1 >/dev/null 2>&1
    fi
    if [ "X$arpproxy_all" = X"YES" ]; then
-	    echo -n ' turning on ARP_PROXY_ALL: '
-	    sysctl -w net.link.ether.inet.proxyall=1 2>&1
+	echo -n ' turning on ARP_PROXY_ALL: '
+	sysctl -w net.link.ether.inet.proxyall=1 2>&1
    fi
    echo '.'
    network_pass1_done=YES	# Let future generations know we made it.