HardenedBSD/etc/rc.d/routing
Gordon Tetlow 242bd45fb4 Merge in all the changes that Mike Makonnen has been maintaining for a
while. This is only the script pieces, the glue for the build comes next.

Submitted by:   Mike Makonnen <makonnen@pacbell.net>
Reviewed by:    silence on -current and -hackers
Prodded by:     rwatson
2002-07-18 05:00:17 +00:00

141 lines
2.5 KiB
Bash

#!/bin/sh
#
# Configure routing and miscellaneous network tunables
#
# $FreeBSD$
#
# PROVIDE: network2
# REQUIRE: network1 ppp-user
# KEYWORD: FreeBSD
. /etc/rc.subr
name="network2"
start_cmd="network2_start"
stop_cmd=":"
network2_start()
{
case ${defaultrouter} in
[Nn][Oo] | '')
;;
*)
static_routes="default ${static_routes}"
route_default="default ${defaultrouter}"
;;
esac
# Setup static routes. This should be done before router discovery.
#
if [ -n "${static_routes}" ]; then
for i in ${static_routes}; do
eval route_args=\$route_${i}
route add ${route_args}
done
fi
echo -n 'Additional routing options:'
case ${tcp_extensions} in
[Yy][Ee][Ss] | '')
;;
*)
echo -n ' tcp extensions=NO'
sysctl net.inet.tcp.rfc1323=0 >/dev/null
;;
esac
case ${icmp_bmcastecho} in
[Yy][Ee][Ss])
echo -n ' broadcast ping responses=YES'
sysctl net.inet.icmp.bmcastecho=1 >/dev/null
;;
esac
case ${icmp_drop_redirect} in
[Yy][Ee][Ss])
echo -n ' ignore ICMP redirect=YES'
sysctl net.inet.icmp.drop_redirect=1 >/dev/null
;;
esac
case ${icmp_log_redirect} in
[Yy][Ee][Ss])
echo -n ' log ICMP redirect=YES'
sysctl net.inet.icmp.log_redirect=1 >/dev/null
;;
esac
case ${gateway_enable} in
[Yy][Ee][Ss])
echo -n ' IP gateway=YES'
sysctl net.inet.ip.forwarding=1 >/dev/null
;;
esac
case ${forward_sourceroute} in
[Yy][Ee][Ss])
echo -n ' do source routing=YES'
sysctl net.inet.ip.sourceroute=1 >/dev/null
;;
esac
case ${accept_sourceroute} in
[Yy][Ee][Ss])
echo -n ' accept source routing=YES'
sysctl net.inet.ip.accept_sourceroute=1 >/dev/null
;;
esac
case ${tcp_keepalive} in
[Nn][Oo])
echo -n ' TCP keepalive=NO'
sysctl net.inet.tcp.always_keepalive=0 >/dev/null
;;
esac
case ${tcp_drop_synfin} in
[Yy][Ee][Ss])
echo -n ' drop SYN+FIN packets=YES'
sysctl net.inet.tcp.drop_synfin=1 >/dev/null
;;
esac
case ${ipxgateway_enable} in
[Yy][Ee][Ss])
echo -n ' IPX gateway=YES'
sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null
;;
esac
case ${arpproxy_all} in
[Yy][Ee][Ss])
echo -n ' ARP proxyall=YES'
sysctl net.link.ether.inet.proxyall=1 >/dev/null
;;
esac
case ${ip_portrange_first} in
[Nn][Oo] | '')
;;
*)
echo -n " ip_portrange_first=$ip_portrange_first"
sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
;;
esac
case ${ip_portrange_last} in
[Nn][Oo] | '')
;;
*)
echo -n " ip_portrange_last=$ip_portrange_last"
sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
;;
esac
echo '.'
}
load_rc_config $name
run_rc_command "$1"