10696600cSBjoern A. Zeeb#!/bin/sh 20696600cSBjoern A. Zeeb# 30696600cSBjoern A. Zeeb# 40696600cSBjoern A. Zeeb 50696600cSBjoern A. Zeeb# PROVIDE: netoptions 60696600cSBjoern A. Zeeb# REQUIRE: FILESYSTEMS 70696600cSBjoern A. Zeeb# BEFORE: netif 81459a8ebSBjoern A. Zeeb# KEYWORD: nojailvnet 90696600cSBjoern A. Zeeb 100696600cSBjoern A. Zeeb. /etc/rc.subr 110696600cSBjoern A. Zeeb. /etc/network.subr 120696600cSBjoern A. Zeeb 130696600cSBjoern A. Zeebname="netoptions" 140696600cSBjoern A. Zeebdesc="Network options setup" 150696600cSBjoern A. Zeebstart_cmd="netoptions_start" 160696600cSBjoern A. Zeebstop_cmd=: 170696600cSBjoern A. Zeeb 180696600cSBjoern A. Zeeb_netoptions_initdone= 190696600cSBjoern A. Zeebnetoptions_init() 200696600cSBjoern A. Zeeb{ 210696600cSBjoern A. Zeeb if [ -z "${_netoptions_initdone}" ]; then 220696600cSBjoern A. Zeeb echo -n 'Additional TCP/IP options:' 230696600cSBjoern A. Zeeb _netoptions_initdone=yes 240696600cSBjoern A. Zeeb fi 250696600cSBjoern A. Zeeb} 260696600cSBjoern A. Zeeb 270696600cSBjoern A. Zeebnetoptions_start() 280696600cSBjoern A. Zeeb{ 290696600cSBjoern A. Zeeb local _af 300696600cSBjoern A. Zeeb 310696600cSBjoern A. Zeeb for _af in inet inet6; do 320696600cSBjoern A. Zeeb afexists ${_af} && eval netoptions_${_af} 330696600cSBjoern A. Zeeb done 340696600cSBjoern A. Zeeb [ -n "${_netoptions_initdone}" ] && echo '.' 350696600cSBjoern A. Zeeb} 360696600cSBjoern A. Zeeb 370696600cSBjoern A. Zeebnetoptions_inet() 380696600cSBjoern A. Zeeb{ 390696600cSBjoern A. Zeeb case ${log_in_vain} in 400696600cSBjoern A. Zeeb [12]) 410696600cSBjoern A. Zeeb netoptions_init 420696600cSBjoern A. Zeeb echo -n " log_in_vain=${log_in_vain}" 430696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null 440696600cSBjoern A. Zeeb ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null 450696600cSBjoern A. Zeeb ;; 460696600cSBjoern A. Zeeb *) 470696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null 480696600cSBjoern A. Zeeb ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null 490696600cSBjoern A. Zeeb ;; 500696600cSBjoern A. Zeeb esac 510696600cSBjoern A. Zeeb 520696600cSBjoern A. Zeeb if checkyesno tcp_extensions; then 530696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null 540696600cSBjoern A. Zeeb else 550696600cSBjoern A. Zeeb netoptions_init 560696600cSBjoern A. Zeeb echo -n " rfc1323 extensions=${tcp_extensions}" 570696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null 580696600cSBjoern A. Zeeb fi 590696600cSBjoern A. Zeeb 600696600cSBjoern A. Zeeb if checkyesno tcp_keepalive; then 610696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null 620696600cSBjoern A. Zeeb else 630696600cSBjoern A. Zeeb netoptions_init 640696600cSBjoern A. Zeeb echo -n " TCP keepalive=${tcp_keepalive}" 650696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null 660696600cSBjoern A. Zeeb fi 670696600cSBjoern A. Zeeb 680696600cSBjoern A. Zeeb if checkyesno tcp_drop_synfin; then 690696600cSBjoern A. Zeeb netoptions_init 700696600cSBjoern A. Zeeb echo -n " drop SYN+FIN packets=${tcp_drop_synfin}" 710696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null 720696600cSBjoern A. Zeeb else 730696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null 740696600cSBjoern A. Zeeb fi 750696600cSBjoern A. Zeeb 760696600cSBjoern A. Zeeb case ${ip_portrange_first} in 770696600cSBjoern A. Zeeb [0-9]*) 780696600cSBjoern A. Zeeb netoptions_init 790696600cSBjoern A. Zeeb echo -n " ip_portrange_first=$ip_portrange_first" 800696600cSBjoern A. Zeeb ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 810696600cSBjoern A. Zeeb ;; 820696600cSBjoern A. Zeeb esac 830696600cSBjoern A. Zeeb 840696600cSBjoern A. Zeeb case ${ip_portrange_last} in 850696600cSBjoern A. Zeeb [0-9]*) 860696600cSBjoern A. Zeeb netoptions_init 870696600cSBjoern A. Zeeb echo -n " ip_portrange_last=$ip_portrange_last" 880696600cSBjoern A. Zeeb ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 890696600cSBjoern A. Zeeb ;; 900696600cSBjoern A. Zeeb esac 910696600cSBjoern A. Zeeb} 920696600cSBjoern A. Zeeb 930696600cSBjoern A. Zeebnetoptions_inet6() 940696600cSBjoern A. Zeeb{ 950696600cSBjoern A. Zeeb if checkyesno ipv6_ipv4mapping; then 960696600cSBjoern A. Zeeb netoptions_init 970696600cSBjoern A. Zeeb echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" 980696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null 990696600cSBjoern A. Zeeb else 1000696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null 1010696600cSBjoern A. Zeeb fi 1020696600cSBjoern A. Zeeb 1030696600cSBjoern A. Zeeb if checkyesno ipv6_privacy; then 1040696600cSBjoern A. Zeeb netoptions_init 1050696600cSBjoern A. Zeeb echo -n " IPv6 Privacy Addresses" 1060696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null 1070696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null 1080696600cSBjoern A. Zeeb fi 1090696600cSBjoern A. Zeeb 1100696600cSBjoern A. Zeeb case $ipv6_cpe_wanif in 1110696600cSBjoern A. Zeeb ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) 1120696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null 1130696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null 1140696600cSBjoern A. Zeeb ;; 1150696600cSBjoern A. Zeeb *) 1160696600cSBjoern A. Zeeb netoptions_init 1170696600cSBjoern A. Zeeb echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}" 1180696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null 1190696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null 1200696600cSBjoern A. Zeeb ;; 1210696600cSBjoern A. Zeeb esac 1220696600cSBjoern A. Zeeb} 1230696600cSBjoern A. Zeeb 1240696600cSBjoern A. Zeebload_rc_config $name 125*f99f0ee1SAlexander Leidinger 126*f99f0ee1SAlexander Leidinger# doesn't make sense to run in a svcj: config setting 127*f99f0ee1SAlexander Leidingernetoptions_svcj="NO" 128*f99f0ee1SAlexander Leidinger 1290696600cSBjoern A. Zeebrun_rc_command $1 130