1*0696600cSBjoern A. Zeeb#!/bin/sh 2*0696600cSBjoern A. Zeeb# 3*0696600cSBjoern A. Zeeb# $FreeBSD$ 4*0696600cSBjoern A. Zeeb# 5*0696600cSBjoern A. Zeeb 6*0696600cSBjoern A. Zeeb# PROVIDE: netoptions 7*0696600cSBjoern A. Zeeb# REQUIRE: FILESYSTEMS 8*0696600cSBjoern A. Zeeb# BEFORE: netif 9*0696600cSBjoern A. Zeeb# KEYWORD: nojail 10*0696600cSBjoern A. Zeeb 11*0696600cSBjoern A. Zeeb. /etc/rc.subr 12*0696600cSBjoern A. Zeeb. /etc/network.subr 13*0696600cSBjoern A. Zeeb 14*0696600cSBjoern A. Zeebname="netoptions" 15*0696600cSBjoern A. Zeebdesc="Network options setup" 16*0696600cSBjoern A. Zeebstart_cmd="netoptions_start" 17*0696600cSBjoern A. Zeebstop_cmd=: 18*0696600cSBjoern A. Zeeb 19*0696600cSBjoern A. Zeeb_netoptions_initdone= 20*0696600cSBjoern A. Zeebnetoptions_init() 21*0696600cSBjoern A. Zeeb{ 22*0696600cSBjoern A. Zeeb if [ -z "${_netoptions_initdone}" ]; then 23*0696600cSBjoern A. Zeeb echo -n 'Additional TCP/IP options:' 24*0696600cSBjoern A. Zeeb _netoptions_initdone=yes 25*0696600cSBjoern A. Zeeb fi 26*0696600cSBjoern A. Zeeb} 27*0696600cSBjoern A. Zeeb 28*0696600cSBjoern A. Zeebnetoptions_start() 29*0696600cSBjoern A. Zeeb{ 30*0696600cSBjoern A. Zeeb local _af 31*0696600cSBjoern A. Zeeb 32*0696600cSBjoern A. Zeeb for _af in inet inet6; do 33*0696600cSBjoern A. Zeeb afexists ${_af} && eval netoptions_${_af} 34*0696600cSBjoern A. Zeeb done 35*0696600cSBjoern A. Zeeb [ -n "${_netoptions_initdone}" ] && echo '.' 36*0696600cSBjoern A. Zeeb} 37*0696600cSBjoern A. Zeeb 38*0696600cSBjoern A. Zeebnetoptions_inet() 39*0696600cSBjoern A. Zeeb{ 40*0696600cSBjoern A. Zeeb case ${log_in_vain} in 41*0696600cSBjoern A. Zeeb [12]) 42*0696600cSBjoern A. Zeeb netoptions_init 43*0696600cSBjoern A. Zeeb echo -n " log_in_vain=${log_in_vain}" 44*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null 45*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null 46*0696600cSBjoern A. Zeeb ;; 47*0696600cSBjoern A. Zeeb *) 48*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null 49*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null 50*0696600cSBjoern A. Zeeb ;; 51*0696600cSBjoern A. Zeeb esac 52*0696600cSBjoern A. Zeeb 53*0696600cSBjoern A. Zeeb if checkyesno tcp_extensions; then 54*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null 55*0696600cSBjoern A. Zeeb else 56*0696600cSBjoern A. Zeeb netoptions_init 57*0696600cSBjoern A. Zeeb echo -n " rfc1323 extensions=${tcp_extensions}" 58*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null 59*0696600cSBjoern A. Zeeb fi 60*0696600cSBjoern A. Zeeb 61*0696600cSBjoern A. Zeeb if checkyesno tcp_keepalive; then 62*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null 63*0696600cSBjoern A. Zeeb else 64*0696600cSBjoern A. Zeeb netoptions_init 65*0696600cSBjoern A. Zeeb echo -n " TCP keepalive=${tcp_keepalive}" 66*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null 67*0696600cSBjoern A. Zeeb fi 68*0696600cSBjoern A. Zeeb 69*0696600cSBjoern A. Zeeb if checkyesno tcp_drop_synfin; then 70*0696600cSBjoern A. Zeeb netoptions_init 71*0696600cSBjoern A. Zeeb echo -n " drop SYN+FIN packets=${tcp_drop_synfin}" 72*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null 73*0696600cSBjoern A. Zeeb else 74*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null 75*0696600cSBjoern A. Zeeb fi 76*0696600cSBjoern A. Zeeb 77*0696600cSBjoern A. Zeeb case ${ip_portrange_first} in 78*0696600cSBjoern A. Zeeb [0-9]*) 79*0696600cSBjoern A. Zeeb netoptions_init 80*0696600cSBjoern A. Zeeb echo -n " ip_portrange_first=$ip_portrange_first" 81*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null 82*0696600cSBjoern A. Zeeb ;; 83*0696600cSBjoern A. Zeeb esac 84*0696600cSBjoern A. Zeeb 85*0696600cSBjoern A. Zeeb case ${ip_portrange_last} in 86*0696600cSBjoern A. Zeeb [0-9]*) 87*0696600cSBjoern A. Zeeb netoptions_init 88*0696600cSBjoern A. Zeeb echo -n " ip_portrange_last=$ip_portrange_last" 89*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null 90*0696600cSBjoern A. Zeeb ;; 91*0696600cSBjoern A. Zeeb esac 92*0696600cSBjoern A. Zeeb} 93*0696600cSBjoern A. Zeeb 94*0696600cSBjoern A. Zeebnetoptions_inet6() 95*0696600cSBjoern A. Zeeb{ 96*0696600cSBjoern A. Zeeb if checkyesno ipv6_ipv4mapping; then 97*0696600cSBjoern A. Zeeb netoptions_init 98*0696600cSBjoern A. Zeeb echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}" 99*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null 100*0696600cSBjoern A. Zeeb else 101*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null 102*0696600cSBjoern A. Zeeb fi 103*0696600cSBjoern A. Zeeb 104*0696600cSBjoern A. Zeeb if checkyesno ipv6_privacy; then 105*0696600cSBjoern A. Zeeb netoptions_init 106*0696600cSBjoern A. Zeeb echo -n " IPv6 Privacy Addresses" 107*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null 108*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null 109*0696600cSBjoern A. Zeeb fi 110*0696600cSBjoern A. Zeeb 111*0696600cSBjoern A. Zeeb case $ipv6_cpe_wanif in 112*0696600cSBjoern A. Zeeb ""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0) 113*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null 114*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null 115*0696600cSBjoern A. Zeeb ;; 116*0696600cSBjoern A. Zeeb *) 117*0696600cSBjoern A. Zeeb netoptions_init 118*0696600cSBjoern A. Zeeb echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}" 119*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null 120*0696600cSBjoern A. Zeeb ${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null 121*0696600cSBjoern A. Zeeb ;; 122*0696600cSBjoern A. Zeeb esac 123*0696600cSBjoern A. Zeeb} 124*0696600cSBjoern A. Zeeb 125*0696600cSBjoern A. Zeebload_rc_config $name 126*0696600cSBjoern A. Zeebrun_rc_command $1 127