xref: /freebsd/libexec/rc/rc.d/netoptions (revision 1459a8eb247bcb10c4ee05d7b1ee1c2cb8a4b277) 
10696600cSBjoern A. Zeeb#!/bin/sh
20696600cSBjoern A. Zeeb#
30696600cSBjoern A. Zeeb# $FreeBSD$
40696600cSBjoern A. Zeeb#
50696600cSBjoern A. Zeeb
60696600cSBjoern A. Zeeb# PROVIDE: netoptions
70696600cSBjoern A. Zeeb# REQUIRE: FILESYSTEMS
80696600cSBjoern A. Zeeb# BEFORE: netif
9*1459a8ebSBjoern A. Zeeb# KEYWORD: nojailvnet
100696600cSBjoern A. Zeeb
110696600cSBjoern A. Zeeb. /etc/rc.subr
120696600cSBjoern A. Zeeb. /etc/network.subr
130696600cSBjoern A. Zeeb
140696600cSBjoern A. Zeebname="netoptions"
150696600cSBjoern A. Zeebdesc="Network options setup"
160696600cSBjoern A. Zeebstart_cmd="netoptions_start"
170696600cSBjoern A. Zeebstop_cmd=:
180696600cSBjoern A. Zeeb
190696600cSBjoern A. Zeeb_netoptions_initdone=
200696600cSBjoern A. Zeebnetoptions_init()
210696600cSBjoern A. Zeeb{
220696600cSBjoern A. Zeeb	if [ -z "${_netoptions_initdone}" ]; then
230696600cSBjoern A. Zeeb		echo -n 'Additional TCP/IP options:'
240696600cSBjoern A. Zeeb		_netoptions_initdone=yes
250696600cSBjoern A. Zeeb	fi
260696600cSBjoern A. Zeeb}
270696600cSBjoern A. Zeeb
280696600cSBjoern A. Zeebnetoptions_start()
290696600cSBjoern A. Zeeb{
300696600cSBjoern A. Zeeb	local _af
310696600cSBjoern A. Zeeb
320696600cSBjoern A. Zeeb	for _af in inet inet6; do
330696600cSBjoern A. Zeeb		afexists ${_af} && eval netoptions_${_af}
340696600cSBjoern A. Zeeb	done
350696600cSBjoern A. Zeeb	[ -n "${_netoptions_initdone}" ] && echo '.'
360696600cSBjoern A. Zeeb}
370696600cSBjoern A. Zeeb
380696600cSBjoern A. Zeebnetoptions_inet()
390696600cSBjoern A. Zeeb{
400696600cSBjoern A. Zeeb	case ${log_in_vain} in
410696600cSBjoern A. Zeeb	[12])
420696600cSBjoern A. Zeeb		netoptions_init
430696600cSBjoern A. Zeeb		echo -n " log_in_vain=${log_in_vain}"
440696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.log_in_vain=${log_in_vain} >/dev/null
450696600cSBjoern A. Zeeb		${SYSCTL} net.inet.udp.log_in_vain=${log_in_vain} >/dev/null
460696600cSBjoern A. Zeeb		;;
470696600cSBjoern A. Zeeb	*)
480696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.log_in_vain=0 >/dev/null
490696600cSBjoern A. Zeeb		${SYSCTL} net.inet.udp.log_in_vain=0 >/dev/null
500696600cSBjoern A. Zeeb		;;
510696600cSBjoern A. Zeeb	esac
520696600cSBjoern A. Zeeb
530696600cSBjoern A. Zeeb	if checkyesno tcp_extensions; then
540696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.rfc1323=1 >/dev/null
550696600cSBjoern A. Zeeb	else
560696600cSBjoern A. Zeeb		netoptions_init
570696600cSBjoern A. Zeeb		echo -n " rfc1323 extensions=${tcp_extensions}"
580696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.rfc1323=0 >/dev/null
590696600cSBjoern A. Zeeb	fi
600696600cSBjoern A. Zeeb
610696600cSBjoern A. Zeeb	if checkyesno tcp_keepalive; then
620696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.always_keepalive=1 >/dev/null
630696600cSBjoern A. Zeeb	else
640696600cSBjoern A. Zeeb		netoptions_init
650696600cSBjoern A. Zeeb		echo -n " TCP keepalive=${tcp_keepalive}"
660696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.always_keepalive=0 >/dev/null
670696600cSBjoern A. Zeeb	fi
680696600cSBjoern A. Zeeb
690696600cSBjoern A. Zeeb	if checkyesno tcp_drop_synfin; then
700696600cSBjoern A. Zeeb		netoptions_init
710696600cSBjoern A. Zeeb		echo -n " drop SYN+FIN packets=${tcp_drop_synfin}"
720696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.drop_synfin=1 >/dev/null
730696600cSBjoern A. Zeeb	else
740696600cSBjoern A. Zeeb		${SYSCTL} net.inet.tcp.drop_synfin=0 >/dev/null
750696600cSBjoern A. Zeeb	fi
760696600cSBjoern A. Zeeb
770696600cSBjoern A. Zeeb	case ${ip_portrange_first} in
780696600cSBjoern A. Zeeb	[0-9]*)
790696600cSBjoern A. Zeeb		netoptions_init
800696600cSBjoern A. Zeeb		echo -n " ip_portrange_first=$ip_portrange_first"
810696600cSBjoern A. Zeeb		${SYSCTL} net.inet.ip.portrange.first=$ip_portrange_first >/dev/null
820696600cSBjoern A. Zeeb		;;
830696600cSBjoern A. Zeeb	esac
840696600cSBjoern A. Zeeb
850696600cSBjoern A. Zeeb	case ${ip_portrange_last} in
860696600cSBjoern A. Zeeb	[0-9]*)
870696600cSBjoern A. Zeeb		netoptions_init
880696600cSBjoern A. Zeeb		echo -n " ip_portrange_last=$ip_portrange_last"
890696600cSBjoern A. Zeeb		${SYSCTL} net.inet.ip.portrange.last=$ip_portrange_last >/dev/null
900696600cSBjoern A. Zeeb		;;
910696600cSBjoern A. Zeeb	esac
920696600cSBjoern A. Zeeb}
930696600cSBjoern A. Zeeb
940696600cSBjoern A. Zeebnetoptions_inet6()
950696600cSBjoern A. Zeeb{
960696600cSBjoern A. Zeeb	if checkyesno ipv6_ipv4mapping; then
970696600cSBjoern A. Zeeb		netoptions_init
980696600cSBjoern A. Zeeb		echo -n " ipv4-mapped-ipv6=${ipv6_ipv4mapping}"
990696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.v6only=0 >/dev/null
1000696600cSBjoern A. Zeeb	else
1010696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.v6only=1 >/dev/null
1020696600cSBjoern A. Zeeb	fi
1030696600cSBjoern A. Zeeb
1040696600cSBjoern A. Zeeb	if checkyesno ipv6_privacy; then
1050696600cSBjoern A. Zeeb		netoptions_init
1060696600cSBjoern A. Zeeb		echo -n " IPv6 Privacy Addresses"
1070696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.use_tempaddr=1 >/dev/null
1080696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.prefer_tempaddr=1 >/dev/null
1090696600cSBjoern A. Zeeb	fi
1100696600cSBjoern A. Zeeb
1110696600cSBjoern A. Zeeb	case $ipv6_cpe_wanif in
1120696600cSBjoern A. Zeeb	""|[Nn][Oo]|[Nn][Oo][Nn][Ee]|[Ff][Aa][Ll][Ss][Ee]|[Oo][Ff][Ff]|0)
1130696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.no_radr=0 >/dev/null
1140696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.rfc6204w3=0 >/dev/null
1150696600cSBjoern A. Zeeb	;;
1160696600cSBjoern A. Zeeb	*)
1170696600cSBjoern A. Zeeb		netoptions_init
1180696600cSBjoern A. Zeeb		echo -n " IPv6 CPE WANIF=${ipv6_cpe_wanif}"
1190696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.no_radr=1 >/dev/null
1200696600cSBjoern A. Zeeb		${SYSCTL} net.inet6.ip6.rfc6204w3=1 >/dev/null
1210696600cSBjoern A. Zeeb	;;
1220696600cSBjoern A. Zeeb	esac
1230696600cSBjoern A. Zeeb}
1240696600cSBjoern A. Zeeb
1250696600cSBjoern A. Zeebload_rc_config $name
1260696600cSBjoern A. Zeebrun_rc_command $1
127