From owner-freebsd-questions@FreeBSD.ORG Wed Dec 15 20:37:39 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 42BCA16A4CE for ; Wed, 15 Dec 2004 20:37:39 +0000 (GMT) Received: from mx1.mail.ru (mx1.mail.ru [194.67.23.121]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0980443D49 for ; Wed, 15 Dec 2004 20:37:38 +0000 (GMT) (envelope-from infofarmer@mail.ru) Received: from [83.237.13.19] (port=2578 helo=[172.17.0.69]) by mx1.mail.ru with esmtp id 1Ceftu-000JP4-00; Wed, 15 Dec 2004 23:37:34 +0300 Message-ID: <41C0A08E.7070801@mail.ru> Date: Wed, 15 Dec 2004 23:37:34 +0300 From: "Andrew P." User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Kris Kennaway References: <20041215195403.GB68003@xor.obsecurity.org> In-Reply-To: <20041215195403.GB68003@xor.obsecurity.org> Content-Type: multipart/mixed; boundary="------------060400040001030704050601" X-Spam: Not detected cc: questions@freebsd.org Subject: Re: ld-elf.so.1: Shared object"libintl.so.6" not found X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: infofarmer@mail.ru List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Dec 2004 20:37:39 -0000 This is a multi-part message in MIME format. --------------060400040001030704050601 Content-Type: text/plain; charset=windows-1251; format=flowed Content-Transfer-Encoding: 7bit Kris Kennaway wrote: > Note to infofarmer@mail.ru: you are blocking mail from me. > > Kris I'm sorry for that. Use infofarmer@gmail.com for personal messages or cc'd mails, please. >>[originally built in May] >>root@satsmb# ldd /usr/sbin/ppp >>/usr/sbin/ppp: >> libcrypt.so.2 => /usr/lib/libcrypt.so.2 (0x280b6000) >> libmd.so.2 => /usr/lib/libmd.so.2 (0x280cf000) >> libutil.so.3 => /usr/lib/libutil.so.3 (0x280d8000) >> libz.so.2 => /usr/lib/libz.so.2 (0x280e1000) >> libalias.so.4 => /usr/lib/libalias.so.4 (0x280ee000) >> libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x280fe000) >> libradius.so.1 => /usr/lib/libradius.so.1 (0x281f5000) >> libnetgraph.so.1 => /usr/lib/libnetgraph.so.1 (0x281fa000) >> libc.so.4 => /usr/lib/libc.so.4 (0x281fe000) >> >>I removed libintl from /usr/lib to check if the problem is still there >>and it is: >> >>root@satsmb# dmesg -a >><...> >>Starting ppp as "root" >>/usr/libexec/ld-elf.so.1: >>Shared object "libintl.so.6" not found >><...> > > > OK, but that's not coming from executing /usr/sbin/ppp since you've > shown us that it's not in fact linked to libintl, as expected (you > could also verify this by executing ppp by hand). Can you show us > your /etc/rc.conf? Perhaps it's not running /usr/sbin/ppp but some > other binary. > Indeed, I tried to "# ldconfig -elf /usr/lib /usr/lib/compat" (so that ld-elf cannot find libintl), but ppp loaded anyways. Attached is my kernconf and a few rc scripts. Thanks, Andrew P. --------------060400040001030704050601 Content-Type: text/plain; name="rc" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc" #!/bin/sh # # Copyright (c) 2000 The FreeBSD Project # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # @(#)rc 5.27 (Berkeley) 6/5/91 # $FreeBSD: src/etc/rc,v 1.212.2.51 2002/10/17 17:25:07 schweikh Exp $ # # System startup script run by init on autoboot # or after single-user. # Output and error are redirected to console by init, # and the console is the controlling terminal. # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. stty status '^T' # Set shell to ignore SIGINT (2), but not children; # shell catches SIGQUIT (3) and returns to single user after fsck. # trap : 2 trap : 3 # shouldn't be needed bootmode=$1 HOME=/ PATH=/sbin:/bin:/usr/sbin:/usr/bin export HOME PATH # BOOTP diskless boot. We have to run the rc file early in order to # retarget various config files. # See /usr/share/examples/diskless/clone_root for details on how # to setup diskless on the client and the server. # if [ -r /etc/rc.diskless1 ]; then dlv=`/sbin/sysctl -n vfs.nfs.diskless_valid 2> /dev/null` if [ ${dlv:=0} != 0 ]; then . /etc/rc.diskless1 fi fi # If there is a global system configuration file, suck it in. # if [ -r /etc/defaults/rc.conf ]; then . /etc/defaults/rc.conf source_rc_confs elif [ -r /etc/rc.conf ]; then . /etc/rc.conf fi chkdepend() { svc=$1 svc_var=$2 dep=$3 dep_var=$4 eval svc_val=\${$svc_var} eval dep_val=\${$dep_var} case ${svc_val} in [Yy][Ee][Ss]) case ${dep_val} in [Yy][Ee][Ss]) ;; *) eval ${dep_var}="YES" echo "DEPENDENCY NOTE: ${dep} will be enabled" \ "to support ${svc}" ;; esac ;; esac } chkdepend amd amd_enable portmap portmap_enable chkdepend amd amd_enable NFS nfs_client_enable chkdepend NFS nfs_server_enable portmap portmap_enable chkdepend NIS nis_server_enable portmap portmap_enable chkdepend NIS nis_client_enable portmap portmap_enable # Enable dumpdev early so that a crash during the boot process can be caught. # case ${dumpdev} in [Nn][Oo] | '') dumpdev='NO' ;; *) /sbin/dumpon -v ${dumpdev} ;; esac # Configure ccd devices. # if [ -r /etc/ccd.conf ]; then ccdconfig -C fi case ${start_vinum} in [Yy][Ee][Ss]) vinum start ;; esac swapon -a # Last chance to do things before potentially waiting for # operator to do fsck related tasks if [ -r /etc/rc.early ]; then . /etc/rc.early fi case ${bootmode} in autoboot) echo 'Automatic boot in progress...' fsck -p case $? in 0) ;; 2) exit 1 ;; 4) reboot echo 'Reboot failed... help!' exit 1 ;; 8) case ${fsck_y_enable} in [Yy][Ee][Ss]) echo 'File system preen failed, trying fsck -y . . .' fsck -y case $? in 0) ;; *) echo 'Automatic file system check failed . . . help!' exit 1 ;; esac ;; *) echo 'Automatic file system check failed . . . help!' exit 1 ;; esac ;; 12) echo 'Reboot interrupted' exit 1 ;; 130) # interrupt before catcher installed exit 1 ;; *) echo 'Unknown error in reboot' exit 1 ;; esac ;; *) echo 'Skipping disk checks ...' ;; esac set -T trap "echo 'Reboot interrupted'; exit 1" 3 # root normally must be read/write, but if this is a BOOTP NFS # diskless boot it does not have to be. # case ${root_rw_mount} in [Nn][Oo] | '') ;; *) if ! mount -u -o rw /; then echo 'Mounting root filesystem rw failed, startup aborted' exit 1 fi ;; esac umount -a >/dev/null 2>&1 # If using diskless, run custom disk mounting function here # if [ -n "${diskless_mount}" -a -r "${diskless_mount}" ]; then sh ${diskless_mount} else # otherwise mount everything except nfs filesystems. mount -a -t nonfs fi case $? in 0) ;; *) echo 'Mounting /etc/fstab filesystems failed, startup aborted' exit 1 ;; esac adjkerntz -i purgedir() { local dir file if [ $# -eq 0 ]; then purgedir . else for dir do ( cd "$dir" && for file in .* * do [ ."$file" = .. -o ."$file" = ... ] && continue if [ -d "$file" -a ! -L "$file" ]; then purgedir "$file" else rm -f -- "$file" fi done ) done fi } clean_var() { if [ -d /var/run -a ! -f /var/run/clean_var ]; then purgedir /var/run # Keep a copy of the boot messages around dmesg >/var/run/dmesg.boot # And an initial utmp file (cd /var/run && cp /dev/null utmp && chmod 644 utmp;) >/var/run/clean_var fi if [ -d /var/spool/lock -a ! -f /var/spool/lock/clean_var ]; then purgedir /var/spool/lock >/var/spool/lock/clean_var fi rm -rf /var/spool/uucp/.Temp/* } # network_pass1() *may* end up writing stuff to /var - we don't want to # remove it immediately afterwards - *nor* do we want to fail to clean # an NFS-mounted /var. rm -f /var/run/clean_var /var/spool/lock/clean_var clean_var # Add additional swapfile, if configured. # case ${swapfile} in [Nn][Oo] | '') ;; *) if [ -w "${swapfile}" -a -c /dev/vn0b ]; then echo "Adding ${swapfile} as additional swap" vnconfig -e /dev/vn0b ${swapfile} swap fi ;; esac # Early pass to set the variables we can # if [ -r /etc/rc.sysctl ]; then sh /etc/rc.sysctl first fi # Configure serial devices # if [ -r /etc/rc.serial ]; then . /etc/rc.serial fi # Start up PC-card configuration # if [ -r /etc/rc.pccard ]; then . /etc/rc.pccard fi # Start up the initial network configuration. # if [ -r /etc/rc.network ]; then . /etc/rc.network # We only need to do this once. network_pass1 fi case ${ipv6_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.network6 ]; then . /etc/rc.network6 # We only need to do this once also. network6_pass1 fi ;; esac # Mount NFS filesystems if present in /etc/fstab # case "`mount -d -a -t nfs 2> /dev/null`" in *mount_nfs*) echo -n 'Mounting NFS file systems:' mount -a -t nfs echo '.' ;; esac # If we booted a special kernel remove the record so we will boot # the default kernel next time # rm -f /boot/nextboot.conf # Whack the pty perms back into shape. # if ls /dev/tty[pqrsPQRS]* > /dev/null 2>&1; then chflags 0 /dev/tty[pqrsPQRS]* chmod 666 /dev/tty[pqrsPQRS]* chown root:wheel /dev/tty[pqrsPQRS]* fi # Clean up left-over files # clean_var # If it hasn't already been done rm /var/run/clean_var /var/spool/lock/clean_var # Clearing /tmp at boot-time seems to have a long tradition. It doesn't # help in any way for long-living systems, and it might accidentally # clobber files you would rather like to have preserved after a crash # (if not using mfs /tmp anyway). # # See also the example of another cleanup policy in /etc/periodic/daily. # case ${clear_tmp_enable} in [Yy][Ee][Ss]) echo -n 'Clearing /tmp:' # prune quickly with one rm, then use find to clean up /tmp/[lq]* # (not needed with mfs /tmp, but doesn't hurt there...) (cd /tmp && rm -rf [a-km-pr-zA-Z]* && find -d . ! -name . ! -name lost+found ! -name quota.user \ ! -name quota.group -exec rm -rf -- {} \;) echo '.' ;; esac # Remove X lock files, since they will prevent you from restarting X11 # after a system crash. # rm -f /tmp/.X*-lock rm -fr /tmp/.X11-unix mkdir -m 1777 /tmp/.X11-unix # Snapshot any kernel -c changes back to disk here . # This has changed with ELF and /kernel.config. echo -n 'Additional daemons:' # Start system logging and name service. Named needs to start before syslogd # if you don't have a /etc/resolv.conf. # case ${syslogd_enable} in [Yy][Ee][Ss]) # Transitional symlink (for the next couple of years :) until all # binaries have had a chance to move towards /var/run/log. if [ ! -L /dev/log ]; then # might complain for r/o root f/s ln -sf /var/run/log /dev/log fi rm -f /var/run/log echo -n ' syslogd'; ${syslogd_program:-/usr/sbin/syslogd} ${syslogd_flags} ;; esac echo '.' # Build devices database # dev_mkdb # $dumpdir should be a directory or a symbolic link # to the crash directory if core dumps are to be saved. # if [ "${dumpdev}" != 'NO' ]; then case ${dumpdir} in '') dumpdir='/var/crash' ;; [Nn][Oo]) dumpdir='NO' ;; esac if [ "${dumpdir}" != 'NO' ]; then echo -n 'Checking for core dump: ' /sbin/savecore ${savecore_flags} "${dumpdir}" fi fi if [ -n "${network_pass1_done}" ]; then network_pass2 fi # Enable/Check the quotas (must be after ypbind if using NIS) # case ${enable_quotas} in [Yy][Ee][Ss]) case ${check_quotas} in [Yy][Ee][Ss]) echo -n 'Checking quotas:' quotacheck -a echo ' done.' ;; esac echo -n 'Enabling quotas:' quotaon -a echo ' done.' ;; esac if [ -n "${network_pass2_done}" ]; then network_pass3 fi # Check the password temp/lock file # if [ -e /etc/ptmp ]; then logger -s -p auth.err \ "password file may be incorrect -- /etc/ptmp exists" fi case ${accounting_enable} in [Yy][Ee][Ss]) if [ -d /var/account ]; then echo 'Turning on accounting:' if [ ! -e /var/account/acct ]; then touch /var/account/acct fi accton /var/account/acct fi ;; esac # Make shared lib searching a little faster. Leave /usr/lib first if you # add your own entries or you may come to grief. # ldconfig="/sbin/ldconfig" case ${ldconfig_insecure} in [Yy][Ee][Ss]) ldconfig="${ldconfig} -i" ;; esac if [ -x /sbin/ldconfig ]; then case `/usr/bin/objformat` in elf) _LDC=/usr/lib for i in ${ldconfig_paths}; do if [ -d "${i}" ]; then _LDC="${_LDC} ${i}" fi done echo 'ELF ldconfig path:' ${_LDC} ${ldconfig} -elf ${_LDC} ;; esac # Legacy aout support for i386 only case `sysctl -n hw.machine_arch` in i386) # Default the a.out ldconfig path. : ${ldconfig_paths_aout=${ldconfig_paths}} _LDC=/usr/lib/aout for i in ${ldconfig_paths_aout}; do if [ -d "${i}" ]; then _LDC="${_LDC} ${i}" fi done echo 'a.out ldconfig path:' ${_LDC} ${ldconfig} -aout ${_LDC} ;; esac fi # Now start up miscellaneous daemons that don't belong anywhere else # echo -n 'Starting standard daemons:' case ${inetd_enable} in [Nn][Oo]) ;; *) echo -n ' inetd'; ${inetd_program:-/usr/sbin/inetd} ${inetd_flags} ;; esac case ${cron_enable} in [Nn][Oo]) ;; *) echo -n ' cron'; ${cron_program:-/usr/sbin/cron} ${cron_flags} ;; esac case ${lpd_enable} in [Yy][Ee][Ss]) echo -n ' printer'; ${lpd_program:-/usr/sbin/lpd} ${lpd_flags} ;; esac case ${sshd_enable} in [Yy][Ee][Ss]) if [ -x ${sshd_program:-/usr/sbin/sshd} ]; then echo -n ' sshd'; ${sshd_program:-/usr/sbin/sshd} ${sshd_flags} fi ;; esac case ${usbd_enable} in [Yy][Ee][Ss]) echo -n ' usbd'; /usr/sbin/usbd ${usbd_flags} ;; esac case ${mta_start_script} in /*) if [ -r ${mta_start_script} ]; then sh ${mta_start_script} fi ;; esac echo '.' # Recover vi editor files. find /var/tmp/vi.recover ! -type f -a ! -type d -delete vibackup=`echo /var/tmp/vi.recover/vi.*` if [ "${vibackup}" != '/var/tmp/vi.recover/vi.*' ]; then echo -n 'Recovering vi editor sessions:' for i in /var/tmp/vi.recover/vi.*; do # Only test files that are readable. if [ ! -r "${i}" ]; then continue fi # Unmodified nvi editor backup files either have the # execute bit set or are zero length. Delete them. if [ -x "${i}" -o ! -s "${i}" ]; then rm -f "${i}" fi done # It is possible to get incomplete recovery files, if the editor # crashes at the right time. virecovery=`echo /var/tmp/vi.recover/recover.*` if [ "${virecovery}" != "/var/tmp/vi.recover/recover.*" ]; then for i in /var/tmp/vi.recover/recover.*; do # Only test files that are readable. if [ ! -r "${i}" ]; then continue fi # Delete any recovery files that are zero length, # corrupted, or that have no corresponding backup file. # Else send mail to the user. recfile=`awk '/^X-vi-recover-path:/{print $2}' < "${i}"` if [ -n "${recfile}" -a -s "${recfile}" ]; then sendmail -t < "${i}" else rm -f "${i}" fi done fi echo '.' fi # Make a bounds file for msgs(1) if there isn't one already # if [ -d /var/msgs -a ! -f /var/msgs/bounds -a ! -L /var/msgs/bounds ]; then echo 0 > /var/msgs/bounds fi case ${update_motd} in [Nn][Oo] | '') ;; *) if T=`mktemp /tmp/_motd.XXXXXX`; then uname -v | sed -e 's,^\([^#]*\) #\(.* [1-2][0-9][0-9][0-9]\).*/\([^\]*\) $,\1 (\3) #\2,' > ${T} awk '{if (NR == 1) {if ($1 == "FreeBSD") {next} else {print "\n"$0}} else {print}}' < /etc/motd >> ${T} cmp -s ${T} /etc/motd || { cp ${T} /etc/motd chmod 644 /etc/motd } rm -f ${T} fi ;; esac # Configure implementation specific stuff # arch=`uname -p` if [ -r /etc/rc.${arch} ]; then . /etc/rc.${arch} fi # Configure the system console # if [ -r /etc/rc.syscons ]; then . /etc/rc.syscons fi echo -n 'Additional ABI support:' # Start the Linux binary compatibility if requested. # case ${linux_enable} in [Yy][Ee][Ss]) echo -n ' linux' if ! kldstat -v | grep -E 'linux(aout|elf)' > /dev/null; then kldload linux > /dev/null 2>&1 fi if [ -x /compat/linux/sbin/ldconfig ]; then /compat/linux/sbin/ldconfig fi ;; esac # Start the SysVR4 binary emulation if requested. # case ${svr4_enable} in [Yy][Ee][Ss]) echo -n ' svr4'; kldload streams > /dev/null 2>&1 kldload svr4 > /dev/null 2>&1 ;; esac echo '.' # Do traditional (but rather obsolete) rc.local file if it exists. If you # use this file and want to make it programmatic, source /etc/defaults/rc.conf # in /etc/rc.local and add your custom variables to /etc/rc.conf, as # shown below. Please do not put local extensions into /etc/rc itself. # Use /etc/rc.local # # ---- rc.local ---- # if [ -r /etc/defaults/rc.conf ]; then # . /etc/defaults/rc.conf # source_rc_confs # elif [ -r /etc/rc.conf ]; then # . /etc/rc.conf # fi # # ... additional startup conditionals ... # ---- rc.local ---- # if [ -r /etc/rc.local ]; then echo -n 'Starting local daemons:' sh /etc/rc.local echo '.' fi # For each valid dir in $local_startup, search for init scripts matching *.sh # case ${local_startup} in [Nn][Oo] | '') ;; *) echo -n 'Local package initialization:' slist="" if [ -z "${script_name_sep}" ]; then script_name_sep=" " fi for dir in ${local_startup}; do if [ -d "${dir}" ]; then for script in ${dir}/*.sh; do slist="${slist}${script_name_sep}${script}" done fi done script_save_sep="$IFS" IFS="${script_name_sep}" for script in ${slist}; do if [ -x "${script}" ]; then (set -T trap 'exit 1' 2 ${script} start) elif [ -f "${script}" -o -L "${script}" ]; then echo -n " (skipping ${script##*/}, not executable)" fi done IFS="${script_save_sep}" echo '.' ;; esac if [ -n "${network_pass3_done}" ]; then network_pass4 fi # Late pass to set variables we missed the first time # if [ -r /etc/rc.sysctl ]; then sh /etc/rc.sysctl last fi # Raise kernel security level. This should be done only after `fsck' has # repaired local file systems if you want the securelevel to be greater than 1. # case ${kern_securelevel_enable} in [Yy][Ee][Ss]) if [ "${kern_securelevel}" -ge 0 ]; then echo 'Raising kernel security level: ' sysctl kern.securelevel=${kern_securelevel} fi ;; esac echo '' date exit 0 --------------060400040001030704050601 Content-Type: text/plain; name="rc.network" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc.network" #!/bin/sh - # # Copyright (c) 1993 The FreeBSD Project # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # $FreeBSD: src/etc/rc.network,v 1.74.2.46 2004/04/07 09:27:30 krion Exp $ # From: @(#)netstart 5.9 (Berkeley) 3/30/91 # # Note that almost all of the user-configurable behavior is no longer in # this file, but rather in /etc/defaults/rc.conf. Please check that file # first before contemplating any changes here. If you do need to change # this file for some reason, we would like to know about it. # First pass startup stuff. # network_pass1() { echo -n 'Doing initial network setup:' # Set the host name if it is not already set # if [ -z "`/bin/hostname -s`" ]; then /bin/hostname ${hostname} echo -n ' hostname' fi # Establish ipfilter ruleset as early as possible (best in # addition to IPFILTER_DEFAULT_BLOCK in the kernel config file) # check whether ipfilter and/or ipnat is enabled ipfilter_active="NO" case ${ipfilter_enable} in [Yy][Ee][Ss]) ipfilter_active="YES" ;; esac case ${ipnat_enable} in [Yy][Ee][Ss]) ipfilter_active="YES" ;; esac case ${ipfilter_active} in [Yy][Ee][Ss]) # load ipfilter kernel module if needed if ! sysctl net.inet.ipf.fr_pass > /dev/null 2>&1; then if kldload ipl; then echo 'IP-filter module loaded.' else echo 'Warning: IP-filter module failed to load.' # avoid further errors ipfilter_active="NO" ipmon_enable="NO" ipfilter_enable="NO" ipnat_enable="NO" ipfs_enable="NO" fi fi # start ipmon before loading any rules case "${ipmon_enable}" in [Yy][Ee][Ss]) echo -n ' ipmon' ${ipmon_program:-/sbin/ipmon} ${ipmon_flags} ;; esac case "${ipfilter_enable}" in [Yy][Ee][Ss]) if [ -r "${ipfilter_rules}" -o \ -r "${ipv6_ipfilter_rules}" ]; then echo -n ' ipfilter' ${ipfilter_program:-/sbin/ipf} -Fa if [ -r "${ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} \ -f "${ipfilter_rules}" \ ${ipfilter_flags} fi if [ -r "${ipv6_ipfilter_rules}" ]; then ${ipfilter_program:-/sbin/ipf} -6 \ -f "${ipv6_ipfilter_rules}" \ ${ipfilter_flags} fi else ipfilter_enable="NO" echo -n ' NO IPF RULES' fi ;; esac case "${ipnat_enable}" in [Yy][Ee][Ss]) if [ -r "${ipnat_rules}" ]; then echo -n ' ipnat' eval ${ipnat_program:-/sbin/ipnat} -CF -f \ "${ipnat_rules}" ${ipnat_flags} else ipnat_enable="NO" echo -n ' NO IPNAT RULES' fi ;; esac # restore filter/NAT state tables after loading the rules case "${ipfs_enable}" in [Yy][Ee][Ss]) if [ -r "/var/db/ipf/ipstate.ipf" ]; then echo -n ' ipfs' ${ipfs_program:-/sbin/ipfs} -R ${ipfs_flags} # remove files to avoid reloading old state # after an ungraceful shutdown rm -f /var/db/ipf/ipstate.ipf rm -f /var/db/ipf/ipnat.ipf fi ;; esac ;; esac # Set the domainname if we're using NIS # case ${nisdomainname} in [Nn][Oo] | '') ;; *) domainname ${nisdomainname} echo -n ' domain' ;; esac echo '.' # Initial ATM interface configuration # case ${atm_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.atm ]; then . /etc/rc.atm atm_pass1 fi ;; esac # Attempt to create cloned interfaces. for ifn in ${cloned_interfaces}; do ifconfig ${ifn} create done # Special options for sppp(4) interfaces go here. These need # to go _before_ the general ifconfig section, since in the case # of hardwired (no link1 flag) but required authentication, you # cannot pass auth parameters down to the already running interface. # for ifn in ${sppp_interfaces}; do eval spppcontrol_args=\$spppconfig_${ifn} if [ -n "${spppcontrol_args}" ]; then # The auth secrets might contain spaces; in order # to retain the quotation, we need to eval them # here. eval spppcontrol ${ifn} ${spppcontrol_args} fi done # gifconfig network_gif_setup # Set up all the network interfaces, calling startup scripts if needed # case ${network_interfaces} in [Aa][Uu][Tt][Oo]) network_interfaces="`ifconfig -l`" ;; *) network_interfaces="${network_interfaces} ${cloned_interfaces}" ;; esac dhcp_interfaces="" for ifn in ${network_interfaces}; do if [ -r /etc/start_if.${ifn} ]; then . /etc/start_if.${ifn} eval showstat_$ifn=1 fi # Do the primary ifconfig if specified # eval ifconfig_args=\$ifconfig_${ifn} case ${ifconfig_args} in '') ;; [Dd][Hh][Cc][Pp]) # DHCP inits are done all in one go below dhcp_interfaces="$dhcp_interfaces $ifn" eval showstat_$ifn=1 ;; *) ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 ;; esac done if [ ! -z "${dhcp_interfaces}" ]; then ${dhcp_program:-/sbin/dhclient} ${dhcp_flags} ${dhcp_interfaces} fi for ifn in ${network_interfaces}; do # Check to see if aliases need to be added # alias=0 while : ; do eval ifconfig_args=\$ifconfig_${ifn}_alias${alias} if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} alias eval showstat_$ifn=1 alias=$((${alias} + 1)) else break; fi done # Do ipx address if specified # eval ifconfig_args=\$ifconfig_${ifn}_ipx if [ -n "${ifconfig_args}" ]; then ifconfig ${ifn} ${ifconfig_args} eval showstat_$ifn=1 fi done for ifn in ${network_interfaces}; do eval showstat=\$showstat_${ifn} if [ ! -z ${showstat} ]; then ifconfig ${ifn} fi done # ISDN subsystem startup # case ${isdn_enable} in [Yy][Ee][Ss]) if [ -r /etc/rc.isdn ]; then . /etc/rc.isdn fi ;; esac # Start user ppp if required. This must happen before natd. # case ${ppp_enable} in [Yy][Ee][Ss]) # Establish ppp mode. # if [ "${ppp_mode}" != "ddial" -a "${ppp_mode}" != "direct" \ -a "${ppp_mode}" != "dedicated" \ -a "${ppp_mode}" != "background" ]; then ppp_mode="auto" fi ppp_command="/usr/sbin/ppp -quiet -${ppp_mode}" # Switch on NAT mode? # case ${ppp_nat} in [Yy][Ee][Ss]) ppp_command="${ppp_command} -nat" ;; esac ppp_command="${ppp_command} ${ppp_profile}" echo "Starting ppp as \"${ppp_user}\"" su -m ${ppp_user} -c "exec ${ppp_command}" ;; esac # Re-Sync ipfilter so it picks up any new network interfaces # case ${ipfilter_active} in [Yy][Ee][Ss]) ${ipfilter_program:-/sbin/ipf} -y ${ipfilter_flags} >/dev/null ;; esac unset ipfilter_active # Initialize IP filtering using ipfw # if /sbin/ipfw -q flush > /dev/null 2>&1; then firewall_in_kernel=1 else firewall_in_kernel=0 fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ "${firewall_in_kernel}" -eq 0 ] && kldload ipfw; then firewall_in_kernel=1 echo 'Kernel firewall module loaded' elif [ "${firewall_in_kernel}" -eq 0 ]; then echo 'Warning: firewall kernel module failed to load' fi ;; esac # Load the filters if required # case ${firewall_in_kernel} in 1) if [ -z "${firewall_script}" ]; then firewall_script=/etc/rc.firewall fi case ${firewall_enable} in [Yy][Ee][Ss]) if [ -r "${firewall_script}" ]; then . "${firewall_script}" echo -n 'Firewall rules loaded, starting divert daemons:' # Network Address Translation daemon # case ${natd_enable} in [Yy][Ee][Ss]) if [ -n "${natd_interface}" ]; then if echo ${natd_interface} | \ grep -q -E '^[0-9]+(\.[0-9]+){0,3}$'; then natd_flags="$natd_flags -a ${natd_interface}" else natd_flags="$natd_flags -n ${natd_interface}" fi fi echo -n ' natd'; ${natd_program:-/sbin/natd} ${natd_flags} ;; esac echo '.' elif [ "`ipfw l 65535`" = "65535 deny ip from any to any" ]; then echo 'Warning: kernel has firewall functionality,' \ 'but firewall rules are not enabled.' echo ' All ip services are disabled.' fi case ${firewall_logging} in [Yy][Ee][Ss] | '') echo 'Firewall logging=YES' sysctl net.inet.ip.fw.verbose=1 >/dev/null ;; *) ;; esac ;; esac ;; esac # Additional ATM interface configuration # if [ -n "${atm_pass1_done}" ]; then atm_pass2 fi # Configure routing # case ${defaultrouter} in [Nn][Oo] | '') ;; *) static_routes="default ${static_routes}" route_default="default ${defaultrouter}" ;; esac # Set up any static routes. This should be done before router discovery. # if [ -n "${static_routes}" ]; then for i in ${static_routes}; do eval route_args=\$route_${i} route add ${route_args} done fi echo -n 'Additional routing options:' case ${tcp_extensions} in [Yy][Ee][Ss] | '') ;; *) echo -n ' tcp extensions=NO' sysctl net.inet.tcp.rfc1323=0 >/dev/null ;; esac case ${icmp_bmcastecho} in [Yy][Ee][Ss]) echo -n ' broadcast ping responses=YES' sysctl net.inet.icmp.bmcastecho=1 >/dev/null ;; esac case ${icmp_drop_redirect} in [Yy][Ee][Ss]) echo -n ' ignore ICMP redirect=YES' sysctl net.inet.icmp.drop_redirect=1 >/dev/null ;; esac case ${icmp_log_redirect} in [Yy][Ee][Ss]) echo -n ' log ICMP redirect=YES' sysctl net.inet.icmp.log_redirect=1 >/dev/null ;; esac case ${gateway_enable} in [Yy][Ee][Ss]) echo -n ' IP gateway=YES' sysctl net.inet.ip.forwarding=1 >/dev/null ;; esac case ${forward_sourceroute} in [Yy][Ee][Ss]) echo -n ' do source routing=YES' sysctl net.inet.ip.sourceroute=1 >/dev/null ;; esac case ${accept_sourceroute} in [Yy][Ee][Ss]) echo -n ' accept source routing=YES' sysctl net.inet.ip.accept_sourceroute=1 >/dev/null ;; esac case ${tcp_keepalive} in [Yy][Ee][Ss]) echo -n ' TCP keepalive=YES' sysctl net.inet.tcp.always_keepalive=1 >/dev/null ;; esac case ${tcp_drop_synfin} in [Yy][Ee][Ss]) echo -n ' drop SYN+FIN packets=YES' sysctl net.inet.tcp.drop_synfin=1 >/dev/null ;; esac case ${ipxgateway_enable} in [Yy][Ee][Ss]) echo -n ' IPX gateway=YES' sysctl net.ipx.ipx.ipxforwarding=1 >/dev/null ;; esac case ${arpproxy_all} in [Yy][Ee][Ss]) echo -n ' ARP proxyall=YES' sysctl net.link.ether.inet.proxyall=1 >/dev/null ;; esac case ${ip_portrange_first} in [Nn][Oo] | '') ;; *) echo -n " ip_portrange_first=$ip_portrange_first" sysctl net.inet.ip.portrange.first=$ip_portrange_first >/dev/null ;; esac case ${ip_portrange_last} in [Nn][Oo] | '') ;; *) echo -n " ip_portrange_last=$ip_portrange_last" sysctl net.inet.ip.portrange.last=$ip_portrange_last >/dev/null ;; esac echo '.' case ${ipsec_enable} in [Yy][Ee][Ss]) if [ -f ${ipsec_file} ]; then echo ' ipsec: enabled' setkey -f ${ipsec_file} else echo ' ipsec: file not found' fi ;; esac case ${ike_enable} in [Yy][Ee][Ss]) if [ -x ${ike_program} ]; then echo ' ike daemon: ' ${ike_program} ${ike_flags} ${ike_program} ${ike_flags} fi ;; esac echo -n 'Routing daemons:' case ${router_enable} in [Yy][Ee][Ss]) echo -n " ${router}"; ${router} ${router_flags} ;; esac case ${ipxrouted_enable} in [Yy][Ee][Ss]) echo -n ' IPXrouted' IPXrouted ${ipxrouted_flags} > /dev/null 2>&1 ;; esac case ${mrouted_enable} in [Yy][Ee][Ss]) echo -n ' mrouted'; mrouted ${mrouted_flags} ;; esac case ${rarpd_enable} in [Yy][Ee][Ss]) echo -n ' rarpd'; rarpd ${rarpd_flags} ;; esac echo '.' # Let future generations know we made it. # network_pass1_done=YES } network_pass2() { echo -n 'Doing additional network setup:' case ${named_enable} in [Yy][Ee][Ss]) echo -n ' named'; ${named_program:-named} ${named_flags} ;; esac case ${ntpdate_enable} in [Yy][Ee][Ss]) echo -n ' ntpdate' ${ntpdate_program:-ntpdate} ${ntpdate_flags} >/dev/null 2>&1 ;; esac case ${xntpd_enable} in [Yy][Ee][Ss]) echo -n ' ntpd'; ${xntpd_program:-ntpd} ${xntpd_flags} ;; esac case ${timed_enable} in [Yy][Ee][Ss]) echo -n ' timed'; timed ${timed_flags} ;; esac case ${portmap_enable} in [Yy][Ee][Ss]) echo -n ' portmap'; ${portmap_program:-/usr/sbin/portmap} ${portmap_flags} ;; esac # Start ypserv if we're an NIS server. # Run rpc.ypxfrd and rpc.yppasswdd only on the NIS master server. # case ${nis_server_enable} in [Yy][Ee][Ss]) echo -n ' ypserv'; ypserv ${nis_server_flags} case ${nis_ypxfrd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypxfrd' rpc.ypxfrd ${nis_ypxfrd_flags} ;; esac case ${nis_yppasswdd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.yppasswdd' rpc.yppasswdd ${nis_yppasswdd_flags} ;; esac ;; esac # Start ypbind if we're an NIS client # case ${nis_client_enable} in [Yy][Ee][Ss]) echo -n ' ypbind'; ypbind ${nis_client_flags} case ${nis_ypset_enable} in [Yy][Ee][Ss]) echo -n ' ypset'; ypset ${nis_ypset_flags} ;; esac ;; esac # Start keyserv if we are running Secure RPC # case ${keyserv_enable} in [Yy][Ee][Ss]) echo -n ' keyserv'; keyserv ${keyserv_flags} ;; esac # Start ypupdated if we are running Secure RPC and we are NIS master # case ${rpc_ypupdated_enable} in [Yy][Ee][Ss]) echo -n ' rpc.ypupdated'; rpc.ypupdated ;; esac # Start ATM daemons if [ -n "${atm_pass2_done}" ]; then atm_pass3 fi echo '.' network_pass2_done=YES } network_pass3() { echo -n 'Starting final network daemons:' case ${nfs_server_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="${mountd_flags} -n" ;; esac mountd ${mountd_flags} case ${nfs_reserved_port_only} in [Yy][Ee][Ss]) echo -n ' NFS on reserved port only=YES' sysctl vfs.nfs.nfs_privport=1 >/dev/null ;; esac echo -n ' nfsd'; nfsd ${nfs_server_flags} case ${rpc_lockd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.lockd'; rpc.lockd ;; esac case ${rpc_statd_enable} in [Yy][Ee][Ss]) echo -n ' rpc.statd'; rpc.statd ;; esac fi ;; *) case ${single_mountd_enable} in [Yy][Ee][Ss]) if [ -r /etc/exports ]; then echo -n ' mountd' case ${weak_mountd_authentication} in [Yy][Ee][Ss]) mountd_flags="-n" ;; esac mountd ${mountd_flags} fi ;; esac ;; esac case ${nfs_client_enable} in [Yy][Ee][Ss]) nfs_in_kernel=0 # Handle absent nfs client support if sysctl vfs.nfs >/dev/null 2>&1; then nfs_in_kernel=1 else kldload nfs && nfs_in_kernel=1 fi if [ ${nfs_in_kernel} -eq 1 ] then echo -n ' nfsiod'; nfsiod ${nfs_client_flags} if [ -n "${nfs_access_cache}" ]; then echo -n " NFS access cache time=${nfs_access_cache}" sysctl vfs.nfs.access_cache_timeout=${nfs_access_cache} >/dev/null fi if [ -n "${nfs_bufpackets}" ]; then sysctl vfs.nfs.bufpackets=${nfs_bufpackets} \ > /dev/null fi case ${amd_enable} in [Yy][Ee][Ss]) echo -n ' amd' case ${amd_map_program} in [Nn][Oo] | '') ;; *) amd_flags="${amd_flags} `eval \ ${amd_map_program}`" ;; esac case "${amd_flags}" in '') if [ -r /etc/amd.conf ]; then amd & else echo '' echo 'Warning: amd will not load without arguments' fi ;; *) amd -p ${amd_flags} >/var/run/amd.pid \ 2>/dev/null & ;; esac ;; esac fi ;; esac # If /var/db/mounttab exists, some nfs-server has not been # sucessfully notified about a previous client shutdown. # If there is no /var/db/mounttab, we do nothing. #if [ -f /var/db/mounttab ]; then # rpc.umntall -k #fi case ${rwhod_enable} in [Yy][Ee][Ss]) echo -n ' rwhod'; rwhod ${rwhod_flags} ;; esac # Kerberos servers run ONLY on the Kerberos server machine case ${kerberos_server_enable} in [Yy][Ee][Ss]) case ${kerberos_stash} in [Yy][Ee][Ss]) stash_flag=-n ;; *) stash_flag= ;; esac echo -n ' kerberosIV' kerberos ${stash_flag} >> /var/log/kerberos.log & case ${kadmind_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmindIV' ( sleep 20; kadmind ${stash_flag} >/dev/null 2>&1 & ) & ;; esac unset stash_flag ;; esac case ${kerberos5_server_enable} in [Yy][Ee][Ss]) echo -n ' kerberos5' ${kerberos5_server} & case ${kadmind5_server_enable} in [Yy][Ee][Ss]) echo -n ' kadmind5' ${kadmind5_server} & ;; esac case ${kpasswdd5_server_enable} in [Yy][Ee][Ss]) echo -n ' kpasswdd5' ${kpasswdd5_server} & ;; esac ;; esac case ${pppoed_enable} in [Yy][Ee][Ss]) if [ -n "${pppoed_provider}" ]; then pppoed_flags="${pppoed_flags} -p ${pppoed_provider}" fi echo -n ' pppoed'; _opts=$-; set -f /usr/libexec/pppoed ${pppoed_flags} ${pppoed_interface} set +f; set -${_opts} ;; esac case ${sshd_enable} in [Yy][Ee][Ss]) if [ -x /usr/bin/ssh-keygen ]; then if [ ! -f /etc/ssh/ssh_host_key ]; then echo ' creating ssh1 RSA host key'; /usr/bin/ssh-keygen -t rsa1 -N "" \ -f /etc/ssh/ssh_host_key fi if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then echo ' creating ssh2 RSA host key'; /usr/bin/ssh-keygen -t rsa -N "" \ -f /etc/ssh/ssh_host_rsa_key fi if [ ! -f /etc/ssh/ssh_host_dsa_key ]; then echo ' creating ssh2 DSA host key'; /usr/bin/ssh-keygen -t dsa -N "" \ -f /etc/ssh/ssh_host_dsa_key fi fi ;; esac echo '.' network_pass3_done=YES } network_pass4() { echo -n 'Additional TCP options:' case ${log_in_vain} in [Nn][Oo] | '') log_in_vain=0 ;; [Yy][Ee][Ss]) log_in_vain=1 ;; [0-9]*) ;; *) echo " invalid log_in_vain setting: ${log_in_vain}" log_in_vain=0 ;; esac if [ "${log_in_vain}" -ne 0 ]; then echo -n " log_in_vain=${log_in_vain}" sysctl net.inet.tcp.log_in_vain="${log_in_vain}" >/dev/null sysctl net.inet.udp.log_in_vain="${log_in_vain}" >/dev/null fi echo '.' network_pass4_done=YES } network_gif_setup() { case ${gif_interfaces} in [Nn][Oo] | '') ;; *) for i in ${gif_interfaces}; do eval peers=\$gifconfig_$i case ${peers} in '') continue ;; *) ifconfig $i create >/dev/null 2>&1 ifconfig $i tunnel ${peers} ifconfig $i up ;; esac done ;; esac } --------------060400040001030704050601 Content-Type: text/plain; name="rc.firewall" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc.firewall" #!/bin/sh ipfw -f flush ipfw -f pipe flush sysctl net.inet.ip.fw.one_pass=0 ipfw pipe 1000 config bw 10Mbit/s ipfw add 100 allow ip from any to any via lo0 ipfw add 200 deny ip from any to 127.0.0.0/8 ipfw add 300 deny ip from 127.0.0.0/8 to any ipfw add 1000 allow ip from 192.168.17.70 to 192.168.17.217 ipfw add 1010 allow ip from 192.168.17.217 to 192.168.17.70 ipfw add 2000 pipe 1000 ip from 192.168.17.217 to any ipfw add 2010 pipe 1000 ip from any to 192.168.17.217 --------------060400040001030704050601 Content-Type: text/plain; name="rc.conf" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="rc.conf" hostname="satsmb.local" ifconfig_vr0="dhcp" kern_securelevel_enable="NO" nfs_reserved_port_only="YES" nfs_client_enable="NO" sendmail_enable="NONE" sshd_enable="YES" usbd_enable="NO" inetd_enable="NO" samba_enable="YES" ppp_enable="YES" ppp_mode="ddial" ppp_nat="NO" ppp_profile="default" ntpd_enable="YES" --------------060400040001030704050601 Content-Type: text/plain; name="SMBK" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="SMBK" #SATSMB machine i386 cpu I686_CPU ident SMBK maxusers 64 options INET #InterNETworking options FFS #Berkeley Fast Filesystem options FFS_ROOT #FFS usable as root device [keep this!] options SOFTUPDATES #Enable FFS soft updates support options UFS_DIRHASH #Improve performance on big directories options MFS #Memory Filesystem options NFS #Network Filesystem options PROCFS #Process filesystem options COMPAT_43 #Compatible with BSD 4.3 [KEEP THIS!] options SCSI_DELAY=15000 #Delay (in ms) before probing SCSI options UCONSOLE #Allow users to grab the console options USERCONFIG #boot -c editor options VISUAL_USERCONFIG #visual boot -c editor options KTRACE #ktrace(1) support options SYSVSHM #SYSV-style shared memory options SYSVMSG #SYSV-style message queues options SYSVSEM #SYSV-style semaphores options P1003_1B #Posix P1003_1B real-time extensions options _KPOSIX_PRIORITY_SCHEDULING options ICMP_BANDLIM #Rate limit bad replies options KBD_INSTALL_CDEV # install a CDEV entry in /dev device isa device pci # ATA and ATAPI devices device ata device atadisk # ATA disk drives device atapicd # ATAPI CDROM drives options ATA_STATIC_ID #Static device numbering # atkbdc0 controls both the keyboard and the PS/2 mouse device atkbdc0 at isa? port IO_KBD device atkbd0 at atkbdc? irq 1 flags 0x1 device vga0 at isa? # syscons is the default console driver, resembling an SCO console device sc0 at isa? flags 0x100 # Floating point support - do not disable. device npx0 at nexus? port IO_NPX irq 13 # PCI Ethernet NICs that use the common MII bus controller code. # NOTE: Be sure to keep the 'device miibus' line in order to use these NICs! device miibus # MII bus support device rl # RealTek 8129/8139 device vr # VIA Rhine, Rhine II # Pseudo devices - the number indicates how many units to allocate. pseudo-device loop # Network loopback pseudo-device ether # Ethernet support pseudo-device tun 4 # Packet tunnel. pseudo-device pty # Pseudo-ttys (telnet etc) pseudo-device md # Memory "disks" pseudo-device bpf # Networking options options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=100 options IPDIVERT options DUMMYNET --------------060400040001030704050601--