Hi, I use a shell script in /etc/init.d to configure my firewall (iptables). Currently, it works as follows:
- if it is called with "start", it checks for the existence of $STORAGE_FILE; if it exists, it exists saying that the firewall is already running, otherwise it writes the current iptables setup to $STORAGE_FILE using iptables-save and sets up the firewall. - if it is called with "stop", it checks for the existence of $STORAGE_FILE; if it doesn't exist, it exits saying that the firewall isn't running, otherwise it restores the old firewall setting using iptables-restore and deletes $STORAGE_FILE. My problem is: where should $STORAGE_FILE go? - I'd like to bring up the firewall before the network interfaces; these are brought up in /etc/rcS.d/S39ifupdown; thus it should start before that. - $STORAGE_FILE should be erased at every reboot, so the firewall will start up even if the machine crashed (i.e. /etc/init.d/firewall stop wasn't called). - $STORAGE_FILE should go into some directory conforming to the FHS standard, if possible. Here's what I thought (and why it doesn't work): - /tmp is erased in S55bootmisc, thus after the firewall started - /var/lib isn't erased on reboot, but according to the FHS standard that's where $STORAGE_FILE should go - /var/run has the same problem as /tmp, but additionally only pidfiles should be written into it. I don't want to write a daemon (doing so I could check a pidfile for staleness and delete $STORAGE_FILE if necessary), as it isn't necessary; do you see any clean ways to solve this problem? Using a ramdisk could do the trick, but it's overkill just for a single stupid file IMHO. Aaron Isotton [ http://www.isotton.com ] -- If Helen Keller is alone in a forest and falls, does she make a sound?
signature.asc
Description: This is a digitally signed message part
