On Sun, Mar 16, 2003 at 03:05:07PM +0100, Aaron Isotton wrote: > I use a shell script in /etc/init.d to configure my firewall > (iptables). Currently, it works as follows: > > - if it is called with "start", it checks for the existence of > $STORAGE_FILE; if it exists, it exists saying that the firewall is > already running, otherwise it writes the current iptables setup to > $STORAGE_FILE using iptables-save and sets up the firewall. > > - if it is called with "stop", it checks for the existence of > $STORAGE_FILE; if it doesn't exist, it exits saying that the firewall > isn't running, otherwise it restores the old firewall setting using > iptables-restore and deletes $STORAGE_FILE. > > My problem is: where should $STORAGE_FILE go? > (snip) > > I don't want to write a daemon (doing so I could check a pidfile for > staleness and delete $STORAGE_FILE if necessary), as it isn't > necessary; do you see any clean ways to solve this problem?
Ditch the idea of iptable-save and iptables-restore. Create your script in such a way that it flushes all existing rules on startup and then builds all needed rules. If you'd like an example of how this is done take a look at my script (http://asgardsrealm.net/linux/firewall/). -- Jamin W. Collins -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
