On Sun, Jan 06, 2002 at 10:41:02PM +0000, Alan Chandler wrote:
|
| On Sunday 06 January 2002 8:22 pm, dman wrote:
| >
| > I wrote /etc/init.d/FIREWALL, a shell script I wrote to configure
| > iptables. Then I added a symlink to it
| >
| > $ ls -l /etc/rc2.d
| > lrwxrwxrwx 1 root root 20 Aug 19 16:59 S13FIREWALL ->
| > /etc/init.d/FIREWALL
| >
| > The iptables rules use 'eth1' to refer to the external interface, not
| > a hard-coded IP since it can't be known ahead of time.
|
|
| Just to be a bit pedantic. Firewall really needs to come up just before you
| connect to the network.
Why *just* before (as opposed to long before)?
| In debian the /etc/init.d/ifupdown script is executed as the symlink
| S39ifupdown in /etc/rcS.d so I have a firewall script in /etc/init.d
| (/etc/init.d/firewall) that is linked in as S38firewall in
| /etc/rcS.d. This causes it to be run just prior to bringing the
| network up.
I don't have an S39ifupdown link at all. There is S14ppp (which is
right after my firewall comes up) even though I am not actually using
PPP right now.
You could also specify the firewall script as a "pre-up" command in
the interfaces file and have it brought up just before the interface
is brought up.
-D
--
A violent man entices his neighbor
and leads him down a path that is not good.
Proverbs 16:29
