You can setup ipchains *before* the interface is up if you have a fixed
IP. I believe this would indeed be preferred. However if you have a
dynamic external IP, and your script figures that out before setting it's
rules, then you obviously need to run it after the interface is up, but as
soon as possible. How much time elapses between the ifup-local and
rc.local or rc.d/firewall are run I am not sure.
I would love to know because I'm currently doing this as a firewall
service in /etc/rc.d/init.d/firewall
I think the ifup-local is safe. I just don't like having scripts in /sbin.
charles
On Wed, 26 Jan 2000, Bret Hughes wrote:
> I don't know much about aliases and such but I did want to make sure I
> ran my rc.ipchains script at the appropriate time. Some diggging through
> the startup scripts yeilded the fact that /sbin/ifup-local, if it
> exists, is called each time an interface is brought up so I wrote a
> script that tests for the interface name and if it is the outgoing
> interface I call the script. here it is:
>
> #/sbin/ifup-local
> if [ "$1" = "eth1" ] ; then
> exec /etc/rc.d/rc.ipchains
> fi
>
> At least I think it does wha I want if some of you gurus see something
> dumb, let me know but it definetly brings up the interface.
>
> You should be able to test for eth0 instead and run the alias scripts in
> the if block.
>
> Bret
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
