LinuxSA Mailing list archives

  From: Alan Kennington <akenning@topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Wed, 30 May 2001 00:05:48 +0930

Re: Various questions

> 
> > 3. If I want to set up my own firewall settings on a debian 2.2
> > machine, how
> > can I get them to load on boot?
> 
> I assume you are talking here about ipchains commands?
> 
> The most common way to do things on boot is to create a script in
> /etc/init.d (/etc/rc.d/init.d on RH boxen), containing the commands you want
> to execute. It should take one parameter, being [start|stop] (there are
> other common ones, like status, restart, reload and so on...). Then decide
> what runlevels you want to _start_ the script in, and which you want to stop
> it, and create symlinks to it from /etc/rc[n].d/[SK]<nn><scriptname>. I
> think that with a ipchains script, you want it to start early and stop late,
> so you could even put it in rcS.d (IIRC -- I have no linux handy to check
> with).
> 
> How else do people do this? Is there a correct or canonical way to do it?
> (not talking about _writing_ the script itself, just about how and where it
> is run... although if someone had a starter skeleton script, that could be
> dandy...)


How to start up the firewall:

Rusty's notes say that there is no standard way to load up the
firewall commands. Personally, I create directory /etc/iptables
and stick my firewall script there, and start it up from
the usual sort of /etc/rc.d script.
I think the usual thing here is to copy and modify a similar
looking script in /etc/rc.d.
They're different from distribution to distribution.
Each distribution has a different set of global parameter
files to control the boot process.
E.g. SuSE has /etc/rc.config.
RH probably still has /etc/sysconfig/*
I have no idea what Debian uses.

But that's why you can't just copy a script from someone
else's machine.
You really need to start with an /etc/rc.d script template
from your own machine.

The symlinks:

In fact, I tried to put my firewall script very early in the boot sequence,
e.g. /etc/rc.d/rc3.d/K02iptables.ak
but I found that it needed some other things to be workign first
in order to get going.
So the script failed and I was left unprotected!

What SuSE does it to run 2 scripts in each level - one to
basically close up the machine totally, the other one to open it
out again partly.

Some people make their firewall scripts run out of network
device up/down scripts.

Cheers,
Alan Kennington.

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject