[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: new network config (was: Re: network configuration)

On Sun, Feb 07, 1999 at 03:47:33PM +1000, Anthony Towns wrote:
> The netmask is usually the default (ie for class A,
> for class B, and for class C), so it seems a shame to have
> to specify it in these cases. :-/

maybe allow either a netmask or a prefix to be specified.  

IMO, /24 is a better way of saying - less typing, easier
to read "at a glance".

> Two questions:
> is all the "metric 1 external" "net vs host" stuff more complication
> than we really want in /etc/gateways?

no.  /etc/gateways really does belong to routed so if we're putting it to a
secondary use we should do so in a manner compatible with routed.

/etc/init.d/routing (or whatever it is called) should have a config
option telling it whether to set static routes or not. default would be
'yes'. anyone who needs to run routed or gated or zebra (which i have
packaged but not released - too buggy at this stage[*]) would set it to

[*] if anyone who has time to deal with a large number of bug reports
for a pre-alpha program wants to package this, email me and i'll send
you my work so far.  or maybe i'll just upload it to experimental.

> should /etc/init.d/routing and /etc/init.d/interfaces really
> be separate? PCMCIA and /etc/init.d/routing both have to parse
> /etc/gateways -- maybe this should just be incorporated into ifup?  If
> so, then this will happen automagically in /etc/init.d/interfaces and
> /etc/init.d/routing is completely redundant.

more granularity is a good thing. one of the things i disliked about
the spoof-protection stuff in current netbase was that it was in
the main /etc/init.d/netbase script. this meant that my own custom
firewall script had to duplicate the spoof-protection functionality.
it would have been much better for my script to be able to call
/etc/init.d/spoof-protect immediately after flushing the existing
ipchains rules.

there should be at least:

and maybe:
    /etc/init.d/firewall  (although this may be better in it's own package, 
                           possibly a merger with the ipmasq package)

and /etc/init.d/network should exist and call each of them in the
correct order. it should also contain lots of comments so that anyone
who is used to editing /etc/init.d/network wont have to spend hours
puzzling out the changes.

maybe something like:

    #! /bin/sh

    # configure interfaces. defined in /etc/interfaces

    # setup spoof-protection

    # set up static routes.  defined in /etc/gateways.  disable by doing
    # "blah" if you want to run routed, gated, zebra, etc.

    # set up alias interfaces.  defined in /etc/ip-aliases

    # set up firewall rules
    [ -x /etc/init.d/firewall ] && /etc/init.d/firewall

and, of course, man pages should be written for each of the config


craig sanders

Reply to: