Re: Debian equivalent of rc.firewall??
- To: <debian-firewall@lists.debian.org>
- Cc:
- Subject: Re: Debian equivalent of rc.firewall??
- From: Stephan A Suerken <absurd@olurdix.de>
- Date: 23 Dec 2000 04:35:40 +0100
- Message-id: <87bsu3rer7.fsf@orlok.olurdix.intra>
- In-reply-to: <E1F75DD793D3D411B6A600B0D022AF20C07E@PRINTSPOOLER> ("Bao Ha"'s message of "Fri, 22 Dec 2000 10:09:39 -0500")
- References: <E1F75DD793D3D411B6A600B0D022AF20AE30@PRINTSPOOLER> <E1F75DD793D3D411B6A600B0D022AF20C07E@PRINTSPOOLER>
"Bao Ha" <baoh@linuxwizardry.com> writes:
> You can try to insert it in rc.boot/local.
rc.boot is obsolete in Debian, rc.S must be used instead.
Anyway, imho a masquerading script does not necessarily need to be
executed rc.S. At least, you would not be able to switch between
firewall / non-firewall config via runlevels, if you chose that option.
Actually, it seems that it very much depends on your setup how your
"firewall script" should be employed.
o If it does not depend on anything else, I think its best to add a
local script (the /etc/init.d/local-firewall start stop kind), and
activate it either via ifup or init, as already suggested.
o If it does depend on the current situations (e.g. ppp link), I
think ipmasq.deb might be a good choice (but you *really* must have a
look at the default conf as it is very liberal. You could, however,
just remove the whole default config, and put your old script to
/etc/ipmasq/rules/00firewall.rul, as I did ;)).
MfG,
Stephan
--
Stephan A Suerken <absurd@olurdix.de>
Reply to: