Re: Debian equivalent of rc.firewall??

To: <debian-firewall@lists.debian.org>
Cc:
Subject: Re: Debian equivalent of rc.firewall??
From: Stephan A Suerken <absurd@olurdix.de>
Date: 23 Dec 2000 04:35:40 +0100
Message-id: <87bsu3rer7.fsf@orlok.olurdix.intra>
In-reply-to: <E1F75DD793D3D411B6A600B0D022AF20C07E@PRINTSPOOLER> ("Bao Ha"'s message of "Fri, 22 Dec 2000 10:09:39 -0500")
References: <E1F75DD793D3D411B6A600B0D022AF20AE30@PRINTSPOOLER> <E1F75DD793D3D411B6A600B0D022AF20C07E@PRINTSPOOLER>

"Bao Ha" <baoh@linuxwizardry.com> writes:

> You can try to insert it in rc.boot/local.

 rc.boot is obsolete in Debian, rc.S must be used instead.

 Anyway, imho a masquerading script does not necessarily need to be
executed rc.S. At least, you would not be able to switch between
firewall / non-firewall config via runlevels, if you chose that option.

 Actually, it seems that it very much depends on your setup how your
"firewall script" should be employed.

 o If it does not depend on anything else, I think its best to add a
local script (the /etc/init.d/local-firewall start stop kind), and
activate it either via ifup or init, as already suggested.

 o If it does depend on the current situations (e.g. ppp link), I
think ipmasq.deb might be a good choice (but you *really* must have a
look at the default conf as it is very liberal. You could, however,
just remove the whole default config, and put your old script to
/etc/ipmasq/rules/00firewall.rul, as I did ;)).

MfG,

Stephan
-- 
Stephan A Suerken <absurd@olurdix.de>

Reply to:

References:
- RE: Debian equivalent of rc.firewall??
  - From: "Bao Ha" <baoh@linuxwizardry.com>

Prev by Date: Your 20 acres in the West
Next by Date: Re: Debian equivalent of rc.firewall??
Previous by thread: RE: Debian equivalent of rc.firewall??
Next by thread: Your 20 acres in the West
Index(es):
- Date
- Thread