Re: Debian equivalent of rc.firewall??
On Sat, Dec 23, 2000 at 05:29:31PM +0100, Tamas TEVESZ wrote:
> > iface eth# inet static
> > up /etc/network/firewall start
> > down /etc/network/firewall stop
> this is, if it works as i think it works, inherently bad. the fwchains
> have to be initialized _before_ the interface has any chance to come
You are right, that would be better. In such a case, using "pre-up" and
"post-down" would be an improvement.
Fwiw, what I did on my systems was to use the ipmasq package and then
create an /etc/ipmasq/rules/ZZZlocal.rul which is executed after all the
standard scripts. I put my own stuff there.
Also, IIRC, by default the "networking" init script is started _before_
the "ipmasq" init script (40 and 41 respectively, again iirc). It may
not make sense in all setups, but for me I found it best to change the
order; I made ipmasq 39 and left networking at 40. Or something like
that. But you get the idea. ;)