[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian equivalent of rc.firewall??



On Sat, Dec 23, 2000 at 05:29:31PM +0100, Tamas TEVESZ wrote:
>  > iface eth# inet static
>  >         up /etc/network/firewall start
>  >         down /etc/network/firewall stop
> 
> this is, if it works as i think it works, inherently bad. the fwchains
> have to be initialized _before_ the interface has any chance to come
> up.

You are right, that would be better.  In such a case, using "pre-up" and
"post-down" would be an improvement.

Fwiw, what I did on my systems was to use the ipmasq package and then
create an /etc/ipmasq/rules/ZZZlocal.rul which is executed after all the
standard scripts.  I put my own stuff there.

Also, IIRC, by default the "networking" init script is started _before_
the "ipmasq" init script (40 and 41 respectively, again iirc).  It may
not make sense in all setups, but for me I found it best to change the
order; I made ipmasq 39 and left networking at 40.  Or something like
that.  But you get the idea.  ;)



Reply to: