[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Run Levels and Location of Firewall Scripts

Michael Boyd wrote:

> Thanks for the replies to my last message.
>
> Some of the replies have started me thinking that I have put my rule set
> in the wrong place.  I made a dir. called /etc/rc.d and placed
> rc.firewall in there.  Basically I was following the example in 'Linux
> Firewalls'.  Is that wrong or Red Hat specific?  If so, is there a more
> correct location?  Should I put it in /etc/init.d/<filename> and put a
> link in /etc/rcN.d?  This brings me to the next question...
>
> [I don't mean to go over ground you have already covered Mark, but your
> reply went to debian-user  :-)    ]
>
> Also, what run-level should my firewall run at and how do I control the
> run level?

The runlevel refers to the runlevel your system boots into.  The default is 2.
It has nothing to do with your firewall script.  Take a look at the script
/etc/inittab   - near the top will be a line like:
# The default runlevel.
id:2:initdefault:

This means you boot into run level 2.  inittab will run all the "S" scripts in
the directory /etc/rc2.d/  (ie the ones with S at the start of their name).

It doesn't really matter how you set up your script to run at boot but it would
seem to make sense to follow the debian method as is used in your other scripts
in your default runlevel directory.  ie all the scripts in /etc/rc2.d are
symbolic links to scripts in /etc/init.d - which is how I suggested to set up
your firewall script.  It is just easier to remember where you put everything in

5 months time when you have to edit it again.

Thus - probably best to put your default deny script in /etc/init.d/ with a
symbolic link in /etc/rc2.d/ so that it runs at boot time.  And put your real
firewall in /etc/ppp/ip-up.d/  - so that it can be run after the ppp connection
is established and the /etc/ppp/ip-up.d/0dns-up script establishes the
dns-server addresses - (just in case you also make reference to the ip addresses

of your dns servers in your firewall. ) (ie if you run your firewall before the
dns addresses are defined then your firewall will not be allowing the right dns
servers).

Hope that is more explanatory.

Cheers.

Mark.
Reply to: