Re: How-to modify /etc/init.d/networking for stopping IPTables?
On January 6, 2002 08:43 pm, David B Harris wrote:
> On Sun, 6 Jan 2002 09:22:05 -0700
>
> Stefan Srdic <linuxbox@telusplanet.net> wrote:
> > I would like to know if there would be a way (by editing the
> > networking rc file) to clear all chains and then remove all iptables
> > modules once networking has been halted by issuing
> > /etc/init.d/networking stop?
>
> I would suggest instead that you take a look at /etc/network/interfaces
> and 'man 5 interfaces'. Specifically, add a "post-down" command or two
> or four or script or whatever.
>
> > Also, this is how I run my IPtables script:
> >
> > ip_tables () {
> > if [ -e /sbin/iptables ] ; then
> > echo -n "Initiating IPtables: "
> > sh /etc/network/ip_tables
> > echo "done."
> > fi
> > }
> >
> > Would there be a way where I can verify if both the iptables
> > executable and script are both existent, and if not, have the rc
> > script print to the terminal something like:
> >
> > "failed."
> > "IPTables was not loaded properly"
>
> 'man bash'. You could always do;
>
> if [ -x /sbin/iptables ]; then
> if [ -r /etc/network/ip_tables ]; then
> echo -n "Initiating IPtables: "
> . /etc/network/ip_tables
> echo "done."
> else
> echo "/etc/network/ip_tables not found."
> fi
> else
> echo "/sbin/iptables not found
> , please install iptables."
> fi
>
> --
> .--=====-=-=====-=========----------=====-----------=-=-----=.
> / David Barclay Harris Aut agere, aut mori. \
> \ Clan Barclay Either action, or death. /
> `-------======-------------=-=-----=-===-=====-------=--=----'
Thanks to your guidance I got half of my problems solved!! I'm going to use a
post-down script to "reset" IPtables to it's default values.
However, when I try to remove the ip_tables kernel module I get a "ip_tables:
Device or resource busy" error message from the kernel. How can I safely
remove all IPtables modules from a running kernel?
Thanks,
Stef
Reply to: