RE: script init
> -----Original Message-----
> From: Olaf Meeuwissen
> Sent: Wednesday, June 05, 2002 7:23 PM
> CC: debian-firewall@lists.debian.org
> To: Jeff Bonner
> Subject: Re: script init
>
> > For now, don't add it to runlevel 0, 1 or 6, which equate to "halt"
> > (power-down), "single-user" (barely anything running) and
> > "reboot".
>
> If you care enough about your firewall to write a script to set it up,
> it is not much trouble to add some scripting to take it down again.
> Why not add that little bit so it handles at least "stop". The
> "restart" can then default to a "stop"/"start" cycle and you're done.
Well, I would agree with this; I didn't want to overload him with too
many tasks at once, but hopefully gave some direction on how it "should"
be. FWIW, I was having ipchains flush the rules and deny everything on
shutdown, but I haven't yet added that to the new iptables version since
I rewrote the rules from scratch. I'm pretty pleased with how that
works
now, I might add... see http://firegate.lunarfox.com if you'd care to
critique it. :)
> > Alright, that's one way to run your firewall. Another is with
> > "update-rc.d" (which is specific to Debian, and similar to RedHat's
> > "chkconfig"). If you want more information on it, try "man
> > update-rc.d". :)
>
> The iptables maintainer discourages the use of the init.d approach and
> suggests you set things up via scripts in the /etc/network/if-*.d/
> directories. For a simple set of scripts, see the attachment of
>
http://lists.debian.org/debian-firewall/2002/debian-firewall-200205/msg0
0059.html.
Ack, I meant to give him that disclaimer too, but I forgot. I remember
reading something about it a couple weeks ago -- I think it may even
have been on this list. Oh well.
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: