[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: script init

> -----Original Message-----
> From: Olaf Meeuwissen
> Sent: Wednesday, June 05, 2002 7:23 PM
> CC: debian-firewall@lists.debian.org
> To: Jeff Bonner
> Subject: Re: script init
> > For now, don't add it to runlevel 0, 1 or 6, which equate to "halt"
> > (power-down), "single-user" (barely anything running) and 
> > "reboot".
> If you care enough about your firewall to write a script to set it up,
> it is not much trouble to add some scripting to take it down again.
> Why not add that little bit so it handles at least "stop".  The
> "restart" can then default to a "stop"/"start" cycle and you're done.

Well, I would agree with this; I didn't want to overload him with too
many tasks at once, but hopefully gave some direction on how it "should"
be.  FWIW, I was having ipchains flush the rules and deny everything on
shutdown, but I haven't yet added that to the new iptables version since
I rewrote the rules from scratch.  I'm pretty pleased with how that
now, I might add... see http://firegate.lunarfox.com if you'd care to
critique it.  :)

> > Alright, that's one way to run your firewall.  Another is with
> > "update-rc.d" (which is specific to Debian, and similar to RedHat's
> > "chkconfig").  If you want more information on it, try "man
> > update-rc.d".  :)
> The iptables maintainer discourages the use of the init.d approach and
> suggests you set things up via scripts in the /etc/network/if-*.d/
> directories.  For a simple set of scripts, see the attachment of

Ack, I meant to give him that disclaimer too, but I forgot.  I remember
reading something about it a couple weeks ago -- I think it may even
have been on this list.  Oh well.

To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: