Re: how to setup the firewall init script...
On Sun, 13 Apr 2003, [ISO-8859-1] Mattias Brändström wrote:
> As I understand it I can specify commands that will be executed when the
> network interfaces are initalized in /etc/network/interfaces. Should I
> use 'up' or 'pre-up'? Should I add the up/pre-up statements to eth0 or
> eth1, or doesn't it matter?
I prefer the other way - make your firewall script a regular boot-time
event, regardless of network interfaces. For instance, I have
/etc/init.d/firewall (and /etc/default/firewall, for configuration), then
symlinks from /etc/rcS.d/S30firewall to /etc/init.d/firewall to make it
start.
If you want to go the interfaces way, the best[1] way would be to split
rules related to different interfaces into different scripts, and put
references to each of those scripts in the 'pre-up' option for each
interface.
Alternately, you could just put the whole script in the pre-up of the first
NIC to be initialised, and run it from there. That'd do the trick.
[1] That is, the uber-clean and tidy way, not necessarily the best,
subjectively speaking.
--
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16
Reply to: