[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to setup the firewall init script...

On Sun, 13 Apr 2003, [ISO-8859-1] Mattias Brändström wrote:

> As I understand it I can specify commands that will be executed when the 
> network interfaces are initalized in /etc/network/interfaces. Should I 
> use 'up' or 'pre-up'? Should I add the up/pre-up statements to eth0 or 
> eth1, or doesn't it matter?

I prefer the other way - make your firewall script a regular boot-time
event, regardless of network interfaces.  For instance, I have
/etc/init.d/firewall (and /etc/default/firewall, for configuration), then
symlinks from /etc/rcS.d/S30firewall to /etc/init.d/firewall to make it

If you want to go the interfaces way, the best[1] way would be to split
rules related to different interfaces into different scripts, and put
references to each of those scripts in the 'pre-up' option for each

Alternately, you could just put the whole script in the pre-up of the first
NIC to be initialised, and run it from there.  That'd do the trick.

[1] That is, the uber-clean and tidy way, not necessarily the best,
subjectively speaking.

#include <disclaimer.h>
Matthew Palmer, Geek In Residence

Reply to: