Re: how to setup the firewall init script...

To: Mattias Brändström <brasse@ludd.luth.se>
Cc: debian-firewall@lists.debian.org
Subject: Re: how to setup the firewall init script...
From: Matthew Palmer <mjp16@ieee.uow.edu.au>
Date: Mon, 14 Apr 2003 08:33:43 +1000 (EST)
Message-id: <[🔎] Pine.LNX.4.10.10304140830220.6644-100000@triac.ieee.uow.edu.au>
In-reply-to: <[🔎] 3E99DCF7.5080309@ludd.luth.se>

On Sun, 13 Apr 2003, [ISO-8859-1] Mattias Brändström wrote:

> As I understand it I can specify commands that will be executed when the 
> network interfaces are initalized in /etc/network/interfaces. Should I 
> use 'up' or 'pre-up'? Should I add the up/pre-up statements to eth0 or 
> eth1, or doesn't it matter?

I prefer the other way - make your firewall script a regular boot-time
event, regardless of network interfaces.  For instance, I have
/etc/init.d/firewall (and /etc/default/firewall, for configuration), then
symlinks from /etc/rcS.d/S30firewall to /etc/init.d/firewall to make it
start.

If you want to go the interfaces way, the best[1] way would be to split
rules related to different interfaces into different scripts, and put
references to each of those scripts in the 'pre-up' option for each
interface.

Alternately, you could just put the whole script in the pre-up of the first
NIC to be initialised, and run it from there.  That'd do the trick.

[1] That is, the uber-clean and tidy way, not necessarily the best,
subjectively speaking.

-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer, Geek In Residence
http://ieee.uow.edu.au/~mjp16

Reply to:

References:
- how to setup the firewall init script...
  - From: Mattias Brändström <brasse@ludd.luth.se>

Prev by Date: Re: how to setup the firewall init script...
Next by Date: IPtables or shorewall
Previous by thread: Re: how to setup the firewall init script...
Next by thread: IPtables or shorewall
Index(es):
- Date
- Thread