At 11:20 AM 12/10/00 +0100, Leen Besselink wrote:
This is fine if you are using a static IP. Otherwise, most firewall scripts I've seen will need to get your dynamic interface IP address from ifconfig.On Sun, 10 Dec 2000, Sebastiaan wrote: > Hi, > > you can make a script and put it in /etc/init.d and make a link to one of > the /etc/rcX.d. With the number (like S40firewall) you can set the > priority. > As an alternative, in Debian you have a /etc/rc.boot where you can put > files which must be started at boottime (but not after a init 1; init 2). >
For "always on" connections like cable modems, put a line like "up /usr/local/sbin/my-firewall" into the proper stanza of /etc/network/interfaces (where /usr/local/sbin/my-firewall is your firewall script) so that the script will be run during "ifup".
For ppp you can put the firewall script into /etc/ppp/ip-up.d and /etc/ppp/ip-down.d (or put a script there that calls your firewall script).
I have both cable and ppp connections so I do both. This way the firewall gets updated at boot time (/etc/init.d/networking uses ifup) and then it gets run again whenever ppp goes up or down.