[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall/init scripts problem

On Sun, Mar 16, 2003 at 03:05:07PM +0100, Aaron Isotton wrote:

> I use a shell script in /etc/init.d to configure my firewall
> (iptables).  Currently, it works as follows:
> 
> - if it is called with "start", it checks for the existence of
> $STORAGE_FILE; if it exists, it exists saying that the firewall is
> already running, otherwise it writes the current iptables setup to
> $STORAGE_FILE using iptables-save and sets up the firewall.
> 
> - if it is called with "stop", it checks for the existence of
> $STORAGE_FILE; if it doesn't exist, it exits saying that the firewall
> isn't running, otherwise it restores the old firewall setting using
> iptables-restore and deletes $STORAGE_FILE.
> 
> My problem is:  where should $STORAGE_FILE go?
> 
(snip)
> 
> I don't want to write a daemon (doing so I could check a pidfile for
> staleness and delete $STORAGE_FILE if necessary), as it isn't
> necessary; do you see any clean ways to solve this problem?

Ditch the idea of iptable-save and iptables-restore.  Create your script
in such a way that it flushes all existing rules on startup and then
builds all needed rules.  If you'd like an example of how this is done
take a look at my script (http://asgardsrealm.net/linux/firewall/).

-- 
Jamin W. Collins
Reply to: