Hello 'H. S.'! On Fri, Nov 28, 2003 at 03:41:47PM -0500, H. S. wrote:
Yup, that helped a bit. So I should put my script (my-firewall.sh) in /etc/init.d and then do:$> update-rc.d my-firewall.sh defaults NWhere N should a number indicating that run this script before any interface is brought up, right?
One way to do it, but this is OK.
Assuming that is correct, I see an immediate problem as I read Section 2.4.2 Runlevels of the link you have given above. My script does not have start, stop, reload options. So I guess I shouldn't put that script in /etc/init.d (?)
You _can_ still put it in /etc/init.d and link it. If your script doesn't use command line options it will run just the same every time it is called. Look at various scripts in that directory. But then you probably won't need a Kxx link at all so rather don't use the defaults when setting the links with update-rc.d.
If I shouldn't put the firewall script in /etc/init.d, one other option is see as follows: 1) Set the default iptables (the script that comes with Debian) such that it block everything2) call the "my-firewall.sh" script from maybe "pon" script.So when the computer boots up, the default secure firewall rules will already be in place when ppp0 is brought up, and while 'pon' brings up ppp0, it will execute "my-firewall.sh" script before it actually brings ppp0 up. What do you make of this plan?
Don't use the pon script, rather see /etc/ppp/ip-up and ip-up.d as well as the corresponding ...down for examples on how to do it. As I have a dial-up account and use port forwarding I let my box recalculate my iptables rules every time the link comes up or goes down. YMMV. Cheers, Flo
Attachment:
pgpsjneiiGMWg.pgp
Description: PGP signature