Ernest Johanson wrote:
Right. It can go in /etc/init.d or in /etc/network/interfaces. Probably better in interfaces so the rules are applied as soon as the interfaces are up.
I got the distinct impression that running firewall scripts using the /etc/network/if-up.d and /etc/network/if-down.d directories was definetely the way to go.
If you do this, then what you declare in the /etc/network/interfaces can be provided as environment variables to any scripts in /etc/networki/if-up.d. For example I declare in my interfaces file the values for:
address netmask gateway broadcast network These are then provided as ENV Vars to the firewall script as: $IFACE (eth0) $IF_ADDRESS $IF_BROADCAST $IF_GATEWAY $IF_NETMASK $IF_NETWORK(You will probably have noticed that most of these are not _required_ for a network to configure correctly, but having a single point of reference is nice)
Because of this arrangement, the presence of a file in /etc/network/if-up.d works much the same way as they might in /etc/rc4.d/ in that they are executed if set with the correct permissions.
I find this much easier to manage and understand since it's a mimic of an existing core process/method of Unix systems.
Ernest, your suggestion of running rpcinfo closed the loop on my configuration and I am now very happy with my firewall script!
Thank you.