On Mon, 2006-11-13 at 22:50 +0100, Jarek Buczyński wrote: > Hi All > > I have two network cards eth0 (public IP Internet) eth1 (private LAN). > I have firewall script in "/etc/network/if-pre-up.d". Unfortunately > when my system boots script runs three times. > > How change this (I'd like script starts once)? > First of all, you probably don't want to start your firewall prior to your interface being brought up (pre-up). This would cause any interface dependant rules to fail to load. For example, # this will not load if interface eth0 is not up yet. iptables --in-interface eth0 --destination 192.168.10.50 --jump DROP Instead, you probably want to load your firewall rules from a post-up script. To only run when a particular interface is brought up, just check the contents of the IFACE before loading the rules: if [ "_$IFACE" = "_eth1" ]; then # load rules here fi or something like that. Alternatively, you could specify a script to run in your network interfaces file: iface eth0 dhcp post-up /script/to/run.sh -davidc -- gpg-key: http://www.zettazebra.com/files/key.gpg
Attachment:
signature.asc
Description: This is a digitally signed message part