Thank you. It helped me a lot.
Thank you. It helped me a lot.
Last edited by ariunbayar; October 10th, 2010 at 05:17 AM.
Shouldn't we be using insserv instead of update-rc.d to enable the firewall init script?
Also; shouldn't we be using LSB headers in the firewall init script?
#! /bin/sh
### BEGIN INIT INFO
# Provides: custom firewall
# Required-Start: $remote_fs $syslog $network
# Required-Stop: $remote_fs $syslog $network
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: firewall initscript
# Description: Custom Firewall
### END INIT INFO
Provides more flexibility in regards to dependency based booting.
Finer grained control of init.d script ordering.
Have a look at:
http://wiki.debian.org/LSBInitScript...dencyBasedBoot
http://wiki.debian.org/LSBInitScripts/
The FAQ at the bottom of the above link says the following:
"Since we want to be LSB compliant, init.d scripts can be adjusted now to be LSB compliant."
http://forums.debian.net/viewtopic.p...66308&start=15
"you should also refer people to insserv, and touch on LSB headers since they're now pretty much a requirement for any scripts in /etc/init.d"
I'm no authority on the matter, I'm just trying to setup my set of netfilter rules via iptables, and your example looked like the most complete example I've seen so far, so decided to use it as a starting point.
Then found some other posts of people saying we should now be using insserve instead of update-rc.d
http://wiki.kartbuilding.net/index.p...7s_update-rc.d
When I run the following:
sudo update-rc.d firewall defaults
I get the following:
update-rc.d: warning: /etc/init.d/firewall missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/firewall ...
/etc/rc0.d/K20firewall -> ../init.d/firewall
/etc/rc1.d/K20firewall -> ../init.d/firewall
/etc/rc6.d/K20firewall -> ../init.d/firewall
/etc/rc2.d/S20firewall -> ../init.d/firewall
/etc/rc3.d/S20firewall -> ../init.d/firewall
/etc/rc4.d/S20firewall -> ../init.d/firewall
/etc/rc5.d/S20firewall -> ../init.d/firewall
Noob question: Wondering why you use bash for /etc/firewall.bash
and /etc/init.d/firewall
but dash for /etc/flush_iptables.bash
Is this because bash provides better debugging?
Also looking at the following:
# No spoofing
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]
then
for filtre in /proc/sys/net/ipv4/conf/*/rp_filter
do
echo 1 > $filtre
done
fi
Would this be neater as:
if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then
echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
fi
As I think all covers all interfaces?
http://linuxgazette.net/issue77/lechnyr.html
Have also noticed that I can run the following now:
service firewall stop/start/etc
Thoughts?
Last edited by devout; July 10th, 2011 at 12:26 PM.
If LSB header removes the warning i will add it to the tutorial, at the time this i'm not sure this even existed
For the use of sh instead of bash no reason except that i was use to sh at the time and surely forgot to use bash for this script as it is more widely used, not really important for this script anyway.
Sorry if i can't provide all the answers to your question.
Moved
Last edited by SUPERFITTER; July 13th, 2011 at 04:51 AM. Reason: moved
Bookmarks