Package: firehol Version: 1.214-1 Severity: wishlist When using SNAT or DNAT it's useful and sometimes necessary to know the address of the PPP interface. If that address is allocated dynamically, it can't be predicted and put in the configuration. Instead, a line like this in /etc/firehol/firehol.conf can determine the address:
EXT_IP="`ip addr show dev ppp0 | awk '$1 ~ /^inet$/ {print $2}'`"
[ Feel free to include this line in the documentation somewhere ]
However, this relies on the ppp0 interface being up and configured. The
attached patch allows the user to list interfaces in the variable
WAIT_FOR_IFACE in /etc/default/firehol to cause FireHOL to wait until
those interfaces exist before reading the configuration file.
This also requires that FireHOL be started slightly later in the boot
process, after S40networking instead of before.
Two patches attached: One for /sbin/firehol for the waiting code itself,
one for the postinst script to change the invocation of update-rc.d.
--
Sam "Eddie" Couter | mailto:[EMAIL PROTECTED]
Debian Developer | mailto:[EMAIL PROTECTED]
| jabber:[EMAIL PROTECTED]
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
--- /sbin/firehol 2004-12-24 07:53:47.000000000 +1100
+++ /root/firehol.new 2005-01-22 19:45:35.000000000 +1100
@@ -726,6 +726,52 @@
${CAT_CMD} ${FIREHOL_CONFIG} | ${GAWK_CMD} -f "${FIREHOL_TMP}.awk"
>${FIREHOL_TMP}
${RM_CMD} -f "${FIREHOL_TMP}.awk"
+#-------------------------------------------------------------------------------
+# Wait for interfaces, if necessary
+
+wait_for_interface() {
+ local iface=$1; shift
+ local timeout=60
+
+ if [ -n "$1" ]; then
+ timeout=$1
+ fi
+
+ local start=`date +%s`
+ local found=0
+
+ # loop until the interface is found or the timeout exceeds
+ while [ "`date +%s`" -lt $(($start+$timeout)) -a $found -eq 0 ]
+ do
+ local addr=`ip addr show $iface 2> /dev/null | awk '$1 ~
/^inet$/ {print $2}'`
+ if [ -n "$addr" ]
+ then
+ found=1
+ fi
+ if [ $found -eq 0 ]
+ then
+ sleep 0.5
+ fi
+ done
+
+ if [ $found -eq 1 ]
+ then
+ # the interface is up
+ return 0
+ else
+ # timeout exceeded
+ return 1
+ fi
+}
+
+if [ -n "$WAIT_FOR_IFACE" ]
+then
+ for i in "$WAIT_FOR_IFACE"
+ do
+ wait_for_interface $i
+ done
+fi
+
#
------------------------------------------------------------------------------
# Run the configuration file.
--- debian/postinst.orig 2005-01-22 20:19:18.000000000 +1100
+++ debian/postinst 2005-01-22 20:19:50.000000000 +1100
@@ -12,7 +12,7 @@
case "$1" in
configure)
- update-rc.d firehol start 38 S . start 36 0 6 . > /dev/null
+ update-rc.d firehol start 41 S . start 36 0 6 . > /dev/null
;;
abort-upgrade|abort-remove|abort-deconfigure)
signature.asc
Description: Digital signature
