On Sat, Dec 23, 2000 at 05:29:31PM +0100, Tamas TEVESZ wrote: > > iface eth# inet static > > up /etc/network/firewall start > > down /etc/network/firewall stop > > this is, if it works as i think it works, inherently bad. the fwchains > have to be initialized _before_ the interface has any chance to come > up.
You are right, that would be better. In such a case, using "pre-up" and "post-down" would be an improvement. Fwiw, what I did on my systems was to use the ipmasq package and then create an /etc/ipmasq/rules/ZZZlocal.rul which is executed after all the standard scripts. I put my own stuff there. Also, IIRC, by default the "networking" init script is started _before_ the "ipmasq" init script (40 and 41 respectively, again iirc). It may not make sense in all setups, but for me I found it best to change the order; I made ipmasq 39 and left networking at 40. Or something like that. But you get the idea. ;)
