> -----Original Message----- > From: Olaf Meeuwissen > Sent: Wednesday, June 05, 2002 7:23 PM > CC: [email protected] > To: Jeff Bonner > Subject: Re: script init > > > For now, don't add it to runlevel 0, 1 or 6, which equate to "halt" > > (power-down), "single-user" (barely anything running) and > > "reboot". > > If you care enough about your firewall to write a script to set it up, > it is not much trouble to add some scripting to take it down again. > Why not add that little bit so it handles at least "stop". The > "restart" can then default to a "stop"/"start" cycle and you're done.
Well, I would agree with this; I didn't want to overload him with too many tasks at once, but hopefully gave some direction on how it "should" be. FWIW, I was having ipchains flush the rules and deny everything on shutdown, but I haven't yet added that to the new iptables version since I rewrote the rules from scratch. I'm pretty pleased with how that works now, I might add... see http://firegate.lunarfox.com if you'd care to critique it. :) > > Alright, that's one way to run your firewall. Another is with > > "update-rc.d" (which is specific to Debian, and similar to RedHat's > > "chkconfig"). If you want more information on it, try "man > > update-rc.d". :) > > The iptables maintainer discourages the use of the init.d approach and > suggests you set things up via scripts in the /etc/network/if-*.d/ > directories. For a simple set of scripts, see the attachment of > http://lists.debian.org/debian-firewall/2002/debian-firewall-200205/msg0 0059.html. Ack, I meant to give him that disclaimer too, but I forgot. I remember reading something about it a couple weeks ago -- I think it may even have been on this list. Oh well. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
