Re: [gentoo-user] Re: launching iptables
James wrote: > dg kaboom.spb.ru> writes: > > > > >> Just run your script once, then do >> /etc/init.d/iptables save >> /etc/init.d/iptables start >> > > >> rc-update add iptables default >> > > >> ... and it will load your rules and start firewall automatically. >> > > > Wow, lots of responses. I got the script launching upon reboot. > > Thanks EVERYONE for the info and ideas > > > James > > Well, you got it going but this is how I did mine. I started iptables, ran my script and made sure all was working, then did a "/etc/init.d/iptables save". After that it restores after I reboot and everything. Worked well for me at least. Dale :-) :-) -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: launching iptables
dg kaboom.spb.ru> writes: > Just run your script once, then do > /etc/init.d/iptables save > /etc/init.d/iptables start > rc-update add iptables default > ... and it will load your rules and start firewall automatically. Wow, lots of responses. I got the script launching upon reboot. Thanks EVERYONE for the info and ideas James -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: launching iptables
On Wed, 2006-08-02 at 21:13 +, James wrote: > Alexander Kirillov infoline.su> writes: > > > > > Is their a way to get 'rc-update add default' to launch > > > my_firewall without putting it in the /etc/init.d/ dir and using the > > > runscipt template for my script? > > > > thoughts, suggestions and examples are most welcome. > > Keep your script in /etc and run it once. > > OK, but how will it get discovered again upon reboot? when you use iptables-save, your script gets saved in the IPTABLES_SAVE location in /etc/conf.d/iptables > /etc/init.d/iptables will overwrite what my_firewall.sh does. > as it is currently doing > > > > If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables > > your rules will be restored whenever you restart iptables. > > Um, maybe I missing something but searching for "SAVE_ON" > only reveals this line in the /etc/init.d/iptables script: you're looking in init.d, look in conf.d - this is where you customise behaviour for init scripts... I use webmin to create the initial iptables rules, then edit the file by hand that I specified in /etc/conf.d/iptables, if I have to. webmin is pretty good, so usually I don't have to edit anything by hand... HTH, -- Iain Buchanan "By golly, I'm beginning to think Linux really *is* the best thing since sliced bread." (By Vance Petree, Virginia Power) -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: launching iptables
Alexander Kirillov infoline.su> writes:
> > Is their a way to get 'rc-update add default' to launch
> > my_firewall without putting it in the /etc/init.d/ dir and using the
> > runscipt template for my script?
> > thoughts, suggestions and examples are most welcome.
> Keep your script in /etc and run it once.
OK, but how will it get discovered again upon reboot?
/etc/init.d/iptables will overwrite what my_firewall.sh does.
as it is currently doing
> If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables
> your rules will be restored whenever you restart iptables.
Um, maybe I missing something but searching for "SAVE_ON"
only reveals this line in the /etc/init.d/iptables script:
stop() {
if [[ ${SAVE_ON_STOP} == "yes" ]] ; then
save || return 1
fi
it looks for this setting in my script? If not, what file do
I set the param ${SAVE_ON_STOP} in?
I.E. this is a conditional statement testing the setting which is
where?
Or do I just add this line to the end for the scipt?
confused.
James
--
gentoo-user@gentoo.org mailing list
