Re: [gentoo-user] Re: launching iptables
James wrote: > dg kaboom.spb.ru> writes: > > > > >> Just run your script once, then do >> /etc/init.d/iptables save >> /etc/init.d/iptables start >> > > >> rc-update add iptables default >> > > >> ... and it will load your rules and start firewall automatically. >> > > > Wow, lots of responses. I got the script launching upon reboot. > > Thanks EVERYONE for the info and ideas > > > James > > Well, you got it going but this is how I did mine. I started iptables, ran my script and made sure all was working, then did a "/etc/init.d/iptables save". After that it restores after I reboot and everything. Worked well for me at least. Dale :-) :-) -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: launching iptables
dg kaboom.spb.ru> writes: > Just run your script once, then do > /etc/init.d/iptables save > /etc/init.d/iptables start > rc-update add iptables default > ... and it will load your rules and start firewall automatically. Wow, lots of responses. I got the script launching upon reboot. Thanks EVERYONE for the info and ideas James -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: launching iptables
On Wed, 2006-08-02 at 21:13 +, James wrote: > Alexander Kirillov infoline.su> writes: > > > > > Is their a way to get 'rc-update add default' to launch > > > my_firewall without putting it in the /etc/init.d/ dir and using the > > > runscipt template for my script? > > > > thoughts, suggestions and examples are most welcome. > > Keep your script in /etc and run it once. > > OK, but how will it get discovered again upon reboot? when you use iptables-save, your script gets saved in the IPTABLES_SAVE location in /etc/conf.d/iptables > /etc/init.d/iptables will overwrite what my_firewall.sh does. > as it is currently doing > > > > If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables > > your rules will be restored whenever you restart iptables. > > Um, maybe I missing something but searching for "SAVE_ON" > only reveals this line in the /etc/init.d/iptables script: you're looking in init.d, look in conf.d - this is where you customise behaviour for init scripts... I use webmin to create the initial iptables rules, then edit the file by hand that I specified in /etc/conf.d/iptables, if I have to. webmin is pretty good, so usually I don't have to edit anything by hand... HTH, -- Iain Buchanan "By golly, I'm beginning to think Linux really *is* the best thing since sliced bread." (By Vance Petree, Virginia Power) -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: launching iptables
Alexander Kirillov infoline.su> writes: > > Is their a way to get 'rc-update add default' to launch > > my_firewall without putting it in the /etc/init.d/ dir and using the > > runscipt template for my script? > > thoughts, suggestions and examples are most welcome. > Keep your script in /etc and run it once. OK, but how will it get discovered again upon reboot? /etc/init.d/iptables will overwrite what my_firewall.sh does. as it is currently doing > If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables > your rules will be restored whenever you restart iptables. Um, maybe I missing something but searching for "SAVE_ON" only reveals this line in the /etc/init.d/iptables script: stop() { if [[ ${SAVE_ON_STOP} == "yes" ]] ; then save || return 1 fi it looks for this setting in my script? If not, what file do I set the param ${SAVE_ON_STOP} in? I.E. this is a conditional statement testing the setting which is where? Or do I just add this line to the end for the scipt? confused. James -- gentoo-user@gentoo.org mailing list