Yes, I'm cross-posting. But it's kind of a cross-question. I'm working with a copy of Real World Linux Security, 2ed. by Bob Toxen. Right now, I'm working on getting his iptables firewall up.
He gives instructions for installing it onto RedHat, SuSE, Mandrake, Slackware. I am using Debian Woody with backports, and there are some differences in the init scripts. His system comes in two/three parts. There's an iptables_pre script which fits simply into the Debian init system - put it in /etc/init.d and use update-rc.d defaults to plug in the symlinks so it runs before the network is up. It locks everything closed and optionally has support for alternatives to dhclient if that's not what I use. The second/third parts run after the network is up. He writes: "Now that the iptables_pre script will protect the system while the network interfaces are being brought up, it is time to arrange for the main script, rc.fwsoho ... to be invoked on bootup. While we could invoke it the same way we invoked iptables_pre, instead we will use a real rc.d-style script to invoke it. This rc.d-style script is based on Red Hat 7.3 iptables startup script but has been modified to generate a message and error exit if IP Tables is not available." He instructs me to copy rc.fwsoho into /etc/rc.d, then put iptables (script) into init.d and symlink it in (the update-rc.d step in Debian). iptables is hard coded to call /etc/rc.d/rc.fwsoho on the appropriate "start". Ok. There is no /etc/rc.d in my Debian system. /etc/rcX.d has some meaning beyond just being another place to gather files - it corresponds to runlevel X, and gets swept automatically as the system passes through that runlevel. What is the meaning and equivalent of /etc/rc.d? The other directories referenced appear to exist. To those who want to tell me why I shouldn't use his approach, I welcome the comments, I'll learn from them. But please also tell me the answers to the questions above, so I can get a context to put it all in. Thanks much, Bret -- bwaldow at alum dot mit dot edu -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug