Alon Bar-Lev <alo...@gentoo.org> writes: > On 7 November 2015 at 20:21, lee <l...@yagibdah.de> wrote: >> Alon Bar-Lev <alo...@gentoo.org> writes: >> >>>> How does pppoe work together with shorewall and bind? >>>> >>>> When I stop the net.ppp0 service, shorewall is automatically stopped as >>>> well. When I start net.ppp0, shorewall is not started automatically. >>>> >>>> I would like to automatically have net.ppp0 first started and then >>>> shorewall. >>> >>> usually the firewall service should be started before all interfaces >>> (except lo). >>> add the following to /etc/conf.d/net.ppp0: >>> --- >>> rc_net_ppp0_need="firewall net.enp2s0" >>> --- >> >> Thanks! I copied net.lo to net.ppp0 and put it at the top so it now >> goes: >> >> >> #!/sbin/runscript >> # Copyright (c) 2007-2009 Roy Marples <r...@marples.name> >> # Released under the 2-clause BSD license. >> >> MODULESDIR="/lib/netifrc/net" >> MODULESLIST="${RC_SVCDIR}/nettree" >> _config_vars="config routes" > > you do not need these^
They were already there, so I'll leave them. >> rc_net_ppp0_need="firewall net.enp2s0" >> > > you do need ^ I took it out because when shorewall is started before ppp0 is up, shorewall says it can't do things with ppp0. So I think ppp0 needs to be up for shorewall to work right and things have to be started in an undesirable order (unless perhaps I would restart shorewall when ppp0 is up). What's the right way of handling this? >> I'm not sure if that's right --- I guess I shouldn't make a copy? > > correct :) ok >>> this will make sure that the ppp0 interface is started after both >>> firewall and enp2s0. >>> >>> I also have the following in /etc/rc.conf to avoid stopping services >>> while network is down: >>> --- >>> rc_hotplug="!net.enp2s0 !net.ppp*" >>> --- >> >> The comment in /etc/rc.conf says no hotplugging is done by default. >> IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'? So allowing to >> hotplug them would kinda make them independent of other services, or >> other services independent from them? > > no... the opposite, we do not want to be effected (! == not) by > hotplug of these devices. The description of this option says: ,---- | # rc_hotplug is a list of services that we allow to be hotplugged. | # By default we do not allow hotplugging. | # A hotplugged service is one started by a dynamic dev manager when a matching | # hardware device is found. | # This service is intrinsically included in the boot runlevel. | # To disable services, prefix with a ! | # Example - rc_hotplug="net.wlan !net.*" | # This allows net.wlan and any service not matching net.* to be plugged. | # Example - rc_hotplug="*" | # This allows all services to be hotplugged | #rc_hotplug="*" `---- With 'rc_hotplug="!net.enp2s0 !net.ppp*"', you would: [1] forbid 'net.enp2s0' to be hotplugged and [2] allow all services that do not match 'net.ppp*' to be hotplugged. [1] is not necessary because nothing can be hotplugged by default. [2] is very likely /not/ what you want --- or why would you want this. Aside from this, what exactly happens when you allow a service to be hotplugged? Is this service never started by openrc because openrc figures that the service is started otherwise (like by a device manager)? What does it do about services that depend on a service that can be hotplugged? And yet another question: Does rc-update, or something else, monitor the scripts in /etc/init.d? When I remove a script, or a link to one, from there, 'rc-update show' doesn't show the removed script anymore, and it cannot be deleted from its runlevel.