Bug#309198: Define a special action when stopping the firewall

Sun, 15 May 2005 07:09:04 -0700 

Package: firehol
Version: 1.231-0.hs.2
Severity: wishlist
Tags: patch

I'm running the firewall on my PC connected to the router to the internet. So
shutting down my firewall I want all network traffic to an from the internet 
blocked.

Current situation is, that shutting done the firewall nothing is blocked.

The firehol script itself can do this if you're starting the firewall with a 
different
script. So I think doing what I want is possible by changing the 
/etc/init.d/firehol
script in following manner:

Index: debian/init.d/firehol
===================================================================
--- 3256bbfc992f28cd6bb45a4b6da88fd4b86db78f/debian/init.d/firehol  
(mode:100644)
+++ 3ba75d236e914b19ce2bfcd41a53ea8a8329bad2/debian/init.d/firehol  
(mode:100644)
@@ -4,6 +4,13 @@
 
 test -x /sbin/firehol || exit 0
 
+# default
+STOP_ACTION="stop"
+
+[ -r /etc/default/firehol ] && . /etc/default/firehol
+
+[ "$START_FIREHOL" = "NO" ] && exit 0
+
 set -e
 
 COMMAND="$1" 
@@ -19,7 +26,7 @@
        ;;
   stop)
        echo -n "Stopping iptables firewall: FireHOL ..."
-       /sbin/firehol stop "$@"
+       /sbin/firehol $STOP_ACTION "$@"
        if [ $? = 0 ]; then
                echo "done."
        fi;


For defining the special action, I defined a /etc/default/firehol script:

Index: debian/firehol.default
===================================================================
--- /dev/null  (tree:3256bbfc992f28cd6bb45a4b6da88fd4b86db78f)
+++ 3ba75d236e914b19ce2bfcd41a53ea8a8329bad2/debian/firehol.default  
(mode:100644)
@@ -0,0 +1,7 @@
+# starting firewall? YES or NO
+START_FIREHOL=NO
+
+# action if stopping
+# STOP_ACTION="panic"
+STOP_ACTION="/etc/firehol/firehol-stop.conf start"
+

Additionally the /etc/default/firehol should be defined in the debian/rules 
script.

Whith these additions it is possible to configure the firewall in my way,
without disturbing other usages.


Perhaps it's possible to extend the current of firehol.

Thanks,
Stefan


-- System Information:
Debian Release: 3.0
  APT prefers testing
  APT policy: (400, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=UTF-8)

Versions of packages firehol depends on:
ii  bash                          2.05b-26   The GNU Bourne Again SHell
ii  bc                            1.06-8     The GNU bc arbitrary precision cal
ii  iproute                       20041019-3 Professional tools to control the 
ii  iptables                      1.2.11-8   Linux kernel 2.4+ iptables adminis
ii  net-tools                     1.60-4     The NET-3 networking toolkit

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to