I really don't have a lot of experience with upstart, however created this
upstart file for fwknop
#FWKNOP Daemon
description "fwknop daemon- http://cipherdyne.org/fwknop/";
start on (starting network-interface
or starting network-manager
or starting networking)
stop on runlevel [!023456]
console output
respawn
respawn limit 10 5
pre-start script
test -x /usr/local/sbin/fwknopd || { stop; exit 0; }
test -x /usr/local/sbin/iptables.sh || { stop; exit 0; }
/usr/local/sbin/iptables.sh
end script
pre-stop script
/usr/local/sbin/fwknopd --fw-flush
end script
exec /usr/local/sbin/fwknopd -f
I'm uncertain if the pre-stop script is necessary since I believe the
fwknopd may flush the firewall rules when it exits, but I included it since
I felt it wouldn't hurt.
After learning about upstart, I'm really uncertain if the knockwatch daemon
is even needed because of upstart's ability to respawn a stopped process.
I really haven't done any research to test the respawn process however
theoretically its supposed to restart daemons that suddenly stop.
/usr/local/sbin/iptables.sh is a script file that contains my iptables
ruleset. This part of the script may need to be altered by other user's
depending on how they are initializing their iptables.
------------------------------------------------------------------------------
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
