At 11:20 AM 12/10/00 +0100, Leen Besselink wrote:
On Sun, 10 Dec 2000, Sebastiaan wrote:
> Hi,
>
> you can make a script and put it in /etc/init.d and make a link to one of
> the /etc/rcX.d. With the number (like S40firewall) you can set the
> priority.
> As an alternative, in Debian you have a /etc/rc.boot where you can put
> files which must be started at boottime (but not after a init 1; init 2).
>
This is fine if you are using a static IP. Otherwise, most firewall
scripts I've seen will need to get your dynamic interface IP address from
ifconfig.
For "always on" connections like cable modems, put a line like "up
/usr/local/sbin/my-firewall" into the proper stanza of
/etc/network/interfaces (where /usr/local/sbin/my-firewall is your firewall
script) so that the script will be run during "ifup".
For ppp you can put the firewall script into /etc/ppp/ip-up.d and
/etc/ppp/ip-down.d (or put a script there that calls your firewall script).
I have both cable and ppp connections so I do both. This way the firewall
gets updated at boot time (/etc/init.d/networking uses ifup) and then it
gets run again whenever ppp goes up or down.