LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices



Reply
 
Search this Thread
Old 08-16-2004, 02:03 PM   #1
manicajk
Newbie
 
Registered: Aug 2004
Location: MK
Distribution: Suse 9.1
Posts: 12

Rep: Reputation: 0
problem loading iptables script on startup


I have recently got fwbuilder working on my suse 9.1 installation and it works great. Now I want to automate the firewall script so that it loads on bootup. So far I have tried adding the script into the boot.local file in /etc/init.d but when the machine reboots it runs the script before the ethernet interfaces are enabled and so errors saying eth0 does not exist. Is there another way to run this script on startup so that it runs after the network cards have been brought up?

Thanks

Andy
 
Old 08-17-2004, 12:36 AM   #2
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 51
ok -- i don't know about suse but am assuming it is very redhat like ???
if not sorry

first leave the script in init.d and call it firewall or anything else
now there are a million ways to do this
look in /etc/inittab
there are two lines like
id:3:initdefault:
and
si::sysinit:/etc/rc.d/rc.sysinit

the best thing to do is to simply make a link in your run level folder (initdefault) in this case rc3.d
cd ./rc3.d
ln -s /etc/init.d/firewall S99firewall
the higher the number the later it starts and "S" means start

another more junky/funky/hacked approach
it says the init file is etc/rc.d/rc.sysinit or whatever yours says
open that file and at the bottom put simply
/etc/init.d/firewall
or whatever you called your script
that way after all the stuff is done it starts the firewall
 
Old 08-17-2004, 01:13 PM   #3
manicajk
Newbie
 
Registered: Aug 2004
Location: MK
Distribution: Suse 9.1
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks for the help mate, I used the none hacker way of doing it you listed. The only thing I noticed is that my default run level is 5, should it be that high? As such I had to put the shortcut in in rc5.d but it definitely loads the script!

Andy
 
Old 08-17-2004, 01:17 PM   #4
LinuxLala
Senior Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: Fedora 7
Posts: 1,305

Rep: Reputation: 45
runlevel 5 means the GUI 3 is the text
 
Old 08-17-2004, 01:55 PM   #5
manicajk
Newbie
 
Registered: Aug 2004
Location: MK
Distribution: Suse 9.1
Posts: 12

Original Poster
Rep: Reputation: 0
not sure I understand what you mean, I haven't been using Linux for that long.
 
Old 08-17-2004, 08:00 PM   #6
foo_bar_foo
Senior Member
 
Registered: Jun 2004
Posts: 2,553

Rep: Reputation: 51
Quote:
Originally posted by manicajk
my default run level is 5, should it be that high?
Andy
yea it really doesn't matter it's kind of arbitrary in a way.....
certain distributions follow some conventions but it makes no difference really
you can set up different run levels to do different things
just beware -- one of them is reboot and one of them is halt
if you set either one of those as default you got troubles
 
Old 08-17-2004, 08:45 PM   #7
manicajk
Newbie
 
Registered: Aug 2004
Location: MK
Distribution: Suse 9.1
Posts: 12

Original Poster
Rep: Reputation: 0
yeah i figured that one out ok lol.
Thanks for the help!
 
Old 08-18-2004, 04:11 AM   #8
LinuxLala
Senior Member
 
Registered: Aug 2003
Location: New Delhi, India
Distribution: Fedora 7
Posts: 1,305

Rep: Reputation: 45
The runlevel structure goes thus

5 -- GUI

3 -- Text

6 -- Restart

0 -- Shutdown

So, init 0/6 is equivalent to shutdown -h/r now
 
Old 04-12-2009, 12:37 PM   #9
Matteus Blanc
LQ Newbie
 
Registered: Dec 2006
Location: London
Distribution: SuSE 11.1, Debian 5, Centos5
Posts: 6

Rep: Reputation: 1
opensuse IP tables load a boot

hi,
I just spent a day try to get openSUSE11.0 to load some custom iptables settings in conjunction with the SUSEfirewall at boot. I've got it working now so I thought I'd share:

1. forget about trying to set up a script to run like a service with chkconfig. It just won't work (even with S99!). I suspect the firewall flushes the settings later, after these rc.d scripts are executed, it's not clear how or why the settings get ignored but trust me - they will be ignored.

2. You'll need to edit /etc/sysconfig/scripts/SuSEfirewall2-custom. Put the custom iptables commands where appropriate, details are given in the file itself. Do read what is in the file because there is no man page for this.

3. Edit
Code:
 /etc/sysconfig/SuSEfirewall2
change
Code:
FW_CUSTOMRULES=""
to
Code:
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
What I wanted this for was to get postfix to listen on another port as well as 25. Fiddling with postfix itself can produce an open relay and so is not advised. A more elegant solution is to use iptables with the following command:
Code:
iptables -t nat -A PREROUTING -p tcp --dport 1025 -j REDIRECT --to-ports 25
The three steps above show how I got the custom port mapping rule to auto load at boot. If you don't follow the steps then the settings are lost on reboot - a common complaint.

regards
Matteus Blanc
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPtables startup script - Fedora Nickj Linux - Security 2 07-29-2005 09:45 AM
iptables startup script vishamr2000 Linux - Security 3 04-29-2005 09:21 AM
iptables startup script mushmaster Linux - General 12 02-25-2005 01:32 PM
Startup error loading iptables (UDP) linuxnuby Linux - Networking 2 01-28-2004 02:55 PM
autostart iptables script on system startup step Linux - Networking 2 03-21-2003 08:25 AM


All times are GMT -5. The time now is 06:25 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration