-   Debian (
-   -   startup script to set up iptables rules doesn't run (

alexfittyfives 06-01-2004 02:36 AM

startup script to set up iptables rules doesn't run
I have written a script to set up my iptables rules on my debian box but I can't seem to get it to run at boot. I've put it in /etc/init.d/ and have tried linking to it from various rc*.d (prefixing the name with S20 or some other number) but it doesn't seem to run. Which runlevel should I run this from? Am I missing a step? Where can I look in my logs for any further clues?



Dead Parrot 06-01-2004 07:07 AM

Debian follows the common Linux runlevel usage -- runlevel 0 is used for halt, 1 for the single user mode, 6 for reboot and runlevels 2-5 for multiuser mode. Debian defaults to runlevel 2, defined at the beginning of /etc/inittab (id:2:initdefault).

In Debian init scripts are in /etc/init.d/ but the handling of these init scripts for different runlevels takes place in /etc/rc{1-6}.d/ directories that contain symlinks to the actual scripts in /etc/init.d/. For example, you may have symlink "S99xdm" in /etc/rc2.d/ to run xdm in runlevel 2. The "S" part stands for "start", the "99" part tells that the script is to be run in the very end of the init process, and the "xdm" part verifies that it is a symlink to the /etc/init.d/xdm script. Removing this symlink ensures that xdm will not be run when the computer boots into runlevel 2.

In Debian there's a nifty utility called "update-rc.d" that can be used to handle the various symlinks to init scripts. "man update-rc.d" will tell you about the syntax of the update-rc.d command.

When you place your own init scripts into /etc/init.d/, remember to make sure that they are executables (chmod 755 /etc/init.d/myscript). After you've placed your init script ("myscript") into /etc/init.d/ (and made it executable), you can create the necessary symlinks with update-rc.d. For example, if you want to start "myscript" with number 20 (to make sure it is started before other scripts that have number 21 or bigger), you can do

# update-rc.d myscript start 20 2 3 4 5 . stop 20 0 1 6 .

This will create a symlink "S20myscript" into /etc/rc{2-5}.d/ and symlink "K20myscript" into /etc/rc{0-1,6}.d/ so that the /etc/init.d/myscript is run every time the Debian system enters runlevels 2-5 and it is stopped/killed when system is halted or rebooted or enters the single user mode.

Of course, you can create or delete the symlinks without using update-rc.d, but it's easy to get confused with all these symlinks, so using update-rc.d is actually a pretty handy way to ensure that you don't have any unwanted (possibly conflicting) symlinks "hanging around" somewhere after you thought you removed them all.

alexfittyfives 06-01-2004 08:21 PM

Thanks Dead Parrot, update-rc.d seems to be exactly what I need. As far as choosing where in the order that this script runs, will it suffice to have it run after the scripts that set up my networking? Is there somewhere I can go for a rundown of conventions/rules regarding startup script ordering?

All times are GMT -5. The time now is 03:40 AM.