need help with /etc/rc.local
hi guys, i am using fedora 10. i want to block few websites from opening for parental control. i tried editing rc.local.
this is the output for gedit /etc/rc.local: #!/bin/sh # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. iptables -I INPUT -s www.orkut.com -d 0/0 -j DROP touch /var/lock/subsys/local iptables -I INPUT -s www.orkut.com -d 0/0 -j DROP exit 0 for some reasons, this command is not initialising while booting. right now i am manually entering it on terminal after logging in and it is working too. can someone help me to put this on work while booting?. please help me with rc.local. thanks in advance. |
Hi Sony,
This works fine on my fedora system...:) Actually "rc.local" will be executed on bootup after all init scripts are completed. However, Try checking /sbin/iptables -L (which will list all IP addresses blocked) after a fresh reboot. The logs should ideally show that given IP packet is dropped. Logs of iptables (for orkut.com) on my Fc7 system: "Chain INPUT (policy ACCEPT) target prot opt source destination DROP 0 -- pq-in-f94.google.com anywhere DROP 0 -- pq-in-f87.google.com anywhere DROP 0 -- pq-in-f86.google.com anywhere DROP 0 -- pq-in-f85.google.com anywhere ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination" |
here is the output
hi praveen, thanks for your support.
i tried /sbin/iptables -L after a fresh reboot as you said. here is the output i got: "Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:bootps ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 anywhere ACCEPT all -- anywhere anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-port-unreachable REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination " so, i think nothing is blocked while initializing. rc.local is not executing. i tried /sbin/iptables -L without rebooting after entering the iptables..command manually on terminal and that gave me somewhat similiar output like you said. so is this that rc.lcal is failing to get executed?. sorry that i made this one little bigger. thanks for your advice. regards. |
Hi Sony,
Actually "/etc/rc.local" will be a soft link to "/etc/rc.d/rc.local". Please check if the file "/etc/rc.d/rc.local" has executable permissions or not. if it doesn't give executable permissions as chmod +x /etc/rc.d/rc.local Also, even if the above procedure didn't work, then try to put your script into "/etc/rc3.d" or "/etc/rc5.d" directory (try googling this procedure) and try it..:) Also please let me know if this works... |
thanks brother
hi praveen,
you know what is one of the best feature of linux?. its of course the community support it provides. well, I executed the chmod. I am in middle of downloading a file so couldn't check if its working. I will definitely let you know how it went. felt really happy to receive your replies. by the way that chmod -x command was a new information for me. also that rc.local can be both in executable and non executable forms.thanks for it. have a great day. update: hi praveen, sorry for delay. was giving my board exams. i fixed the problem accidently. i enabled iptables at boot time with chkconfig iptables on and saved with service iptbles save i simply rebooted and its working fine. thanks for support and advice. regards. |
All times are GMT -5. The time now is 08:46 AM. |