How do I run a script when network's brought up in Debian?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How do I run a script when network's brought up in Debian?
I'm basically trying to get iptables/firewalling set up in debian. I've verified that the iptables module is loaded, and I've put my firewall script in /etc/network/if-up.d but it doesn't seem to be getting executed (it does have its execute bits set by the way). I know the script isn't getting run, because it's supposed to echo "firewall started", but grepping output from dmesg returns nothing.
Is /etc/network/if-up.d the place to put scripts that you'd like started when the network is brought up?
If it's in if-up.d, then it should run for every interface that comes up. Rather than grep through dmesg, what happens if you just do:
ifdown eth0; ifup eth0
?
If you are connecting via SSH, try bouncing lo instead of eth0 for testing.
To make the script work on one specific interface, add "up /path/to/script" to the /etc/network/interfaces file instead.
As I recall, dmesg only prints kernel boot messages. Bringing interfaces up is, as I recall, handled by init (or a service called by init, I forget which). init is the first program loaded after the kernel has finished booting, thus you will not find any interface loading information in dmesg, regardless of weather it's working or not.
perhaps you would be better off putting something like :
echo "Firewall brought up successfully at $(date)" > /root/firewalllog
into your firewall script... thus you will be able to tell if it loaded successfully or not.
You need to configure it to initiate during boot sequence. Lets call the script firewall.
Put the sciript in /etc/init.d then do the following;
ln -s /etc/init.d/firewall /rc2.d/S89firewall then
ln -s /etc/init.d/firewall /rc3.d/S89firewall then
ln -s /etc/init.d/firewall /rc4.d/S89firewall then
ln -s /etc/init.d/firewall /rc5.d/S89firewall
to get it running do /etc/init.d/firewall start
When you boot the system the script will be run and if you have ouput it will notify you of the fact.
I ran 'ifdown eth0; ifup eth0' and apparently my script wasn't being started, so I tried your approach (added 'up ...' to /etc/network/interfaces), CroMagnon, and it worked great:
Code:
iface eth0 inet dhcp
up /etc/network/if-up.d/start_firewall.sh
post-down /etc/network/if-post-down.d/stop_firewall.sh
I also have a script for flushing all the tables and deleting the user created ones after the interface is brought down, as you can see above. Is that script necessary?
urzumph <- Thanks for the clarification about dmesg. I didn't know it's only for kernel messages, of which bringing interfaces up isn't a part of.
TigerOC, which approach do you think is better? The one you suggested, which involves creating sym links for all the run-levels in which you anticipate the firewall to be useful, or using CroMagnon's solution, which, I hope, ensures that the firewall is started everytime the eth0 interface is brought up? (I'm sort of biased towards the latter, but it's just my intuition, because I'm a fairly new Linux user.)
Also, you said
Originally posted by nazdrowie TigerOC, which approach do you think is better? The one you suggested, which involves creating sym links for all the run-levels in which you anticipate the firewall to be useful, or using CroMagnon's solution, which, I hope, ensures that the firewall is started everytime the eth0 interface is brought up? (I'm sort of biased towards the latter, but it's just my intuition, because I'm a fairly new Linux user.)
Also, you said . In what file in Debian would I place that line?
I'm ultra cautious because I run an "always on ADSL" connection so I want the firewall active when the networking starts. The /etc/init.d/firewall start is a cli command. This means start it without reboot /etc/init.d/firewall stop will bring it down and /etc/init.d/firewall restart will obviously restart if you tweaked the parameters and wanted to start it again.
If you want to make sure the firewall script is run before the interface starts, change the "up (script)" line to "pre-up (script)" instead The four commands possible are up, pre-up, down, and post-down.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.