When my Suse linux box boots up my firewall script executes and it errors because it cannot grab my systems IP address because my system has not connected to my ISP yet at that point. How can I execute my firewall script later on during the bootup process so that it will have an IP address to work with. In my firewall script I have a sections where it grabs my IP address from my internet nic and adjusts accordingly.

Ideally you'd like to have the firewall up before the network interfaces come up, so that the system isn't online without a firewall, even if it's only for a few seconds. A way around this is to take the firewall rules that need the IP and run them seperately after the interfaces are up. You can put them in rc.local and have them run last. Some distros actually use multi-stage startup scripts where an initial firewall is run before the interfaces come up and then a second startup script is run afterwards.

It's a good idea to make sure that running those rules seperately doesn't weaken your firewall or block necessary startup traffic (like dhcp).

Currently, that is where my firewall script reference is located (in suse - boot.local). Maybe I just modify my script and take that auto ip detection out and just play with it a little!

that's weird... if boot.local is the suse equivalent of rc.local then it should definitely be getting executed AFTER the network (and everything else) is up... perhaps it's not the equivalent then??

BTW, you've confirmed that if you manually execute the script yourself after having booted it works fine, no?? i ask just to rule-out a problem with your script itself...

BTW, if you remove the IP detection from the script, then i recommend that instead of using boot.local/rc.local you use the regular iptables-save command for saving the new firewall configuration after executing the script manually...

I'm using SuSE 9.2. The SuSE firewall scripts on my machine are called as part of the boot process when all of the rc?.d scripts are executed. There are three SuSE firewall scripts labeled init, setup, and final. They are ordered as follows:

rc3.d/S01SuSEfirewall2_init
rc3.d/S05network
rc3.d/S13SuSEfirewall2_setup
rc3.d/S21SuSEfirewall2_final

I'd really be surprised if SuSE has dramatically changed this approach in version 10, but maybe I am going to be surprised when I get v10.

I am not using Suse Firewall, I am using a script that I have made up myself. You can see here that the script runs before my system grabs an IP! I will post my boot.msg:

doneSetting current sysctl status from /etc/sysctl.conf
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.conf.all.rp_filter = 1
done
Enabling syn flood protectiondone
Disabling IP forwardingdone
done
System Boot Control: The system has been set up
System Boot Control: Running /etc/init.d/boot.local
Starting Firewall...
External Interface: eth1
eth1: error fetching interface information: Device not found
Aborting: Unable to determine the IP-address of eth1 !
failed<notice>killproc: kill(1676,3)
INIT: Entering runlevel: 3
Boot logging started on /dev/tty1(/dev/console) at Wed Dec 21 14:12:56 2005
Master Resource Control: previous runlevel: N, switching to runlevel: 3
<notice>checkproc: /sbin/udevd 2348<notice>checkproc: /sbin/udevd 1737
Starting D-BUS daemon<notice>startproc: execve (/usr/bin/dbus-daemon) [ /usr/bin/dbus-daemon --system ], [ CONSOLE=/dev/consol
e ROOTFS_FSTYPE=reiserfs TERM=linux SHELL=/bin/sh ROOTFS_FSCK=0 LC_ALL=POSIX INIT_VERSION=sysvinit-2.85 REDIRECT=/dev/tty1 COL
UMNS=80 PATH=/sbin:/usr/sbin:/bin:/usr/bin:/lib/klibc/bin RUNLEVEL=3 PWD=/ SPLASHCFG= PREVLEVEL=N LINES=25 HOME=/ SHLVL=2 spla
sh=silent SPLASH=no ROOTFS_BLKDEV=/dev/system/root _=/sbin/startproc DAEMON=/usr/bin/dbus-daemon ]
done
Setting up network interfaces:
lo
Initializing random number generatordone
<notice>startproc: execve (/sbin/resmgrd) [ /sbin/resmgrd ], [ CONSOLE=/dev/console ROOTFS_FSTYPE=reiserfs TERM=linux SHELL=/b
in/sh ROOTFS_FSCK=0 LC_ALL=POSIX INIT_VERSION=sysvinit-2.85 REDIRECT=/dev/tty1 COLUMNS=80 PATH=/sbin:/usr/sbin:/bin:/usr/bin:/
lib/klibc/bin RUNLEVEL=3 PWD=/ SPLASHCFG= PREVLEVEL=N LINES=25 HOME=/ SHLVL=2 splash=silent SPLASH=no ROOTFS_BLKDEV=/dev/syste
m/root _=/sbin/startproc DAEMON=/sbin/resmgrd ]
Starting resource managerdone
lo IP address: 127.0.0.1/8
doneWaiting for mandatory devices: eth-eth0 eth-eth3 eth-id-00:11:95:24:61:cc
17
eth3 device: 3Com Corporation 3c905C-TX/TX-M [Tornado] (rev 78)
eth3 configuration: eth-eth3
eth3 IP address: 192.168.3.1/25
done eth4 device: D-Link System Inc RTL8139 Ethernet (rev 10)
eth4 configuration: eth-id-00:11:95:24:61:cc
eth4 IP address: 192.168.2.1/25
doneWaiting for mandatory devices: eth-eth0
9 8 <notice>pidofproc: dhcpcd 3897

eth0 device: Intel Corporation 82557/8/9 [Ethernet Pro 100] (rev 02)
eth0 configuration: eth-eth0
eth0 DHCP client (dhcpcd) is running
eth0 IP address: XX.XXX.XX.XXX/XX
doneSetting up service network . . . . . . . . . . . . . . . .done


BTW

WIN32SUX - many thanks for you input on my voip phone setup. I still have not tried it out yet but as soon as I get some time to play with it I will give a shot.