firewall initialization script

ddaas · 10-09-2004, 12:04 PM

Hi,
Please tell me if I did right in starting my firewall: I edited the /etc/rc.d/rc.M script. At the top of the file I added:

if [ -x /etc/rc.d/firewall.init ]; then
/etc/rc.d/firewall.init
fi

where firewall.init is my iptables rules script.

Is this a good solution for running my firewall script before starting the network interface? Could I do in this in another way?

Thanks for your help,
ddaas

tobyl · 10-09-2004, 01:32 PM

It is generally called from /etc/rc.d/rc.inet2, but i'm sure yours is fine.

If you look in rc.inet2 I think you will find something like your entry looking for rc.firewall. I use guarddog, which puts its iptables rules in /etc/rc.firewall, so I just modified the entry to point there.

rc.M calls rc.inet2 so it is not to important I guess

tobyl

gbonvehi · 10-09-2004, 01:55 PM

I think you should put it in inet2 or simply name the file /etc/rc.d/rc.firewall (which will be called automatically), because hotplug runs in rc.M so maybe your card isn't even recognized before you run the firewall script.
Also, you can put it in /etc/rc.d/rc.local which is there for users to run their own scripts (this one is called after all the init scripts).

Hangdog42 · 10-09-2004, 03:46 PM

Quote:

because hotplug runs in rc.M so maybe your card isn't even recognized before you run the firewall script.

Unless I'm entirely mistaken (always a possibility), you don't need to have an active interface for a firewall to run. In fact I personally think it is a good idea to have a firewall in place before the card gets activated, that way there is no lag time between when your card comes up and when the firewall comes up. No sense giving the bad guys any more opportunities than they already have.