LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris
User Name
Password
Solaris / OpenSolaris This forum is for the discussion of Solaris, OpenSolaris, OpenIndiana, and illumos.
General Sun, SunOS and Sparc related questions also go here. Any Solaris fork or distribution is welcome.

Notices


Reply
  Search this Thread
Old 06-03-2017, 02:47 PM   #1
birdy-97
LQ Newbie
 
Registered: Jun 2017
Location: Santa Cruz, California
Distribution: Debian 8.7, OpenIndiana 17.10, Centos 7, Linux Mint
Posts: 18

Rep: Reputation: Disabled
how to enable firewall on boot/reboot with openindiana?


Hello every one,

I was just wondering if any one knew how to setup ipfilter using custom settings to be enabled on boot/reboot. I have been trying out some Solaris init scripts. The scripts do work on a cold boot, but not on a reboot. So I was wondering if there is a better way to do enable this at boot?
By the way, I'm running the latest release of OI on my test server.

Thanks in advanced,

birdy-97
 
Old 06-03-2017, 06:41 PM   #2
rigor
Member
 
Registered: Sep 2011
Posts: 271

Rep: Reputation: Disabled
Hi birdy-97,

With what init state do you have the script associated?

Also, when you reboot, what command are you using to reboot?

Last edited by rigor; 06-03-2017 at 06:56 PM.
 
Old 06-03-2017, 10:12 PM   #3
birdy-97
LQ Newbie
 
Registered: Jun 2017
Location: Santa Cruz, California
Distribution: Debian 8.7, OpenIndiana 17.10, Centos 7, Linux Mint
Posts: 18

Original Poster
Rep: Reputation: Disabled
Thank you for responding rigor,

The init script number that I'm associating the script is 3. I thought it should fit since all the services start in run level 3.
If it helps here is my start up script that is located in /etc/init.d/ and is also linked statically to /etc/rc3.d/S20pkcfirewall
Code:
#!/bin/sh
# Start up script to enable the firewall
case $1 in

'start')
#put startup commands here

svcadm enable ipfilter
svcadm enable ipfilter

#load custom configuration

#Enable custom firewall rules for ipfilter...

 svccfg -s ipfilter:default setprop \
   firewall_config_default/policy = astring: "custom"

 svccfg -s ipfilter:default setprop \
   firewall_config_default/custom_policy_file = astring: \
   "/etc/ipf/ipf.conf"

 svcadm refresh ipfilter:default

;;
'stop')
#stop service
;;
*)
echo "Usage: $0 start|stop" >&2
exit 1
;;
esac
exit 0
I got the script from a web site from 2006, I think it was UNIX forums or something, I'll post it once I find the pdf I saved.

To answer your other question, I have been using shutdown -y -i 6, although before finding this shutdown command. I have been using reboot. But both do not start up the script.

Last edited by birdy-97; 06-03-2017 at 10:13 PM.
 
Old 06-04-2017, 01:32 AM   #4
rigor
Member
 
Registered: Sep 2011
Posts: 271

Rep: Reputation: Disabled
Thanks for the additional info. Are you sure that everything on which your script depends is started by the point at which it tries to run?

What messages are put in the logs when the script is running?
 
Old 06-04-2017, 07:04 PM   #5
birdy-97
LQ Newbie
 
Registered: Jun 2017
Location: Santa Cruz, California
Distribution: Debian 8.7, OpenIndiana 17.10, Centos 7, Linux Mint
Posts: 18

Original Poster
Rep: Reputation: Disabled
So I think I fixed the problem, the script now executes on shutdowns and reboots! I didn't think that all of those services had been setup at the exact time the script starts, but it gave me an idea. Instead of the script running just as a script, I made a script in /usr/local/bin/ called firewall that did the commands for starting up the service, but I made it wait 15 seconds to execute. The reason for 15 sec delay, is because it will apply the changes around the same time the login prompt is started. As well as when the dependencies have started to run. Along with this, I put the execution in the background, since I didn't know nor want to find out if the load/boot process would hang.

Here is what the init script looks like now:

Code:
#!/bin/sh
# Start up script to enable the firewall
case $1 in

'start')
#load custom configuration

/usr/local/bin/firewall &

;;
'stop')
#stop service
;;
*)
echo "Usage: $0 start|stop" >&2
exit 1
;;
esac
exit 0
Along with my firewall script in /usr/local/bin/ :

Code:
#!/bin/sh
#wait for system to bootup and services start
sleep 15 
#Enable custom firewall rules for ipfilter...
svcadm enable ipfilter

 svccfg -s ipfilter:default setprop \
   firewall_config_default/policy = astring: "custom"

 svccfg -s ipfilter:default setprop \
   firewall_config_default/custom_policy_file = astring: \
   "/etc/ipf/ipf.conf"

 svcadm refresh ipfilter:default
Here is the svcs -xv on a cold boot:
Code:
root@openindiana:~# svcs -xv ipfilter
svc:/network/ipfilter:default (IP Filter)
 State: online since June  4, 2017 04:27:16 PM PDT
   See: man -M /usr/share/man -s 5 ipfilter
   See: /var/svc/log/network-ipfilter:default.log
Impact: None.
Here is the ipfilter log:
Code:
[ Jun  4 16:26:38 Rereading configuration. ]
[ Jun  4 16:26:39 Executing start method ("/lib/svc/method/ipfilter start"). ]
Set 0 now inactive
filter sync'd
0 entries flushed from NAT table
4 entries flushed from NAT list
[ Jun  4 16:26:39 Method "start" exited with status 0. ]
[ Jun  4 16:26:39 Stopping because service disabled. ]
[ Jun  4 16:26:39 Executing stop method ("/lib/svc/method/ipfilter stop"). ]
[ Jun  4 16:26:39 Method "stop" exited with status 0. ]
[ Jun  4 16:26:49 Rereading configuration. ]
[ Jun  4 16:27:05 Rereading configuration. ]
[ Jun  4 16:27:06 Rereading configuration. ]
[ Jun  4 16:27:16 Enabled. ]
[ Jun  4 16:27:16 Rereading configuration. ]
[ Jun  4 16:27:16 Executing start method ("/lib/svc/method/ipfilter start"). ]
Set 0 now inactive
filter sync'd
0 entries flushed from NAT table
4 entries flushed from NAT list
[ Jun  4 16:27:16 Method "start" exited with status 0. ]
Along with /var/adm/messages

Code:
Jun  4 16:27:16 openindiana ipf: [ID 774698 kern.info] IP Filter: v4.1.9, running.

Last edited by birdy-97; 06-04-2017 at 07:06 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Can't boot Openindiana in a winxp/slackware14.1/OI multiboot system xiongnu Slackware 4 12-22-2016 04:21 PM
[SOLVED] Can't boot Openindiana in a winxp/slackware14.1/OI multiboot system xiongnu Solaris / OpenSolaris 3 12-22-2016 03:16 PM
GRUB Error 15: Dual Boot Slack and OpenIndiana x360539 Slackware 4 06-28-2011 02:13 PM
[SOLVED] openindiana how to boot into single user mode? struct Linux - Server 3 03-07-2011 03:21 AM
enable changes to /etc/hosts without reboot? vrillusions Linux - Networking 4 05-17-2004 09:42 AM

LinuxQuestions.org > Forums > Other *NIX Forums > Solaris / OpenSolaris

All times are GMT -5. The time now is 07:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration