From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1G8RqL-0005bm-Pa for garchives@archives.gentoo.org; Thu, 03 Aug 2006 01:17:46 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.7/8.13.6) with SMTP id k731DDTd025110; Thu, 3 Aug 2006 01:13:13 GMT Received: from qb-out-0506.google.com (qb-out-0506.google.com [72.14.204.233]) by robin.gentoo.org (8.13.7/8.13.6) with ESMTP id k7318ggJ010956 for ; Thu, 3 Aug 2006 01:08:43 GMT Received: by qb-out-0506.google.com with SMTP id z8so11393qbc for ; Wed, 02 Aug 2006 18:08:42 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=NEp1eaICsAXS8wgbjYmpEF3Iq3joc5+VSABXL+BwxdQZ1PGSG8F4MZIfYMMDhtQ8AWPxONH7qDWsRvqhOAYAKLH3j0uZVRyBCqklPoHUChyCEdiQqWIEtJ6uyZqGn5q6li4T/PeVFLqYjkGskg+f9xCfif74PSytK4DilzISXxA= Received: by 10.35.39.2 with SMTP id r2mr2391002pyj; Wed, 02 Aug 2006 18:08:40 -0700 (PDT) Received: from ?192.168.0.101? ( [68.149.191.25]) by mx.gmail.com with ESMTP id t5sm3661167pyc.2006.08.02.18.08.39; Wed, 02 Aug 2006 18:08:39 -0700 (PDT) Message-ID: <44D14C9B.7000106@gmail.com> Date: Wed, 02 Aug 2006 19:08:43 -0600 From: Daniel Huckstep User-Agent: Thunderbird 1.5.0.5 (X11/20060728) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: launching iptables References: <44D11224.9010301@infoline.su> <1154557749.15502.5.camel@orpheus> In-Reply-To: <1154557749.15502.5.camel@orpheus> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: f9452d07-e222-4378-8505-547b3610327f X-Archives-Hash: 0ebe833e6132483ecbe43307de46bb91 > On Wed, 2006-08-02 at 21:13 +0000, James wrote: > >> Alexander Kirillov infoline.su> writes: >> >> >> >>>> Is their a way to get 'rc-update add default' to launch >>>> my_firewall without putting it in the /etc/init.d/ dir and using the >>>> runscipt template for my script? >>>> >>>> thoughts, suggestions and examples are most welcome. >>>> >>> Keep your script in /etc and run it once. >>> >> OK, but how will it get discovered again upon reboot? >> > > when you use iptables-save, your script gets saved in the IPTABLES_SAVE > location in /etc/conf.d/iptables > > >> /etc/init.d/iptables will overwrite what my_firewall.sh does. >> as it is currently doing.... >> >> >> >>> If you have SAVE_ON_STOP="yes" in /etc/conf.d/iptables >>> your rules will be restored whenever you restart iptables. >>> >> Um, maybe I missing something but searching for "SAVE_ON" >> only reveals this line in the /etc/init.d/iptables script: >> > > you're looking in init.d, look in conf.d - this is where you customise > behaviour for init scripts... > > I use webmin to create the initial iptables rules, then edit the file by > hand that I specified in /etc/conf.d/iptables, if I have to. webmin is > pretty good, so usually I don't have to edit anything by hand... > > HTH, > I use fwbuilder, and just made my own basic init script for a firewall... #!/sbin/runscript depend() { need net } start() { ebegin "Starting firewall" /opt/scripts/firewall } stop() { ebegin "Stopping firewall" /opt/scripts/flush-iptables } where /opt/scripts/firewall is the fwbuilder file, and flush-iptables is one to just set them back to basic let everything through state. Daniel -- gentoo-user@gentoo.org mailing list