| 1 |
Alon Bar-Lev <alonbl@g.o> writes: |
| 2 |
|
| 3 |
> On 7 November 2015 at 20:21, lee <lee@××××××××.de> wrote: |
| 4 |
>> Alon Bar-Lev <alonbl@g.o> writes: |
| 5 |
>> |
| 6 |
>>>> How does pppoe work together with shorewall and bind? |
| 7 |
>>>> |
| 8 |
>>>> When I stop the net.ppp0 service, shorewall is automatically stopped as |
| 9 |
>>>> well. When I start net.ppp0, shorewall is not started automatically. |
| 10 |
>>>> |
| 11 |
>>>> I would like to automatically have net.ppp0 first started and then |
| 12 |
>>>> shorewall. |
| 13 |
>>> |
| 14 |
>>> usually the firewall service should be started before all interfaces |
| 15 |
>>> (except lo). |
| 16 |
>>> add the following to /etc/conf.d/net.ppp0: |
| 17 |
>>> --- |
| 18 |
>>> rc_net_ppp0_need="firewall net.enp2s0" |
| 19 |
>>> --- |
| 20 |
>> |
| 21 |
>> Thanks! I copied net.lo to net.ppp0 and put it at the top so it now |
| 22 |
>> goes: |
| 23 |
>> |
| 24 |
>> |
| 25 |
>> #!/sbin/runscript |
| 26 |
>> # Copyright (c) 2007-2009 Roy Marples <roy@×××××××.name> |
| 27 |
>> # Released under the 2-clause BSD license. |
| 28 |
>> |
| 29 |
>> MODULESDIR="/lib/netifrc/net" |
| 30 |
>> MODULESLIST="${RC_SVCDIR}/nettree" |
| 31 |
>> _config_vars="config routes" |
| 32 |
> |
| 33 |
> you do not need these^ |
| 34 |
|
| 35 |
They were already there, so I'll leave them. |
| 36 |
|
| 37 |
>> rc_net_ppp0_need="firewall net.enp2s0" |
| 38 |
>> |
| 39 |
> |
| 40 |
> you do need ^ |
| 41 |
|
| 42 |
I took it out because when shorewall is started before ppp0 is up, |
| 43 |
shorewall says it can't do things with ppp0. So I think ppp0 needs to |
| 44 |
be up for shorewall to work right and things have to be started in an |
| 45 |
undesirable order (unless perhaps I would restart shorewall when ppp0 is |
| 46 |
up). |
| 47 |
|
| 48 |
What's the right way of handling this? |
| 49 |
|
| 50 |
>> I'm not sure if that's right --- I guess I shouldn't make a copy? |
| 51 |
> |
| 52 |
> correct :) |
| 53 |
|
| 54 |
ok |
| 55 |
|
| 56 |
>>> this will make sure that the ppp0 interface is started after both |
| 57 |
>>> firewall and enp2s0. |
| 58 |
>>> |
| 59 |
>>> I also have the following in /etc/rc.conf to avoid stopping services |
| 60 |
>>> while network is down: |
| 61 |
>>> --- |
| 62 |
>>> rc_hotplug="!net.enp2s0 !net.ppp*" |
| 63 |
>>> --- |
| 64 |
>> |
| 65 |
>> The comment in /etc/rc.conf says no hotplugging is done by default. |
| 66 |
>> IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'? So allowing to |
| 67 |
>> hotplug them would kinda make them independent of other services, or |
| 68 |
>> other services independent from them? |
| 69 |
> |
| 70 |
> no... the opposite, we do not want to be effected (! == not) by |
| 71 |
> hotplug of these devices. |
| 72 |
|
| 73 |
The description of this option says: |
| 74 |
|
| 75 |
,---- |
| 76 |
| # rc_hotplug is a list of services that we allow to be hotplugged. |
| 77 |
| # By default we do not allow hotplugging. |
| 78 |
| # A hotplugged service is one started by a dynamic dev manager when a matching |
| 79 |
| # hardware device is found. |
| 80 |
| # This service is intrinsically included in the boot runlevel. |
| 81 |
| # To disable services, prefix with a ! |
| 82 |
| # Example - rc_hotplug="net.wlan !net.*" |
| 83 |
| # This allows net.wlan and any service not matching net.* to be plugged. |
| 84 |
| # Example - rc_hotplug="*" |
| 85 |
| # This allows all services to be hotplugged |
| 86 |
| #rc_hotplug="*" |
| 87 |
`---- |
| 88 |
|
| 89 |
With 'rc_hotplug="!net.enp2s0 !net.ppp*"', you would: |
| 90 |
|
| 91 |
|
| 92 |
[1] forbid 'net.enp2s0' to be hotplugged and |
| 93 |
[2] allow all services that do not match 'net.ppp*' to be hotplugged. |
| 94 |
|
| 95 |
|
| 96 |
[1] is not necessary because nothing can be hotplugged by default. |
| 97 |
[2] is very likely /not/ what you want --- or why would you want this. |
| 98 |
|
| 99 |
|
| 100 |
Aside from this, what exactly happens when you allow a service to be |
| 101 |
hotplugged? Is this service never started by openrc because openrc |
| 102 |
figures that the service is started otherwise (like by a device |
| 103 |
manager)? What does it do about services that depend on a service that |
| 104 |
can be hotplugged? |
| 105 |
|
| 106 |
|
| 107 |
And yet another question: |
| 108 |
|
| 109 |
Does rc-update, or something else, monitor the scripts in /etc/init.d? |
| 110 |
When I remove a script, or a link to one, from there, 'rc-update show' |
| 111 |
doesn't show the removed script anymore, and it cannot be deleted from |
| 112 |
its runlevel. |
Archives