1 |
Alon Bar-Lev <alonbl@g.o> writes: |
2 |
|
3 |
> On 7 November 2015 at 20:21, lee <lee@××××××××.de> wrote: |
4 |
>> Alon Bar-Lev <alonbl@g.o> writes: |
5 |
>> |
6 |
>>>> How does pppoe work together with shorewall and bind? |
7 |
>>>> |
8 |
>>>> When I stop the net.ppp0 service, shorewall is automatically stopped as |
9 |
>>>> well. When I start net.ppp0, shorewall is not started automatically. |
10 |
>>>> |
11 |
>>>> I would like to automatically have net.ppp0 first started and then |
12 |
>>>> shorewall. |
13 |
>>> |
14 |
>>> usually the firewall service should be started before all interfaces |
15 |
>>> (except lo). |
16 |
>>> add the following to /etc/conf.d/net.ppp0: |
17 |
>>> --- |
18 |
>>> rc_net_ppp0_need="firewall net.enp2s0" |
19 |
>>> --- |
20 |
>> |
21 |
>> Thanks! I copied net.lo to net.ppp0 and put it at the top so it now |
22 |
>> goes: |
23 |
>> |
24 |
>> |
25 |
>> #!/sbin/runscript |
26 |
>> # Copyright (c) 2007-2009 Roy Marples <roy@×××××××.name> |
27 |
>> # Released under the 2-clause BSD license. |
28 |
>> |
29 |
>> MODULESDIR="/lib/netifrc/net" |
30 |
>> MODULESLIST="${RC_SVCDIR}/nettree" |
31 |
>> _config_vars="config routes" |
32 |
> |
33 |
> you do not need these^ |
34 |
|
35 |
They were already there, so I'll leave them. |
36 |
|
37 |
>> rc_net_ppp0_need="firewall net.enp2s0" |
38 |
>> |
39 |
> |
40 |
> you do need ^ |
41 |
|
42 |
I took it out because when shorewall is started before ppp0 is up, |
43 |
shorewall says it can't do things with ppp0. So I think ppp0 needs to |
44 |
be up for shorewall to work right and things have to be started in an |
45 |
undesirable order (unless perhaps I would restart shorewall when ppp0 is |
46 |
up). |
47 |
|
48 |
What's the right way of handling this? |
49 |
|
50 |
>> I'm not sure if that's right --- I guess I shouldn't make a copy? |
51 |
> |
52 |
> correct :) |
53 |
|
54 |
ok |
55 |
|
56 |
>>> this will make sure that the ppp0 interface is started after both |
57 |
>>> firewall and enp2s0. |
58 |
>>> |
59 |
>>> I also have the following in /etc/rc.conf to avoid stopping services |
60 |
>>> while network is down: |
61 |
>>> --- |
62 |
>>> rc_hotplug="!net.enp2s0 !net.ppp*" |
63 |
>>> --- |
64 |
>> |
65 |
>> The comment in /etc/rc.conf says no hotplugging is done by default. |
66 |
>> IIUC, you are hotplugging 'net.enp2s0' and 'net.ppp*'? So allowing to |
67 |
>> hotplug them would kinda make them independent of other services, or |
68 |
>> other services independent from them? |
69 |
> |
70 |
> no... the opposite, we do not want to be effected (! == not) by |
71 |
> hotplug of these devices. |
72 |
|
73 |
The description of this option says: |
74 |
|
75 |
,---- |
76 |
| # rc_hotplug is a list of services that we allow to be hotplugged. |
77 |
| # By default we do not allow hotplugging. |
78 |
| # A hotplugged service is one started by a dynamic dev manager when a matching |
79 |
| # hardware device is found. |
80 |
| # This service is intrinsically included in the boot runlevel. |
81 |
| # To disable services, prefix with a ! |
82 |
| # Example - rc_hotplug="net.wlan !net.*" |
83 |
| # This allows net.wlan and any service not matching net.* to be plugged. |
84 |
| # Example - rc_hotplug="*" |
85 |
| # This allows all services to be hotplugged |
86 |
| #rc_hotplug="*" |
87 |
`---- |
88 |
|
89 |
With 'rc_hotplug="!net.enp2s0 !net.ppp*"', you would: |
90 |
|
91 |
|
92 |
[1] forbid 'net.enp2s0' to be hotplugged and |
93 |
[2] allow all services that do not match 'net.ppp*' to be hotplugged. |
94 |
|
95 |
|
96 |
[1] is not necessary because nothing can be hotplugged by default. |
97 |
[2] is very likely /not/ what you want --- or why would you want this. |
98 |
|
99 |
|
100 |
Aside from this, what exactly happens when you allow a service to be |
101 |
hotplugged? Is this service never started by openrc because openrc |
102 |
figures that the service is started otherwise (like by a device |
103 |
manager)? What does it do about services that depend on a service that |
104 |
can be hotplugged? |
105 |
|
106 |
|
107 |
And yet another question: |
108 |
|
109 |
Does rc-update, or something else, monitor the scripts in /etc/init.d? |
110 |
When I remove a script, or a link to one, from there, 'rc-update show' |
111 |
doesn't show the removed script anymore, and it cannot be deleted from |
112 |
its runlevel. |