| 1 |
On Tue, Aug 30, 2005 at 09:26:08PM -0400, Michael Crute wrote: |
| 2 |
> > |
| 3 |
> You should use rc-update to run the startup script. Local is for commands |
| 4 |
> that you want run, not really a great way to run other startup scripts. The |
| 5 |
> command you want is probably `rc-update add rc.firewall default`. |
| 6 |
> -Mike |
| 7 |
|
| 8 |
Last nigh I started to add rc.firewall to the default runlevel, but I |
| 9 |
noticed that there was already an iptables script in /etc/init.d. |
| 10 |
Reading through it, and it companion in /etc/conf.d, it became clear |
| 11 |
that this seemed like the more elegant solution. So I did the following: |
| 12 |
|
| 13 |
/root > /etc/rc.firewall # to start the guarddog firewall |
| 14 |
/root > /etc/init.d/iptables save # to save the current state |
| 15 |
/root > rc-update add iptables default # to start automatically |
| 16 |
/root > reboot |
| 17 |
|
| 18 |
At first this didn't work because the rc.firewall script loaded necessary |
| 19 |
kernel modules for ip-conntrack, etc... I decide to build that |
| 20 |
capability into the kernel instead of using modules. |
| 21 |
|
| 22 |
All is working right now, and I don't have to worry about any changes |
| 23 |
made to guarddog, as the iptables script saves state before shutting |
| 24 |
down. |
| 25 |
|
| 26 |
Thanks for the pointers, |
| 27 |
John - who realizes that he needs a better understanding of initscripts |
| 28 |
|
| 29 |
-- |
| 30 |
Contrary to the lie machine, the world is not safer. |
Archives