At 01:31 PM 9/01/2001 -0600, you wrote:
Try /etc/rc.d/boot.local --- this is SuSE's suggested place for such items.
--snip-- . /etc/rc.config # # Here you should add things, that should happen directly after booting # before we're going to the first run level.
WRONG! Do NOT run your firewall from boot.local as it will not initialize properly as your interfaces will not be configured correctly. You SHOULD as stated by someone else, create your own startup script for it (which is very easy to do)
Sorry to interfere here... If a firewall (a packetfilter) needs configured interfaces to work, it's probably not worth the time configuring it. Using ipchains, you can safely fill the kernel with firewall rules for interfaces that it doesn't know yet, and the rules will kick in as soon as the interface is up and running (literally...). This is how it is supposed to be. Having firewall rules initialized _after_ the iface is up means a race condition against the system startup speed. Such a race used to be a problem in Marc's SuSEfirewall a few months ago.
Nix - nix@susesecurity.com SuSE-Security FAQ Maintainer
Nix, how do we get together with linking the FAQ to http://www.suse.de/security ?
Thanks,
Roman.
--
- -
| Roman Drahtmüller