Oh i do like to cook ;-) Humor aside: my problem was, I only got this very exotic thing working with masquerading. I sort of got it working without masquerading too, but it was still "to open", i.e. if i used forwarding, my high ports for FTP data connection was open not only when needed. The specs was: http both directions and ftp (passive) only outbound. No services on firewall, nothing else! Of course would I have appreciated it if i could go along with SuSEs FW2 script, that would have saved me endless hours of thinking, trying, failing, frustrating, writing e-mails to this list etc. But, on the other side, during this "voyage" I have learned a lot on how to configure firewalls on SuSE with IPTABLES and I have won a lot more insight on Linux in general. Many people out there have given me - Linux Newbie - very useful tips. Thank You all! And by the way my script now start at boot time... I change the first line in my fw-script to read #!/bin/sh and boot.load and it does just fine. I only wonder why it takes so awfully long time from logging on until KDE loads and is ready to use. Not always, but sometimes... At least it does what it is told to. Cheers Knut Erik -----Original Message----- From: Andy Bennett [mailto:andy@mcrentals.demon.co.uk] Sent: Wednesday, July 30, 2003 4:44 PM To: maxim@mtu.ru Cc: Ulrich Roth; suse-security@suse.com Subject: Re: AW: [suse-security] Loading firewall script on boot time Hi, No problem... Regarding the point in question, though, can I just enquire why Knut is 'cooking his own' script rather than using the SuSEfirewall and custom-script route. It's pretty flexible and you don't need to worry about how to start/stop them. Andy On Wednesday 30 July 2003 13:17, Maxim Cherniavsky wrote:
Andy Bennett wrote:
Hi,
Isn't this what the yast runlevel editor does for you??
Linux makes people lazy :)
Linux boot system is like classical System V, which consist of directrories rc1.d, rc2.d ... (run levels) where you have scripts which begins with "Snn" (statrup script) and "Knn" (kill script) In case of firewall i think the good way to start it after the network is up /etc/init.d/rc3.d/S05network start
P.S. I did not mean to offend anybody in any way :)
Andy
On Wednesday 30 July 2003 11:14, Ulrich Roth wrote:
Hi, Knut Erik,
Why is my fwscript not loaded at boot time? When i do these steps manually, it will work.
You should put your script into /etc/rc.d. Then you have to create a
symbolic link in /etc/rc.d/rcX.d which points to your script. X is the number of your default runlevel. If you don't know your default runlevel, you can have a look at /etc/inittab. There it is defined. The name of the link should begin with S and a high number, e.g. S99, because it should be the last script to be executed. But take care if you install any additional packets afterwards. The system will compute the sequence of the startup scripts again, and your script will then start with S00. This is because some info in your script is missing which tells the system, namely the program insserv, which other scripts/services/daemons have to be started before. I haven't gone very deep into this subject yet. If the SuSE guys have additional info, I appreciate it. Bye Uli
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here