Mailinglist Archive: opensuse-security (359 mails)

< Previous Next >
RE: AW: [suse-security] Loading firewall script on boot time
  • From: "Knut Erik Hauslo" <KNUTH@xxxxxxxxxxxx>
  • Date: Wed, 30 Jul 2003 15:57:23 +0200
  • Message-id: <84ECB0B9D002A54EA3E926AAA94E5808019108@xxxxxxxxxxxxxx>
Oh i do like to cook ;-)

Humor aside: my problem was, I only got this very exotic thing working
with masquerading. I sort of got it working without masquerading too,
but it was still "to open", i.e. if i used forwarding, my high ports for
FTP data connection was open not only when needed.

The specs was: http both directions and ftp (passive) only outbound. No
services on firewall, nothing else!

Of course would I have appreciated it if i could go along with SuSEs FW2
script, that would have saved me endless hours of thinking, trying,
failing, frustrating, writing e-mails to this list etc.

But, on the other side, during this "voyage" I have learned a lot on how
to configure firewalls on SuSE with IPTABLES and I have won a lot more
insight on Linux in general.

Many people out there have given me - Linux Newbie - very useful tips.
Thank You all!

And by the way my script now start at boot time... I change the first
line in my fw-script to read #!/bin/sh and boot.load and it does just
fine. I only wonder why it takes so awfully long time from logging on
until KDE loads and is ready to use. Not always, but sometimes...

At least it does what it is told to.

Cheers
Knut Erik

-----Original Message-----
From: Andy Bennett [mailto:andy@xxxxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, July 30, 2003 4:44 PM
To: maxim@xxxxxx
Cc: Ulrich Roth; suse-security@xxxxxxxx
Subject: Re: AW: [suse-security] Loading firewall script on boot time


Hi,

No problem...

Regarding the point in question, though, can I just enquire why Knut is
'cooking his own' script rather than using the SuSEfirewall and
custom-script
route. It's pretty flexible and you don't need to worry about how to
start/stop them.

Andy


On Wednesday 30 July 2003 13:17, Maxim Cherniavsky wrote:
> Andy Bennett wrote:
> >Hi,
> >
> >Isn't this what the yast runlevel editor does for you??
>
> Linux makes people lazy :)
>
> Linux boot system is like classical System V, which consist of
> directrories rc1.d, rc2.d ... (run levels) where you have scripts
> which begins with "Snn" (statrup script) and "Knn" (kill script)
> In case of firewall i think the good way to start it after the network
is
> up /etc/init.d/rc3.d/S05network start
>
> P.S. I did not mean to offend anybody in any way :)
>
> >Andy
> >
> >On Wednesday 30 July 2003 11:14, Ulrich Roth wrote:
> >>Hi, Knut Erik,
> >>
> >>>Why is my fwscript not loaded at boot time? When i do these steps
> >>>manually, it will work.
> >>
> >>You should put your script into /etc/rc.d. Then you have to create a

> >>symbolic link in /etc/rc.d/rcX.d which points to your script. X is
> >>the number of your default runlevel. If you don't know your default
> >>runlevel, you can have a look at /etc/inittab. There it is defined.
> >>The name of the link should begin with S and a high number, e.g.
> >>S99, because it should be the last script to be executed. But take
> >>care if you install any additional packets afterwards. The system
> >>will compute the sequence of the startup scripts again, and your
> >>script will then start with S00. This is because some info in your
> >>script is missing which tells the system, namely the program
> >>insserv, which other scripts/services/daemons have to be started
> >>before. I haven't gone very deep into this subject yet. If the SuSE
> >>guys have additional info, I appreciate it. Bye
> >> Uli


--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here


< Previous Next >