Good stuff on using rc.firewall at its homepage: http://www.256bit.org/rc.firewall.shtml including this:
> ./rc.firewall start # to start the firewall > ./rc.firewall stop # to stop the firewall
Verify that everything works :-) Integrate the script in the sys-v scheme with creating the following links:
> ln -s /etc/rc.firewall /etc/rc.d/init.d/rc.firewall > ln -s /etc/rc.firewall /etc/rc.d /rc3.d/S<ordernumber> # Starting the script in runlevel 3 > ln -s /etc/rc.firewall /etc/rc.d /rc3.d/K<ordernumber> # Stopping the script in runlevel 3
brianw suggested using 99 (start) and 03 (stop) for the <ordernumber> refered to in the script. If one wants to use the one line startup suggested by humpty, just where in .xinitrc does one put it? Just before DHCP broadcast starts or after window manager is invoked, since it uses a terminal for startup feedback?It would have to before the window manager process takes over. Not sure about it relying on dhcp, but it probably doesn't.
Technically though, you should reserve .xinitrc for X user-related things only.Thanks, hats. I was thinking its best to start the firewall before the DHCP 'cause that's what initiaties the Internet connection, right? So you want your firewall up & running <i>before</i> that connection is made, yes? But with the frugal install one can't change the boot parameters, so maybe the only way to get the firewall to start automagically on boot is to do it in .xinitrc with humpty's script. That leaves a short gap between connection to the 'net & firewall start, but that wouldn't be critical, would it?Well, there's other ones such as bootlocal.sh... it's executed by root and is run only once -- unlike xinitrc
Hm yea, you'd probably have to edit linuxrc if you're a frugal if you wanted it before startup dhcp broadcast (probably there's an easier way with a debian-style hd-install though). But an easier way may be to not set your net up at all (i.e. nodhcp), then manually load the firewall then connect.
Quote
I was thinking its best to start the firewall before the DHCP
Do it after you have an IP. You're mistaken about .xinitrc in the boot process. It's not first, it's after everything else including DHCP (if detected when you boot). Your .xinitrc is for X-related processes, not system-related processes. Muddling processes like that can lead to confusion in pinning down problems or eveb bigger issues. What will you do about a firewall if X doesn't start (.xinitrc) for some reason?Next Page...
original here.