iB::Topic::automatic dsl firewall

	Damn Small Linux :: Damn Small Linux Board The DSL Forums

» Welcome Guest
[ Log In :: Register ]

Damn Small Linux Board » Damn Small Linux » DSL Tips and Tricks » automatic dsl firewall

		Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
		Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic

Pages: (7) </ 1 2 3 4 5 [6] 7 >/

[ Track this topic :: Email this topic :: Print this topic ]

Topic: automatic dsl firewall, how to enable the firewall automatically

< Next Oldest | Next Newest >

dougp

Group: Members
Posts: 7
Joined: Feb. 2004

Posted: Aug. 04 2007,18:02

Good stuff on using rc.firewall at its homepage: http://www.256bit.org/rc.firewall.shtml
including this:

> ./rc.firewall start # to start the firewall
> ./rc.firewall stop # to stop the firewall

Verify that everything works :-)
Integrate the script in the sys-v scheme with creating the following links:

> ln -s /etc/rc.firewall /etc/rc.d/init.d/rc.firewall
> ln -s /etc/rc.firewall /etc/rc.d /rc3.d/S<ordernumber> # Starting the script in runlevel 3
> ln -s /etc/rc.firewall /etc/rc.d /rc3.d/K<ordernumber> # Stopping the script in runlevel 3

brianw suggested using 99 (start) and 03 (stop) for the <ordernumber> refered to in the script.
If one wants to use the one line startup suggested by humpty, just where in .xinitrc does one put it? Just before DHCP broadcast starts or after window manager is invoked, since it uses a terminal for startup feedback?

^thehatsrule^ Offline

Group: Members
Posts: 3275
Joined: July 2006

Posted: Aug. 04 2007,20:03

It would have to before the window manager process takes over. Not sure about it relying on dhcp, but it probably doesn't.

Technically though, you should reserve .xinitrc for X user-related things only.

dougp

Group: Members
Posts: 7
Joined: Feb. 2004

Posted: Aug. 04 2007,21:41

Thanks, hats. I was thinking its best to start the firewall before the DHCP 'cause that's what initiaties the Internet connection, right? So you want your firewall up & running <i>before</i> that connection is made, yes? But with the frugal install one can't change the boot parameters, so maybe the only way to get the firewall to start automagically on boot is to do it in .xinitrc with humpty's script. That leaves a short gap between connection to the 'net & firewall start, but that wouldn't be critical, would it?

^thehatsrule^ Offline

Group: Members
Posts: 3275
Joined: July 2006

Posted: Aug. 04 2007,23:33

Well, there's other ones such as bootlocal.sh... it's executed by root and is run only once -- unlike xinitrc

Hm yea, you'd probably have to edit linuxrc if you're a frugal if you wanted it before startup dhcp broadcast (probably there's an easier way with a debian-style hd-install though). But an easier way may be to not set your net up at all (i.e. nodhcp), then manually load the firewall then connect.

lucky13

Group: Members
Posts: 1478
Joined: Feb. 2007

Posted: Aug. 05 2007,00:21

Quote

I was thinking its best to start the firewall before the DHCP

Do it after you have an IP. You're mistaken about .xinitrc in the boot process. It's not first, it's after everything else including DHCP (if detected when you boot). Your .xinitrc is for X-related processes, not system-related processes. Muddling processes like that can lead to confusion in pinning down problems or eveb bigger issues. What will you do about a firewall if X doesn't start (.xinitrc) for some reason?

--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)

31 replies since June 05 2006,17:05

< Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (7) </ 1 2 3 4 5 [6] 7 >/

Damn Small Linux Board » Damn Small Linux » DSL Tips and Tricks » automatic dsl firewall