View previous topic :: View next topic |
Author |
Message |
_easyrider_ Apprentice
Joined: 02 May 2003 Posts: 238 Location: Denmark
|
Posted: Thu Dec 18, 2003 4:25 pm Post subject: Init start sequence |
|
|
I would like to know if it i possible to start my firewall before my net interfaces, because right now, my net interfaces are being startet before the firewall and i would like to change that. Is that possible? |
|
Back to top |
|
|
Angrybob Guru
Joined: 19 Apr 2003 Posts: 575
|
Posted: Thu Dec 18, 2003 4:56 pm Post subject: |
|
|
but since no network services startup before the network card is brought up there's no security risk right? |
|
Back to top |
|
|
_easyrider_ Apprentice
Joined: 02 May 2003 Posts: 238 Location: Denmark
|
Posted: Thu Dec 18, 2003 6:26 pm Post subject: |
|
|
I qould just feel more safe, with the firewall starting before the network interfaces comes up. |
|
Back to top |
|
|
nerdbert l33t
Joined: 09 Feb 2003 Posts: 981 Location: Berlin
|
Posted: Thu Dec 18, 2003 7:08 pm Post subject: |
|
|
why don't you modify the init scripts of your net interfaces. Put something like "need firewall" into the depend() section.
I guess it's worth a try. |
|
Back to top |
|
|
_easyrider_ Apprentice
Joined: 02 May 2003 Posts: 238 Location: Denmark
|
Posted: Thu Dec 18, 2003 7:29 pm Post subject: |
|
|
Don't know really know hov to do that.. Is there not any other way to change the start sequence of the different apps?. |
|
Back to top |
|
|
nerdbert l33t
Joined: 09 Feb 2003 Posts: 981 Location: Berlin
|
Posted: Thu Dec 18, 2003 7:54 pm Post subject: |
|
|
_easyrider_ wrote: | Don't know really know hov to do that.. Is there not any other way to change the start sequence of the different apps?. |
well it's not that hard. Files located at /etc/init.d/ usually look like this:
Code: |
robert@bob:~$ cd /etc/init.d/
robert@bob:/etc/init.d$ cat sshd
#!/sbin/runscript
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License, v2 or later
# $Header: /home/cvsroot/gentoo-x86/net-misc/openssh/files/sshd.rc6,v 1.10 2003/06/01 04:37:45 lostlogic Exp $
depend() {
use logger dns
need net
}
...
... |
so the sshd script contains a section called depend containing information about the start sequence. "need net" simply means that this script will be started after net devices have been started (wouldn't make sense to have sshd running without any network devices).
So my idea was that you put "need <name of your firewall's init script>" into your net scripts. This should make sure that the firewall is started prior to net. Don't know if it works, but it's worth a try. |
|
Back to top |
|
|
|