Hi, I am currently working on a package that provides a comfortable framework for netfilter / iptables initialization. My current challenge is that this needs the network interfaces to be up to properly initialize, but the network interfaces shouldn't be brought up before at least a minimal packet filter is in place.
The interfaces are brought up in "runlevel" S with priority 40, so I should bring up the minimal packet filter at priority 38 (even before /etc/init.d/ifupdown erases interface state), and initialize the "real" packet filter at a later time (currently at 46, after NFS has been mounted, since the binaries that I need might be NFS mounted [1] My question is: How do I do this in a policy compliant way? Is there something more elegant than having two init.d scripts in my package? Any comments would be appreciated. Greetings Marc [1] yuck, need to allow NFS in the minimal packet filter then, so I'd better get my framework going without /usr and bring it up at 41. -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15 Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
