Right. It can go in /etc/init.d or in /etc/network/interfaces. Probably better in interfaces so the rules are applied as soon as the interfaces are up.
I got the distinct impression that running firewall scripts using the /etc/network/if-up.d and /etc/network/if-down.d directories was definetely the way to go.
If you do this, then what you declare in the /etc/network/interfaces can be provided as environment variables to any scripts in /etc/networki/if-up.d. For example I declare in my interfaces file the values for:
address
netmask
gateway
broadcast
network
These are then provided as ENV Vars to the firewall script as:
$IFACE (eth0)
$IF_ADDRESS
$IF_BROADCAST
$IF_GATEWAY
$IF_NETMASK
$IF_NETWORK
(You will probably have noticed that most of these are not _required_ for a network to configure correctly, but having a single point of reference is nice)
Because of this arrangement, the presence of a file in /etc/network/if-up.d works much the same way as they might in /etc/rc4.d/ in that they are executed if set with the correct permissions.
I find this much easier to manage and understand since it's a mimic of an existing core process/method of Unix systems.
Ernest, your suggestion of running rpcinfo closed the loop on my configuration and I am now very happy with my firewall script!
Thank you.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
