I recently installed new version of iptables and noticed it had made some changes to the start up scripts. While going over the documentation, I realized that I can use pre-up and up and down and post-down commands in the /etc/network/interfaces file to execute my firewall scripts. I am totally new to this method and I have it sort of working. But the problem is that I am not sure how ifup command relates to the pon command. I can have the various commands executed as an interface is brought up, but what happens if I just pon (which I think brings up the interfaces?). I may not have made myself very clear, so feel free to ask that I rephrase.
In the ppp0 section, what do you make of my pre-up, up and down and post-down command? At present, "/etc/init.d/networking restart" works perfectly fine, so that if I boot my computer I should have my firewall up. But "ifdown ppp0" says:
# ifdown ppp0
/usr/bin/poff: I could not find a pppd process for provider 'dsl-provider'. None stopped.
"ifup ppp0" works fine. But I am not sure what happens if I use the usual method of pon and poff. Also, this troubles me because I guess "pon" activates my connection on start up. If this command ignores the ppp0 section in interfaces file, I will be without my firewall till I manually bring it up.
Here is my interfaces file: # cat /etc/network/interfaces # Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or # /usr/share/doc/ifupdown/examples for more information. # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface auto lo iface lo inet loopback
# The first network card - this entry was created during the Debian installation
# (network, broadcast and gateway are optional)
auto eth0
iface eth0 inet static
address 192.168.1.0
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
#drop everthing on all interfaces except lo
pre-up /etc/iptables/iptables.sh panic
#get the rules up which do not require my DSL IP
pre-up /etc/iptables/iptables.sh preup_start
auto eth1
iface eth1 inet static
address 192.168.0.2
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
# gateway 192.168.1.0
#this is for ppp0 configuration
auto ppp0
iface ppp0 inet ppp
#pre-up /etc/iptables/iptables.sh preup_start
#pre-up ip link set eth0 up
#now that ppp0 is up, implement more detailes rules that
#use the IP address that my DSL provider assigned me just now
up /etc/iptables/iptables.sh start
provider dsl-provider
down poff -a
post-down /etc/iptables/iptables.sh stopIn the above:
"/etc/iptables/iptables.sh preup_start" command implements a ruleset that does not use any public IP of my machine, and
"/etc/iptables/iptables.sh start" commands first obtains the IP address that my provider assigns me (I get a new one everytime I logon) and then implements a rule set with more details using this IP address.
thanks, ->HS
--
(Remove all underscores,_if any_, from my email address to get the correct one. Apologies for the inconvenience, but this is to reduce spam.)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
