Hi,
I made a script to load rules for an nft firewall.
It's executable, runs from the command line
with start/stop/status options.
But it doesn't start during system boot.
I created symlinks with update-rc.d
and links appear in the rc*.d directories
where * is 2,3,4,5.
For example:
$ ls /etc/rc2.d | grep firewall
S02firewall
Also, I couldn't find evidence in any log files.
There was no /var/log/firewall, nothing in /var/boot.
TIA for any suggestions.
Here is the script:
$ cat /etc/init.d/firewall
#! /bin/sh
### BEGIN INIT INFO
# Provides: firewall
# Required-Start:
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop:
# Short-Description: Initialize firewall
# Description: Start nft firewall settings for desktop
# Applies to first wifi device
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
export PATH
. /lib/lsb/init-functions
do_start () {
#WLAN=`cat /proc/net/wireless | perl -ne '/(\w+):/ && print $1'`
# above isn't available until wifi device is associated
WLAN=`iwconfig | perl -ne '/(wlan\d)/ and print $1'`
export WLAN
log_action_msg "Starting firewall on wifi device $WLAN"
perl -pe 's/WLAN/$ENV{WLAN}/' /etc/nft-firewall > /etc/nft-firewall-wifi
nft -f /etc/nft-firewall-wifi
}
case "$1" in
start)
do_start
;;
stop)
log_action_msg "Stopping firewall"
nft flush ruleset
;;
status)
log_action_msg "Showing firewall ruleset"
log_action_msg "# start ruleset"
nft list ruleset
log_action_msg "# end ruleset"
;;
*)
echo "Usage: $0 start|stop|status" >&2
exit 3
;;
esac
--
Joel Roth