:: Re: [DNG] Sysvinit script doesn't t…
Top Page
Delete this message
Reply to this message
Author: Ralph Ronnquist
Date:  
To: dng
Subject: Re: [DNG] Sysvinit script doesn't trigger on boot
On Fri, Dec 01, 2023 at 03:58:30AM -0700, Bob Proulx via Dng wrote:
> Joel Roth via Dng wrote:
> > But it doesn't start during system boot.
>
> > $ ls /etc/rc2.d | grep firewall
> > S02firewall
>
> I think S02 is too early. That would put it in parallel with eudev
> coming online on my system.


Note that rsS.d/ scripts are run well before rc2.d/ so that change
would raise the firewall much earlier rather than later. Otoh that's a
good thing since the firewall should go up before or as soon as the
network is functional.

Ralph.

>
> > #! /bin/sh
> > ### BEGIN INIT INFO
> > # Provides:          firewall
> > # Required-Start:
> > # Required-Stop:
> > # Should-Start:
> > # Should-Stop:
> > # Default-Start:     2 3 4 5
> > # Default-Stop:
> > # Short-Description: Initialize firewall
> > # Description:       Start nft firewall settings for desktop
> > #                    Applies to first wifi device
> > ### END INIT INFO

>
> If we look at the shorewall init script we will see it says this.
>
>     # Required-Start:    $network $remote_fs
>     # Required-Stop:     $network $remote_fs
>     # Default-Start:     S
>     # Default-Stop:      0 1 6

>
> Which leads me to believe something similar would be good for your
> firewall script too. I would modify to the same thing. That will
> move it a little bit later in the boot process and after the network
> devices exist, but in single user mode before any daemons have been
> started so nothing is listening on the network yet.
>
> > do_start () {
> >     #WLAN=`cat /proc/net/wireless | perl -ne '/(\w+):/ && print $1'`
> >     # above isn't available until wifi device is associated
> >     WLAN=`iwconfig | perl -ne '/(wlan\d)/ and print $1'`
> >     export WLAN
> >     log_action_msg "Starting firewall on wifi device $WLAN"
> >     perl -pe 's/WLAN/$ENV{WLAN}/' /etc/nft-firewall > /etc/nft-firewall-wifi
> >     nft -f /etc/nft-firewall-wifi
> > }

>
> Just as commentary rather than bring this online during boot time
> statically which is really meant for static things this might be
> better served by running from the /etc/network/if-*.d/ dynamic
> triggers, or their equivalent with whichever manager you are running,
> which runs event driven after the interface is brought online.
> Assuming that your Wi-Fi is dynamic using a wifi manager. If it is
> static then of course the boot time is fine.
>
> Bob
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng