On Fri, Dec 01, 2023 at 03:58:30AM -0700, Bob Proulx via Dng wrote:
> Joel Roth via Dng wrote:
> > But it doesn't start during system boot.
>
> > $ ls /etc/rc2.d | grep firewall
> > S02firewall
>
> I think S02 is too early. That would put it in parallel with eudev
> coming online on my system.
> If we look at the shorewall init script we will see it says this.
>
> # Required-Start: $network $remote_fs
> # Required-Stop: $network $remote_fs
> # Default-Start: S
> # Default-Stop: 0 1 6
> > Which leads me to believe something similar would be good for your
> firewall script too. I would modify to the same thing. That will
> move it a little bit later in the boot process and after the network
> devices exist, but in single user mode before any daemons have been
> started so nothing is listening on the network yet.
Good idea. Any idea what $remote_fs would serve in the above
example? Any network file system would depend on having
a network, right?
The 'S' in Default-Start refers to single-user mode, does it
not? I vaguely remember single-user mode being synonymous
with run-level 2, but read here that single-user mode is
run-level 1.
https://www.geeksforgeeks.org/run-levels-linux/
> Just as commentary rather than bring this online during boot time
> statically which is really meant for static things this might be
> better served by running from the /etc/network/if-*.d/ dynamic
> triggers, or their equivalent with whichever manager you are running,
> which runs event driven after the interface is brought online.
> Assuming that your Wi-Fi is dynamic using a wifi manager. If it is
> static then of course the boot time is fine.
So, reading the docs for /etc/network/interfaces, I see that
I can put `post-up firewall` in the stanza for, say wlan0,
that will trigger the script when the wifi manager brings up
wlan0.
Interestingly, from a security standpoint, if the script
fails, the interface will still remains up, although it will
be marked as not configured.
Thanks for the reply!
>
> Bob
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
--
Joel Roth