:: Re: [DNG] Sysvinit script doesn't t…
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Joel Roth
Datum:  
To: dng
Betreff: Re: [DNG] Sysvinit script doesn't trigger on boot
On Fri, Dec 01, 2023 at 10:42:13PM +1100, Ralph Ronnquist wrote:
> On Fri, Dec 01, 2023 at 03:58:30AM -0700, Bob Proulx via Dng wrote:
> > Joel Roth via Dng wrote:
> > > But it doesn't start during system boot.
> >
> > > $ ls /etc/rc2.d | grep firewall
> > > S02firewall
> >
> > I think S02 is too early. That would put it in parallel with eudev
> > coming online on my system.
>
> Note that rsS.d/ scripts are run well before rc2.d/ so that change
> would raise the firewall much earlier rather than later. Otoh that's a
> good thing since the firewall should go up before or as soon as the
> network is functional.


Also rcS.d/ scripts are only executed once, whereas those
in rc(n).d/ are executed whenever the run level is entered.

Thanks!

> Ralph.
>
> >
> > > #! /bin/sh
> > > ### BEGIN INIT INFO
> > > # Provides:          firewall
> > > # Required-Start:
> > > # Required-Stop:
> > > # Should-Start:
> > > # Should-Stop:
> > > # Default-Start:     2 3 4 5
> > > # Default-Stop:
> > > # Short-Description: Initialize firewall
> > > # Description:       Start nft firewall settings for desktop
> > > #                    Applies to first wifi device
> > > ### END INIT INFO

> >
> > If we look at the shorewall init script we will see it says this.
> >
> >     # Required-Start:    $network $remote_fs
> >     # Required-Stop:     $network $remote_fs
> >     # Default-Start:     S
> >     # Default-Stop:      0 1 6

> >
> > Which leads me to believe something similar would be good for your
> > firewall script too. I would modify to the same thing. That will
> > move it a little bit later in the boot process and after the network
> > devices exist, but in single user mode before any daemons have been
> > started so nothing is listening on the network yet.
> >
> > > do_start () {
> > >     #WLAN=`cat /proc/net/wireless | perl -ne '/(\w+):/ && print $1'`
> > >     # above isn't available until wifi device is associated
> > >     WLAN=`iwconfig | perl -ne '/(wlan\d)/ and print $1'`
> > >     export WLAN
> > >     log_action_msg "Starting firewall on wifi device $WLAN"
> > >     perl -pe 's/WLAN/$ENV{WLAN}/' /etc/nft-firewall > /etc/nft-firewall-wifi
> > >     nft -f /etc/nft-firewall-wifi
> > > }

> >
> > Just as commentary rather than bring this online during boot time
> > statically which is really meant for static things this might be
> > better served by running from the /etc/network/if-*.d/ dynamic
> > triggers, or their equivalent with whichever manager you are running,
> > which runs event driven after the interface is brought online.
> > Assuming that your Wi-Fi is dynamic using a wifi manager. If it is
> > static then of course the boot time is fine.
> >
> > Bob
> > _______________________________________________
> > Dng mailing list
> > Dng@???
> > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>


--
Joel Roth