[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dng
Subject:    Re: [DNG] Sysvinit script doesn't trigger on boot
From:       Bob Proulx via Dng <dng () lists ! dyne ! org>
Date:       2023-12-01 10:58:30
Message-ID: 20231201034213N () bob ! proulx ! com
[Download RAW message or body]

Joel Roth via Dng wrote:
> But it doesn't start during system boot.

> $ ls /etc/rc2.d | grep firewall
> S02firewall

I think S02 is too early.  That would put it in parallel with eudev
coming online on my system.

> #! /bin/sh
> ### BEGIN INIT INFO
> # Provides:          firewall
> # Required-Start:
> # Required-Stop:
> # Should-Start:
> # Should-Stop:
> # Default-Start:     2 3 4 5
> # Default-Stop:
> # Short-Description: Initialize firewall
> # Description:       Start nft firewall settings for desktop
> #                    Applies to first wifi device
> ### END INIT INFO

If we look at the shorewall init script we will see it says this.

    # Required-Start:    $network $remote_fs
    # Required-Stop:     $network $remote_fs
    # Default-Start:     S
    # Default-Stop:      0 1 6

Which leads me to believe something similar would be good for your
firewall script too.  I would modify to the same thing.  That will
move it a little bit later in the boot process and after the network
devices exist, but in single user mode before any daemons have been
started so nothing is listening on the network yet.

> do_start () {
> 	#WLAN=`cat /proc/net/wireless | perl -ne '/(\w+):/ && print $1'`
> 	# above isn't available until wifi device is associated
> 	WLAN=`iwconfig | perl -ne '/(wlan\d)/ and print $1'`
> 	export WLAN
> 	log_action_msg "Starting firewall on wifi device $WLAN"
> 	perl -pe 's/WLAN/$ENV{WLAN}/' /etc/nft-firewall > /etc/nft-firewall-wifi
> 	nft -f /etc/nft-firewall-wifi
> }

Just as commentary rather than bring this online during boot time
statically which is really meant for static things this might be
better served by running from the /etc/network/if-*.d/ dynamic
triggers, or their equivalent with whichever manager you are running,
which runs event driven after the interface is brought online.
Assuming that your Wi-Fi is dynamic using a wifi manager.  If it is
static then of course the boot time is fine.

Bob
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic