[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dng
Subject:    Re: [DNG] Sysvinit script doesn't trigger on boot
From:       Ralph Ronnquist <rrq () rrq ! au>
Date:       2023-12-01 11:42:13
Message-ID: ZWnGlTEQysXUxlr1 () stuga
[Download RAW message or body]

On Fri, Dec 01, 2023 at 03:58:30AM -0700, Bob Proulx via Dng wrote:
> Joel Roth via Dng wrote:
> > But it doesn't start during system boot.
> 
> > $ ls /etc/rc2.d | grep firewall
> > S02firewall
> 
> I think S02 is too early.  That would put it in parallel with eudev
> coming online on my system.

Note that rsS.d/ scripts are run well before rc2.d/ so that change
would raise the firewall much earlier rather than later. Otoh that's a
good thing since the firewall should go up before or as soon as the
network is functional.

Ralph.

> 
> > #! /bin/sh
> > ### BEGIN INIT INFO
> > # Provides:          firewall
> > # Required-Start:
> > # Required-Stop:
> > # Should-Start:
> > # Should-Stop:
> > # Default-Start:     2 3 4 5
> > # Default-Stop:
> > # Short-Description: Initialize firewall
> > # Description:       Start nft firewall settings for desktop
> > #                    Applies to first wifi device
> > ### END INIT INFO
> 
> If we look at the shorewall init script we will see it says this.
> 
>     # Required-Start:    $network $remote_fs
>     # Required-Stop:     $network $remote_fs
>     # Default-Start:     S
>     # Default-Stop:      0 1 6
> 
> Which leads me to believe something similar would be good for your
> firewall script too.  I would modify to the same thing.  That will
> move it a little bit later in the boot process and after the network
> devices exist, but in single user mode before any daemons have been
> started so nothing is listening on the network yet.
> 
> > do_start () {
> > 	#WLAN=`cat /proc/net/wireless | perl -ne '/(\w+):/ && print $1'`
> > 	# above isn't available until wifi device is associated
> > 	WLAN=`iwconfig | perl -ne '/(wlan\d)/ and print $1'`
> > 	export WLAN
> > 	log_action_msg "Starting firewall on wifi device $WLAN"
> > 	perl -pe 's/WLAN/$ENV{WLAN}/' /etc/nft-firewall > /etc/nft-firewall-wifi
> > 	nft -f /etc/nft-firewall-wifi
> > }
> 
> Just as commentary rather than bring this online during boot time
> statically which is really meant for static things this might be
> better served by running from the /etc/network/if-*.d/ dynamic
> triggers, or their equivalent with whichever manager you are running,
> which runs event driven after the interface is brought online.
> Assuming that your Wi-Fi is dynamic using a wifi manager.  If it is
> static then of course the boot time is fine.
> 
> Bob
> _______________________________________________
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic