[wellylug] [SLUG] how to adapt this iptables setup?

Bret Comstock Waldow bwaldow at alum.mit.edu
Tue Aug 26 07:15:27 NZST 2003


Yes, I'm cross-posting.  But it's kind of a cross-question.

I'm working with a copy of Real World Linux Security, 2ed. by Bob
Toxen.  Right now, I'm working on getting his iptables firewall up.

He gives instructions for installing it onto RedHat, SuSE, Mandrake,
Slackware.  I am using Debian Woody with backports, and there are some
differences in the init scripts.

His system comes in two/three parts.  There's an iptables_pre script
which fits simply into the Debian init system - put it in /etc/init.d
and use update-rc.d defaults to plug in the symlinks so it runs before
the network is up.  It locks everything closed and optionally has
support for alternatives to dhclient if that's not what I use.

The second/third parts run after the network is up.  He writes:

"Now that the iptables_pre script will protect the system while the
network interfaces are being brought up, it is time to arrange for the
main script, rc.fwsoho ... to be invoked on bootup.  While we could
invoke it the same way we invoked iptables_pre, instead we will use a
real rc.d-style script to invoke it.  This rc.d-style script is based on
Red Hat 7.3 iptables startup script but has been modified to generate a
message and error exit if IP Tables is not available."

He instructs me to copy rc.fwsoho into /etc/rc.d, then put iptables
(script) into init.d and symlink it in (the update-rc.d step in
Debian).  iptables is hard coded to call /etc/rc.d/rc.fwsoho on the
appropriate "start".

Ok.  There is no /etc/rc.d in my Debian system.  /etc/rcX.d has some
meaning beyond just being another place to gather files - it corresponds
to runlevel X, and gets swept automatically as the system passes through
that runlevel.  What is the meaning and equivalent of /etc/rc.d?  The
other directories referenced appear to exist.

To those who want to tell me why I shouldn't use his approach, I welcome
the comments, I'll learn from them.  But please also tell me the answers
to the questions above, so I can get a context to put it all in.

Thanks much,
Bret

-- 
bwaldow at alum dot mit dot edu

-- 
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug



More information about the wellylug mailing list