[WBEL-users] DHCP and firewall script

[Johnny Hughes]

On Thu, 2004-08-26 at 02:46, Jean LEE wrote:
> Hello,
> 
> Thanks for your answers and links.
> I don't need to use PPPoE but only DHCP so I do not have to create an xDSL
> connection to make it working. I have only to configure my Ethernet card in
> order to obtain an IP adress. I think your right : my IP adress do not
> change until I restart the PC.
> You said me that I can add the link to my script in /etc/rc.d/rc.local and
> it will start it automatically after the network has been started. Is it a
> security problem?

You can't run the firewall script until after the network starts up.

Not really a security problem ... rc.local normally executes 10-15
seconds after the network starts in a normal startup (so for 10-15
seconds you don't have your firewall running, but it is not really that
much different than any software firewall).

rc.local is usually the last thing to run on startup.

Just put a line that points to the path of the script in rc.local and
the firewall script should start. (If it is designed to be run as the
root user ... you may need to either point to the full path of all
executable files in the script ... or add a path statement to the top of
the firewall script like this:

PATH=/bin:/sbin:/usr/bin:/usr/sbin

If you are overly concerned about the 10-15 seconds ... you could add a
line to the bottom of the /etc/init.d/network file in the "start"
section (as the last line in that section) that points to your firewall
script.  I wouldn't do that because the network startup script can
change when system updates are released ... but rc.local should never be
updated.

---------------------------
Johnny Hughes
<http://www.hughesjr.com/>