> ... > Yeah I know it works, because I ran the file using sh. I have fully > tested the firewall and I am happy with it. But I am trying to get it to > load at boot. Good, once the script works starting it is the easy part. > 1. Rename /etc/rc.d/init.d/iptables to iptables.old > 2. chmod 644 iptables.old (To stop it from being run at > bootup) > 3. copy the fwbuilder script to /etc/rc.d/init.d/iptables > 4. restarted the machine. I have a slight problem with this in that you are modifying stock apps to do thing they were not intended to do or at least to do them in a different fashion than originally intended. If I were you I would put the stock iptables script back in place and then use "chkconfig --levels 2345 iptables off" to stop the script from loading. Then, create your own startup script that is basically a modified version of that file that instead of loading the saved script loads your fwbuilder script. You could also download the one from the contrib section of the fwbuilder site. Once you have a script that will load your script you can use chkconfig to enable it. The main reason I have for using this method is that if you forget that you have modified a stock script for another purpose and then forget there is a chance that you might overwrite the file during an upgrade or miss it in a backup, granted you could also miss a seperate file just as easily. But then again, I have a bad memory and have on occasion also backed up a system and missed a few changes to default programs that cost me a few days of rewriting. > > When I restart the machine I just get an error message saying that eth1 > doesn't exist. Now this seems because the iptables file is being run > before eth1 is being activated. Check the init directory for your runlevel and make certain the init script for network is being started before your firewall script. > I presume I have two options: > > 1. Take the code from the fwbuilder script and merge it with the > original iptables file (now called iptables.old). I am not completely > comfortable with this since all I would do is put the code inside the > start() function, but I don't know if this would work. The init script from the contrib section of the fwbuilder site calls the fwbuilder firewall script from the /etc/firewall directory. I don't know enough about scripting to know why the are calling the daemon method and not just source on the .fw file. > 2. Merge the rules from the fwbuilder script with the iptables rules > located in /etc/sysconfig/. Actually this may not be all that difficult, if you run your .fw file to load the script and the do a "/etc/init.d/iptables save" this will save the tables so that they are loaded upon startup by the stock iptables init script. The only issue would be if the .fw script is setting kernel params that you are not explicitly setting somewhere already. For example, if the script enables packet forwarding -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
