Linux "Startup Folder"

[(Shovel)]

Searching google for this results in muchos Windows stuff, so I'm just going to ask

I want to write an set of iptables rules for my linux router, and have it run them all on startup.

If I write it as a script (I think this is what I have to do?) then I want to put it on the machine, but I haven't the faintest clue where Linux looks for starting up stuff on boot.

I'm worried that it will vary from distro to distro, but I can but hope. The distro in question is Smoothwall (Redhat based).

Thankies

 

[Testin da Cable]

it varies indeed. have a wee look about in smoothwall's /etc/ directory (if it has one). there may well be a file alike rc.firewall or a set of directories called rc*.d where * is a number between 0 and 6 (possible). the predefined rules are pulled in from the file (or one like it) of out of one of the directories where said file may be located. the file could also be a S**name/K**name pair that actually is a script or a symlink to the script. long live unix variants hope I pointed you in the right direction matey

 

[Sibanac]

Yes TdC thats the redhat system, they put the actual scripts in /etc/init.d/
and the runlvl dirs are /etc/rc.d/rc*.d/

 

[(Shovel)]

OKie, thank you.

I shall start up SSH and have a poke around once I've tidied my bedroom enough to get to the computer...

 

[Sibanac]

be sure to bring up the firewall before you start any services

 

[(Shovel)]

OK, found it.

So, a question: These "rc.*" files, do they ALL autpmaticaly execute? Or are the executing ones defined elsewherE?

E.g. If I make a script file called "rc.user.nathan" and put it in this /etc/rc.d/ folder, will it run automagically, or do I have to tell something else to run it?

 

[Testin da Cable]

um, if the format's something like S**filename then it is a "start" file; if it's K**filename then it's a kill file.
if you want a special script to run every time a user called nathan logs in then you could have it called from nathan's .login or .profile perhaps.

 

[(Shovel)]

Contents of /etc/rc.d/

total 64
drwxr-xr-x    2 root     root         4096 Sep 26  2002 helper/
drwxr-xr-x    2 root     root         4096 Dec 29  2002 init.d/
-rwxr-xr-x    1 root     root          187 Oct 30  2002 rc.firewall.down*
-rwxr-xr-x    1 root     root         4707 Nov  3  2002 rc.firewall.up*
-rwxr-xr-x    1 root     root          441 Mar 28  2001 rc.halt*
-rwxr-xr-x    1 root     root          250 Oct 30  2002 rc.isdn*
-rwxr-xr-x    1 root     root          308 Mar 18  2001 rc.machineregister*
-rwxr-xr-x    1 root     root          527 Dec 29  2002 rc.netaddress.down*
-rwxr-xr-x    1 root     root         1829 Dec 29  2002 rc.netaddress.up*
-rwxr-xr-x    1 root     root         1435 Oct 30  2002 rc.network*
-rwxr-xr-x    1 root     root         3856 Jan  2  2003 rc.sysinit*
-rwxr-xr-x    1 root     root          971 Dec 29  2002 rc.updatered*
-rwxr-xr-x    1 root     root          739 Oct 30  2002 rc.usbadsl*
-rwxr-xr-x    1 root     root          298 Jul 24  2001 rc.vpn*
-rwxr-xr-x    1 root     root           87 Aug 13  2001 rc.vpn.down*

I hope that clarifies what I mean.

Meanwhile, the thing about the user: It's not actually a "user" on the machine. It refers to the owner of the machine that these firewall rules apply to. It's only a router so there're no users. A better name for the script might have been "rc.firewall.machine.nathan" maybe.

Anyway, I hope that might clarify what I'm dealing with!

 

[Testin da Cable]

there will be a central script that calls all the others. perhaps your script should be called from it or from the networking / firewall setup script.

 

[(Shovel)]

Well, the rc.firewall.up file seems to contain all the initial startup stuff for IP tables, so I'm going to add a line at the end:

/etc/rc.d/rc.firewall.machine.nathan

This will run the script to filter Nathan's internet connection. I hope.

Thanks very much for all the pointers, and if the above is horribly wrong, please prod me about it

 

[Testin da Cable]

should work. don't forget to give the script +x

 

[(Shovel)]

OK, well there's some fun and games going on now.

The script and works, but I need to execute it later in the startup processs. Basically, there're some iptables rules that need domain name resolution and the rc.firewall.up script executes before resolution can happen, as a result, the domain name rules just get skipped over.

I need to know how to add my script into the start up process, and make it execute right at the end. Once again, no idea at all about which script file I need to be looking for - any common suggestions?

Thanks

 

[Testin da Cable]

there's a central script that calls all the others. if you have it call your script at its end then your script gets run at the end of the setup process. sorry I can't be more specific: I haven't run linux in ages and my memory of redhat is hazy to say the least.

 

[(Shovel)]

That's what I figured. Aha, just have to find it now.

The rc.sysinit (from the same directory) echos "Smoothwall Started" at the end, so I recon that is as good a place to start as any when it comes to trial and error type learning

 

[Testin da Cable]

good man! you'll sort it well enough, and you're doing it (imo) the best way. muddle through and keep at it. you'll triumph eventually

 

[lovedaddy]

Looks like your running a more Unix Linux. Redhat, Mandrake, Debian all follow the S/K runlevel symlinks standards to sysinit styff, where as Slackware follows the more Unix rc.appnamehere start up.

You might want to have a look at the documentation on the slackware page, it might help out some (or PM me, I'll try and help out any)