Please help with RedHat 6.2 startup script

Bill Horne billhorne at mediaone.net
Fri Aug 10 22:23:19 EDT 2001


Thanks for reading this. I'm having a problem with a Redhat 6.2 startup
script, and would appreciate help from the group.

Here's what I know:

1. This script is being executed during non-interactive startup
(confirmed with debug statements)
2. When it runs during startup, it does things very differently than
when it's run from the command line.
3. Nothing else changes: startup vs. command line, same options, files,
etc.

Here's the relevant portion of the script: it's in the ipchains firewall
rule setup /etc/rc.d/init.d/ipchains -

case "$1" in
  start)
        # don't do squat if we don't have the config file
        if [ -f $IPCHAINS_CONFIG ]; then
            # If we don't clear these first, we might be adding to
            #  pre-existing rules.
            action "Flushing all current rules and user defined chains:"
ipchains -F
            action "Clearing all current rules and user defined chains:"
ipchains -X
            ipchains -Z
            echo -n "Applying ipchains firewall rules: "
                grep -v "^#" $IPCHAINS_CONFIG | ipchains-restore -p -f
&& \
                    success "Applying ipchains firewall rules" || \
                    failure "Applying ipchains firewall rules"
            echo
            touch /var/lock/subsys/ipchains
        fi
        ;;

(remember, I've confirmed that this is being executed during startup)

Here's the rule set after the above runs during setup:

Chain input (policy DENY):
target     prot opt     source                destination
ports
ACCEPT     udp  ------  0.0.0.0/0            0.0.0.0/0             68
->   67
Chain forward (policy DENY):
target     prot opt     source                destination
ports
MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain output (policy ACCEPT):

Now, this is NOT what I wanted.  But, when I execute

/etc/rc.d/init.d/ipchains start

from the command line, I get this ruleset:

Chain input (policy DENY):
target     prot opt     source                destination
ports
ACCEPT     udp  ------  24.91.0.0/24         0.0.0.0/0             53
->   *
ACCEPT     udp  ------  24.128.1.80          0.0.0.0/0             53
->   *
ACCEPT     udp  ------  24.128.60.0/28       0.0.0.0/0             53
->   *
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
ACCEPT     tcp  !y----  0.0.0.0/0            0.0.0.0/0             *
->   *
ACCEPT     icmp ------  0.0.0.0/0            0.0.0.0/0             *
->   *
Chain forward (policy DENY):
target     prot opt     source                destination
ports
MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain output (policy ACCEPT):

... Which ** IS ** what I wanted.

All help welcome. TIA.

Bill Horne

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).



More information about the Discuss mailing list