BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Please help with RedHat 6.2 startup script

Subject: Please help with RedHat 6.2 startup script
From: shark at ll.mit.edu (Greg Gimler)
Date: Mon, 13 Aug 2001 07:48:57 -0400
References: <3B749716.9C04E095@mediaone.net>

There doesn't appear to be anything wrong with your init script for ipchains
based on the segment you included.

Suggestions:

Make sure you have the following line at the top of your script "chkconfig:
2345 08 92" or something similar.  2345 indicates your init levels and 08 is
for starting the script and 92 for killing.  To check your run levels and
see if your script is added to chkconfig, do a "chkconfig --list|grep
ipchains"  This will give you a listing of the startup script with its
associated init levels.  I get:
ipchains        0:off   1:off   2:on    3:on    4:on    5:on    6:off
If you don't find an entry for ipchains or if the particular level you boot
in has been turned off (check your /etc/inittab to find out what boot level
you are in).  then just add it to chkconfig "chkconfig --add ipchains".
Hope this helps.


                                                                            
                                            -Greg

----- Original Message -----
From: "Bill Horne" <billhorne at mediaone.net>
To: <discuss at Blu.Org>
Sent: Friday, August 10, 2001 10:23 PM
Subject: Please help with RedHat 6.2 startup script


> Thanks for reading this. I'm having a problem with a Redhat 6.2 startup
> script, and would appreciate help from the group.
>
> Here's what I know:
>
> 1. This script is being executed during non-interactive startup
> (confirmed with debug statements)
> 2. When it runs during startup, it does things very differently than
> when it's run from the command line.
> 3. Nothing else changes: startup vs. command line, same options, files,
> etc.
>
> Here's the relevant portion of the script: it's in the ipchains firewall
> rule setup /etc/rc.d/init.d/ipchains -
>
> case "$1" in
>   start)
>         # don't do squat if we don't have the config file
>         if [ -f $IPCHAINS_CONFIG ]; then
>             # If we don't clear these first, we might be adding to
>             #  pre-existing rules.
>             action "Flushing all current rules and user defined chains:"
> ipchains -F
>             action "Clearing all current rules and user defined chains:"
> ipchains -X
>             ipchains -Z
>             echo -n "Applying ipchains firewall rules: "
>                 grep -v "^#" $IPCHAINS_CONFIG | ipchains-restore -p -f
> && \
>                     success "Applying ipchains firewall rules" || \
>                     failure "Applying ipchains firewall rules"
>             echo
>             touch /var/lock/subsys/ipchains
>         fi
>         ;;
>
> (remember, I've confirmed that this is being executed during startup)
>
> Here's the rule set after the above runs during setup:
>
> Chain input (policy DENY):
> target     prot opt     source                destination
> ports
> ACCEPT     udp  ------  0.0.0.0/0            0.0.0.0/0             68
> ->   67
> Chain forward (policy DENY):
> target     prot opt     source                destination
> ports
> MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
> Chain output (policy ACCEPT):
>
> Now, this is NOT what I wanted.  But, when I execute
>
> /etc/rc.d/init.d/ipchains start
>
> from the command line, I get this ruleset:
>
> Chain input (policy DENY):
> target     prot opt     source                destination
> ports
> ACCEPT     udp  ------  24.91.0.0/24         0.0.0.0/0             53
> ->   *
> ACCEPT     udp  ------  24.128.1.80          0.0.0.0/0             53
> ->   *
> ACCEPT     udp  ------  24.128.60.0/28       0.0.0.0/0             53
> ->   *
> ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
> ACCEPT     all  ------  0.0.0.0/0            0.0.0.0/0             n/a
> ACCEPT     tcp  !y----  0.0.0.0/0            0.0.0.0/0             *
> ->   *
> ACCEPT     icmp ------  0.0.0.0/0            0.0.0.0/0             *
> ->   *
> Chain forward (policy DENY):
> target     prot opt     source                destination
> ports
> MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
> Chain output (policy ACCEPT):
>
> .. Which ** IS ** what I wanted.
>
> All help welcome. TIA.
>
> Bill Horne
>
> -
> Subcription/unsubscription/info requests: send e-mail with
> "subscribe", "unsubscribe", or "info" on the first line of the
> message body to discuss-request at blu.org (Subject line is ignored).

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).

References:
- Please help with RedHat 6.2 startup script
  - From: billhorne at mediaone.net (Bill Horne)

Prev by Date: [BLU] Re: Connectivity woes in Boston
Next by Date: Wireless ethernet?
Previous by thread: Please help with RedHat 6.2 startup script
Next by thread: Help w/SS5, OpenBSD, serial port console
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org