Re: [Fwbuilder-discussion] iptables start/stop script
Brought to you by:
mikehorn
Menu
▾
▴
Re: [Fwbuilder-discussion] iptables start/stop script
|
From: Chris M. <ch...@ma...> - 2006-08-01 01:25:59
|
The prolog script should look something like
INTERFACE=$1
while :
do
ip link show $INTERFACE > /dev/null 2>&1
if [ $? = 0 ]
then
# $INTERFACE link is up, break out of the while loop
break;
fi
# If we get to here: then $INTERFACE link is NOT up
# Wait a bit
sleep 1
done
This assumes the interface to wait on is passed as the first argument
Eg: firewall.sh tun0
It checks to see if the interface is present, and if not loops
Alternativly you could check for an exported environment variable, they are
often set before the init script is run, so that the initscript knows why it
has been called, (eg up, down etc) and what interface.
What I do is run the firewall at startup. This skips all unavailable
interfaces, and then I re-run as each IPsec interface comes up/down.
It is possible that one script has not yet finished, when another starts, so
I have a script (spinlock) that ensures that only one firewall.sh script is
running at once. Eg:
Spinlock firewall.sh
A copy of spinlock is in this tar ball
http://www.martin.cc/openwrt/scripts.tar
-----Original Message-----
From: fwb...@li...
[mailto:fwb...@li...] On Behalf Of
Sunny
Sent: Tuesday, 1 August 2006 9:35 AM
To: fwb...@li...
Subject: Re: [Fwbuilder-discussion] iptables start/stop script
On 7/31/06, Chris Martin <ch...@ma...> wrote:
> I would modify the firewall-initscript so that it passes a parameter.
> The paramteter would indicate that you need to wait for the tun0 device to
> be present
>
> Then create a prolog script in Fwbuilder that waits until the Tun0 device
is
> ready. Before proceeding to apply the rules
>
Thanks Chris,
Not a bad idea, I may try it. For now, I just used openvpn's --up
parameter to execute the firewall script when the tun device is up.
This is not a prefect solution as well, as not firewall is started until
then.
Maybe a better solution will be to separate somehow the rules for the
tun device from the ones for eth devices, and run the second (tun)
script from openvpn --up. Ideas?
Btw, any idea how the prolog script you propose should look like?
Endless loop, or something better?
--
--
Svetoslav Milenov (Sunny)
Windows is a 32-bit extension to a 16-bit graphical shell for an 8-bit
operating system originally coded for a 4-bit microprocessor by a
2-bit company that can't stand 1 bit of competition.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Fwbuilder-discussion mailing list
Fwb...@li...
https://lists.sourceforge.net/lists/listinfo/fwbuilder-discussion
|