On Wed, Feb 25, 2004 at 01:50:07PM -0500, Patrick O'Brien wrote: > Andrew, I usually do firewall scripts by hand. you can make an executable > script in > /etc/rc.d/rc3.d/S11.rc.firewall and copy it to > /etc/rc.d/rc5.d/ for the gui startup This advice is not good in many aspects: - You suggest to enable the firewall *after* starting the network (S10network), which is a security hole. - You should not make scripts in rc*.d, but put the scripts in init.d and let the entries in rc*.d be just symlinks (UNIX convention), preferably managed with chkconfig (Red Hat Linux / Fedora convention). - There already is an iptables startup script, so use it. Make an own firewall setup script with your iptables commands, apply it, do "/sbin/service iptables save" and use the iptables init script for the start/stop actions. -- -- Jos Vos <jos@xxxxxx> -- X/OS Experts in Open Systems BV | Phone: +31 20 6938364 -- Amsterdam, The Netherlands | Fax: +31 20 6948204
