[lug] startup problem

Hugh Brown hugh at vecna.com
Mon Nov 26 11:49:45 MST 2001 

You probably want to make it the number right after the networking.  The
problem is that for the time between when the interface comes up and the
firewall gets started you are vulnerable.  Minor risk, but risk
nonetheless.

Hugh

On Mon, 2001-11-26 at 13:36, Chris Wade wrote:
> Thanks.  It is being called as a runlevel startup item, S01 in fact...
> 
> I'll fix it when I can get home and sit in front of the console... :)
> 
> > -----Original Message-----
> > From: Hugh Brown [mailto:hugh at vecna.com]
> > Sent: Monday, November 26, 2001 9:56 AM
> > To: lug at lug.boulder.co.us
> > Subject: Re: [lug] startup problem
> > 
> > 
> > A lot depends on how things are being called.  If the 
> > firewall is being
> > called as a runlevel startup item (e.g. S12firewall in /etc/rc.d/rc5.d
> > then it is sufficient to rename it to S**firewall where the ** is a
> > number bigger than the number for network.
> > 
> > If it is being called out of /etc/rc.d/rc.sysinit then you 
> > need to make
> > sure that the network stuff gets called before the firewall stuff.
> > 
> > An informative process is to trace the startup process from
> > /etc/inittab. 
> > 
> > Hugh
> > 
> > On Mon, 2001-11-26 at 02:59, Chris Wade wrote:
> > > Hi all,
> > > 
> > > I've been able to workaround this problem but I'm curious 
> > why it's happening
> > > in the first place.
> > > 
> > > I've configured SuSEfirewall to do IP masquerading, the 
> > first time I started
> > > it up it worked, and when I rebooted it worked fine.
> > > 
> > > Tonight I played with some of the settings, and later when 
> > I rebooted the
> > > firewall wouldn't start.  I put everything back the way it 
> > was, tried
> > > rebooting again, still wouldn't start.  Watching the 
> > messages go by during
> > > startup, it appeared that the firewall was trying to start 
> > before the eth
> > > cards were started, so it couldn't find the cards, so it 
> > gave errors.  I
> > > don't know where to find the log of the startup, maybe if 
> > someone could tell
> > > me where this is I could post it.
> > > 
> > > Why would the order of devices have changed during startup? 
> >  Nothing that I
> > > know of that would have affected it changed between last 
> > reboot and this
> > > one; the only thang that changed was the firewall config 
> > script, and if I
> > > set START_FW to 'no' in rc.config and start the firewall 
> > manually after boot
> > > it works fine.
> > > 
> > > Learning, learning...
> > > 
> > > Thanks,
> > > 
> > > Chris

More information about the LUG mailing list