Linux Booting Question

[Garet Jax]

Hello all,

I feel kind of stupid asking this question, but I have not been able to find any answers to it anywhere else. I have had some *nix java development exposure, but most of my professional networking/configuration has been on Windows based platforms.

I have been playing around with Red Hat Linux 7.2 and IPTables. After a lot of reading, I was finally able to paint a basic rule set that allows me to browse the internet from the firewall machine and from my internal network. I just opened (I think) TCP port 22 to incoming traffic to allow me to connect to the machine using SSH from work.

I have created a bash script that I can run from a terminal window to flush the current IPTables rules and create my basic ruleset.

The problem is I lose my ruleset everytime I reboot the machine. In all reality, it is not that big a deal, I can just log in and rerun the script each time I reboot since I won't be rebooting. The problem is that I would prefer to not have to do this since if I forget, my family is connectionless.

I tried running "iptables-save" and it appears to do what I want, but it doesn't. When I reboot, the rules are gone.

Are there any suggestions? Thanks.

 

[n0cmonkey]

Copy the script to something like (where your startup scripts are, I dont have access to a linux machine offhand so you are on your own) /etc/init.d and link it in /etc/rc.d/rc3.d and maybe rc2.d or whatever.

 

[Barnaby W. Füi]

have a look around on the net, there are plenty of scripts already made. i just found a simple one and edited a little, but not much. it works perfect. allows http/ftp/ssh and multiplayer games from behind the firewall work fine, as does irc. everything works perfect. anyways, what i did was just convert it into an init script. i made a script, /etc/init.d/firewaller, start runs my iptables script, stop runs a flush script, and restart runs the flush script, then the main script. then i made a symlink /etc/rc2.d/Sxxfirewaller, which points to the firewaller main script in /etc/init.d/. check out the man page for sysvinit

 

[Garet Jax]

n0cmonkey/BingBongWongFooey,

Thanks for your quick responses. I really know very little about how Linux boots so my question was very vague. Sorry.

I think the man page reference to sysvinit was exactly what I was looking for to help educate me. Is this the best man page for learning some of the Linux booting basics? Thanks.

 

[Garet Jax]

^

 

[Garet Jax]

I finally got around to running the "man sysvinit" command and did not find any man pages. I am still looking for information on Linux booting.

Any one have suggestions?

 

[Garet Jax]

n0cmonkey,

I have to admit that I totally didn't understand what you said in your post when you initially posted it. I think I understand it now. What you are saying is that I have to create a symbolic link to my script from within /etc/rc.d/rc#.d for each runlevel I want my script executed. Is this correct?

On a separate topic, how do I change the runlevel?

Thanks.

 

[n0cmonkey]

Originally posted by: Garet Jax
n0cmonkey,

I have to admit that I totally didn't understand what you said in your post when you initially posted it. I think I understand it now. What you are saying is that I have to create a symbolic link to my script from within /etc/rc.d/rc#.d for each runlevel I want my script executed. Is this correct?

On a separate topic, how do I change the runlevel?

Thanks.

Put the symlink to the script in /etc/rc.x/rc?.d or whatever, but not the original (you can put it there, but its easier for admin purposes if you have them in a central location (in my opinion of course)). You can change the run level by messing with /etc/inittab I think. If that file doesnt exist, try: "grep inittab /etc/*" and see where that option is.

 

[rahvin]

There is an easier way, call your file whatever you wanna call it. Put it in /etc/rc.d/, edit the rc.local file in that directory and add a line to call the <filename> of whatever you called your firewall script.

As for firewall scripts, I recommend you do a google search for Monmotha firewall and download his script. It's a very very good script.

 

[Barnaby W. Füi]

Originally posted by: rahvin
There is an easier way, call your file whatever you wanna call it. Put it in /etc/rc.d/, edit the rc.local file in that directory and add a line to call the <filename> of whatever you called your firewall script.

As for firewall scripts, I recommend you do a google search for Monmotha firewall and download his script. It's a very very good script.

i have chatted with monmotha many times in efnet/#linuxhelp (internet is a small world )

i have some good links for you to learn about sysvinit (sorry i havent been here much lately so i am a bit late with these )

http://www.redhat.com/docs/manuals/linux/RHL-7.2-Manual/ref-guide/s1-boot-init-shutdown-booting.html
http://www.debian.org/doc/debian-policy/ch-opersys.html#s-sysvinit

to change the default runlevel, edit /etc/inittab. to change it at any given time, you just run "init X" where X is 0-6, 0 being halt (shutdown), 1 being single user (maintenance mode), and 6 being reboot, 2-5 being the 'normal use' modes.

i boot to runlevel 2, just because thats the default in debian and i have no reason to change it but of course i have cleaned out all the useless stuff in /etc/rc2.d/

 

[Garet Jax]

n0cmonkey, rahvin, BingBongWongFooey,

Thanks a lot for all the help. The suggestions/pieces of advice were very useful. Monmotha's firewall script is very good and has now replaced my old one.

I have modified the /etc/rc.d/rc.local file to execute the firewall script. I think this works, but I can't test it yet because I am in the middle of downloading RH 7.3.