[H-GEN] debian (woody) sysv init scripts

[Robert Brockway]

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Wed, 7 Aug 2002, Sandra Milne wrote:

> At 21:36 7/08/2002 +1000, you wrote:
>
> >[ Humbug *General* list - semi-serious discussions about Humbug and     ]
> >[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
> >
> >I'm doing this on a debian (woody) system.
> >
> >I'd like some advice on what start and stop numbers to assign to a firewall
> >script which is located in /etc/init.d/firewall.  My script listens to the
>
> Start it after networking. That's the only rule I've ever followed and
> never had any trouble with it.

Actually I go for the exact opposite.  I start the firewall _before_
networking.  Iptables (and Ipchains, Ipfwadm, Ipfw, iirc)  happily let you
set firewall rules for interfaces that are not up or even initialised (aka
plumbed).

If you start the firewall after networking then there is a window of
opportunity for l33t h0x0r dudes to get in.

As for the rc scripts, I normally select one runlevel for the box and
rarely deviate from it.  The default is fine.  I'm very strict on the
services that get run.  You can rm the S?? scripts if you want, but
arguably better is to mv S?? to off_S??.  This way you remember what the
serial number of the startup script was.  Some people use the s?? syntax
for services that are not to be started but this irritates me as it is
harder to visually spot in a busy directory.

Cheers,
	-Rob

-- Robert Brockway B.Sc. email: robert at timetraveller.org  ICQ: 104781119
   Linux counter project ID #16440 (http://counter.li.org)
   "The earth is but one country and mankind its citizens" -Baha'u'llah


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/