rc.firewall stop should be called during shutdown
Thought I would propose this idea here and open it up for review, so I can find out how stupid it might be.
During multiuser startup, rc.firewall, if it exists, is called as rc.firewall start by rc.inet2, just before any network daemons are started. But it is not called during shutdown as rc.firewall stop. This is problematic not because there's a need to lower shields during shutdown, but because there's sometimes a need to do something during shutdown. In my case, a package I'm developing snapshots the running firewall ruleset to disk during shutdown. This is not what I'm proposing, though. I'm just proposing that a call to rc.firewall stop should be added to rc.6. This could be just before running rc.inet1 stop, but maybe a bit sooner, before unmounting remote filesystems, to give it the broadest option to save something to disk. The package I'm developing works around the lack of rc.firewall stop by adding K-type links to rc.firewall in rc[016].d. But it would be best to avoid using System V initscripts in a package because Slackware is BSD-initscript-centric. |
rc.firewall is not a part of Slackware
So, it's up to you to adapt things to your needs |
Quote:
Code:
# If there is a firewall script, run it before enabling packet forwarding. |
Quote:
|
If you need to do something with the firewall, you can always use /etc/rc.d/rc.local_shutdown
Not sure why one would need to do something with the firewall on shutdown. But my needs are simple :) |
What sense makes a poll for a Slackware feature? Since when Slackware became a democracy?
OP, you should convince our BDFL, not to play with polls... ;) |
Quote:
Quote:
|
Since a hook exists in rc.inet1, I see no reason not to have a similar hook in rc.6 (or where ever appropriate) for completeness. Any service/daemon that Slackware (optionally) starts, Slackware should stop on shutdown or reboot.
Personally, I do currently use rc.local_shutdown as a workaround for rc.firewall. |
Quote:
|
Quote:
|
Quote:
The package can certainly give the operator instructions for doing it on their own, and that's a reasonable "plan B" if this proposal gets shot down. But I don't prefer that approach because any manual procedure is error prone. I'd rather that a package install process involve as little manual post-installation as possible. |
IMHO, as an rc.firewall is supposed (in any of the implementation I have seen) to start from a blank set of iptables rules, not with loading existing ones, a call in rc.6 shouldn't be needed to save the existing rules.
what you are asking looks related to settings specific to your application so, IMHO, it should be fine loading it with a dedicated rc.yourapp called in rc.local with the "start" option (and loading of existing rules, if present) and shutted down with the "stop" option (with saving of the rules) in rc.local_shutdown (like all the third-party scripts on SBo do). it seems to me that, also if they do similar things rc.firewall and the script you are referring to should be separate. |
Quote:
regards Henrik |
Quote:
|
Quote:
However, in my case, I have a fixed /etc/rc.d/rc.local and /etc/rc.d/rc.shutdown which calls my custom scripts like /usr/local/etc/rc.d/rc.local and those scripts might call other more machine custom scripts like /usr/local/etc/rc.d/rc.custom Still, here is an example of such doinst.sh which might modify not only a startup script but also a configuration file for snmpd: Code:
#!/bin/bash regards Henrik |
All times are GMT -5. The time now is 06:47 PM. |