I'm still putting together my router/firewall, and it's going, but very slow.
The problem this time is the document I'm using advises to put the following code in the startup script for the interfaces.It's supposed to be for spoofed packekts:
For x in lo eth0 eth1 Do Echo 1 > /proc/sys/net/ipv4/${x}/rp_filter Done
The only startup script I can find that brings up the interfaces is: /etc/rc.d/rc3.d/S10network
Is it safe to add the above code to this file, or is there another script I should be modifiying. And yes I will make a backup of the original first.
Thanks.
"I Knew I should have taken that left turn at Albuquerque" -Bugs Bunny
On Sun, 2006-01-01 at 19:51 -0700, Craig Cameron wrote:
The problem this time is the document I'm using advises to put the following code in the startup script for the interfaces.It's supposed to be for spoofed packekts:
For x in lo eth0 eth1 Do Echo 1 > /proc/sys/net/ipv4/${x}/rp_filter Done
The only startup script I can find that brings up the interfaces is: /etc/rc.d/rc3.d/S10network
Is it safe to add the above code to this file, or is there another script I should be modifiying.
# tail -n 5 /etc/sysconfig/network-scripts/ifup-post if [ -x /sbin/ifup-local ]; then /sbin/ifup-local ${DEVICE} fi
exit 0
So in theory if you create /sbin/ifup-local and make it executable (chmod +x /sbin/ifup-post), it should be executed every time an interface goes up, after the interface is up and running; the name of the interface is passed as a parameter.
In your case, the content of /sbin/ifup-post would be:
#!/bin/sh echo 1 > /proc/sys/net/ipv4/${1}/rp_filter
I cannot guarantee that it works, but give it a shot.
If it works, then you can consider it the "official" way to execute something after an interface has been brought up.
On Sunday 01 January 2006 21:12, Florin Andrei wrote:
So in theory if you create /sbin/ifup-local and make it executable (chmod +x /sbin/ifup-post), it should be executed every time an interface goes up, after the interface is up and running; the name of the interface is passed as a parameter.
In your case, the content of /sbin/ifup-post would be:
#!/bin/sh echo 1 > /proc/sys/net/ipv4/${1}/rp_filter
I think this should read the "content of /sbin/ifup-local" rather than "sbin/ifup-post".
( Also applies to the "chmod" command above. )
Regards, Mike Klinke
On Sun, 2006-01-01 at 21:43 -0600, Mike Klinke wrote:
On Sunday 01 January 2006 21:12, Florin Andrei wrote:
So in theory if you create /sbin/ifup-local and make it executable (chmod +x /sbin/ifup-post), it should be executed every time an interface goes up, after the interface is up and running; the name of the interface is passed as a parameter.
In your case, the content of /sbin/ifup-post would be:
#!/bin/sh echo 1 > /proc/sys/net/ipv4/${1}/rp_filter
I think this should read the "content of /sbin/ifup-local" rather than "sbin/ifup-post". ( Also applies to the "chmod" command above. )
Indeed, sorry for that.
On Sun, 2006-01-01 at 19:51 -0700, Craig Cameron wrote:
The problem this time is the document I'm using advises to put the following code in the startup script for the interfaces.It's supposed to be for spoofed packekts:
For x in lo eth0 eth1 Do Echo 1 > /proc/sys/net/ipv4/${x}/rp_filter Done
The only startup script I can find that brings up the interfaces is: /etc/rc.d/rc3.d/S10network
I'd say don't mess with that one.
There are scripts that are run when bringing interfaces up or down, and they have routines in them to check for additional user scripts. For instance, /etc/ppp/ip-up is used to bring up a PPP connection, and once it's completed it looks to see if there's a user-provided file at /etc/ppp/ip-up.local, and runs it.
I mention that one because I use it, and know it works. Looking further around, I see something that looks similar for *any* interface at: /etc/sysconfig/network-scripts/ifdown-post.
If you change their scripts, you'll probably lose your changes after an update; as well as risk mucking things up. But if you write your own, where they go looking for them (as per my PPP one), then you should have a worry free system. Have a look through their scripts, and any documentation, and see if you can find something that looks for a user script.
Craig Cameron wrote:
For x in lo eth0 eth1 Do Echo 1 > /proc/sys/net/ipv4/${x}/rp_filter Done
Since you say you're a newbie, I'd better point out: that won't do anything at all. Ever.
Unix commands are case sensitive, and "For" and "for" are totally different. There should not have been any capitals in that snippet at all.
I notice that your e-mail program is Outlook, which can be too clever for its own good. But you ought to be aware of that, too, in case you ever try to retrieve shell code from an old e-mail.
Hope this helps,
James.
-
Craig Cameron -
Florin Andrei -
James Wilkinson -
Mike Klinke -
Tim