OpenVZ Forum: Support » Firewall on boot

Home » General » Support » Firewall on boot

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Firewall on boot [message #3011]

Sat, 06 May 2006 20:59

ferp2
Messages: 29
Registered: May 2006

Junior Member

Hello,

I've set up a vps running debian 3.1 minimal. I have a firewall I want brought up on boot. Debian no longer has an init script for booting iptables; instead you have to add "pre-up /etc/rc.firewall" in /etc/network/interfaces to get the firewall running at boot time. The problem is /etc/network/interfaces is created dynamically, so it's recommended to edit /etc/network/interfaces.template. So what I did is copy interfaces to interfaces.template, added "pre-up /etc/rc.firewall" and rebooted the vps. It doesn't work. Does someone know how to add the pre-up command to interfaces.template so that the system reboots with the firewall turned on.

Thanks

Report message to a moderator

Re: Firewall on boot [message #3013 is a reply to message #3011]

Sun, 07 May 2006 14:20

ferp2
Messages: 29
Registered: May 2006

Junior Member

Here is the auto generated /etc/network/interfaces

===========================================
# This configuration file is auto-generated.
# WARNING: Do not edit this file, otherwise your changes will be lost.
# Please edit template /etc/network/interfaces.template instead.

# Auto generated venet0 interfaces
auto venet0 lo
iface venet0 inet static
address 127.0.0.1
netmask 255.255.255.255
broadcast 0.0.0.0
up route add -net 191.255.255.1 netmask 255.255.255.255 dev venet0
up route add default gw 191.255.255.1
iface lo inet loopback

auto venet0:0
iface venet0:0 inet static
address 192.168.0.102
netmask 255.255.255.255
broadcast 0.0.0.0
###pre-up /etc/firewall.sh###
===========================================

It is impossible to add "pre-up /etc/firewall.sh", to /etc/interfaces.template so that it appears after "broadcast 0.0.0.0" in the auto generated /etc/network/interfaces. This is because the contents of /etc/network/interfaces.template get added **before** the auto generated content of /etc/network/interfaces takes place. This causes the venet0:0 to malfunction.

Thank you

Report message to a moderator

Re: Firewall on boot [message #3016 is a reply to message #3013]

Mon, 08 May 2006 07:35

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

In openVZ debian template /etc/network/interfaces.template file isn't necessary.
Dynamic creation of /etc/network/interfaces file is performed by
/etc/sysconfig/vz-scripts/dists/scripts/debian-add_ip.sh script on host machine. So, please, edit this script by adding line
pre-up /etc/rc.firewall" >> ${CFGFILE}.bak
in appropriate place of the script.

/etc/rc.firewall should be inside VPS.

And, please, don't forget to delete etc/network/interfaces.template file inside VPS, otherwise you will have problems.

Good Luck.

Report message to a moderator

Re: Firewall on boot [message #3017 is a reply to message #3016]

Mon, 08 May 2006 12:22

ferp2
Messages: 29
Registered: May 2006

Junior Member

Thank you for your reply. Perhaps I should have mentioned that my host system is running debian with the 2.6.8-022stab064-up kernel. On my system, debian-add_ip.sh is found in /usr/share/vz/dists/scripts. I added your statement and it works fine.

Thanks

Report message to a moderator

Re: Firewall on boot [message #3019 is a reply to message #3011]

Mon, 08 May 2006 12:45

ferp2
Messages: 29
Registered: May 2006

Junior Member

I put the following in /usr/share/vz/dists/scripts/debian-add_ip.sh:

if [ -f ${CFGFILE}.firewall ]; then
FWALL=`cat ${CFGFILE}.firewall`
echo -e "pre-up ${FWALL}" >> ${CFGFILE}.bak
fi

Also, there's a typo in the script. Search for /dev/nul. It should be /dev/null.

Report message to a moderator

Re: Firewall on boot [message #3020 is a reply to message #3019]

Mon, 08 May 2006 12:49

Vasily Tarasov
Messages: 1345
Registered: January 2006

Senior Member

> Also, there's a typo in the script. Search for /dev/nul. It should be /dev/null.

Please, fill the BUG in bugzilla.openvz.org!

Thanks for your attention.

Report message to a moderator

Previous Topic:	Config a custom Kernel from the given src.rpm
Next Topic:	VPS Problem -- Users logged in

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Thu Dec 11 05:07:04 GMT 2025

Total time taken to generate the page: 0.15614 seconds