Question about how to enable fiaif at boot.
Anders Peter Fugmann
email hidden
Mon Nov 28 21:43:16 CET 2005
Steven W. Orr wrote:
> I'm sure this has been discussed before but I just don't get it. The
> problem is that whenever I reboot, the firewall is not established. I
> have to manually say
> service fiaif restart
>
> My theory is that this is happening because the ip address of the
> interface is not known at the time that service script is executing.
Nope. FIAIF should be started before any interfaces are brought up for
maximum security.
>
> Here's my setup: I have a cable modem that talks to my provider's DHCP
> server. So theoretically I don't know what my ip address is. In my
> zone.ext I have the following two lines.
>
> NAME=EXT
> DEV=eth0
> DYNAMIC=1
> GLOBAL=1
> IP_EXTRA=""
> NET_EXTRA=""
> DHCP_SERVER=0
Dynamic just means that FIAIF does not apply extra checks for matching
IP numbers and networks addresses.
>
> The /etc/rc.d/init.d/fiaif has a chkconfig of
> # chkconfig: 345 08 92
>
> which means that it executes *before* the network script which has this
> line
> # chkconfig: 2345 10 90
>
> Am I crazy or shouldn't the chkconfig line in the fiaif script have a
> start index > 10 so it executes after the address is known? Am I missing
> something?
Seems like a problem in your distribution.
>
> TIA
>
Regards
Anders Fugmann
More information about the fiaif
mailing list