kernels, binutils, and stable releases

Archaic archaic at linuxfromscratch.org
Mon Apr 18 10:39:37 PDT 2005


On Mon, Apr 18, 2005 at 12:39:50PM -0400, Robert Connolly wrote:
> 
> /etc/rc.d/init.d/iptables could be the start/stop script which 
> loads /etc/rc.d/init.d/firewall/default, which has the definitions for 
> internal and external IPs, etc. The bootscripts could 
> install /etc/rc.d/init.d/firewall/sshd, and /etc/rc.d/init.d/sshd would have:

The configuration, IMO, should not be in the bootscripts. The iptables
boot script should merely load the default config that is sitting in
/etc (let's say /etc/firewall for this discussion), but not in the
bootscript dir. That config file can include separate files. It always
has been able to. After all an iptables config file is a script.

Then, when writing a page for a server (ssh in this example), all you
have to do is create an /etc/firewall.d/ssh file as directed in the book
with a simple cat command. The /etc/firewall will have the default
policy and can either have a preconfigured if/then to load everything in
/etc/firewall.d (ala the way BLFS does /etc/profile.d), or we can direct
the reader to add the include line in /etc/firewall as well as making
the /etc/firewall/whatever config file. This is all completely separate
from the bootscripts. Bootscripts start programs, their logic should be
minimal.

-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs




More information about the hlfs-dev mailing list