kernels, binutils, and stable releases

Archaic archaic at
Mon Apr 18 10:39:37 PDT 2005

On Mon, Apr 18, 2005 at 12:39:50PM -0400, Robert Connolly wrote:
> /etc/rc.d/init.d/iptables could be the start/stop script which 
> loads /etc/rc.d/init.d/firewall/default, which has the definitions for 
> internal and external IPs, etc. The bootscripts could 
> install /etc/rc.d/init.d/firewall/sshd, and /etc/rc.d/init.d/sshd would have:

The configuration, IMO, should not be in the bootscripts. The iptables
boot script should merely load the default config that is sitting in
/etc (let's say /etc/firewall for this discussion), but not in the
bootscript dir. That config file can include separate files. It always
has been able to. After all an iptables config file is a script.

Then, when writing a page for a server (ssh in this example), all you
have to do is create an /etc/firewall.d/ssh file as directed in the book
with a simple cat command. The /etc/firewall will have the default
policy and can either have a preconfigured if/then to load everything in
/etc/firewall.d (ala the way BLFS does /etc/profile.d), or we can direct
the reader to add the include line in /etc/firewall as well as making
the /etc/firewall/whatever config file. This is all completely separate
from the bootscripts. Bootscripts start programs, their logic should be


Want control, education, and security from your operating system?
Hardened Linux From Scratch

More information about the hlfs-dev mailing list