i am using fc2, kernel 2.6.9-1.6_FC2, iptable 1.2.9-2.3.1, guarddog 2.2.0.
i used guarddog to create a set of firewall rules. guarddog then generated a script /etc/rc.firewall that can be ran to apply the rules. i ran the script (after adding /sbin/modprobe ip_conntrack_tftp to get the tftp sever to work) and everything seemed to work as i wanted. after that, i ran /sbin/service iptables save to save the rule set /etc/sysconfig/iptables.
i rebooted to make sure everything worked from a clean boot, but it did not. the ruleset seemed to load fine, but i believe there some other lines in the /etc/rc.firewall script that need to be ran as well. i know one is /sbin/modprobe ip_conntrack_tftp.
i know i need to run the /etc/rc.firewall script at boot. how and where is the proper place to do this? also, do i need to anything whenever a network interface is brought up or down?
from the guarddog README:
Guarddog generates a shell script at /etc/rc.firewall which should be run at
* Mandrake Linux - runs /etc/rc.firewall at boot time by default which
is good. But most other distributions are not setup like this. The firewall
should be run before any network interfaces are enabled.
* SuSE & Debian - can be setup to run the firewall at boot time by appending
the following lines to /sbin/init.d/boot.local for SuSE and for Debian
if [ -r /etc/rc.firewall ]; then
Thanks to Björn Breitsprecher and Carsten M. Schademann for help with this.
* Other Distributions - I expect that running the firewall script at boottime
on other Linux distributions follows similar lines at SuSE above. Basically
find a suitable boot script and add some lines to execute the rc.firewall
file if it exists.
If you figure out how to start Guarddog at boot time for your particular
distribution, please send me an email and let me know how.
Network Interface Up/Down
The firewall script that Guarddog creates needs to be run when ever an
network interface is brought up or down. In fact if Guarddog is not run
after a network interface is brought up then the firewall *should* stop
all traffic through that interface. This is a security feature.
* Mandrake Linux and maybe Redhat - Unfortunately this isn't as simple as
I would hope... The Mandrake networking scripts have 'hooks' which can
be used to for getting things like firewalls run whenever a network
interface is brought up or down. Log in as root and execute the next two
ln -s /etc/rc.firewall /sbin/ifup-local
ln -s /etc/rc.firewall /sbin/ifdown-local