[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ipchains adding to rc.local
- Subject: Re: [cobalt-security] ipchains adding to rc.local
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Wed, 25 Jul 2001 04:02:29 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wed, 25 Jul 2001, R. Hamburg wrote:
> Hi,
>
> Quick question:
>
> I have installed IPchains. And have added some ip to block. However I
> understand that when you have reboot the server all
> /sbin/ipchains -I input -s 203.232.240.215 -j DENY -l
> /sbin/ipchains -I input -s 63.25.226.171 -j DENY -l
> are lost.
> So I thought adding this lines to /etc/rc.d/rc.local
> But I wondering right wheter the lines added to the bottum should be closed
> by an 'fi' command, like all other entries in the rc.local file ??
>
> is this correct so the list must look like this:
>
> /sbin/ipchains -I input -s 203.232.240.215 -j DENY -l
> /sbin/ipchains -I input -s 63.25.226.171 -j DENY -l
> fi
>
> or can I just them and no fi command at the end ?
>
> Thanks for your advice
>
> - Robbert
>
"fi" tells the shell-parser that here ends the block of an "if" rule
statement.
In other words, after a fi, all lines will be executed, no matter what.
(unless there's a new if)
In short, either write it in the very begining, or the very start. No fi's
needed.
Also a nice idea, is to create a file, say "customcommands" in /etc, chmod
700 it, and call it from rc.local. then you put all the things you want on
boot on that file, and you don't touch rc.local too much. That's only a
suggestion, though.
( i mean a batch file, yes? where the first line is: #!/bin/sh )
- shimi.