firewall: Initialize basic ruleset before entering runlevel 3.

2026-04-15 21:43:00 +02:00 · 2014-02-14 12:48:11 +01:00
parent e7c5b9dabb
commit 7d7740a467
5 changed files with 9 additions and 3 deletions
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -224,6 +224,7 @@ etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
+etc/rc.d/rcsysinit.d/S85firewall
 etc/rc.d/rcsysinit.d/S90sysctl
 etc/rc.d/rcsysinit.d/S91network-vlans
 etc/rc.d/rcsysinit.d/S92rngd
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -231,6 +231,7 @@ etc/rc.d/rcsysinit.d/S60setclock
 etc/rc.d/rcsysinit.d/S70console
 etc/rc.d/rcsysinit.d/S75firstsetup
 etc/rc.d/rcsysinit.d/S80localnet
+etc/rc.d/rcsysinit.d/S85firewall
 etc/rc.d/rcsysinit.d/S90sysctl
 etc/rc.d/rcsysinit.d/S91network-vlans
 etc/rc.d/rcsysinit.d/S92rngd
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -171,6 +171,7 @@ $(TARGET) :
 	ln -sf ../init.d/console     /etc/rc.d/rcsysinit.d/S70console
 	ln -sf ../init.d/firstsetup  /etc/rc.d/rcsysinit.d/S75firstsetup
 	ln -sf ../init.d/localnet    /etc/rc.d/rcsysinit.d/S80localnet
+	ln -sf ../init.d/firewall    /etc/rc.d/rcsysinit.d/S85firewall
 	ln -sf ../init.d/sysctl      /etc/rc.d/rcsysinit.d/S90sysctl
 	ln -sf ../init.d/network-vlans /etc/rc.d/rcsysinit.d/S91network-vlans
 	ln -sf ../init.d/rngd        /etc/rc.d/rcsysinit.d/S92rngd
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -292,14 +292,20 @@ iptables_red() {
 # See how we were called.
 case "$1" in
  start)
+	boot_mesg "Setting up firewall"
 	iptables_init
+	evaluate_retval
+
 	# run local firewall configuration, if present
 	if [ -x /etc/sysconfig/firewall.local ]; then
 		/etc/sysconfig/firewall.local start
 	fi
 	;;
  reload)
+	boot_mesg "Reloading firewall"
 	iptables_red
+	evaluate_retval
+
 	# run local firewall configuration, if present
 	if [ -x /etc/sysconfig/firewall.local ]; then
 		/etc/sysconfig/firewall.local reload
--- a/src/initscripts/init.d/network
+++ b/src/initscripts/init.d/network
@@ -38,9 +38,6 @@ init_networking() {
 		rmmod nf_conntrack_h323
 	fi

-	boot_mesg "Setting up firewall"
-	/etc/rc.d/init.d/firewall start; evaluate_retval
-
 	/etc/rc.d/init.d/dnsmasq start
 	/etc/rc.d/init.d/static-routes start
 }