From owner-freebsd-isp Mon Feb 10 4:58:29 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CDFD737B401 for ; Mon, 10 Feb 2003 04:58:27 -0800 (PST) Received: from users.munk.nu (213-152-51-194.dsl.eclipse.net.uk [213.152.51.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id B612C43FAF for ; Mon, 10 Feb 2003 04:58:26 -0800 (PST) (envelope-from munk@users.munk.nu) Received: from users.munk.nu (munk@localhost [127.0.0.1]) by users.munk.nu (8.12.6/8.12.6) with ESMTP id h1ACx5Ax045849; Mon, 10 Feb 2003 12:59:05 GMT (envelope-from munk@users.munk.nu) Received: (from munk@localhost) by users.munk.nu (8.12.6/8.12.6/Submit) id h1ACx3PO045848; Mon, 10 Feb 2003 12:59:03 GMT Date: Mon, 10 Feb 2003 12:59:01 +0000 From: Jez Hancock To: FreeBSD ISP List Cc: Chuck Swiger Subject: Re: Local package initialization Message-ID: <20030210125901.GC45355@users.munk.nu> Mail-Followup-To: FreeBSD ISP List , Chuck Swiger References: <1044818277.3e46a965d3e52@webmail.isot.com> <20030209200034.GA25652@users.munk.nu> <3E46C590.4060106@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3E46C590.4060106@mac.com> User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi Chuck, On Sun, Feb 09, 2003 at 04:18:08PM -0500, Chuck Swiger wrote: > Jez Hancock wrote: > [ ... ] > >As an example, if the files in /usr/local/etc/rc.d dir looks like this: > > > >-rwxr-x--- 1 root wheel 181 Dec 23 22:05 000.mysql-client.sh* > >-r-xr-xr-x 1 root wheel 248 Dec 14 09:26 000.pkgtools.sh* > >-r-xr-xr-x 1 root wheel 307 Jan 19 16:32 100.apache.sh* > >-rwxr-x--x 1 root wheel 316 Nov 11 01:19 200.idled.sh* > >-rwxr-x--- 1 root wheel 181 Dec 23 22:05 300.mysql.sh* > >-rwxr-xr-x 1 root wheel 1742 Jan 14 18:03 999.ipfw.sh* > > > >Then the scripts will be run in the order: > > > >mysql-client > >pkgtools > >apache > >idled > >ipfw > > Note that the above ordering leaves a window of vulnerability after a > system reboot, where the firewall rules are not yet in place. It's > safer to start up the firewall first, and then everything else. The ipfw script only counts user traffic for stats - you can see the results here: http://ipfwstats.munk.nu keep meaning to make that frontend look nicer so I can package it up and maybe have it added to the ports eventually. For pass/block packet filtering I use ipf (which loads up prior to the local packages). Cheers, Jez To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message