Next Previous Contents

8. Putting it all together

This is an example rc.local script to start everything when your system boots. It will add spoofing protection in the kernel if you are using a 2.2 kernel, setup the masquerading firewall policies, and start the cipe interface(s).



#!/bin/bash 
#4/4/99 
#an example rc.local script 
#Send questions or comments to acj@home.com 

echo 

#Set up spoof protection in kernel -- from IPChains HOWTO by Paul Russell 

#this is only for the newer 2.1/2.2 kernels 

#if [ -e /proc/sys/net/ipv4/conf/all/rp_filter ]; then 
#   echo -n "Setting up IP spoofing protection..." 
#   for f in /proc/sys/net/ipv4/conf/*/rp_filter; do 
#       echo 1 > $f 
#   done 
#   echo "done." 
#else 
#   echo PROBLEMS SETTING UP IP SPOOFING PROTECTION.  BE WORRIED. 
#   echo "CONTROL-D will exit from this shell and continue system startup." 
#   echo 
#   # Start a single user shell on the console 
#   /sbin/sulogin $CONSOLE 
#fi 

echo 

#Setup firewall policies 
if [ -x /etc/rc.d/rc.firewall ]; then 
        echo Setting up firewall packet filtering policies. 
        echo 
        . /etc/rc.d/rc.firewall 
fi 

#Start cipe interfaces 
if [ -x /etc/rc.d/rc.cipe ]; then 
        echo Starting VPN interfaces. 
        . /etc/rc.d/rc.cipe 
fi 

exit 0 


Next Previous Contents