IFSERVICES(5) Network configuration IFSERVICES(5)NAME
ifservices-* - control network services with ifup/down
SYNOPSIS
/etc/sysconfig/network/ifservices-<configuration_name>/
DESCRIPTION
The directory /etc/sysconfig/network/ifservices-<configuration_name>/ is read by the script /etc/sysconfig/network/scripts/ifup-services
which starts and stops system services when an interface is set up/down. ifup-services is used by /sbin/ifup, which is the command line
user interface for setting up network interfaces.
This is useful if you don't have a permanent network connection. If you sometimes boot without network and plug in the network cable later
you can add links to system services in this directory. These services will then be started with ifup and stopped with ifdown.
The configuration name used for ifservices-* should match exactly the configuration name of the ifcfg-* file for the interface.
For the usage with NetworkManager (where you don't necessarily need a ifcfg-* file) you can also use /etc/sysconfig/network/ifser-
vices-<interface>-<essid>/ (for wlan interfaces) or if that does not exist /etc/sysconfig/network/ifservices-<interface>/. As a final
fallback /etc/sysconfig/network/ifservices/ is checked as well. If NetworkManager is active services will be stopped after the interface is
down.
The links in this directory are equal to the links in the runlevel directories /etc/init.d/rc*.d/ They have to point to service start
scripts which are usually in /etc/init.d/. Links starting with 'S' are start links, which are called in alphabetical order after ifup has
set up the interface. Links starting with 'K' are kill links which are called before ifdown takes down the interface. See also section
Sequencing Directories in boot (7).
EXAMPLE
In this example we use an interface with MAC address 00:de:ad:be:af:00. This interface is not always physically connected. As soon as you
plug in the cable ypbind and autofs should be started. When you pull the cable they should be stopped. This can be reached with:
in file /etc/sysconfig/network/ifcfg-eth-id-00:de:ad:be:af:00
...
STARTMODE=ifplugd
...
in dir /etc/sysconfig/network/ifservices-eth-id-00:de:ad:be:af:00/
S10portmap -> /etc/init.d/portmap
S20ypbind -> /etc/init.d/ypbind
S30autofs -> /etc/init.d/autofs
S20autofs -> /etc/init.d/autofs
K30ypbind -> /etc/init.d/ypbind
Now you have to disable the start of this services at boot time
chkconfig ypbind off
chkconfig autofs off
Notes:
You may call scripts/create-ifservices-directory [<interface_name>] to create a directory with the links from this example. This will cre-
ate the directory ifservices-<interface_name> or if no interface name was given ifservices-template.
Maybe you have to add also variable IFPLUGD_PRIORITY. For details about startmode ifplugd read ifup (8).
The service portmap had to be added because ypbind needs it. This service is still started at boot time because it does not need an active
network connection. But ypbind may now be started earlier as usual. Therefore we make sure that portmap is started before. Starting an
already running service again does not affect the service.
SEE ALSO ifup(8), ifcfg(5).
AUTHOR
Christian Zoz <zoz@suse.de>
sysconfig February 2005 IFSERVICES(5)
Check Out this Related Man Page
SHOREWALL-INIT(8) [FIXME: manual] SHOREWALL-INIT(8)NAME
shorewall-init - Companion package
SYNOPSIS
/etc/init.d/shorewall-init [start|stop]
DESCRIPTION
Shorewall-init is an optional package (added in Shorewall 4.4.10) that can be installed along with Shorewall, Shorewall6, Shorewall-lite
and/or Shorewall6-lite. It provides two key features:
1. It can close (stop) the firewall during boot prior to starting the network. This can prevent unwanted connections from being accepted
after the network comes up but before the firewall is started.
2. It can interface with your distribution's ifup/ifdown scripts and/or NetworkManager to allow firewall actions when an interface starts
or stops.
These two capabilities can be enabled separately.
After you install the shorewall-init package, you can activate it by modifying the Shorewall-init configuration file:
o On Debian-based system, the file is /etc/default/shorewall-init.
o On other systems, the file is /etc/sysconfig/shorewall-init.
To activate the safe boot feature, edit the configuration file and set PRODUCTS to a space-separated list of Shorewall products that you
want to be closed before networking starts.
Example:
PRODUCTS="shorewall shorewall6"
You also must insure that the compiled scripts for the listed products are compiled using Shorewall 4.4.10 or later.
Shorewall
shorewall compile
Shorewall6
shorewall6 compile
Shorewall-lite
On the administrative system, enter the command shorewall export firewall from the firewall's configuration directory.
Shorewall6-lite
On the administrative system, enter the command shorewall6 export firewall from the firewall's configuration directory.
The second feature (ifup/ifdown and NetworkManager integration) should only be activated on systems that do not use a link status monitor
line swping or LSM.
o Edit the configuration file and set IFUPDOWN=1
For NetworkManager integration, you will want to disable firewall startup at boot and delay it to when your interface comes up. For this to
work correctly, you must set the required or the optional option on at least one interface then:
o On Debian-based systems, edit /etc/default/product for each product listed in the PRODUCTS setting and set startup=0.
o On other systems, use the distribution's service control tool (insserv, chkconfig, etc.) to disable startup of the products listed in
the PRODUCTS setting.
On a laptop with both ethernet and wireless interfaces, you will want to make both interfaces optional and set the REQUIRE_INTERFACE option
to Yes in shorewall.conf[1](5) or shorewall6.conf[2] (5). This causes the firewall to remain stopped until at least one of the interfaces
comes up.
FILES
/etc/default/shorewall-init (Debian-based systems) or /etc/sysconfig/shorewall-init (other distributions)
SEE ALSO shorewall(8), shorewall-accounting(5), shorewall-actions(5), shorewall-blacklist(5), shorewall-hosts(5), shorewall_interfaces(5),
shorewall-ipsets(5), shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5), shorewall-params(5),
shorewall-policy(5), shorewall-providers(5), shorewall-proxyarp(5), shorewall-rtrules(5), shorewall-routestopped(5), shorewall-rules(5),
shorewall.conf(5), shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5), shorewall-tos(5),
shorewall-tunnels(5), shorewall-zones(5)NOTES
1. shorewall.conf
http://www.shorewall.net/manpages/shorewall.conf.html
2. shorewall6.conf
http://www.shorewall.net/manpages/../Manpages6/shorewall6.conf.html
[FIXME: source] 06/28/2012 SHOREWALL-INIT(8)