Applies to platform: all
Last updated: 23rd August 2013
There are situations in which you may want to add your own custom scripts for specific purposes. There are two ways, both implemented by adding files to /var/efw/inithooks/. Those files are start.local and rc.firewall.local respectively and they will not be changed by any future upgrade in order to keep your customization as is.
start.local
This file will be the last configuration Endian UTM Appliance will read and apply to your system in the boot process, in order for your customization to take effect. Since this is a BASH script, start.local file must have #!/bin/bash in the very first line. This is a special marking and will specify to the system that in order to execute all the present script code it has to use the (interpreter) binary bash available in /bin directory.
After adding your code in this file, set the permissions accordingly by executing the following command:
root@endian:~ # chmod 755 /var/efw/inithooks/start.local
Once the permissions are set you can also trigger the script by calling it with full path:
root@endian:~ # /var/efw/inithooks/start.local
start.local file does not exist by default so you will have to create it with an editor like nano or vi and add your code.
root@endian:~ # nano /var/efw/inithooks/start.local
#!/bin/bash
# Add your code here
exit $?
rc.firewall.local
As the name states, this file will further apply your customized configuration. This is useful when you need certain iptables rules to always be added after reboot and make the customization permanent. By adding rules to this file you can make your Endian UTM Appliance read the configuration and apply it for you by using iptables. This file won't be later changed by any other service.
Warning
You can use the following code in order to apply your rules for start/stop and reload actions by editing the rc.firewall.local with nano or vi:
root@endian:~ # nano /var/efw/inithooks/rc.firewall.local
#!/bin/bash
# See how we were called.start() {
## add your 'start' rules here
}
stop() {
## add your 'stop' rules here
}
case "$1" in
start)
start
;;
stop)
stop
;;
reload)
stopstart
;;
*)
echo "Usage: $0 {start|reload|stop}"
esac
exit $?
Note
Like startup.local, you have to apply the correct permissions:
root@endian:~ # chmod 755 /var/efw/inithooks/rc.firewall.local
Hi
thank you for your document.
I executed these instruction step by step but after i execute the start.local that i created and reboot the endian firewall the rule is flushed when the system is started.
what is the problem ?
best
hi,
are you using CUSTOM prefixed chains? most probably you are writing to a chain that is overwritten/flushed by the management scripts for firewall (e.g. you first write at startup but then some time after, 1 hour or whatever, you add another rule or a service is restarted that requires the firewall to be rewritten)
try to use the CUSTOM prefixed chains for your rules and should be stable now
hope it helps,
cheers
This model initialization is running in Endian 3?
I made a path of putting a script in start.local file with all the correct permissions test, but the script is not initialized in the boot.
Dear Admin, I tested the second method and it worked.
I thought the file name is not important and just the file directory ( ~/inithooks/ ) is important but when i tested by the exact name it worked.
best regards.