Endian's startup scripts with inithooks – Endian

Versions 2.5, 3.0, & 5.0

Applies to platform: all
Last updated: 23rd August 2013

There are situations in which you may want to add your own custom scripts for specific purposes. There are two ways, both implemented by adding files to /var/efw/inithooks/. Those files are start.local and rc.firewall.local respectively and they will not be changed by any future upgrade in order to keep your customization as is.

start.local

This file will be the last configuration Endian UTM Appliance will read and apply to your system in the boot process, in order for your customization to take effect. Since this is a BASH script, start.local file must have #!/bin/bash in the very first line. This is a special marking and will specify to the system that in order to execute all the present script code it has to use the (interpreter) binary bash available in /bin directory.

After adding your code in this file, set the permissions accordingly by executing the following command:

root@endian:~ # chmod 755 /var/efw/inithooks/start.local

Once the permissions are set you can also trigger the script by calling it with full path:

root@endian:~ # /var/efw/inithooks/start.local

start.local file does not exist by default so you will have to create it with an editor like nano or vi and add your code.

root@endian:~ # nano /var/efw/inithooks/start.local

#!/bin/bash

# Add your code here

exit 0

rc.firewall.local

As the name states, this file will further apply your customized configuration. This is useful when you need certain iptables rules to always be added after reboot and make the customization permanent. By adding rules to this file you can make your Endian UTM Appliance read the configuration and apply it for you by using iptables. This file won't be later changed by any other service.

Warning

It is strongly recommended that any custom rules be added to the CUSTOM chains e.g. for a SNAT rule add rules to NAT table chain: CUSTOMPOSTROUTING. The CUSTOM chains indeed do not interfere with the scripts and are never flushed, so the user is guaranteed that they are always working.

You can use the following code in order to apply your rules for start/stop and reload actions by editing the rc.firewall.local with nano or vi:

root@endian:~ # nano /var/efw/inithooks/rc.firewall.local

#!/bin/bash
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
;;
stop)
## add your 'stop' rules here
;;
reload)
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|reload|stop}"
esac

Note

It is not necessary that the rc.firewall.local file contains the start), stop) or reload) functions, it can be a simple file like start.local.

Like startup.local, you have to apply the correct permissions:

root@endian:~ # chmod 755 /var/efw/inithooks/rc.firewall.local