[CentOS] Putting nat routing into place permanently? -- [OT] and so it begins (the debate)
Bryan J. Smith
thebs413 at earthlink.net
Fri Nov 4 16:07:45 UTC 2005
And so it continues ...
"William L. Maltby" <BillsCentOS at triad.rr.com> wrote:
> Please note the word "original".
I'm talking System-V systems (post-1986 AT&T standardization
efforts), which is what nearly all major distros -- including
the LSB -- are today.
> If you research back to the epoch or thereabouts, you may
> find that I spoke the truth.
Of course because that pre-dates the System-V init approach,
which was largely the post-1986 change thanx to AT&T's
standardization efforts after their lawsuit against Berkeley.
> I began working on UNIX PWB Versions 6/7.
And I began on SunOS 3 and most BSD-like flavors in the late
'80s. Forgive me for not starting sooner, I was only 15 at
the time, and had to sneak out to my local university to get
some "play time" as a imposing hostmaster/postermaster --
until I finally got my first "real" UNIX IT position at age
18 (while going to college full-time). My original Internic
handled (pre-IEEE alias which I started using in 1994 when I
was an upperclassman in an EE program and could be an IEEE
member) ended with the numbers "12". ;->
[ I know I'm now going to hear from "select people" that I'm
"flaunting my resume" again. Sigh. ]
> There was no "local" then.
There was one big rc script, yes. BSD systems are still
largely this approach (and any System-V init is typically
under /usr/local/etc/init.d/). Some people would call other
scripts from that rc script -- rc.local became a common one.
> No symlinks, etc.
No SysV init run-levels at all, I know. ;->
You had one big rc script, maybe a few others getting called.
> Later, (with SCO?)
SCO was merely one of many vendors that signed up for AT&T
System-V standardization after the start of UCB litigation.
Digital Ultrix gave way to Digital UNIX(R) (now Tru64), SunOS
gave way to Solaris 2 (SunOS 5, with SunOS 4.1 being
retroactively called Solaris 1), etc...
> I saw rc.local appear. And its purpose was as I
> stated. I can't recall if/when it all appeared in System
> III/IV/V. There were a couple different versions of
> directory structures too.
Yes. First there was the rc, then the rc#.d, while others
still put things in the rc, or an rc.local. Others yet had a
rc.init, rc.system or rc.sysinit, etc... Several flavors
even have a system-level run-level that runs before the
actual run-level with a directory called rcS.d. Solaris,
SuSE and several other flavors have it, and it's recognized
as valid in LSB. Red Hat chooses the rc.sysinit file
instead.
> I don't consider myself qualified to *know* the purpose
> and/or intent of current developers/maintainers.
Linux Standard Base (LSB) is always a great start:
http://refspecs.freestandards.org/LSB_2.0.1/LSB-generic/LSB-generic/tocsysinit.html
It should be noted that Red Hat does not have inter-service
dependency checking, unlike SuSE and others -- which can be a
major issue. Red Hat is actually developing a next-gen
service initialization engine, much like Solaris already has,
while still being LSB/legacy SysVinit compatible.
> That's why my subsequent statements were qualified with
> "if".
It's all a matter of perspective with "if" let alone
"original." Very early on, UNIX wasn't even written in C.
;->
> Anyway, I do appreciate you bringing me "up to snuff"
> regarding current intent, purpose and attitudes.
> Thanks for taking the time.
I'm sure I'm getting on the nerves of many. That's why it's
probably best I discuss these things off-list, even if some
value the information I can provide (they are typically the
minority).
> I do have 1 question regarding your information. You
> mention that the directories are intended for packages to
> use.... but you don't mention the sorts of things that
> started this thread,
This thread has gone off on many tangents -- hence why I
added the "[OT]" tag.
> "local" changes other than packages.
If you are making a quick change, then rc.local is commonly
used. But if you are making a change that is longer-term,
it's better to follow the distro practices, including what a
package might drop in. Just an observation -- I apologize if
my explanation has gone too far off the tangent.
Remeber, I recommend the "service iptables save"
(/etc/init.d/iptables save), including the admission that it
could be changed by other programs, so be careful. Since
then, I've discussed about adding new scripts to /etc/init.d
instead of just always modifying /etc/rc.d/rc.local, etc...
to avoid common pitfalls. In every case, I've never said
it's the "not right" or otherwise.
> If the OP was to use a script to do the mentioned
> firewall changes, and his script is locally generated (not
> part of a package), is it still intended that the script be
> stuck in the directories as if it were just another
package?
Yes, the /etc/init.d/ is a LSB standard and makes the
commands very easy to port to other instances (let alone
other distros), or be setup for only select run-levels.
> Or would that be better invoked (directly or indirectly)
> via the rc.local script?
The rc.local script is always invoked for every run-level,
and it is run last. Other than for temporary changes, it is
better to create an /etc/init.d/ script, set the LSB comments
in the header that define the order (both S[tart] and
K[ill]), so it can be enabled/disabled for only select
run-levels.
E.g., if iptables/iproute2 commands rely on networking to
load, or at least the enabling of the NetFilter stack in the
kernel, then it might not in some run-levels.
-- Bryan
P.S. This is definitely something that will be going into my
ELManagers FAQ.
--
Bryan J. Smith | Sent from Yahoo Mail
mailto:b.j.smith at ieee.org | (please excuse any
http://thebs413.blogspot.com/ | missing headers)
More information about the CentOS
mailing list