≡ Menu

How Do I Run a Firewall Script As Soon As eth0 Interface Brings Up?

I use ADSL at home via ISP modem. As soon as my eth0 comes up I would like to have my firewall script get executed and setup the iptables firewall rules for me.

Earlier, I used to type the command /root/fs.dsl.start via the sudo command. However, while reading the man page of interfaces command I came across the post-up option which run command after bringing the interface up. Following step demonstrates the usage of post-up option:

1) Copy your firewall shell script to /etc/network/if-up.d/ directory:
# cp /root/fw.dsl.start /etc/network/if-up.d/

2) Open Debian / Ubuntu networking configuration file /etc/network/interfaces:
# vi /etc/network/interfaces

3) Setup post-up option, append following line to eth0 configuration section:
# post-up /etc/network/if-up.d/fw.dsl.start

Where,

  • post-up command : Run command or shell script after bringing the interface eth0 up.

Here is my /etc/network/interfaces after modification:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
name Ethernet LAN card
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0
gateway 192.168.1.254
post-up /etc/network/if-up.d/fw.dsl.start

4) Save and close the file. Restart networking service:
# /etc/init.d/networking restart

5) Verify that iptables rules are loaded:
# iptables -L -n -v

Additional Options

To run command before bringing the interface up, enter:
pre-up command
pre-up /scripts/networking.accounting_on

To run command before taking the interface down, enter:
pre-down command
To run command or script after taking the interface down, enter:
post-down command
post-down /path/to/script.sh

Example: Setting Up Static Routing

The up and down options can be used to set up Debian static routing as follows as soon as eth0 interface available or down:
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.8.18.17
down route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.8.18.17

Share this on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 4 comments… add one }
  • Jevin Ramjattan April 4, 2007, 3:28 pm

    How do I do this on Fedora?

  • nixCraft April 4, 2007, 5:12 pm

    Jevin,

    Use /etc/eth0/ip-up.local
    file.

    HTH

  • Tahder January 11, 2008, 12:05 am

    How do i use it in Ubuntu? why isn’t working when it is a Debian based….

  • Gabor March 15, 2008, 8:18 am

    In section 3) hash mark should be removed from line
    # post-up /etc/network/if-up.d/fw.dsl.start

Security: Are you a robot or human?

Leave a Comment


   Tagged with: , , , , , , , , , , , , , , , , , , , , , , , ,