How Do I Run a Firewall Script As Soon As eth0 Interface Brings Up?

I use ADSL at home via ISP modem. As soon as my eth0 comes up I would like to have my firewall script get executed and setup the iptables firewall rules for me.

Earlier, I used to type the command /root/fs.dsl.start via the sudo command. However, while reading the man page of interfaces command I came across the post-up option which run command after bringing the interface up. Following step demonstrates the usage of post-up option:

1) Copy your firewall shell script to /etc/network/if-up.d/ directory:
# cp /root/fw.dsl.start /etc/network/if-up.d/

2) Open Debian / Ubuntu networking configuration file /etc/network/interfaces:
# vi /etc/network/interfaces

3) Setup post-up option, append following line to eth0 configuration section:
# post-up /etc/network/if-up.d/fw.dsl.start

Where,

  • post-up command : Run command or shell script after bringing the interface eth0 up.

Here is my /etc/network/interfaces after modification:

auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
name Ethernet LAN card
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0
gateway 192.168.1.254
post-up /etc/network/if-up.d/fw.dsl.start

4) Save and close the file. Restart networking service:
# /etc/init.d/networking restart

5) Verify that iptables rules are loaded:
# iptables -L -n -v

Additional Options

To run command before bringing the interface up, enter:
pre-up command
pre-up /scripts/networking.accounting_on

To run command before taking the interface down, enter:
pre-down command
To run command or script after taking the interface down, enter:
post-down command
post-down /path/to/script.sh

Example: Setting Up Static Routing

The up and down options can be used to set up Debian static routing as follows as soon as eth0 interface available or down:
up route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.8.18.17
down route del -net 10.0.0.0 netmask 255.0.0.0 gw 10.8.18.17

🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
4 comments… add one
  • Gabor Mar 15, 2008 @ 8:18

    In section 3) hash mark should be removed from line
    # post-up /etc/network/if-up.d/fw.dsl.start

  • Tahder Jan 11, 2008 @ 0:05

    How do i use it in Ubuntu? why isn’t working when it is a Debian based….

  • 🐧 nixCraft Apr 4, 2007 @ 17:12

    Jevin,

    Use /etc/eth0/ip-up.local
    file.

    HTH

  • Jevin Ramjattan Apr 4, 2007 @ 15:28

    How do I do this on Fedora?

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.