I use openbgpd to pass banned IPs from fail2ban to my firewall, which is a separate FreeBSD system.
The problem I had originally was that openbgpd was not ready before fail2ban started.
To make this work I modified /usr/local/etc/rc.d/fail2ban to add
and modified /usr/local/etc/rc.d/openbgpd to add
I know that such changes are not recommended but they worked and openbgpd is ready by the time fail2ban starts.
However, it means I have to notice a pkg upgrade that overwrites either of these two rc.d scripts and remember to restore my changes .
I've done lots of searching, reading and experimenting with ways to get around changing the two scripts but nothing has worked for me yet.
The most promising seemed to involve removing those two modified lines and create a dummy 001A rc.d script with this inside:
Unfortunately that didn't work (maybe I'm missing something here) and rcorder wasn't really much help.
Is there a better way to achieve this startup order without changes to the original rc.d scripts?
The problem I had originally was that openbgpd was not ready before fail2ban started.
To make this work I modified /usr/local/etc/rc.d/fail2ban to add
Code:
# REQUIRE: bgpd
and modified /usr/local/etc/rc.d/openbgpd to add
Code:
# BEFORE: fail2ban
I know that such changes are not recommended but they worked and openbgpd is ready by the time fail2ban starts.
However, it means I have to notice a pkg upgrade that overwrites either of these two rc.d scripts and remember to restore my changes .
I've done lots of searching, reading and experimenting with ways to get around changing the two scripts but nothing has worked for me yet.
The most promising seemed to involve removing those two modified lines and create a dummy 001A rc.d script with this inside:
Code:
#!/bin/sh
# PROVIDE: 001A
# REQUIRE: bgpd
# BEFORE: fail2ban
Unfortunately that didn't work (maybe I'm missing something here) and rcorder wasn't really much help.
Is there a better way to achieve this startup order without changes to the original rc.d scripts?