Solved /usr/local/etc/rc.d start order

B

biggsy

I use openbgpd to pass banned IPs from fail2ban to my firewall, which is a separate FreeBSD system.

The problem I had originally was that openbgpd was not ready before fail2ban started.

To make this work I modified /usr/local/etc/rc.d/fail2ban to add
Code: 
# REQUIRE: bgpd

and modified /usr/local/etc/rc.d/openbgpd to add
Code: 
# BEFORE: fail2ban

I know that such changes are not recommended but they worked and openbgpd is ready by the time fail2ban starts.
However, it means I have to notice a pkg upgrade that overwrites either of these two rc.d scripts and remember to restore my changes .

I've done lots of searching, reading and experimenting with ways to get around changing the two scripts but nothing has worked for me yet.

The most promising seemed to involve removing those two modified lines and create a dummy 001A rc.d script with this inside:
Code: 
#!/bin/sh

# PROVIDE: 001A
# REQUIRE: bgpd
# BEFORE: fail2ban

Unfortunately that didn't work (maybe I'm missing something here) and rcorder wasn't really much help.

Is there a better way to achieve this startup order without changes to the original rc.d scripts?
 
Occams question first: Did you enable that 001A entity in rc.conf?
 
That should be it. Was it in /etc/rc.d or /usr/local/etc/rc.d ?
 
I made the change to enable it
Code: 
001A_enable="YES"
in /etc/rc.conf

The 001A script is in /usr/local/etc/rc.d
 
Folks, I'm currently @job, I can't look into my system. Anyone who can?
 
Stupid me! I didn't think to change permissions on the 001A script.

Now working fine but I do get a lot of these logged to the console:

Code: 
/etc/rc.conf: 001A_enable=YES: not found

Thank you so much for your help.
 
I just tried it without the
Code: 
001A_enabled="YES"
in /etc/rc.conf and it still works but without those console logs.

Thank you again.
 
You must log in or register to reply here.
Back
Top