How to run a custom script at shutdown

opensuse v13.2

I have a script that should run at shutdown to modify iptables by removing a queue which is added at startup.

What do I do to add the script into the shutdown sequence?

On 2015-09-10 01:36, jimoe666 wrote:
>
> opensuse v13.2
>
> I have a script that should run at shutdown to modify iptables by
> removing a queue which is added at startup.

??

If the machine is powered down, it does not matter what you do to
iptables, it is destroyed, as all RAM contents.

> What do I do to add the script into the shutdown sequence?

Well, you can do it in /etc/init.d/halt.local. But I think it runs when
network is already down, so it should fail.

Instead, you could do a systemd service. Or perhaps an init.d script, it
should work.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

To add to Carlos, all your IP tables are not only gone on power off, but already with system shutdown. IP tables (like routes and more network status) are kernel tables in memory and thus all gone when the kernel stops.

Really? I’d’ve thought it was obvious the script would run at the beginning of shutdown, not the end.

Some more detail: I have set up suricata to perform intrusion prevention which requires adding a queue to iptables so the packet stream flows through suricata. (suricata’s other mode is detection which only monitors the traffic.) When the system shuts down, suricata is stopped but the queue is still in place. All network traffic is blocked resulting in a stalled shutdown.

On 2015-09-10 19:36, jimoe666 wrote:
>
> Really? I’d’ve thought it was obvious the script would run at the
> beginning of shutdown, not the end.

Sorry, not obvious :slight_smile:

I remember a script place holder, during boot I think, that had hooks
for the start and the end of boot: two places. Now there is only one, as
far as I can see - unless you place your own hook with systemd.

> Some more detail: I have set up suricata to perform intrusion prevention
> which requires adding a queue to iptables so the packet stream flows
> through suricata. (suricata’s other mode is detection which only
> monitors the traffic.) When the system shuts down, suricata is stopped
> but the queue is still in place. All network traffic is blocked
> resulting in a stalled shutdown.

Well, then what you have to do is report to the suricata people so that
they correct their halt process :slight_smile:

Otherwise, find out where they do it, and modify yourself appropriately.

I guess they intentionally block network at that point.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

How queue is added at srartup? Usually if you have script that “starts” something on startup the same script is used to “stop” something on shutdown. Please give more details about your setup.