# postup() in /etc/conf.d/net gets called - sometimes

## hefe

Hello,

i am having a problem with my wireless setup. I use the postup()-function from /etc/conf.d/net to set up a minimalistic firewall. The postup()-function will use the dhcp-aquired-ip.

When i use rc-service net.wlan0 start everything is fine and the firewall will be configured.

However, when the laptop is hibernated and i resume at a different site with different ap, i get a new ip but the postup()-function is not called. I can tell this, because the firewall stays at its old configuration.

Question 1) Under which circumstances _exactly_ will postup()-function be called?

Question 2) Where do i put ip-dependend configurations in, if not at postup() in /etc/conf.d/net?

Thank you for any helping comments...

----------

## khayyam

 *hefe wrote:*   

> When i use rc-service net.wlan0 start everything is fine and the firewall will be configured. However, when the laptop is hibernated and i resume at a different site with different ap, i get a new ip but the postup()-function is not called. I can tell this, because the firewall stays at its old configuration.

 

hefe ... this sounds quite normal, after hibernate net.${IFACE} isn't restarted so no postup() is called, but as dhcp is running a new IP is aquired.

 *hefe wrote:*   

> Question 1) Under which circumstances _exactly_ will postup()-function be called?

 

each and every time net.${IFACE} is (re)started.

 *hefe wrote:*   

> Question 2) Where do i put ip-dependend configurations in, if not at postup() in /etc/conf.d/net?

 

Generally something like a iptables should be run prior to network connectivity and an IP is aquired, this is why /etc/init.d/iptables and other firewall scripts, have 'before net', but that isn't the problem, the problem is that your expecting for "ip-dependent" configuration to be consistant across hibernation and the network having changed. The only thing I can suggest is for some script to be called prior and subsequent to hibernate.

best ... khay

----------

## Hu

Some DHCP clients support running programs in response to specific DHCP events.  You may want to have preup configure a generic default-deny firewall, then use the DHCP hook script to configure the settings that you are currently doing in postup.

----------

## hefe

Thank you khayyam, and thank you Hu,

i decided to add a hook-script into /lib/dhcpcd/dhcpcd-hooks/ which is more or less like my previous postup()-function.

Cheers

----------

