Re: Firewalling IPv6 - an easy way?

To: debian-ipv6@lists.debian.org
Subject: Re: Firewalling IPv6 - an easy way?
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date: Mon, 20 Aug 2007 10:45:47 +0200
Message-id: <[🔎] 46C954BB.5070703@plouf.fr.eu.org>
In-reply-to: <[🔎] fabe5c$8si$1@sea.gmane.org>
References: <[🔎] 46BF3056.20700@bootc.net> <[🔎] 1186949672.23806.2.camel@dirk.catalyst.net.nz> <[🔎] 46BF6E99.6010407@bootc.net> <[🔎] 1186954871.23806.12.camel@dirk.catalyst.net.nz> <[🔎] fabe5c$8si$1@sea.gmane.org>

Hello,

Mikael Frykholm a écrit :

Andrew Ruthven skrev:


I'm not sure of a Debian recommended way, but a post-up line or a file
in /etc/network/if-up.d which only runs for the interface you want would
work okay.


Or in /etc/ppp/ipv6-up.d/ for PPP interfaces.

Shouldn't that be pre-up instead?
Otherwise a reboot of the firewall would leave it vulnerable for somesplit seconds.

Not if the filter default policies have been set to DROP earlier.Default policies are not a per-interface setting.

Reply to:

References:
- Firewalling IPv6 - an easy way?
  - From: Chris Boot <bootc@bootc.net>
- Re: Firewalling IPv6 - an easy way?
  - From: Andrew Ruthven <andrew@etc.gen.nz>
- Re: Firewalling IPv6 - an easy way?
  - From: Chris Boot <bootc@bootc.net>
- Re: Firewalling IPv6 - an easy way?
  - From: Andrew Ruthven <andrew@etc.gen.nz>
- Re: Firewalling IPv6 - an easy way?
  - From: Mikael Frykholm <mikael@frykholm.com>

Prev by Date: Re: Firewalling IPv6 - an easy way?
Next by Date: Re: Firewalling IPv6 - an easy way?
Previous by thread: Re: Firewalling IPv6 - an easy way?
Next by thread: IPv6 routing on an arm box
Index(es):
- Date
- Thread