Hello, Mikael Frykholm a écrit :
Andrew Ruthven skrev:I'm not sure of a Debian recommended way, but a post-up line or a file in /etc/network/if-up.d which only runs for the interface you want would work okay.
Or in /etc/ppp/ipv6-up.d/ for PPP interfaces.
Shouldn't that be pre-up instead?Otherwise a reboot of the firewall would leave it vulnerable for some split seconds.
Not if the filter default policies have been set to DROP earlier. Default policies are not a per-interface setting.