Re: Firewalling IPv6 - an easy way?

To: debian-ipv6@lists.debian.org
Subject: Re: Firewalling IPv6 - an easy way?
From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
Date: Mon, 20 Aug 2007 10:56:00 +0200
Message-id: <[🔎] 46C95720.1030806@plouf.fr.eu.org>
In-reply-to: <[🔎] 1187599287.4804.6.camel@cyclops.etc.gen.nz>
References: <[🔎] 46BF3056.20700@bootc.net> <[🔎] 1186949672.23806.2.camel@dirk.catalyst.net.nz> <[🔎] 46BF6E99.6010407@bootc.net> <[🔎] 1186954871.23806.12.camel@dirk.catalyst.net.nz> <[🔎] fabe5c$8si$1@sea.gmane.org> <[🔎] 1187599287.4804.6.camel@cyclops.etc.gen.nz>

Andrew Ruthven a écrit :


Shouldn't that be pre-up instead?


I've just tried this and confirmed my suspicion.  This will fail if you
refer to the interface in your firewall.  Since the interface isn't up
yet (pre-up) iptables can't find the device to apply the against.

Huh ? AFAIK iptables does not care whether the specified interface is upor even exists. It is just text, possibly including a wildcard (+).Doesn't your script try to extract information about the interface fromifconfig or the like ? Of course this may fail if the interface is notup yet.

Reply to:

Follow-Ups:
- Re: Firewalling IPv6 - an easy way?
  - From: Andrew Ruthven <andrew@etc.gen.nz>

References:
- Firewalling IPv6 - an easy way?
  - From: Chris Boot <bootc@bootc.net>
- Re: Firewalling IPv6 - an easy way?
  - From: Andrew Ruthven <andrew@etc.gen.nz>
- Re: Firewalling IPv6 - an easy way?
  - From: Chris Boot <bootc@bootc.net>
- Re: Firewalling IPv6 - an easy way?
  - From: Andrew Ruthven <andrew@etc.gen.nz>
- Re: Firewalling IPv6 - an easy way?
  - From: Mikael Frykholm <mikael@frykholm.com>
- Re: Firewalling IPv6 - an easy way?
  - From: Andrew Ruthven <andrew@etc.gen.nz>

Prev by Date: Re: Firewalling IPv6 - an easy way?
Next by Date: Re: Firewalling IPv6 - an easy way?
Previous by thread: Re: Firewalling IPv6 - an easy way?
Next by thread: Re: Firewalling IPv6 - an easy way?
Index(es):
- Date
- Thread