> Jonathan Yu <jonathan.i.yu@gmail.com> writes:
>>
>> I apparently used /etc/network/if-pre-up.d (I can't remember the
>> reasoning why, but I guess it's useful to make sure you load the
>> rules prior to bringing the interfaces up, which means the rules will
>> be there once network connectivity is brought up)
>
> Yes. However, doesn't if-pre-up.d/ get activated every time an
> interface is brought up?
Indeed.
My opinion is that only interface-specific action such as creating
interface-specific firewall rules should be performed in
/etc/network/if-*.d/ scripts, as well as in /etc/ppp/ip*.d/ scripts. Non
interface-specific commands should be performed by an init script before
the network script runs.
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment