![](https://seccdn.libravatar.org/avatar/3035b38ff33cf86f480bb169b8500b80.jpg?s=120&d=mm&r=g)
https://bugzilla.novell.com/show_bug.cgi?id=426303
User max@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=426303#c3
--- Comment #3 from Reinhard Max
ip{,v6}-up is actually the wrong place to run things like firewall as it will be run twice if the interface uses both ipv4 and ipv6.
I guess in that case, the firewall setup should be changed so that can be called to do only the ipv4 or only the ipv6 part. But there is another reason why these scripts do not seem to be the right place for starting the firewall: pppd first brings up the interface and then executes the *-up scripts, so there is a period of time during which the interface is up, but not yet protected by the firewall rules.
Unfortunately pppd doesn't provide generic "link-up" or "protocols-up" scripts.
What about /etc/ppp/ip-pre-up? This one is run before the interface is being brought up and the pppd manpage explicitly mentions setting firewall rules among the things to do here. But I haven't yet tried if this gets called at all on an ipv6-only ppp link. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.