https://bugzilla.novell.com/show_bug.cgi?id=426303
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=426303#c4
--- Comment #4 from Ludwig Nussel
(In reply to comment #2 from Ludwig Nussel)
ip{,v6}-up is actually the wrong place to run things like firewall as it will be run twice if the interface uses both ipv4 and ipv6.
I guess in that case, the firewall setup should be changed so that can be called to do only the ipv4 or only the ipv6 part.
Hmm, I'd need to introduce some sort of status file then that tells me that the firewall is already set up for the interface.
But there is another reason why these scripts do not seem to be the right place for starting the firewall: pppd first brings up the interface and then executes the *-up scripts, so there is a period of time during which the interface is up, but not yet protected by the firewall rules.
Yes and no. SuSEfirewall2 redirects all traffic from unknown interfaces to the external zone by default.
Unfortunately pppd doesn't provide generic "link-up" or "protocols-up" scripts.
What about /etc/ppp/ip-pre-up? This one is run before the interface is being brought up and the pppd manpage explicitly mentions setting firewall rules among the things to do here. But I haven't yet tried if this gets called at all on an ipv6-only ppp link.
It's not, I've checked the code already :) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.