PGNd <[email protected]> wrote: > (2) everything 'up' and functional once booted > (3) no inadvertent exposure by firewall before it's fully up
In the general case it's really, really difficult to achieve that - without hand-coding some intermediate firewall states. Eg, an ethernet interface will come up almost instantly, a PPP interface will take a variable length of time (and may not even come up straight away). I suppose you could add a "post up" clause to your network config to add iptables rules to block all traffic on the interface until the firewall gets (re)started. ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
