On Tue, Aug 16, 2005 at 05:16:41PM +0200, mouss wrote:
> the interfaces are already configured by "network", so it is trivial to 
> add ifconfig down. and at worst:
>    for if in `ifconfig -l`; do ifconfig $if down; done
> then do the opposite after security is "ok".

That would not work on several routers here - they configure for example
gre tunnels that should not automagically go up.

> An alternative is to let pf get the IPs before they are configured.

Some interfaces do not have IPs (or the right IP) before they are realy UP
(think PPP).

Martin