A customer is trying to workaround the Ethernet PHY issue while keeping the availability of enabling/disabling the networking access dynamically. For that, instead of changing the access at PHY level with
ip link set eth0 down, they came up with a similar measure but at IP level by changing the route tables and discarding/accepting all packets:
# Enabling networking access iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT # Disabling networking access iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP
At the end, what the customer wants is to disable any remote access by all means. I think myself it is a good workaround but I wanted to confirm with you. Do you see any issue with this approach?
Thanks and best regards,