To add some points, that I do:

• Proper logging: So I could realize something unusual is going on
• rootless podman container: harder to escalate privileges and gain root
• Apparmor: same, plus it could trigger suspicious log entries

Dicky McDickface

Hollies - Long dark road?

Would it not just be the easiest way to put your scripts under /etc/network/if-up.d/? Then they get run once that connection is brought up.