ferm: suggested systemd unit file
Sam Morris
sam at robots.org.uk
Tue Oct 20 19:04:13 BST 2015
On Tue, 2015-10-20 at 14:36 -0300, Felipe Sateler wrote:
> > > > The unit also uses {Wants,Before}=network-pre.target as advised in the
> > > > Debian wiki page linked for firewall/network type services in the
> > > > original bug report.
> > >
> > > Well, this will depend on each service. In this case, the original
> > > init script has Required-Start: $networking which makes it dubious
> > > that we want to start ferm before the network is configured. (but I do
> > > not use ferm so I don't know for sure).
> >
> > I'd want firewall rules to be in place before any other process is able
> > to start using the network. I think that is the intent of the original
> > init script being linked into /etc/rcS.d. Hence network-pre.target
> > sounds right to me.
>
> The problem is that at network-pre.target time the interfaces may not
> even exist, if the interfaces are not physical (eg, bridges are set up
> by networkd or ifupdown, which are After=network-pre.target).
It's OK for firewall rules to reference interfaces that don't exist so
I think this isn't a problem.
--
Sam Morris <https://robots.org.uk/>
CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20151020/eca27793/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list