How to securely load a firewall before networking gets up?
Patrick Schleizer
patrick-mailinglists at whonix.org
Sat Jul 30 18:58:00 BST 2016
How to securely load a firewall before networking gets up?
Can you provide a secure, recommended or even canonical example of such
a firewall.service?
It does not become clear from systemd documentation [0] that
DefaultDependencies=no should be used. I also asked about this on the
system mailing list [3], but I am still not certain I understand right.
Since at least firewalld [1] and netfilter-persistent [2] have broken
systemd dependencies (which could result in the firewalls being load too
late), I thought a little more attention on this topic might be justified.
Is there something Debian specific about the network-pre.target or other
special systemd targets?
Cheers,
Patrick
[0] https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832911
[2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829640
[3]
https://lists.freedesktop.org/archives/systemd-devel/2016-July/037236.html
More information about the Pkg-systemd-maintainers
mailing list