Bug#926927: Please add iptables.service and ip6tables.service symlinks
gustavo panizzo
gfa at zumbi.com.ar
Mon Aug 12 21:09:03 BST 2019
Hello
On Mon, Aug 12, 2019 at 08:28:44AM +0200, Laurent Bigonville wrote:
>e 11/08/19 à 18:53, gustavo panizzo a écrit :
>>Hello
>>
>Hello,
>
>>thanks for the patch, I'm working on this but I'll use alternatives
>>instead of dh_link, to provide an oportinity to other firewall managers
>>to use the same mechanism.
>
>There are other ways of achieving that with systemd, maybe a .target?
>That might be a good idea to see with systemd upstream if such a
>target cannot be introduced to avoid doing something debian specific
I don't understand what would I achieve using a systemd target? targets
are coordination points, similar to a runlevel.
I could create a firewall.target and add WantedBy=firewall.target on
iptables-persistent.service but that would not prevent firewalld and
others to do the same and then we'd have multiple firewall managers
running at the same time.
If I got it all wrong and you have a counter example, pls show me
>
>I don't think that the alternative system is a good idea
>
It is an extension of your initial idea, I don't want to exclusively own
iptables.service and then conflict with other firewall managers (ufw, arno,
ferm, etc) that may want to do the same, I have discussed this with
their maintainers.
I want users to be allowed to install more than one firewall manager at
the same time but not run more than one at the same time.
--
IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333
More information about the Pkg-systemd-maintainers
mailing list