Package: crowdsec-firewall-bouncer
Version: 0.0.25-5+b12
Severity: critical
This is a long-standing issue and yet not fixed upstream
(but should be).
See reports to upstream here
https://github.com/crowdsecurity/cs-firewall-bouncer/issues/212
and here
https://discourse.crowdsec.net/t/firewall-bouncer-fails-to-start-systemd-ordering-cycle/1265
In short, the use of Before= introduced cycling dependency which
only exhibits itself during the booting process. If you install
crowdsec-firewall-bouncer (and crowdsec) in a live system, it
appears normal. This may lead to unexpected situation that a host
loses all firewall protection by accident and without necessary
notice, or some important services won't run at boot time.
Please fix it in stable, testing and unstable.
--- old
+++ new
@@ -1,7 +1,7 @@
[Unit]
Description=The firewall bouncer for CrowdSec
After=network.target remote-fs.target nss-lookup.target crowdsec.service
-Before=netfilter-persistent.service
+After=netfilter-persistent.service
ConditionPathExists=!/var/lib/crowdsec/pending-registration
[Service]
