How to securely load a firewall before networking gets up? Can you provide a secure, recommended or even canonical example of such a firewall.service?
It does not become clear from systemd documentation [0] that DefaultDependencies=no should be used. I also asked about this on the system mailing list [3], but I am still not certain I understand right. Since at least firewalld [1] and netfilter-persistent [2] have broken systemd dependencies (which could result in the firewalls being load too late), I thought a little more attention on this topic might be justified. Is there something Debian specific about the network-pre.target or other special systemd targets? Cheers, Patrick [0] https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832911 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829640 [3] https://lists.freedesktop.org/archives/systemd-devel/2016-July/037236.html _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
