Felipe Sateler: > On 30 July 2016 at 13:58, Patrick Schleizer > <[email protected]> wrote: >> How to securely load a firewall before networking gets up? >> >> Can you provide a secure, recommended or even canonical example of such >> a firewall.service? >> >> It does not become clear from systemd documentation [0] that >> DefaultDependencies=no should be used. I also asked about this on the >> system mailing list [3], but I am still not certain I understand right. >> >> Since at least firewalld [1] and netfilter-persistent [2] have broken >> systemd dependencies (which could result in the firewalls being load too >> late), I thought a little more attention on this topic might be justified. >> >> Is there something Debian specific about the network-pre.target or other >> special systemd targets? > > The problem is that network-pre doesn't have any ordering wrt to > basic.target, and thus can occur before that target is reached. This > means that any unit that tries to order before network-pre.target > needs to set DefaultDependencies=no, and list all the required > dependencies and mounts. >
Is this Debian specific? Something that can be considered a something that could/should be explained/reported to systemd? _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
