Hi Lennart,
However, if we do this, then this needs to be a passive target, see
systemd.special(7), under Special passive system units, and it should
be documented in that section. Passive means it is pulled it by the
units that implement a pre job, not by the units that implement the
On Tue, 10.06.14 22:16, Michael Biebl (mbi...@gmail.com) wrote:
2014-06-10 19:44 GMT+02:00 Lennart Poettering lenn...@poettering.net:
I figure we don't really need network-pre.target, as units that want to
run before the network is up should just use:
On Wed, 11.06.14 10:18, Rusty Bird (rustyb...@openmailbox.org) wrote:
Hi Lennart,
However, if we do this, then this needs to be a passive target, see
systemd.special(7), under Special passive system units, and it should
be documented in that section. Passive means it is pulled it by the
Lennart Poettering:
I am not convinced that the firewall being broken should break the
boot.
It shouldn't! But there should be at least an option (arguably the
default) to break *connectivity*.
With the v1-v3 patches that's decided by the firewall service, which
chooses if it is RequiredBy=,
On Wed, 11.06.14 11:13, Rusty Bird (rustyb...@openmailbox.org) wrote:
Lennart Poettering:
I am not convinced that the firewall being broken should break the
boot.
It shouldn't! But there should be at least an option (arguably the
default) to break *connectivity*.
well, but that's better
Lennart Poettering:
On Wed, 11.06.14 11:13, Rusty Bird (rustyb...@openmailbox.org) wrote:
Lennart Poettering:
I am not convinced that the firewall being broken should break the
boot.
It shouldn't! But there should be at least an option (arguably the
default) to break *connectivity*.
On Fri, 06.06.14 12:53, Rusty Bird (rustyb...@openmailbox.org) wrote:
Humm. I can't say I particularly like the idea, but I can't dissmiss
this either, I figure we have to do something like this.
However, if we do this, then this needs to be a passive target, see
systemd.special(7), under
On Tue, 10.06.14 18:53, Lennart Poettering (lenn...@poettering.net) wrote:
On Fri, 06.06.14 12:53, Rusty Bird (rustyb...@openmailbox.org) wrote:
Humm. I can't say I particularly like the idea, but I can't dissmiss
this either, I figure we have to do something like this.
However, if we do
2014-06-10 19:44 GMT+02:00 Lennart Poettering lenn...@poettering.net:
I figure we don't really need network-pre.target, as units that want to
run before the network is up should just use:
Before=systemd-networkd.service basic.target
THis is enough since network management services like
2014-06-10 19:44 GMT+02:00 Lennart Poettering lenn...@poettering.net:
I figure we don't really need network-pre.target, as units that want to
run before the network is up should just use:
Before=systemd-networkd.service basic.target
THis is enough since network management services like
Hi Leonid,
On Sun, Jun 08, 2014 at 12:33:44PM +, Rusty Bird wrote:
Adding to Djalal's and Mantas's examples, the systemd host may also be
a gateway with its firewall configured to forward only *some* packets.
If systemd itself is a server (you mean journald really, yes?)
systemd host =
On Mon, Jun 09, 2014 at 07:57:29AM +, Rusty Bird wrote:
Date: Mon, 09 Jun 2014 07:57:29 +
From: Rusty Bird rustyb...@openmailbox.org
To: systemd-devel@lists.freedesktop.org
Subject: Re: [systemd-devel] [PATCH] Add a network-pre.target to avoid
firewall leaks
Hi Leonid,
On Sun
Leonid Isaev:
But by the time network.target is reached there are no listening services yet,
are there? So, why would one need a firewall?
Adding to Djalal's and Mantas's examples, the systemd host may also be
a gateway with its firewall configured to forward only *some* packets.
Rusty
Hi,
On Sun, Jun 08, 2014 at 12:33:44PM +, Rusty Bird wrote:
Date: Sun, 08 Jun 2014 12:33:44 +
From: Rusty Bird rustyb...@openmailbox.org
To: systemd-devel@lists.freedesktop.org
Subject: Re: [systemd-devel] [PATCH] Add a network-pre.target to avoid
firewall leaks
Leonid Isaev
-devel] [PATCH] Add a network-pre.target to
avoid firewall leaks
Leonid Isaev:
But by the time network.target is reached there are no listening
services yet,
are there? So, why would one need a firewall?
Adding to Djalal's and Mantas's examples, the systemd host may also
be a gateway
Andrey Borzenkov:
В Fri, 06 Jun 2014 12:53:01 +
Rusty Bird rustyb...@openmailbox.org пишет:
--- a/man/systemd.special.xml
+++ b/man/systemd.special.xml
@@ -71,6 +71,7 @@
filenamelocal-fs-pre.target/filename,
filenamemulti-user.target/filename,
Could you elaborate why Before=network.target is too late?
Am 06.06.2014 14:53 schrieb Rusty Bird rustyb...@openmailbox.org:
https://bugs.freedesktop.org/show_bug.cgi?id=79600
---
Makefile.am | 1 +
man/systemd.special.xml | 1 +
units/network-pre.target
On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote:
Could you elaborate why Before=network.target is too late?
Because then network setup races with e.g. iptables setup. Depending
on the timing, a window in which the network has been set up, but
the firewall is not yet in place.
] [PATCH] Add a network-pre.target to avoid
firewall leaks
User-Agent: Mutt/1.5.20 (2009-06-14)
On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote:
Could you elaborate why Before=network.target is too late?
Because then network setup races with e.g. iptables setup. Depending
2014-06-08 1:07 GMT+02:00 Zbigniew Jędrzejewski-Szmek zbys...@in.waw.pl:
On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote:
Could you elaborate why Before=network.target is too late?
Because then network setup races with e.g. iptables setup. Depending
on the timing, a window in
: [systemd-devel] [PATCH] Add a network-pre.target to avoid
firewall leaks
User-Agent: Mutt/1.5.20 (2009-06-14)
On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote:
Could you elaborate why Before=network.target is too late?
Because then network setup races with e.g. iptables
В Sun, 8 Jun 2014 01:42:18 +0200
Michael Biebl mbi...@gmail.com пишет:
2014-06-08 1:07 GMT+02:00 Zbigniew Jędrzejewski-Szmek zbys...@in.waw.pl:
On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote:
Could you elaborate why Before=network.target is too late?
Because then network
https://bugs.freedesktop.org/show_bug.cgi?id=79600
---
Makefile.am | 1 +
man/systemd.special.xml | 1 +
units/network-pre.target | 11 +++
units/network.target | 2 ++
units/systemd-networkd.service.in | 3 ++-
5 files changed, 17
В Fri, 06 Jun 2014 12:53:01 +
Rusty Bird rustyb...@openmailbox.org пишет:
https://bugs.freedesktop.org/show_bug.cgi?id=79600
---
Makefile.am | 1 +
man/systemd.special.xml | 1 +
units/network-pre.target | 11 +++
units/network.target
24 matches
Mail list logo