В Sun, 8 Jun 2014 01:42:18 +0200 Michael Biebl <[email protected]> пишет:
> 2014-06-08 1:07 GMT+02:00 Zbigniew Jędrzejewski-Szmek <[email protected]>: > > On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote: > >> Could you elaborate why Before=network.target is too late? > > Because then network setup races with e.g. iptables setup. Depending > > on the timing, a window in which the network has been set up, but > > the firewall is not yet in place. > > If the iptables setup has Before=network.target, why is that not sufficient? > > Because network.target itself does not do anything at all. You have some other service which does actual job of setting up networking. This other service is ordered before network.target. Ordering something else before network.target will simply run them concurrently. In case of iptables this leaves you with window where interfaces are up but iptables is not yet setup. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
