control: severity -1 normal Hi Christoph,
Christoph Anton Mitterer <cales...@scientia.net> writes: > It seems something get's wrong with determining the right order of starting > LSB init scripts: > What I have is a system with iptables-persistent and fail2ban packages > installed. > > In my case, fail2ban is set up a bit more complex than the default, i.e. it > does not simply > append it's rules to the INPUT table, but rather replaces a dummy rule in the > previously > loaded iptables rules (at a well defined place in the table). > > Now since I switched to systemd, it tries to start fail2ban before > iptables-persistent, > thus the rules are missing and thus starting fail2ban fails. I don’t see any evidence for that in the data you provided. See below: > But in systemd it looks like this: > ... > Jan 10 19:20:12 heisenberg systemd[1]: Stopped LSB: Start/stop > fail2ban. This says _stopped_, not started. Not sure why it stops that, but the logfile is incomplete, so I don’t know what is happening anyways. Can you please attach the output of “journalctl -xb” to this bug? > -> Unit fail2ban.service: > Description: LSB: Start/stop fail2ban > Instance: n/a > Unit Load State: loaded > Unit Active State: inactive > Inactive Exit Timestamp: n/a > Active Enter Timestamp: n/a > Active Exit Timestamp: n/a > Inactive Enter Timestamp: n/a > GC Check Good: yes > Need Daemon Reload: no > Name: fail2ban.service > Source Path: /etc/init.d/fail2ban > Requires: basic.target > WantedBy: multi-user.target > WantedBy: graphical.target > Conflicts: shutdown.target > Before: shutdown.target > Before: multi-user.target > Before: graphical.target > After: local-fs.target > After: remote-fs.target > After: time-sync.target > After: network.target > After: syslog.target > After: iptables.service > After: firehol.service > After: shorewall.service > After: ipmasq.service > After: arno-iptables-firewall.service > After: iptables-persistent.service This looks correct to me. > After: ferm.service > After: systemd-journald.socket > After: basic.target > References: local-fs.target > References: remote-fs.target > References: time-sync.target > References: network.target > References: syslog.target > References: iptables.service > References: firehol.service > References: shorewall.service > References: ipmasq.service > References: arno-iptables-firewall.service > References: iptables-persistent.service > References: ferm.service > References: systemd-journald.socket > References: basic.target > References: shutdown.target > ReferencedBy: multi-user.target > ReferencedBy: graphical.target > StopWhenUnneeded: no > RefuseManualStart: no > RefuseManualStop: no > DefaultDependencies: yes > OnFailureIsolate: no > IgnoreOnIsolate: no > IgnoreOnSnapshot: no > ControlGroup: cpu:/system/fail2ban.service > ControlGroup: name=systemd:/system/fail2ban.service > Service State: dead > Result: success > Reload Result: success > PermissionsStartOnly: no > RootDirectoryStartOnly: no > RemainAfterExit: yes > GuessMainPID: no > Type: forking > Restart: no > NotifyAccess: none > KillMode: process > KillSignal: SIGTERM > SendSIGKILL: yes > UMask: 0022 > WorkingDirectory: / > RootDirectory: / > NonBlocking: no > PrivateTmp: no > ControlGroupModify: no > ControlGroupPersistent: yes > PrivateNetwork: no > IgnoreSIGPIPE: no > LimitNOFILE: 4096 > StandardInput: null > StandardOutput: journal > StandardError: inherit > SyslogFacility: daemon > SyslogLevel: info > -> ExecStart: > Command Line: /etc/init.d/fail2ban start > -> ExecStop: > Command Line: /etc/init.d/fail2ban stop > SysV Init Script has LSB Header: yes > SysVEnabled: yes > SysVStartPriority: 22 > SysVRunLevels: 2345 > -> Unit iptables-persistent.service: > Description: LSB: Set up iptables rules > Instance: n/a > Unit Load State: loaded > Unit Active State: active > Inactive Exit Timestamp: Fri 2014-01-10 19:20:11 CET > Active Enter Timestamp: Fri 2014-01-10 19:20:12 CET > Active Exit Timestamp: n/a > Inactive Enter Timestamp: n/a > GC Check Good: yes > Need Daemon Reload: no > Name: iptables-persistent.service > Source Path: /etc/init.d/iptables-persistent > Condition Timestamp: Fri 2014-01-10 19:20:11 CET > Condition Result: yes > WantedBy: sysinit.target > Before: network.target > Before: fail2ban.service > Before: sysinit.target > After: mountkernfs.service > After: local-fs.target > After: systemd-journald.socket > References: mountkernfs.service > References: local-fs.target > References: network.target > References: systemd-journald.socket > ReferencedBy: fail2ban.service > ReferencedBy: sysinit.target > StopWhenUnneeded: no > RefuseManualStart: no > RefuseManualStop: no > DefaultDependencies: no > OnFailureIsolate: no > IgnoreOnIsolate: no > IgnoreOnSnapshot: no > ControlGroup: cpu:/system/iptables-persistent.service > ControlGroup: name=systemd:/system/iptables-persistent.service > Service State: exited > Result: success > Reload Result: success > PermissionsStartOnly: no > RootDirectoryStartOnly: no > RemainAfterExit: yes > GuessMainPID: no > Type: forking > Restart: no > NotifyAccess: none > KillMode: process > KillSignal: SIGTERM > SendSIGKILL: yes > UMask: 0022 > WorkingDirectory: / > RootDirectory: / > NonBlocking: no > PrivateTmp: no > ControlGroupModify: no > ControlGroupPersistent: yes > PrivateNetwork: no > IgnoreSIGPIPE: no > LimitNOFILE: 4096 > StandardInput: null > StandardOutput: journal > StandardError: inherit > SyslogFacility: daemon > SyslogLevel: info > -> ExecStart: > Command Line: /etc/init.d/iptables-persistent start > -> ExecReload: > Command Line: /etc/init.d/iptables-persistent reload > -> ExecStop: > Command Line: /etc/init.d/iptables-persistent stop > SysV Init Script has LSB Header: yes > SysVEnabled: yes > SysVStartPriority: 16 > SysVRunLevels: S -- Best regards, Michael -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
