On Tue, 2015-10-20 at 14:36 -0300, Felipe Sateler wrote:
> > > > The unit also uses {Wants,Before}=network-pre.target as advised in the
> > > > Debian wiki page linked for firewall/network type services in the
> > > > original bug report.
> > >
> > > Well, this will depend on each service. In this case, the original
> > > init script has Required-Start: $networking which makes it dubious
> > > that we want to start ferm before the network is configured. (but I do
> > > not use ferm so I don't know for sure).
> >
> > I'd want firewall rules to be in place before any other process is able
> > to start using the network. I think that is the intent of the original
> > init script being linked into /etc/rcS.d. Hence network-pre.target
> > sounds right to me.
>
> The problem is that at network-pre.target time the interfaces may not
> even exist, if the interfaces are not physical (eg, bridges are set up
> by networkd or ifupdown, which are After=network-pre.target).It's OK for firewall rules to reference interfaces that don't exist so I think this isn't a problem. -- Sam Morris <https://robots.org.uk/> CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
signature.asc
Description: This is a digitally signed message part
