Control: severity -1 important
Thanks
On Mon, Jun 08, 2026 at 11:36:18AM +0000, David Härdeman wrote:
In my case, systemd dropped network-manager.service and network-online.target,
meaning the workstations came up with no networking at all.
My local fix (works for me, not 100% sure this is the right way) was
a drop-in like this:
/etc/systemd/system/ferm.service.d/override.conf
After=
After=systemd-journald.socket basic.target
Current ferm in unstble has the following unit:
[Unit]
Description=Firewall configuration with ferm
Documentation=man:ferm(1)
After=remote-fs.target
Before=network-pre.target
Wants=network-pre.target
ConditionPathIsExecutable=/usr/sbin/ferm
ConditionPathExists=/etc/ferm/ferm.conf
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=-/etc/default/ferm
# Set defaults for variables not in environment file
# (EnvironmentFile takes precedence, see systemd.exec(5)
Environment="CACHE=no"
Environment="OPTIONS="
# Execute wrapper
ExecStart=/usr/libexec/ferm/ferm-systemd activate
ExecReload=/usr/libexec/ferm/ferm-systemd activate
ExecStop=/usr/libexec/ferm/ferm-systemd deactivate
UMask=0077
# Security hardening
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/cache/ferm /run
NoNewPrivileges=no
# Required capabilities for firewall management
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_RAW
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_MODULE
[Install]
WantedBy=multi-user.target
Does this solve the issue for you or at least make the situation
better?
Generally, I would advise to delay the /home NFS mount until the network
is fully up and firwalled.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
