On 29 Mar 2016 04:03, "Felix Geyer" <fge...@debian.org> wrote: > > Hi Felipe, > > On Mon, 28 Mar 2016 20:56:48 -0300 Felipe Sateler <fsate...@debian.org> wrote: > > I have uploaded an nmu. I have made the unit call out to the init > > script, because it does more work than simply invoking ferm. > > > > Please find attached the debdiff > > I see two problems with your systemd service: > > 1) By default (CACHE=yes) the init script writes to /var/cache/ferm/ and > the systemd service is ordered Before=network-pre.target. > If /var is on a remote filesystem you have created a dependency cycle.
Hmm, correct. Ferm will have to start after the network. Sorry about that. > > 2) The systemd service declares Conflicts=shutdown.target. What's the rationale > for unloading iptables rules on shutdown? > It seems unnecessary and dangerous to me since you probably can't guarantee that > this is done after network daemons are shut down. This is guaranteed by the Before=network-pre.target. But not stopping on shutdown is also entirely possible. However, because /var might be remote, it is better to not stop ferm on shutdown I have just uploaded a fix for both issues. Saludos.
From 71888438d2dc458898470f28587e8921c68edf10 Mon Sep 17 00:00:00 2001 From: Felipe Sateler <fsate...@debian.org> Date: Tue, 29 Mar 2016 07:55:44 -0300 Subject: [PATCH] Fix breakage introduced by new systemd unit. - Do not stop firewall on shutdown. - Start after /var/cache is mounted and after network. --- debian/changelog | 9 +++++++++ debian/ferm.service | 5 ++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index df9d464..8d307d2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +ferm (2.2-3.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix breakage introduced by new systemd unit. + - Do not stop firewall on shutdown. + - Start after /var/cache is mounted and after network. + + -- Felipe Sateler <fsate...@debian.org> Tue, 29 Mar 2016 07:54:15 -0300 + ferm (2.2-3.1) unstable; urgency=medium * Non-maintainer upload. diff --git a/debian/ferm.service b/debian/ferm.service index 4a20309..5d05024 100644 --- a/debian/ferm.service +++ b/debian/ferm.service @@ -1,9 +1,8 @@ [Unit] Description=ferm firewall configuration DefaultDependencies=no -Wants=network-pre.target -Before=network-pre.target shutdown.target -Conflicts=shutdown.target +RequiresMountsFor=/var/cache/ +After=local-fs.target network.target [Service] Type=oneshot -- 2.8.0.rc3
