On Tue, 29 Mar 2016, Felipe Sateler wrote: > On 29 Mar 2016 04:03, "Felix Geyer" <fge...@debian.org> wrote: > > > > Hi Felipe, > > > > On Mon, 28 Mar 2016 20:56:48 -0300 Felipe Sateler <fsate...@debian.org> > wrote: > > > I have uploaded an nmu. I have made the unit call out to the init > > > script, because it does more work than simply invoking ferm. > > > > > > Please find attached the debdiff > > > > I see two problems with your systemd service: > > > > 1) By default (CACHE=yes) the init script writes to /var/cache/ferm/ and > > the systemd service is ordered Before=network-pre.target. > > If /var is on a remote filesystem you have created a dependency cycle. > > Hmm, correct. Ferm will have to start after the network. Sorry about that. > > > > > 2) The systemd service declares Conflicts=shutdown.target. What's the > rationale > > for unloading iptables rules on shutdown? > > It seems unnecessary and dangerous to me since you probably can't > guarantee that > > this is done after network daemons are shut down. > > This is guaranteed by the Before=network-pre.target. But not stopping on > shutdown is also entirely possible. However, because /var might be remote, > it is better to not stop ferm on shutdown > > I have just uploaded a fix for both issues. You are not really able to read, aren't you?
Alex
