On Thu, Nov 11, 2010 at 20:10, Lennart Poettering <[email protected]> wrote: > On Thu, 11.11.10 14:06, Andreas Jaeger ([email protected]) wrote: > >> >> On Thursday 11 November 2010 12:50:44 Kay Sievers wrote: >> > [...] >> > > Anyway, the point of this was only to have getty start late(ish) in >> > > the boot process, after most of the other services that are pulled in >> > > by multi-user.target. Maybe there is a better way to specify this, if >> > > not everyone has rc.local? >> > >> > Yeah, others asked for that too. So far, we don't really have a >> > concept of 'late' or 'last' in systemd. >> >> Yes, we had this in openSUSE as well the $ALL target to have the firewall >> called at the end so that it could handle services with dynamic ports. >> For details see https://bugzilla.novell.com/show_bug.cgi?id=652608 > > Can't say I like this approach to firewalls. Matching against ports is a > thing of the past. They firewall people should match against processes, > that's the only remotely sensible thing and then all of this would not > be necessary. > > I am really not a big fan of Suse's $ALL extension.
Right. We can't really do anything like this. It's a ghost from the past, where people worked with assumptions that never really existed, and just don't exist at all today. There is no state like "all devices are there", or "all services are started", at no point in time. Let's not get there, we really need to get rid of all this stuff. The question is, what happens when any of the services before $ALL is restarted? Then you run the thing plugging after $ALL again? In this case, it really sounds the way this firewall works needs to be changed, and hook into individual services to do some post-setup. Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
