Gustavo Sverzut Barbieri wrote: > On Mon, Nov 15, 2010 at 7:05 AM, Ludwig Nussel <[email protected]> wrote: > > Lennart Poettering wrote: > > [...] > >> I am really not a big fan of Suse's $ALL extension. > > > > Making SuSEfirewall2 run last via $ALL mostly is a boot speed > > optimization. The filtering rules (potentially) need to be adjusted > > each time a network interface appears or if an RPC service like > > ypbind or nfsd changes ports. SuSEfirewall2 can't do either > > operation incrementally (yet). So if it's known beforehand that an > > event would cause several SuSEfirewall2 calls it's better to block > > all calls and only do one full run at the end. That's the case > > during boot and when calling rcnetwork restart. > > well, this is bit moot then, as you can make it > After=whatever-may-change-ports, or add those services with > Before=SuSEfirewall2.service
Sure. It takes time to change the world though. Until then the compat mode is supposed to do the right thing. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
