<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><span class="vcard"><a class="email" href="mailto:lennart@poettering.net" title="Lennart Poettering <lennart@poettering.net>"> <span class="fn">Lennart Poettering</span></a>
</span> changed
              <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - systemd needs a sockets-pre.target"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=57773">bug 57773</a>
        <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">Summary</td>
           <td>systemd needs a firewall.target
           </td>
           <td>systemd needs a sockets-pre.target
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - systemd needs a sockets-pre.target"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=57773#c1">Comment # 1</a>
              on <a class="bz_bug_link 
          bz_status_NEW "
   title="NEW --- - systemd needs a sockets-pre.target"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=57773">bug 57773</a>
              from <span class="vcard"><a class="email" href="mailto:lennart@poettering.net" title="Lennart Poettering <lennart@poettering.net>"> <span class="fn">Lennart Poettering</span></a>
</span></b>
        <pre>Hmm, the firewall actually needs to be initialized before we set up the various
.socket units, so that there is no time window where the socket is bound but
the firewall not yet up. Currently there is no nice way to order a service
before all sockets are up. I have now added to the TODO list that we should
introduce "sockets-pre.target" which would be sorted before all socket units,
and before which the fw would then have to sort itself.

That also means that any firewall setup needs to happen as part of early boot.

sockets-pre.target would be ordered before basic.target, normal services are
ordered after basic.target. That means all normal services would then be run
with firewall up. sockets-pre.target would hence be a more generic
firewall.target the way you requested it.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>