[systemd-devel] [PATCH] Add a network-pre.target to avoid firewall leaks
Leonid Isaev
lisaev at umail.iu.edu
Sat Jun 7 16:27:32 PDT 2014
On Sun, Jun 08, 2014 at 01:07:38AM +0200, Zbigniew Jędrzejewski-Szmek wrote:
> Date: Sun, 8 Jun 2014 01:07:38 +0200
> From: Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>
> To: Michael Biebl <mbiebl at gmail.com>
> Cc: systemd Mailing List <systemd-devel at lists.freedesktop.org>
> Subject: Re: [systemd-devel] [PATCH] Add a network-pre.target to avoid
> firewall leaks
> User-Agent: Mutt/1.5.20 (2009-06-14)
>
> On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote:
> > Could you elaborate why Before=network.target is too late?
> Because then network setup races with e.g. iptables setup. Depending
> on the timing, a window in which the network has been set up, but
> the firewall is not yet in place.
But by the time network.target is reached there are no listening services yet,
are there? So, why would one need a firewall?
Thanks,
Leonid.
--
Leonid Isaev
GPG fingerprints: DA92 034D B4A8 EC51 7EA6 20DF 9291 EE8A 043C B8C4
C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140607/78515b9c/attachment.sig>
More information about the systemd-devel
mailing list