[systemd-devel] [PATCH] Add a network-pre.target to avoid firewall leaks
Lennart Poettering
lennart at poettering.net
Wed Jun 11 05:54:48 PDT 2014
On Wed, 11.06.14 11:13, Rusty Bird (rustybird at openmailbox.org) wrote:
> Lennart Poettering:
> > I am not convinced that the firewall being broken should break the
> > boot.
>
> It shouldn't! But there should be at least an option (arguably the
> default) to break *connectivity*.
well, but that's better solved with the firewalling logic itself. For
example by first installing a drop-all rule in the tables, which is
finally removed when all updated have been made. Should the script fail,
then the firewall will not let any data through, and you should be fine.
I am not convinced that the init system should be involved in such a
logic.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list