[systemd-devel] getty at .service.m4 and serial-getty at .service.m4
Gustavo Sverzut Barbieri
barbieri at profusion.mobi
Mon Nov 15 01:08:50 PST 2010
On Mon, Nov 15, 2010 at 7:05 AM, Ludwig Nussel <ludwig.nussel at suse.de> wrote:
> Lennart Poettering wrote:
>> On Thu, 11.11.10 14:06, Andreas Jaeger (aj at novell.com) wrote:
>> > On Thursday 11 November 2010 12:50:44 Kay Sievers wrote:
>> > > [...]
>> > > > Anyway, the point of this was only to have getty start late(ish) in
>> > > > the boot process, after most of the other services that are pulled in
>> > > > by multi-user.target. Maybe there is a better way to specify this, if
>> > > > not everyone has rc.local?
>> > >
>> > > Yeah, others asked for that too. So far, we don't really have a
>> > > concept of 'late' or 'last' in systemd.
>> >
>> > Yes, we had this in openSUSE as well the $ALL target to have the firewall
>> > called at the end so that it could handle services with dynamic ports.
>> > For details see https://bugzilla.novell.com/show_bug.cgi?id=652608
>>
>> Can't say I like this approach to firewalls. Matching against ports is a
>> thing of the past. They firewall people should match against processes,
>> that's the only remotely sensible thing and then all of this would not
>> be necessary.
>
> You lost me here.
>
>> I am really not a big fan of Suse's $ALL extension.
>
> Making SuSEfirewall2 run last via $ALL mostly is a boot speed
> optimization. The filtering rules (potentially) need to be adjusted
> each time a network interface appears or if an RPC service like
> ypbind or nfsd changes ports. SuSEfirewall2 can't do either
> operation incrementally (yet). So if it's known beforehand that an
> event would cause several SuSEfirewall2 calls it's better to block
> all calls and only do one full run at the end. That's the case
> during boot and when calling rcnetwork restart.
well, this is bit moot then, as you can make it
After=whatever-may-change-ports, or add those services with
Before=SuSEfirewall2.service
--
Gustavo Sverzut Barbieri
http://profusion.mobi embedded systems
--------------------------------------
MSN: barbieri at gmail.com
Skype: gsbarbieri
Mobile: +55 (19) 9225-2202
More information about the systemd-devel
mailing list