[systemd-devel] [PATCH] Add a network-pre.target to avoid firewall leaks
Michael Biebl
mbiebl at gmail.com
Sat Jun 7 16:42:18 PDT 2014
2014-06-08 1:07 GMT+02:00 Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl>:
> On Sun, Jun 08, 2014 at 12:55:55AM +0200, Michael Biebl wrote:
>> Could you elaborate why Before=network.target is too late?
> Because then network setup races with e.g. iptables setup. Depending
> on the timing, a window in which the network has been set up, but
> the firewall is not yet in place.
If the iptables setup has Before=network.target, why is that not sufficient?
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
More information about the systemd-devel
mailing list