[systemd-devel] [PATCH] Add a network-pre.target to avoid firewall leaks

Michael Biebl mbiebl at gmail.com
Tue Jun 10 13:16:22 PDT 2014


2014-06-10 19:44 GMT+02:00 Lennart Poettering <lennart at poettering.net>:
> I figure we don't really need network-pre.target, as units that want to
> run before the network is up should just use:
>
>     Before=systemd-networkd.service basic.target
>
> THis is enough since network management services like
> NM are normal services, and networkd is the exception in being available
> from earliest boot on, including in the initrd. This means, that any
> firewall service that wants to cover this must be a early-boot service
> (i.e. DefaultDependencies=no), and thus ordering itself before networkd
> and basic.target should suffice...
>
> If one day there's another network management solution that is capable
> of running this early during boot, then we can revisit this, but
> otherwise, the ordering mentioned above should be above, and generic
> enough since it requires no explicit mentioning of units we wouldn't
> ship with systemd anyway.

Debian's ifupdown does run during early boot, i.e. in sysinit.target.


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


More information about the systemd-devel mailing list