[systemd-devel] [PATCH] Add a network-pre.target to avoid firewall leaks
Rusty Bird
rustybird at openmailbox.org
Wed Jun 11 04:13:48 PDT 2014
Lennart Poettering:
> I am not convinced that the firewall being broken should break the
> boot.
It shouldn't! But there should be at least an option (arguably the
default) to break *connectivity*.
With the v1-v3 patches that's decided by the firewall service, which
chooses if it is RequiredBy=, or WantedBy=, network-pre.target.
> Anyway, this is implemented now, please have a look (see other mail).
Please don't release this as is. Fail-open firewall activation will
get many people in trouble.
Rusty
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140611/8cd0debe/attachment.sig>
More information about the systemd-devel
mailing list