[systemd-devel] How to securely load a firewall before networking gets up?

Patrick Schleizer patrick-mailinglists at whonix.org
Fri Jul 29 15:14:00 UTC 2016


Thank you! I forwarded your review in form of bug reports to the
affected projects. [1] [2]

Lennart Poettering:
> On Thu, 28.07.16 17:29, Patrick Schleizer (patrick-mailinglists at whonix.org) wrote:
> 
>> TLDR:
>>
>> How to securely load a firewall before networking gets up?
>>
>> Can you provide a secure, recommended or even canonical example of such
>> a firewall.service?
> 
> See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/

With all due respect, I do not think this is a case of read the manual here.

I did read that also before posting this question. I am sure also
rustybird, the author of the second systemd unit file I posted in this
subject, also read that before. As rustybird (who also once submitted a
systemd patch wrt network-pre.target) pointed out, the author of
netfilter-persistent also got it wrong. [1]

Having explained this, I would like to reiterate my my request...

Can you provide a secure, recommended or even canonical example of such
a firewall.service?

Cheers,
Patrick

[1] https://github.com/rustybird/corridor/issues/29
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832911
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829640



More information about the systemd-devel mailing list