[systemd-devel] How to securely load a firewall before networking gets up?
Patrick Schleizer
patrick-mailinglists at whonix.org
Fri Jul 29 15:14:00 UTC 2016
Thank you! I forwarded your review in form of bug reports to the
affected projects. [1] [2]
Lennart Poettering:
> On Thu, 28.07.16 17:29, Patrick Schleizer (patrick-mailinglists at whonix.org) wrote:
>
>> TLDR:
>>
>> How to securely load a firewall before networking gets up?
>>
>> Can you provide a secure, recommended or even canonical example of such
>> a firewall.service?
>
> See https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
With all due respect, I do not think this is a case of read the manual here.
I did read that also before posting this question. I am sure also
rustybird, the author of the second systemd unit file I posted in this
subject, also read that before. As rustybird (who also once submitted a
systemd patch wrt network-pre.target) pointed out, the author of
netfilter-persistent also got it wrong. [1]
Having explained this, I would like to reiterate my my request...
Can you provide a secure, recommended or even canonical example of such
a firewall.service?
Cheers,
Patrick
[1] https://github.com/rustybird/corridor/issues/29
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=832911
[3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829640
More information about the systemd-devel
mailing list