Bug#665720: iptables-persistent: unusable with systemd

Wed, 07 May 2014 10:21:46 -0700 

Package: iptables-persistent
Version: 1.0
Followup-For: Bug #665720

Dear Maintainer,

Unfortunately, I'm *unable to boot* the system with
netfilter-persistent systemd service enabled!

Removing "quiet" from the kernel parameters, reveals that it hangs
with the following message displayed in a loop:

  [ SKIP ] Ordering cycle found, skipping Network

I tried to run `systemd --test --system` and it prints the following
lines to the stderr (again in a loop):

  Found ordering cycle on basic.target/start
  Walked on cycle path to sockets.target/start
  Walked on cycle path to dbus.socket/start
  Walked on cycle path to sysinit.target/start
  Walked on cycle path to nfs-common.service/start
  Walked on cycle path to rpcbind.target/start
  Walked on cycle path to rpcbind.service/start
  Walked on cycle path to network.target/start
  Walked on cycle path to netfilter-persistent.service/start
  Walked on cycle path to basic.target/start
  Breaking ordering cycle by deleting job sockets.target/start
  Job sockets.target/start deleted to break ordering cycle starting
with basic.target/start

I'm a complete newbie when it comes to systemd, but following are a
couple of observations after a few chats on #systemd and
#debian-systemd. It seems like netfilter-persistent.service
implicitly uses "DefaultDependencies=yes", which in turn pulls in
"After=basic.target". And there is some stuff in the basic.target that
already requires network, whereas the unit explicitly states
"Before=network.target". Hence the cycle. A possible fix, as suggested
by uau, would be to use "DefaultDependencies=no" + possibly pulling in
some other dependencies ensuring that kernel modules for iptables have
been loaded.

Hope that helps to resolve this (critical) bug.


-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages iptables-persistent depends on:
ii  debconf [debconf-2.0]  1.5.53
ii  iptables               1.4.21-1
ii  netfilter-persistent   1.0

iptables-persistent recommends no packages.

iptables-persistent suggests no packages.

-- debconf information:
* iptables-persistent/autosave_v6: false
* iptables-persistent/autosave_v4: false

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to