On Wed, Sep 23, 2015 at 01:22:25PM +0200, Sven Hartge wrote:
> On 23.09.2015 12:49, Moritz Muehlenhoff wrote:
> > On Wed, Sep 23, 2015 at 12:47:09PM +0200, Sven Hartge wrote:
> >>> - It doesn't abide options set in /etc/default/ferm
> >>
> >> As far as I understand the systemd way-of-things, simple default-files
> >> which just disable and enable a service are deprecated. One should just
> >> disable or enable the service directly.
> >
> > That's true for ENABLED, but we'd probably still need CACHE, OPTIONS and
> > FAST. They could be sourced via a "EnvironmentFile" directive.
>
> OPTIONS is easy, it can be included verbatim.
>
> But FAST is defined as either "yes" or "no" while the resulting option
> to ferm is "--fast" (or nothing as --fast is the default) or "--slow". I
> guess this would need some helper script or change the ExecStart and
> ExecReload lines to use "/bin/bash" to be able to manipulate variables.
>
> And CACHE is a whole different thing.
OTOH maybe it's better to drop some historical cruft:
- Is there any reason not to use FAST? It's the default since ferm 2.0
and README.Debian warns about using it with Sarge's iptables :-)
- On today's hardware the performance gain by CACHE is hardly notable,
while still carrying technical disadvantages (as mentioned in
README.Debian). So maybe it's time to drop this at all.
Cheers,
Moritz
