Hello

On Mon, Aug 12, 2019 at 08:28:44AM +0200, Laurent Bigonville wrote:
e 11/08/19 à 18:53, gustavo panizzo a écrit :
Hello

Hello,

thanks for the patch, I'm working on this but I'll use alternatives
instead of dh_link, to provide an oportinity to other firewall managers
to use the same mechanism.

There are other ways of achieving that with systemd, maybe a .target? That might be a good idea to see with systemd upstream if such a target cannot be introduced to avoid doing something debian specific

I don't understand what would I achieve using a systemd target? targets
are coordination points, similar to a runlevel.

I could create a firewall.target and add WantedBy=firewall.target on
iptables-persistent.service but that would not prevent firewalld and
others to do the same and then we'd have multiple firewall managers
running at the same time.

If I got it all wrong and you have a counter example, pls show me


I don't think that the alternative system is a good idea


It is an extension of your initial idea, I don't want to exclusively own
iptables.service and then conflict with other firewall managers (ufw, arno,
ferm, etc) that may want to do the same, I have discussed this with
their maintainers.

I want users to be allowed to install more than one firewall manager at
the same time but not run more than one at the same time.



--
IRC: gfa
GPG: 0x27263FA42553615F904A7EBE2A40A2ECB8DAD8D5
OLD GPG: 0x44BB1BA79F6C6333

Reply via email to