Hi Felipe, On Mon, 28 Mar 2016 20:56:48 -0300 Felipe Sateler <fsate...@debian.org> wrote: > I have uploaded an nmu. I have made the unit call out to the init > script, because it does more work than simply invoking ferm. > > Please find attached the debdiff
I see two problems with your systemd service: 1) By default (CACHE=yes) the init script writes to /var/cache/ferm/ and the systemd service is ordered Before=network-pre.target. If /var is on a remote filesystem you have created a dependency cycle. 2) The systemd service declares Conflicts=shutdown.target. What's the rationale for unloading iptables rules on shutdown? It seems unnecessary and dangerous to me since you probably can't guarantee that this is done after network daemons are shut down. Felix
