On Tue, 29 Mar 2016, Felix Geyer wrote: > Hi Felipe, > > On Mon, 28 Mar 2016 20:56:48 -0300 Felipe Sateler <fsate...@debian.org> wrote: > > I have uploaded an nmu. I have made the unit call out to the init > > script, because it does more work than simply invoking ferm. > > > > Please find attached the debdiff > > I see two problems with your systemd service: > > 1) By default (CACHE=yes) the init script writes to /var/cache/ferm/ and > the systemd service is ordered Before=network-pre.target. > If /var is on a remote filesystem you have created a dependency cycle. > > 2) The systemd service declares Conflicts=shutdown.target. What's the > rationale > for unloading iptables rules on shutdown? > It seems unnecessary and dangerous to me since you probably can't > guarantee that > this is done after network daemons are shut down. That too, I will revert that upload later.
Alex
