On 10/8/2014 1:32 PM, PGNd wrote: > > "network-pre.target is a target that may be used to order services > before any network interface is configured. It's primary purpose is > for usage with firewall services that want to establish a firewall > before any network interface is up. It's a passive unit: you cannot > start it directly and it is not pulled in by the the network > management service, but by the service that wants to run before it. > Network management services hence should set > After=network-pre.target, but avoid any Wants=network-pre.target or > even Requires=network-pre.target. Services that want to be run before > the network is configured should place Before=network-pre.target and > also set Wants=network-pre.target to pull it in. This way, unless > there's actually a service that needs to be ordered before the > network is up the target is not pulled in, hence avoiding any > unnecessary synchronization point." > > DOES suggest its use in STARTUP use with Before=, *specifically* > called out in the case of firewalls:
Indeed. > > "... It's primary purpose is for usage with firewall services that > want to establish a firewall before any network interface is up. > ..." > > whic, IIUC, is exactly the case/state of shorewall-init. > > I.e., I believe > > Before=network-pre.target > > is the appropriate choice here. Are you also specifying Wants=network-pre.target in the Install stanza? > > And, as above, After=netowrk-online.target in the other shorewall* > unit files. > It would be interesting to know if there is any consistency between the distros regarding when the network-online target is reached. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
