On Wed, Oct 8, 2014, at 03:21 PM, Tom Eastep wrote:
> > whic, IIUC, is exactly the case/state of shorewall-init.
> >
> > I.e., I believe
> >
> > Before=network-pre.target
> >
> > is the appropriate choice here.
>
> Are you also specifying Wants=network-pre.target in the Install stanza?
In any case, 'Wants=' declarations belong in the [Unit] stanza, not the
[Install] stanza
Wrt shorewall-init, this
> > ... Network management services hence should set
> > After=network-pre.target, but avoid any Wants=network-pre.target or
> > even Requires=network-pre.target. Services that want to be run before
> > the network is configured should place Before=network-pre.target and
> > also set Wants=network-pre.target to pull it in. ...
suggests, as shorewall-init IS a service that wants "to be run before the
network is configured", that it should be.
I.e.,
/shorewall-init.service
[Unit]
...
Before=network-pre.target
Wants=network-pre.target
...
I asssume that
/shorewall-init.service
...
[Install]
WantedBy=basic.target
is also appropriate for shorewall-init.
Can you confirm that shorewall-init, in fact, requires NO network, NO up, or
even existing, interfaces, etc, on its exec?
------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
