Andrei Borzenkov wrote:
23.10.2019 9:41, Per Jessen пишет:
I'm sure this is a case of needing another pair of eyes. Mine are getting tired.
I have the following service unit:
------------------------ systemctl cat firewall@ipv4 # /etc/systemd/system/firewall@.service [Unit] Description=firewall %i After=network.target
Not exactly related but this is generally considered too late. You have small window between network up and firewall effective.
Thanks, I'll have to look into that. Do you happen to know what might give a better timing - generally only two interfaces on these boxes, I could perhaps depend directly on them?
[Service] Type=oneshot ExecStart=/usr/local/bin/firewall-%i ExecStop=/usr/local/bin/firewall-%i stop
I think specifiers in Exec* directives are supported starting with v229 and Leap 42.3 has v228 (although of course it could have been backported). I could not find anything in NEWS unfortunately and commit message is not entirely helpful, but this is the only commit that added resolving of specifiers there.
Aha .... firewall-ipv4 is just a script, I guess I can just use: ExecStart=/bin/bash /usr/local/bin/firewall-%i Thanks for taking a look! -- Per Jessen, Zürich (12.2°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org