[Bug 900505] Base:System/systemd: Bug Request to add upstream's patch to include v214's new 'network-pre.target' for early/secure pre-network dependency activation of firewall services
http://bugzilla.suse.com/show_bug.cgi?id=900505
--- Comment #13 from pgnd _
I'm speaking about 13.2 and factory. For 13.1 I'll not change this.
I've referenced above only my current 13.1 install with systemctl --version systemd 210 which is clearly from Base:System, https://build.opensuse.org/package/show?project=Base%3ASystem&package=systemd identified as Devel package for openSUSE:Factory Links to openSUSE:Factory / systemd with repo for 13.1 currently enabled. Is it then your intention to cause/allow Base:System/openSUSE_13.1 to functionally diverge Base:System/openSUSE_13.2 Base:System/openSUSE_Factory ?
And for this I'll not enable systemd-networkd. Even NetworkManger can not be installed together with wicked.
NetworkManager is not systemd-networkd. It's clear that NetworkManager conflicts with wicked. It's not clear that systemd-networkd does, and in fact is implied that it should not, " ... This service (systemd-networkd) can run alongside your usual network management tool ... " What basis for a conlict between systemd-networkd & wicked do you reference, given the above implication for systemd-networkd that suggests (?) there shouldn't be a problem ? In either case, as I'd asked above, "... That implies, at least, that systemd-networkd is uninvolved in, and unncessary to, proper function and use of the network. & network-online. services/targets. Hence, why would it be necessary in the case of network-pre. ? ..." The issue posted here is the making available of the network-pre.target, which is -- per systemd's upstream >=v214 docs -- the only network-related target that's appropriate for Before= ordering of units to be triggered prior to network setup/start. If not network-pre.target, then what other target, specifically, is available in openSUSE to trigger specifically at that point/status in the boot sequence? Ludwig Nussel 2014-10-10 15:36:23 UTC
SuSEfirewall2_init doesn't need any networking. It only installs basic rules to disallow incoming traffic.
As, similarly, is the case for shorewall-init http://sourceforge.net/p/shorewall/code/ci/master/tree/Shorewall-init/shorew... shorewall-init.service [Service] Type=oneshot RemainAfterExit=yes EnvironmentFile=-/etc/sysconfig/shorewall-init StandardOutput=syslog ExecStart=/sbin/shorewall-init $OPTIONS start [Unit] Description=Shorewall IPv4 firewall (bootup security) Before=network-pre.target Wants=network-pre.target Conflicts=iptables.service firewalld.service [Service] Type=oneshot RemainAfterExit=yes EnvironmentFile=-/etc/sysconfig/shorewall-init StandardOutput=syslog ExecStart=/sbin/shorewall-init $OPTIONS start ExecStop=/sbin/shorewall-init $OPTIONS stop [Install] WantedBy=basic.target where the relevant functionality can be seen at http://sourceforge.net/p/shorewall/code/ci/master/tree/Shorewall-init/shorew... ... # Initialize the firewall shorewall_start () { local PRODUCT local STATEDIR echo -n "Initializing \"Shorewall-based firewalls\": " ...
After that one has run udev events trigger SuSEfirewall2 on iface add/rm.
Sry, I don't understand that statement. Please clarify. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com