Re: How to make networking dependent on firewall configuration?
- Date: Mon, 13 May 2019 15:12:41 +0300
- From: Reco <recoverym4n@xxxxxxxxxxxx>
- Subject: Re: How to make networking dependent on firewall configuration?
On Mon, May 13, 2019 at 02:53:46PM +0300, Martin T wrote:
> I have a /lib/systemd/system/networking.service.d/networking.service.conf
> configuration file which specifies, that my custom iptables.service is
> a requirement for networking.service:
> # systemctl show networking -p Requires
> Requires=system.slice iptables.service
> Is there a better or more correct way to do this?
Yes. Instead of creating this file:
make this one:
> Are there any general disadvantages of such approach?
One can specify hostnames in netfilter rules. Trying to load such rules
without a working resolver can lead to weird results.
Any mistake in netfilter rules (iptables.service failing) can prevent
network interfaces from configuring (networking.service).