Web lists-archives.com

Re: How to make networking dependent on firewall configuration?


On Mon, May 13, 2019 at 02:53:46PM +0300, Martin T wrote:
> Hi,
> I have a /lib/systemd/system/networking.service.d/networking.service.conf
> configuration file which specifies, that my custom iptables.service is
> a requirement for networking.service:
> # systemctl show networking -p Requires
> Requires=system.slice iptables.service
> #
> Is there a better or more correct way to do this?

Yes. Instead of creating this file:


make this one:


> Are there any general disadvantages of such approach?

One can specify hostnames in netfilter rules. Trying to load such rules
without a working resolver can lead to weird results.
Any mistake in netfilter rules (iptables.service failing) can prevent
network interfaces from configuring (networking.service).