Re: How to make networking dependent on firewall configuration?

To: debian-user@lists.debian.org
Subject: Re: How to make networking dependent on firewall configuration?
From: Reco <recoverym4n@enotuniq.net>
Date: Mon, 13 May 2019 15:12:41 +0300
Message-id: <[🔎] E1hQ9ow-0006es-71@enotuniq.net>
In-reply-to: <[🔎] CAJx5YvG6Q1DT9uFY05PWgRMh=PS2kUFA=3n=cQGb7Npu8J5f8w@mail.gmail.com>
References: <[🔎] CAJx5YvG6Q1DT9uFY05PWgRMh=PS2kUFA=3n=cQGb7Npu8J5f8w@mail.gmail.com>

	Hi.

On Mon, May 13, 2019 at 02:53:46PM +0300, Martin T wrote:
> Hi,
> 
> I have a /lib/systemd/system/networking.service.d/networking.service.conf
> configuration file which specifies, that my custom iptables.service is
> a requirement for networking.service:
> 
> # systemctl show networking -p Requires
> Requires=system.slice iptables.service
> #
> 
> Is there a better or more correct way to do this?

Yes. Instead of creating this file:

/lib/systemd/system/networking.service.d/networking.service.conf

make this one:

/etc/systemd/system/networking.service.d/networking.service.conf

> Are there any general disadvantages of such approach?

One can specify hostnames in netfilter rules. Trying to load such rules
without a working resolver can lead to weird results.
Any mistake in netfilter rules (iptables.service failing) can prevent
network interfaces from configuring (networking.service).

Reco

Reply to:

Follow-Ups:
- Re: How to make networking dependent on firewall configuration?
  - From: Martin T <m4rtntns@gmail.com>

References:
- How to make networking dependent on firewall configuration?
  - From: Martin T <m4rtntns@gmail.com>

Prev by Date: How to make networking dependent on firewall configuration?
Next by Date: Re: How to make networking dependent on firewall configuration?
Previous by thread: How to make networking dependent on firewall configuration?
Next by thread: Re: How to make networking dependent on firewall configuration?
Index(es):
- Date
- Thread