diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-06-11 11:33:02 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-06-11 12:14:55 +0200 |
commit | a4a878d04045b46fa9783664e3643a890b356790 (patch) | |
tree | 81ef7da979c37ff517e98b301c7b0697e2b98324 | |
parent | 4196a3ead3cfb823670d225eefcb3e60e34c7d95 (diff) |
units: introduce network-pre.target as place to hook in firewalls
network-pre.target is a passive target that should be pulled in by
services that want to be executed before any network is configured (for
example: firewall scrips).
network-pre.target should be ordered before all network managemet
services (but not be pulled in by them).
network-pre.target should be order after all services that want to be
executed before any network is configured (and be pulled in by them).
-rw-r--r-- | Makefile.am | 1 | ||||
-rw-r--r-- | man/systemd.special.xml | 15 | ||||
-rw-r--r-- | units/local-fs.target | 2 | ||||
-rw-r--r-- | units/network-pre.target | 12 | ||||
-rw-r--r-- | units/network.target | 2 | ||||
-rw-r--r-- | units/systemd-networkd.service.in | 2 |
6 files changed, 31 insertions, 3 deletions
diff --git a/Makefile.am b/Makefile.am index 3ea95e9480..8514ec9572 100644 --- a/Makefile.am +++ b/Makefile.am @@ -413,6 +413,7 @@ dist_systemunit_DATA = \ units/remote-fs.target \ units/remote-fs-pre.target \ units/network.target \ + units/network-pre.target \ units/network-online.target \ units/nss-lookup.target \ units/nss-user-lookup.target \ diff --git a/man/systemd.special.xml b/man/systemd.special.xml index 38b94a7657..cda6edd42b 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -72,6 +72,7 @@ <filename>multi-user.target</filename>, <filename>network.target</filename>, <filename>network-online.target</filename>, + <filename>network-pre.target</filename>, <filename>nss-lookup.target</filename>, <filename>nss-user-lookup.target</filename>, <filename>paths.target</filename>, @@ -891,6 +892,20 @@ </listitem> </varlistentry> <varlistentry> + <term><filename>network-pre.target</filename></term> + <listitem> + <para>This passive target unit + may be pulled in by services + that want to run before any + network is set up, for example + for the purpose of setting up a + firewall. All network + management software orders + itself after this target, but + does not pull it in.</para> + </listitem> + </varlistentry> + <varlistentry> <term><filename>nss-lookup.target</filename></term> <listitem> <para>A target that should be diff --git a/units/local-fs.target b/units/local-fs.target index ae3cedcb65..70cb13f25d 100644 --- a/units/local-fs.target +++ b/units/local-fs.target @@ -9,7 +9,5 @@ Description=Local File Systems Documentation=man:systemd.special(7) After=local-fs-pre.target -DefaultDependencies=no -Conflicts=shutdown.target OnFailure=emergency.target OnFailureJobMode=replace-irreversibly diff --git a/units/network-pre.target b/units/network-pre.target new file mode 100644 index 0000000000..0ea4bc739a --- /dev/null +++ b/units/network-pre.target @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Network (Pre) +Documentation=man:systemd.special(7) +Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +RefuseManualStart=yes diff --git a/units/network.target b/units/network.target index 65fc64b02c..61ebdcadd0 100644 --- a/units/network.target +++ b/units/network.target @@ -9,3 +9,5 @@ Description=Network Documentation=man:systemd.special(7) Documentation=http://www.freedesktop.org/wiki/Software/systemd/NetworkTarget +After=network-pre.target +RefuseManualStart=yes diff --git a/units/systemd-networkd.service.in b/units/systemd-networkd.service.in index 373ac4e0fd..48f4d63a87 100644 --- a/units/systemd-networkd.service.in +++ b/units/systemd-networkd.service.in @@ -9,7 +9,7 @@ Description=Network Service Documentation=man:systemd-networkd.service(8) DefaultDependencies=no -After=dbus.service +After=dbus.service network-pre.target Before=network.target Wants=network.target ConditionCapability=CAP_NET_ADMIN |