From b33d847a546f879e11607d8a8b001f0ae45dd4ca Mon Sep 17 00:00:00 2001 From: Tuomo Soini Date: Sat, 11 Apr 2015 10:50:38 +0300 Subject: [PATCH 1/3] systemd: fix shorewall startup by adding Wants=network-online.target Before shorewall failed to load if there were interfaces which were required but there wasn't any other service which wanted network-online.target. By adding Wants=network-online.target we make sure shorewall[6]* startup won't fail if there are required interfaces Signed-off-by: Tuomo Soini --- Shorewall-init/shorewall-init.service | 1 + Shorewall-lite/shorewall-lite.service | 1 + Shorewall-lite/shorewall-lite.service.214 | 1 + Shorewall/shorewall.service | 1 + Shorewall/shorewall.service.214 | 1 + Shorewall6-lite/shorewall6-lite.service | 1 + Shorewall6-lite/shorewall6-lite.service.214 | 1 + Shorewall6/shorewall6.service | 1 + Shorewall6/shorewall6.service.214 | 1 + 9 files changed, 9 insertions(+) diff --git a/Shorewall-init/shorewall-init.service b/Shorewall-init/shorewall-init.service index 0a1d07837..fe2f5bcc9 100644 --- a/Shorewall-init/shorewall-init.service +++ b/Shorewall-init/shorewall-init.service @@ -6,6 +6,7 @@ [Unit] Description=Shorewall IPv4 firewall (bootup security) Before=network.target +Wants=network.target Conflicts=iptables.service firewalld.service [Service] diff --git a/Shorewall-lite/shorewall-lite.service b/Shorewall-lite/shorewall-lite.service index 76490236a..64b7133c7 100644 --- a/Shorewall-lite/shorewall-lite.service +++ b/Shorewall-lite/shorewall-lite.service @@ -5,6 +5,7 @@ # [Unit] Description=Shorewall IPv4 firewall (lite) +Wants=network-online.target After=network-online.target Conflicts=iptables.service firewalld.service diff --git a/Shorewall-lite/shorewall-lite.service.214 b/Shorewall-lite/shorewall-lite.service.214 index 76490236a..64b7133c7 100644 --- a/Shorewall-lite/shorewall-lite.service.214 +++ b/Shorewall-lite/shorewall-lite.service.214 @@ -5,6 +5,7 @@ # [Unit] Description=Shorewall IPv4 firewall (lite) +Wants=network-online.target After=network-online.target Conflicts=iptables.service firewalld.service diff --git a/Shorewall/shorewall.service b/Shorewall/shorewall.service index 41223714e..db1bb9483 100644 --- a/Shorewall/shorewall.service +++ b/Shorewall/shorewall.service @@ -5,6 +5,7 @@ # [Unit] Description=Shorewall IPv4 firewall +Wants=network-online.target After=network-online.target Conflicts=iptables.service firewalld.service diff --git a/Shorewall/shorewall.service.214 b/Shorewall/shorewall.service.214 index 41223714e..db1bb9483 100644 --- a/Shorewall/shorewall.service.214 +++ b/Shorewall/shorewall.service.214 @@ -5,6 +5,7 @@ # [Unit] Description=Shorewall IPv4 firewall +Wants=network-online.target After=network-online.target Conflicts=iptables.service firewalld.service diff --git a/Shorewall6-lite/shorewall6-lite.service b/Shorewall6-lite/shorewall6-lite.service index 6ca161f9b..151bb2d5c 100644 --- a/Shorewall6-lite/shorewall6-lite.service +++ b/Shorewall6-lite/shorewall6-lite.service @@ -5,6 +5,7 @@ # [Unit] Description=Shorewall IPv6 firewall (lite) +Wants=network-online.target After=network-online.target Conflicts=ip6tables.service firewalld.service diff --git a/Shorewall6-lite/shorewall6-lite.service.214 b/Shorewall6-lite/shorewall6-lite.service.214 index 3f2f9dd01..71fe51531 100644 --- a/Shorewall6-lite/shorewall6-lite.service.214 +++ b/Shorewall6-lite/shorewall6-lite.service.214 @@ -5,6 +5,7 @@ # [Unit] Description=Shorewall IPv6 firewall (lite) +Wants=network-online.target After=network-online.target Conflicts=ip6tables.service firewalld.service diff --git a/Shorewall6/shorewall6.service b/Shorewall6/shorewall6.service index 0d79c28c3..33859cc7d 100644 --- a/Shorewall6/shorewall6.service +++ b/Shorewall6/shorewall6.service @@ -6,6 +6,7 @@ [Unit] Description=Shorewall IPv6 firewall After=network-online.target +Wants=network-online.target Conflicts=ip6tables.service firewalld.service [Service] diff --git a/Shorewall6/shorewall6.service.214 b/Shorewall6/shorewall6.service.214 index 0d79c28c3..70aa0e430 100644 --- a/Shorewall6/shorewall6.service.214 +++ b/Shorewall6/shorewall6.service.214 @@ -5,6 +5,7 @@ # [Unit] Description=Shorewall IPv6 firewall +Wants=network-online.target After=network-online.target Conflicts=ip6tables.service firewalld.service From 4595323f794ed438917f6a5efd0fd487ba62035b Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 7 Apr 2015 09:23:35 -0700 Subject: [PATCH 2/3] Correct typo in lib.cli Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 46e1368a6..9c6c945df 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -4036,7 +4036,7 @@ shorewall_cli() { [ -n "${VARDIR:=/var/lib/$g_program}" ] if [ ! -f ${VARDIR}/firewall ]; then - [ -f ${VARDIR}/.restore ] && cp -f ${VARDIR}/.rstore ${VARDIR}/firewall + [ -f ${VARDIR}/.restore ] && cp -f ${VARDIR}/.restore ${VARDIR}/firewall fi g_firewall=${VARDIR}/firewall From 3442117329bd2555805bf4c12a732d9be6db6b1a Mon Sep 17 00:00:00 2001 From: Tom Eastep Date: Tue, 7 Apr 2015 12:12:59 -0700 Subject: [PATCH 3/3] Delete questionable logic in lib.cli - It hasn't worked since there was a typo in it that prevented it from doing the correct thing. Signed-off-by: Tom Eastep --- Shorewall-core/lib.cli | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli index 9c6c945df..ced2a3d6a 100644 --- a/Shorewall-core/lib.cli +++ b/Shorewall-core/lib.cli @@ -4035,10 +4035,6 @@ shorewall_cli() { [ -n "${VARDIR:=/var/lib/$g_program}" ] - if [ ! -f ${VARDIR}/firewall ]; then - [ -f ${VARDIR}/.restore ] && cp -f ${VARDIR}/.restore ${VARDIR}/firewall - fi - g_firewall=${VARDIR}/firewall version_file=${g_sharedir}/version