Red Hat Bugzilla – Bug 1317243
RFE: integrate systemd unit with firewall.target
Last modified: 2017-08-17 15:48:11 EDT
Description of problem:
While trying to ensure that firewalld dependent components (such as fail2ban) are properly restarted on a firewalld restart, and also cater for conflicts with other firewall providing services (iptables, shorewalll...) it was suggested on systemd-devel that there should be a firewall.target, which firewall implementations are PartOf.
Once firewall.target is in place (BZ #1317240),this would involve adding:
1) PartOf=firewall.target to the Unit section
2) WantedBy=firewall.target to the Install section
Ideally we'd like to get this in for F24 and F25, but it may be late in the day for F24.
It would probably be a good idea to also add RefuseManualStart and RefuseManualStop to the service too to ensure that starting and stopping is done via the firewalll target to ensure other dependent components such as fail2ban are correctly (re)started. However, this final step may need changes to the firewalld gui.