Bug 1317243 - RFE: integrate systemd unit with firewall.target
RFE: integrate systemd unit with firewall.target
Status: NEW
Product: Fedora
Classification: Fedora
Component: firewalld (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Eric Garver
Fedora Extras Quality Assurance
Depends On: 1317240
Blocks: 1266512
  Show dependency treegraph
Reported: 2016-03-13 05:57 EDT by Jonathan Underwood
Modified: 2017-08-17 15:48 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jonathan Underwood 2016-03-13 05:57:51 EDT
Description of problem:
While trying to ensure that firewalld dependent components (such as fail2ban) are properly restarted on a firewalld restart, and also cater for conflicts with other firewall providing services (iptables, shorewalll...) it was suggested on systemd-devel[1] that there should be a firewall.target, which firewall implementations are PartOf.

Once firewall.target is in place (BZ #1317240),this would involve adding:

1) PartOf=firewall.target to the Unit section
2) WantedBy=firewall.target to the Install section

Ideally we'd like to get this in for F24 and F25, but it may be late in the day for F24.

It would probably be a good idea to also add RefuseManualStart and RefuseManualStop to the service too to ensure that starting and stopping is done via the firewalll target to ensure other dependent components such as fail2ban are correctly (re)started. However, this final step may need changes to the firewalld gui.

[1] https://lists.freedesktop.org/archives/systemd-devel/2016-March/036021.html

Note You need to log in before you can comment on or make changes to this bug.