ufw

~dexterslabs/ufw:modernize-pt1

  1. Git
  2. lp:~dexterslabs/ufw
  3. modernize-pt1
Last commit made on 2023-04-24
Get this branch:
git clone -b modernize-pt1 https://git.launchpad.net/~dexterslabs/ufw
Only alv2017 can upload to this branch. If you are alv2017 please log in for upload directions.

Branch merges

Branch information

Name:
modernize-pt1
Repository:
lp:~dexterslabs/ufw

Recent commits

d11eeca... by Jamie Strandboge

tests/test-srv-upgrades-data.tar.gz: include detect-iptables

0148e78... by Jamie Strandboge

Makefile: add inclusivity-check and fix a couple things

208ac5b... by Jamie Strandboge

Makefile: add style-check

b8aeaef... by Jamie Strandboge

run black over all python code

506546a... by Jamie Strandboge

doc/*.8: update dates

462e3d2... by Jamie Strandboge

doc/ufw.8: consistently use whitespace

85f3a0a... by Jamie Strandboge

doc/ufw.8: delete/insert/prepend are exclusive. Thanks Greg Atkinson

References:
- https://bugs.launchpad.net/ufw/+bug/1946084

6645798... by Jamie Strandboge

systemd.example: add DefaultDependencies=no; use Wants/After local-fs.target

Add back DefaultDependencies=no and instead add Wants/After
local-fs.target. This will avoid a dependency on sysinit while ensuring
that filesystems (including cryptsetup) are ready (the reason for
removing DefaultDependencies=no in the first place). LP: #1950039

3aacb7d... by Jamie Strandboge

tests/check-requirements: show we are performing the other fw check

eefef50... by Jamie Strandboge

systemd.example: remove DefaultDependencies=no

The systemd unit has historically always used DefaultDependencies=no.
When only Before=network.target was used, the dependencies (as seen with
'systemctl list-dependencies ufw.service') were:

ufw.service
 |_system.slice

When Before=network.target was changed to Before=network-pre.target and
Wants=network-pre.target, this became:

ufw.service
 |_system.slice
 |_network-pre.target

Removing DefaultDependencies=no (DefaultDependencies defaults to 'yes')
pulls in the sysinit.target which changes this to (on a Debian 11
system):

ufw.service
 |_system.slice
 |_network-pre.target
 |_sysinit.target
   |_apparmor.service
   |_blk-availability.service
   |_dev-hugepages.mount
   |_dev-mqueue.mount
   |_keyboard-setup.service
   |_kmod-static-nodes.service
   |_lvm2-lvmpolld.socket
   |_lvm2-monitor.service
   |_proc-sys-fs-binfmt_misc.automount
   |_sys-fs-fuse-connections.mount
   |_sys-kernel-config.mount
   |_sys-kernel-debug.mount
   |_sys-kernel-tracing.mount
   |_systemd-ask-password-console.path
   |_systemd-binfmt.service
   |_systemd-boot-system-token.service
   |_systemd-hwdb-update.service
   |_systemd-journal-flush.service
   |_systemd-journald.service
   |_systemd-machine-id-commit.service
   |_systemd-modules-load.service
   |_systemd-pstore.service
   |_systemd-random-seed.service
   |_systemd-sysctl.service
   |_systemd-sysusers.service
   |_systemd-timesyncd.service
   |_systemd-tmpfiles-setup-dev.service
   |_systemd-tmpfiles-setup.service
   |_systemd-udev-trigger.service
   |_systemd-udevd.service
   |_systemd-update-utmp.service
   |_cryptsetup.target
     |_systemd-cryptsetup@vda5_crypt.service
   |_local-fs.target
     |_-.mount
     |_boot.mount
     |_systemd-fsck-root.service
     |_systemd-remount-fs.service
   |_swap.target
     |_dev-mapper-debian\x2d\x2dbuster\x2d\x2damd64\x2d\x2dvg\x2dswap_1.swap

While ufw is meant to come up before networking, there is no reason why
it shouldn't come up after 'basic system initialization is
completed'[1]. This should help make ufw startup more robust on systems
that need something from sysinit.

[1]https://www.freedesktop.org/software/systemd/man/systemd.unit.html