The systemd iptables-restore.service and ip6tables-restore.service units have 'WantedBy=basic.target' as well as 'Before=basic.target'. Between the ordering implied by WantedBy=basic.target and basic.target being the default dependency of all service units this creates a dependency loop. The iptables rules shouldn't be loaded before basic.target anyway since it needs things like a working filesystem. The usual multi-user.target is more appropriate. Also recent versions of systemd introduced a network-pre.target specifically for firewalls. So the two units should probably look something more like this: > [Unit] > Description=Restore iptables firewall rules > Conflicts=iptables-store.service shutdown.target > Wants=network.target network-pre.target > Before=network.target network-pre.target > > [Service] > Type=oneshot > ExecStart=/sbin/iptables-restore /var/lib/iptables/rules-save > > [Install] > WantedBy=multi-user.target
Looks fine to me. Could some other team member ACK and commit it? It's my unit, so no need for another ACK from maintainer.
Looks fine for me, too. the Wants=network.target shouldn't be strictly necessary (however, Wants=network-pre.target is).
