$ grep "Before" /lib/systemd/system/ipset.service Before=network-pre.target iptables.service ip6tables.service firewalld.service But the iptables systemd units are actually called: $ cd /lib/systemd/system && ls ip*tables* - ip6tables-restore.service - ip6tables-store.service - iptables-restore.service - iptables-store.service So the mentioned "Before" line in the ipset systemd unit should probably read: Before=network-pre.target iptables-restore.service ip6tables-restore.service firewalld.service This ensures that ipset is always restored before iptables such that the iptables rules can reference ipset sets. Reproducible: Always
*** Bug 834091 has been marked as a duplicate of this bug. ***
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=abff60a972c82e5c0f155a3a37bc6cdb7613ea25 commit abff60a972c82e5c0f155a3a37bc6cdb7613ea25 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-31 23:23:13 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-31 23:23:21 +0000 net-firewall/ipset: add 7.17 Closes: https://bugs.gentoo.org/813468 Signed-off-by: Sam James <sam@gentoo.org> net-firewall/ipset/Manifest | 1 + net-firewall/ipset/files/ipset.systemd-r1 | 15 ++++ net-firewall/ipset/ipset-7.17.ebuild | 119 ++++++++++++++++++++++++++++++ 3 files changed, 135 insertions(+)
