From: Florian Westphal <fw@strlen.de>
To: Jan Engelhardt <ej@inai.de>
Cc: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>,
netfilter-devel@vger.kernel.org
Subject: Re: [PATCH 8/9] tools: flush the ruleset only on an actual dedicated unit stop
Date: Tue, 28 Oct 2025 18:37:26 +0100 [thread overview]
Message-ID: <aQD_VkOf5ZA22DDK@strlen.de> (raw)
In-Reply-To: <q48p3nq8-5969-0qp9-po30-nrn7s1q53109@vanv.qr>
Jan Engelhardt <ej@inai.de> wrote:
> >@@ -19,7 +19,15 @@ RemainAfterExit=yes
> >
> > ExecStart=@sbindir@/nft 'flush ruleset; include "@pkgsysconfdir@/rules/main.nft"'
> > ExecReload=@sbindir@/nft 'flush ruleset; include "@pkgsysconfdir@/rules/main.nft"'
> >-ExecStop=@sbindir@/nft flush ruleset
> >+ExecStop=:/bin/sh -c 'job_type="$$( /usr/bin/systemctl show --property JobType --value "$$(/usr/bin/systemctl show --property Job --value %n)" )"\n\
> >+ case "$${job_type}" in\n\
> >+ (stop)\n\
> >+ @sbindir@/nft flush ruleset;;\n\
> >+ (restart|try-restart)\n\
> >+ printf \'%%s: JobType is `%%s`, thus the stop is ignored.\' %n "$${job_type}" >&2;;\n\
> >+ (*)\n\
> >+ printf \'%%s: Unexpected JobType `%%s`.\' %n "$${job_type}" >&2; exit 1\n\
> >+ esac'
>
> No, let's not do this.
Agree, thanks Jan for reviewing.
next prev parent reply other threads:[~2025-10-28 17:37 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-24 2:08 [PATCH 0/8] improve systemd service Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 1/9] tools: don’t set options whose values match their defaults Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 2/9] tools: use the same pair of boolean literals Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 3/9] tools: include further `Documentation=` URIs Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 4/9] tools: reorder options Christoph Anton Mitterer
2025-10-28 17:15 ` Jan Engelhardt
2025-10-29 0:29 ` Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 5/9] tools: depend on `sysinit.target` Christoph Anton Mitterer
2025-10-28 17:19 ` Jan Engelhardt
2025-10-29 0:35 ` Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 6/9] tools: don’t stop `nftables.service` (and flush the ruleset) on shutdown Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 7/9] tools: don’t stop `nftables.service` (and flush the ruleset) when isolating another unit Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 8/9] tools: flush the ruleset only on an actual dedicated unit stop Christoph Anton Mitterer
2025-10-28 17:31 ` Jan Engelhardt
2025-10-28 17:37 ` Florian Westphal [this message]
2025-10-29 0:41 ` Christoph Anton Mitterer
2025-10-29 10:07 ` Jan Engelhardt
2025-10-30 0:53 ` Christoph Anton Mitterer
2025-10-30 23:34 ` Christoph Anton Mitterer
2025-10-24 2:08 ` [PATCH 9/9] tools: let the unit fail if the rules file is missing Christoph Anton Mitterer
2025-10-28 16:33 ` [PATCH 0/8] improve systemd service Florian Westphal
2025-10-29 0:27 ` Christoph Anton Mitterer
2025-10-29 11:40 ` Florian Westphal
2025-10-29 12:07 ` Jan Engelhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aQD_VkOf5ZA22DDK@strlen.de \
--to=fw@strlen.de \
--cc=ej@inai.de \
--cc=mail@christoph.anton.mitterer.name \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.