When to start the firewall?


This article is for those who want to learn the systemd units. The units need to work together and be started at the right time to ensure operational efficiency.

Firewalls are used to control incoming and outgoing packets, block unwanted packets from the outside and allow only certain applications to make new connections from the inside.

Thus the firewall must be running before any network is set up. The target identifying this point is network-pre.target, so we will start the firewall before network-pre.target.
network-pre.target is a passive unit, it only runs when another unit pulls it in. Here is the firewall service firewall.service

With Requires=network-pre.target, the target network-pre.target will be run

The firewall service is installed to be pulled in by the target network.target, a special unit that is started during boot which indicates network functionality is available

firewall.service is the common firewall service that is enabled by default. If you want to run a firewall on a specific network interface, for example wlp3s0, run the following commands as the root user

systemctl stop firewall &&
systemctl start firewall@wlp &&
systemctl enable firewall@wlp


Currently unrated


There are currently no comments

New Comment


required (not published)



What is 5 - 2?