SystemD Gains New Networking Features

jones_supa writes A lot of development work is happening on systemd with just the recent couple of weeks seeing over 200 commits. With the most recent work that has landed, the networkd component has been improved with new features. Among the additions are IP forwarding and masquerading support (patch). This is the minimal support needed and these settings get turned on by default for container network interfaces. Also added was minimal firewall manipulation helpers for systemd's networkd. The firewall manipulation helpers (patch) are used for establishing NAT rules. This support in systemd is provided by libiptc, the library used for communicating with the Linux kernel's Netfilter and changing iptables firewall rulesets. Those wishing to follow systemd development on a daily basis and see what is actually happening under the hood, can keep tabs via the systemd Git viewer.

Re:Fuck Me

[mlts]

I try to stay out of the systemd fray... but it goes against the core of UNIX... which is the KISS principle.

Init should start tasks, possibly stick them into jails or containers, and set resource limitations. Having something do everything including the kitchen sink is just asking to get hacked down the road unless millions of dollars are spent on source code audits.

As an IT person, results are important. What does systemd provide that previous mechanisms didn't. Parallel startup? I don't boot servers that often where asynchronous startup of processes is a big issue. Resource limits? Doable with the shell script that gets plopped into /etc/rc.d. I'm just not seeing the benefit, but what I am seeing is a gigantic amount of code which touches the entire system, giving me concerns about security and stability, and there have been a number of articles on /. about systemd, to the point where people are even forking distros just so they don't have to deal with it.

Re:Fuck Me

[phantomfive]

Just what the fuck is SystemD supposed to be?

A services manager, actually. It starts and stops services on the system, and if they go down, it optionally restarts them. The fact that many services need to start when the system starts is somewhat incidental to the purpose of systemD.

On top of the services manager, they've built a lot of services. Here is the video that explains launchD, which is heavily copied by systemD.

Re:Will SystemD feature creep ever stop ?

[knorthern+knight]

> Why do you care how other people build their Linux systems?

I don't. If Poettering and company had simply forked GNOME Lenna-X off of GNU Linu-X, there wouldn't be all this complaining. The problem is that Poettering and company have hijacked mainstream linux that almost all linux users use and changed it into something unrecognizable. udev is now built into systemd. The "udev install process" on Gentoo consists of building systemd, but only installing the udev portion. That's why the eudev fork. And some people are running with busybox/mdev in place of udev.

Then there's also dbus, which is being rammed into the kernel. Gnumeric was a great spreadsheet a couple of years ago. But now it's picking up GNOME dependancies all over the place, including dbus. And Skype now requires PulseAudio, another piece of crud from Lennart.

Re:Fuck Me

[phantomfive]

No, it's not, you're wrong. It's ripping off OSX's launchD. He's an Apple copier, not a Microsoft copier (and as far as system design goes, that is much, much better; launchD is infinity times cleaner than Service Control Manager).

Re:Put away your pitch forks

[phantomfive]

unless of course you want to start a script with a unit file but then are you sure that iptables is up?

In all my time using Linux, wondering if iptables had crashed has never been a problem I've had. I've had lots of problems, but never that one. Same with filesystems. Fstab has always just worked.

And an extra layer in front of iptables is the last thing I need. That is a huge negative. I don't even understand why anyone would think that's a good idea.