<betawaffle>
is there a way to tell a systemd service to start when (and only when) a specific network interface is online (or exists, or some other thing like that)?
<betawaffle>
i'm imagining something involving device units or similar
<hexa->
depending on whether you want to also shutdown when the device goes missing
<betawaffle>
awesome, i'll have to give that a try
<betawaffle>
next question, is there any similar sort of thing to tell networkd to delay bringing an interface "online" until some dependency is satisfied?
<andi->
what are you trying to do?
<betawaffle>
firewall rules that are specific to an interface, where that interface is created by networkd (a netdev unit)
<andi->
and you can't create them before that?
<andi->
I would just ensure that my firewall is always in place even if the interfaces aren't yet configured
<andi->
that removes any kind of racy condition
<betawaffle>
the interface has to exist, but i'd also like the rules to apply before the interface can receive any data
<andi->
you are using nftables with device id's?
<betawaffle>
what i have now just matches on the interface name
<betawaffle>
which is fine, but not perfect
<hexa->
that shouldn't require the interface to exist
<andi->
IIRC we had the discussion of names vs IDs many months ago already
<hexa->
yep, nft with iif and iifname
<betawaffle>
names work fine
<betawaffle>
but iif wouldn't
<andi->
yeah
<andi->
but there is not real downside IIRC
<andi->
the kernel caches the lookup if I recall my investigation correct
<betawaffle>
well, the rule would stop applying if the interface is renamed
<andi->
yeah, is that desired?
<betawaffle>
no
<andi->
I mean the renaming. Do you expect the name to change multiple times?
<andi->
Usually I just define the "final" name and also use that in my firewall rules
<betawaffle>
not generally, no
<betawaffle>
right, that's what i have now
<betawaffle>
this is definitely a lower priority than my first question. not that big of a deal
<betawaffle>
does the andi-++ bot work in this channel?