From f04f6fe8271085ecf60d1b78378531c9e6463ffc Mon Sep 17 00:00:00 2001
From: "Gerd v. Egidy" <gerd@egidy.de>
Date: Sun, 25 Apr 2021 23:11:08 +0200
Subject: [PATCH] make nofirewall option work reliable, needs explicit systemd
 service ordering

Fixes #197
---
 airootfs/etc/systemd/scripts/sysrescue-initialize        | 1 +
 airootfs/etc/systemd/system/sysrescue-initialize.service | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/airootfs/etc/systemd/scripts/sysrescue-initialize b/airootfs/etc/systemd/scripts/sysrescue-initialize
index 88e743f..334af86 100755
--- a/airootfs/etc/systemd/scripts/sysrescue-initialize
+++ b/airootfs/etc/systemd/scripts/sysrescue-initialize
@@ -47,6 +47,7 @@ do
       # Option to allow user to disable the firewall
       nofirewall)
           echo "Found option 'nofirewall' on the boot command line"
+          # the firewall service(s) must be in the Before-section of sysrescue-initialize.service
           systemctl disable --now iptables.service ip6tables.service
           ;;
     esac
diff --git a/airootfs/etc/systemd/system/sysrescue-initialize.service b/airootfs/etc/systemd/system/sysrescue-initialize.service
index cfad547..03ca7ca 100644
--- a/airootfs/etc/systemd/system/sysrescue-initialize.service
+++ b/airootfs/etc/systemd/system/sysrescue-initialize.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=SystemRescue Initialization
-Before=sshd.service getty-pre.target
+Before=sshd.service getty-pre.target iptables.service ip6tables.service
 Wants=getty-pre.target
 
 [Service]