Help with systemd service files

Lennart Poettering mzerqung at
Mon Oct 10 21:52:08 UTC 2011

On Mon, 10.10.11 23:06, Reindl Harald (h.reindl at wrote:

> Am 10.10.2011 20:27, schrieb Lennart Poettering:
> > Unless really necessary please drop Applications
> > that just bind on don't need to synchronize on the network.
> more general as question to the topic:
> how we do know exactly if they really bind to if the user
> can configure services? i tried to remove this from httpd.service
> on F15 some minutes ago and if there are ssl-hosts configured httpd
> fails to start
> what about bind to and using "classical network (ifcfg-ethx)"
> is it safe to remove in this case?

systemd guarantees you that and are always bindable
(and the IPv6 equivalents, too). To ensure this we'll actually configure
the loopback device very very early at boot already.

My recommendation to make services which are configured to listen on a
specific static IP address robust against dynamic network changes is to
make use of the IP_FREEBIND feature of the Linux kernel:

#include <netinet/ip.h>
        int one = 1;
        setsockopt(fd, IPPROTO_IP, IP_FREEBIND, &one, sizeof(one);

It's a two line change that allows servers to bind to addresses that are
not configured locally, thus making them independent from the fact that
a network interface is up or down or configured or in whatever state it
might be.

So, as long as you only bind on or, or you use
IP_FREEBIND you can entirely remove any dependency on --
under the condition you only serve stuff, but are not a network client
of your own.

Of course, using IP_FREEBIND might hide configuration errors. But given
that dynamic network changes are common, and problems related to this
still easy to detect I'd recommend everybody to set IP_FREEBIND if he
listens on a user-configured IP address.


Lennart Poettering - Red Hat, Inc.

More information about the devel mailing list