Vyatta firewall service (vyatta-router.service) times out with zone-based policies
It's a known issue that, due to Vyatta cruft while building firewall policies, the initial loading of zone-based firewall policies takes a long time. The transition from Sys-V to systemd has brought with it a startup timeout of 5 minutes to vyatta-router.service:


In order for this service to have time to fully come up under non-ideal conditions, e.g. zone-based firewalls and/or less powerful hardware, this value should probably be increased to 15 minutes or more:


Obviously on systems with simple policies no actual time will be added to the startup process, but on others with more complex policies there will be enough time allotted to allow the service to fully start.


Do you experience this now? How many rules / what hardware may I ask?
edit: Not trying to undermine your request for this change, just to get an idea at which point it becomes a problem with the current setting to estimate whether we need to address the root-cause urgently.

Yes, unfortunately. 8 zones, 74 rules. Atom D525.

With less powerfull hardware (as this Atom D525) I'm fine with this change request.

Please note it's a timeout - if you have more powerful hardware you don't see any behavioral changes - only on slow hardware it will become better (in - not crashing).

