While running services on a server, you should consider binding services to the loopback interface. Loopback interfaces have following specific:s
- Loopback interfaces are always up
- Loopback is a Virtual interface
- Active as long as the IP/TCP stack active
As long as the TCP/IP stack is alive the bound daemon will be running even if a physical interface has been shut down. Some daemons run on 0.0.0.0 which is "all interfaces" in IPv4. The loopback interface is a bit differenth it has a IP address 127/8 or just 127.0.0.1
The gentoo OpenRC scripts use a concept of provide, need in the init scripts.
Init scripts can provide a service that other init scripts need. The OpenRC default is that net.lo does not provide net. This can be changed if editing the /etc/conf.d/net.lo file and addint rc_provide="net" to that file.
Below a example for a OpenRC script showing a dependency need net
...
depend() {
need net
}
...
This setting can be changed to:
...
depend() {
need net.lo
}
.
The information is emitted when you emerge OpenRC, and should be in the ebuild for you. The general process on servers is to minimise if not eliminate interface changes altogether. They are set up during boot and run for as long as the kernel does, months if not years.
For daemons that need outbound connectivity, like say a DNS server, you want that interface to be configured before the service comes up or it will not bootstrap correctly.
Additionally a gentoo developer "flameeyes" has written a article about that particular issue in the year 2012. At this year a major default setting in gentoo or OpenRC has been changed.
Flameeyes - May I have a connection please
At the end you might say "it is more complicted than you think" that is what once can conclude judging the OpenRC "need net" setting. While talking about "reinventing the wheel" the same problem occured while implementing systemd. Apparently it depends how the "need net" might be understood.
Some daemons need outbound connectivity to start properly f.e. DNS, sometimes DHCP. Some damons need only a working IP interface without the need to connect an outbound peer f.e. privoxy