The firewall rules are dropped while Tails is shutting down
When shutting down Tails it stops all running services, including Ferm, and that drops all firewall rules, leaving a window of time where all policies and security guarantees that depend on the firewall can be violated. Oops! Any issues that makes shutting down take longer (like problems when unmounting persistent storage or the boot device) increases this window, obviously.
#20478 (closed) is an example of this kind of leak, see the comment #20478 (comment 243458) for details.
So we should make it so stopping ferm.service
does nothing.
Edited by anonym