On Wed, 2017-10-18 at 01:25 +1300, Ben Caradoc-Davies wrote:
> On 18/10/17 01:08, Stephane L wrote:
> > Hi,I have a firewall script(firewall) that I laucnh with <firewall
> > start>Is there a way in debian 9 (with kde5 and sddm) to start this
> > script at the boot of the linux system or at the launching of xorg
> > or of kde5 ?
>
> systemd units are easy to write (this is the main benefit of systemd)
> and can be configured run at boot time. Here is one I wrote for
> iptables+ip6tables (because I do not want changes to persist across
> boots, just clean rules on boot). You will need a different Type if your
> program does not exit:
>
> $ cat /etc/iptables/iptables.service
> [Unit]
> Description=iptables rules
> After=network.target
> [Service]
> Type=oneshot
> ExecStart=/bin/bash -c "/sbin/iptables-restore <
> /etc/iptables/iptables.rules"
> ExecStart=/bin/bash -c "/sbin/ip6tables-restore <
> /etc/iptables/ip6tables.rules"
> RemainAfterExit=yes
> ExecStop=/sbin/iptables -F
> ExecStop=/sbin/ip6tables -F
> [Install]
> WantedBy=multi-user.target
Good to know that there is a replacement for {ip,ip6,arp,eb}tables,
I'll look into this once I have found some time.
However, I was just wondering what the difference is between your
script and iptables-persistent. Wouldn't both restore the iptables
configuration form a single file? Or is there some other benefit by
choosing one over the other (besides a personal preference)?
Best,
Tim
