On 18/10/17 01:25, Ben Caradoc-Davies wrote: > On 18/10/17 01:08, Stephane L wrote: >> Hi,I have a firewall script(firewall) that I laucnh with <firewall >> start>Is there a way in debian 9 (with kde5 and sddm) to start this >> script at the boot of the linux system or at the launching of xorg or >> of kde5 ? > > systemd units are easy to write (this is the main benefit of systemd) > and can be configured run at boot time. Here is one I wrote for > iptables+ip6tables (because I do not want changes to persist across > boots, just clean rules on boot). You will need a different Type if your > program does not exit: > > $ cat /etc/iptables/iptables.service > [Unit] > Description=iptables rules > After=network.target > [Service] > Type=oneshot > ExecStart=/bin/bash -c "/sbin/iptables-restore < > /etc/iptables/iptables.rules" > ExecStart=/bin/bash -c "/sbin/ip6tables-restore < > /etc/iptables/ip6tables.rules" > RemainAfterExit=yes > ExecStop=/sbin/iptables -F > ExecStop=/sbin/ip6tables -F > [Install] > WantedBy=multi-user.target > > I enabled it with: > > systemctl enable /etc/iptables/iptables.service > > This should add the required symlink in /etc/systemd/system .
Mine's a bit different, and rather shorter ... any comments welcome: /etc/systemd/system/firewall.service: --------------------------------------- [Unit] Before=network-pre.target [Service] ExecStart=/etc/network/firewall Type=oneshot RemainAfterExit=yes [Install] WantedBy=network.target --------------------------------------- I don't want the network up without the firewall, so it goes before the network. Likewise, I don't want it ever down, so there's no ExecStop. /etc/network/firewall is a short script that sources firewall4 (and firewall6 if I had one. I probably should ...). I wasn't aware of or familiar with the idea of putting it somewhere else and enabling/disabling it; I'm not sure if I need that. Richard
signature.asc
Description: OpenPGP digital signature
