On 21-01-18, Mark Fletcher wrote: > On Sun, Jan 21, 2018 at 02:02:07AM +0100, Dejan Jocic wrote: > > On 20-01-18, Jacques Rodary wrote: > > > Hi > > > How can I start iptables at boot. I don't find an equivalent to " > > > service > > > iptables start" with systemd and does'nt know how to create a new > > > iptables.service. The manpages aren't quite clear for me. Thanks for any > > > help. > > > Jacques > > > > > > > There are two options. One would be to learn to write systemd service > > units. There are many tutorials on net for how to write those with > > examples. Other would be to install iptables-persistent package. You can > > find more about using iptables-persistent package if you google it, you > > will surly run on few quick howtos. > > > > > > To get you started [addressing the OP], here is the service file I use: > > [Unit] > Description=Load Iptables Rules > ConditionFileIsExecutable=/etc/systemd/scripts/iptables > After=network.target > > [Service] > Type=forking > ExecStart=/etc/systemd/scripts/iptables > TimeoutSec=0 > RemainAfterExit=yes > > [Install] > WantedBy=multi-user.target > > This goes in /lib/systemd/system/iptables.service and assumes your > iptables commands are in a script which is called iptables, is > executable, and is located in /etc/systemd/scripts > > I must point out there may be Debian policies of which I am not aware > about where the files should ideally go; I lifted this configuration > from a non-Debian box. There is nothing about it that will _not work_ on > Debian, but there may be a preferred Debian location for such files, > which hopefully my contribution will encourage someone knowledgable to > add. > > then to run it once, as root: > systemctl start iptables > > and to set it up so it runs at boot, as root: > systemctl enable iptables > > HTH > > Mark >
Location for local custom unit files should be /etc/systemd/system but it can be on several more places, if you desire so. It is just that those in /etc/systemd/system take precedence over others.
