[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: way of starting a firewall script in debian 9 with kde5 and sddm

On Wed, 2017-10-18 at 01:25 +1300, Ben Caradoc-Davies wrote:
> On 18/10/17 01:08, Stephane L wrote:
> > Hi,I have a firewall script(firewall) that I laucnh with <firewall
> > start>Is there a way in debian 9 (with kde5 and sddm) to start this
> > script at the boot of the linux system or at the launching of xorg
> > or of kde5 ?
> 
> systemd units are easy to write (this is the main benefit of systemd) 
> and can be configured run at boot time. Here is one I wrote for 
> iptables+ip6tables (because I do not want changes to persist across 
> boots, just clean rules on boot). You will need a different Type if your 
> program does not exit:
> 
> $ cat /etc/iptables/iptables.service
> [Unit]
> Description=iptables rules
> After=network.target
> [Service]
> Type=oneshot
> ExecStart=/bin/bash -c "/sbin/iptables-restore < 
> /etc/iptables/iptables.rules"
> ExecStart=/bin/bash -c "/sbin/ip6tables-restore < 
> /etc/iptables/ip6tables.rules"
> RemainAfterExit=yes
> ExecStop=/sbin/iptables -F
> ExecStop=/sbin/ip6tables -F
> [Install]
> WantedBy=multi-user.target

Good to know that there is a replacement for {ip,ip6,arp,eb}tables,
I'll look into this once I have found some time.
However, I was just wondering what the difference is between your
script and iptables-persistent. Wouldn't both restore the iptables
configuration form a single file? Or is there some other benefit by
choosing one over the other (besides a personal preference)?

Best,
Tim
Reply to: