Re: Iptables at boot
On Sun, Jan 21, 2018 at 02:02:07AM +0100, Dejan Jocic wrote:
> On 20-01-18, Jacques Rodary wrote:
> > Hi
> > How can I start iptables at boot. I don't find an equivalent to " service
> > iptables start" with systemd and does'nt know how to create a new
> > iptables.service. The manpages aren't quite clear for me. Thanks for any
> > help.
> > Jacques
> >
>
> There are two options. One would be to learn to write systemd service
> units. There are many tutorials on net for how to write those with
> examples. Other would be to install iptables-persistent package. You can
> find more about using iptables-persistent package if you google it, you
> will surly run on few quick howtos.
>
>
To get you started [addressing the OP], here is the service file I use:
[Unit]
Description=Load Iptables Rules
ConditionFileIsExecutable=/etc/systemd/scripts/iptables
After=network.target
[Service]
Type=forking
ExecStart=/etc/systemd/scripts/iptables
TimeoutSec=0
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
This goes in /lib/systemd/system/iptables.service and assumes your
iptables commands are in a script which is called iptables, is
executable, and is located in /etc/systemd/scripts
I must point out there may be Debian policies of which I am not aware
about where the files should ideally go; I lifted this configuration
from a non-Debian box. There is nothing about it that will _not work_ on
Debian, but there may be a preferred Debian location for such files,
which hopefully my contribution will encourage someone knowledgable to
add.
then to run it once, as root:
systemctl start iptables
and to set it up so it runs at boot, as root:
systemctl enable iptables
HTH
Mark
Reply to: