Re: Iptables at boot

To: debian-user@lists.debian.org
Subject: Re: Iptables at boot
From: Dejan Jocic <jodejka@gmail.com>
Date: Sun, 21 Jan 2018 10:05:11 +0100
Message-id: <[🔎] 20180121090511.hjwqiumcnka45hjr@ddeb.ddeb.net>
In-reply-to: <[🔎] 20180121030505.ldm7m4yw5up6lzoy@kazuki.local>
References: <[🔎] ec660538-7676-4009-b6b6-be2595319d46@free.fr> <[🔎] 20180121010207.3bw4wbvftzihenjz@ddeb.ddeb.net> <[🔎] 20180121030505.ldm7m4yw5up6lzoy@kazuki.local>

On 21-01-18, Mark Fletcher wrote:
> On Sun, Jan 21, 2018 at 02:02:07AM +0100, Dejan Jocic wrote:
> > On 20-01-18, Jacques Rodary wrote:
> > > Hi
> > > How can I start iptables at boot. I don't find  an equivalent to  " service
> > > iptables start" with systemd and does'nt know how to create a new
> > > iptables.service. The manpages aren't quite clear for me. Thanks for any
> > > help.
> > >   Jacques
> > > 
> > 
> > There are two options. One would be to learn to write systemd service
> > units. There are many tutorials on net for how to write those with
> > examples. Other would be to install iptables-persistent package. You can
> > find more about using iptables-persistent package if you google it, you
> > will surly run on few quick howtos.
> > 
> > 
> 
> To get you started [addressing the OP], here is the service file I use:
> 
> [Unit]
> Description=Load Iptables Rules
> ConditionFileIsExecutable=/etc/systemd/scripts/iptables
> After=network.target
> 
> [Service]
> Type=forking
> ExecStart=/etc/systemd/scripts/iptables
> TimeoutSec=0
> RemainAfterExit=yes
> 
> [Install]
> WantedBy=multi-user.target
> 
> This goes in /lib/systemd/system/iptables.service and assumes your 
> iptables commands are in a script which is called iptables, is 
> executable, and is located in /etc/systemd/scripts
> 
> I must point out there may be Debian policies of which I am not aware 
> about where the files should ideally go; I lifted this configuration 
> from a non-Debian box. There is nothing about it that will _not work_ on 
> Debian, but there may be a preferred Debian location for such files, 
> which hopefully my contribution will encourage someone knowledgable to 
> add.
> 
> then to run it once, as root:
> systemctl start iptables
> 
> and to set it up so it runs at boot, as root:
> systemctl enable iptables
> 
> HTH
> 
> Mark
> 

Location for local custom unit files should be /etc/systemd/system but
it can be on several more places, if you desire so. It is just that
those in /etc/systemd/system take precedence over others.

Reply to:

References:
- Iptables at boot
  - From: Jacques Rodary <rodaryj@free.fr>
- Re: Iptables at boot
  - From: Dejan Jocic <jodejka@gmail.com>
- Re: Iptables at boot
  - From: Mark Fletcher <mark27q1@gmail.com>

Prev by Date: Re: Simple iptables table doesn't let me forward X windows
Next by Date: Re: Libreoffice eats 100%cpu
Previous by thread: Re: Iptables at boot
Next by thread: Re: Iptables at boot
Index(es):
- Date
- Thread