Add a systemd unit

This commit is contained in:
Victor LABORIE 2017-08-03 20:22:04 +02:00
parent 0450c12f5d
commit f21d58f870
4 changed files with 48 additions and 8 deletions

View File

@ -1,11 +1,32 @@
minifirewall is shellscripts for easy firewalling on a standalone server
Minifirewall is shellscripts for easy firewalling on a standalone server
we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
See https://forge.evolix.org/projects/minifirewall
Usage :
-------
# Install
* download minifirewall and minifirewall.conf
* copy minifirewall.conf in /etc (for Debian, use /etc/default/minifirewall)
and configure it
* start / stop with : minifirewall start / minifirewall stop
Copy minifirewall script and config :
~~~
cp minifirewall /usr/local/sbin
ln -s /usr/local/sbin/minifirewall /sbin
cp minifirewall.conf /etc/default/minifirewall
~~~
## Systemd
Copy systemd service in /etc/systemd/system :
~~~
cp minifirewall.service /etc/systemd/systemd/
systemctl daemon-reload
systemctl enable minifirewall
~~~
## Sysvinit
Make a link to minifirewall script (SysVinit compatible) in /etc/init.d :
~~~
ln -s /usr/local/sbin/minifirewall /etc/init.d
update-rc.d defaults minifirewall
~~~

View File

@ -4,7 +4,7 @@
# to refresh ips resolutions
# Make sure this file is executable !
FIREWALL=/etc/init.d/minifirewall
FIREWALL=/sbin/minifirewall
if [ -x "$FIREWALL" ] ; then
$FIREWALL restart >/dev/null

View File

@ -51,10 +51,15 @@ BROAD='255.255.255.255'
PORTSROOT='0:1023'
PORTSUSER='1024:65535'
# Detect systemd unit
[ -f /etc/system/system/minifirewall.service ] && SYSTEMD="true"
[ -f /lib/systemd/system/minifirewall.service ] && SYSTEMD="true"
case "$1" in
start)
[ -n "SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl start minifirewall && exit 0
echo "Start IPTables rules..."
# Stop and warn if error!
@ -313,6 +318,8 @@ trap - INT TERM EXIT
stop)
[ -n "$SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl stop minifirewall && exit 0
echo "Flush all rules and accept everything..."
# Delete all rules

12
minifirewall.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Easy firewalling on a standalone server
[Service]
Type=oneshot
Environment="SYSTEMCTL=yes"
ExecStart=/sbin/minifirewall start
ExecStop=/sbin/minifirewall stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target