Add a systemd unit
This commit is contained in:
parent
0450c12f5d
commit
f21d58f870
35
README.md
35
README.md
|
@ -1,11 +1,32 @@
|
||||||
minifirewall is shellscripts for easy firewalling on a standalone server
|
Minifirewall is shellscripts for easy firewalling on a standalone server
|
||||||
we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
|
we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
|
||||||
See https://forge.evolix.org/projects/minifirewall
|
See https://forge.evolix.org/projects/minifirewall
|
||||||
|
|
||||||
Usage :
|
# Install
|
||||||
-------
|
|
||||||
|
|
||||||
* download minifirewall and minifirewall.conf
|
Copy minifirewall script and config :
|
||||||
* copy minifirewall.conf in /etc (for Debian, use /etc/default/minifirewall)
|
|
||||||
and configure it
|
~~~
|
||||||
* start / stop with : minifirewall start / minifirewall stop
|
cp minifirewall /usr/local/sbin
|
||||||
|
ln -s /usr/local/sbin/minifirewall /sbin
|
||||||
|
cp minifirewall.conf /etc/default/minifirewall
|
||||||
|
~~~
|
||||||
|
|
||||||
|
## Systemd
|
||||||
|
|
||||||
|
Copy systemd service in /etc/systemd/system :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
cp minifirewall.service /etc/systemd/systemd/
|
||||||
|
systemctl daemon-reload
|
||||||
|
systemctl enable minifirewall
|
||||||
|
~~~
|
||||||
|
|
||||||
|
## Sysvinit
|
||||||
|
|
||||||
|
Make a link to minifirewall script (SysVinit compatible) in /etc/init.d :
|
||||||
|
|
||||||
|
~~~
|
||||||
|
ln -s /usr/local/sbin/minifirewall /etc/init.d
|
||||||
|
update-rc.d defaults minifirewall
|
||||||
|
~~~
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# to refresh ips resolutions
|
# to refresh ips resolutions
|
||||||
# Make sure this file is executable !
|
# Make sure this file is executable !
|
||||||
|
|
||||||
FIREWALL=/etc/init.d/minifirewall
|
FIREWALL=/sbin/minifirewall
|
||||||
|
|
||||||
if [ -x "$FIREWALL" ] ; then
|
if [ -x "$FIREWALL" ] ; then
|
||||||
$FIREWALL restart >/dev/null
|
$FIREWALL restart >/dev/null
|
||||||
|
|
|
@ -51,10 +51,15 @@ BROAD='255.255.255.255'
|
||||||
PORTSROOT='0:1023'
|
PORTSROOT='0:1023'
|
||||||
PORTSUSER='1024:65535'
|
PORTSUSER='1024:65535'
|
||||||
|
|
||||||
|
# Detect systemd unit
|
||||||
|
[ -f /etc/system/system/minifirewall.service ] && SYSTEMD="true"
|
||||||
|
[ -f /lib/systemd/system/minifirewall.service ] && SYSTEMD="true"
|
||||||
|
|
||||||
case "$1" in
|
case "$1" in
|
||||||
start)
|
start)
|
||||||
|
|
||||||
|
[ -n "SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl start minifirewall && exit 0
|
||||||
|
|
||||||
echo "Start IPTables rules..."
|
echo "Start IPTables rules..."
|
||||||
|
|
||||||
# Stop and warn if error!
|
# Stop and warn if error!
|
||||||
|
@ -313,6 +318,8 @@ trap - INT TERM EXIT
|
||||||
|
|
||||||
stop)
|
stop)
|
||||||
|
|
||||||
|
[ -n "$SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl stop minifirewall && exit 0
|
||||||
|
|
||||||
echo "Flush all rules and accept everything..."
|
echo "Flush all rules and accept everything..."
|
||||||
|
|
||||||
# Delete all rules
|
# Delete all rules
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Easy firewalling on a standalone server
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
Environment="SYSTEMCTL=yes"
|
||||||
|
ExecStart=/sbin/minifirewall start
|
||||||
|
ExecStop=/sbin/minifirewall stop
|
||||||
|
RemainAfterExit=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in New Issue