evolix
/
minifirewall
21
0
Fork 0
Code Issues 4 Pull Requests 3 Releases 1 Activity

Add a systemd unit

This commit is contained in:
Victor LABORIE 2017-08-03 20:22:04 +02:00
parent 0450c12f5d
commit f21d58f870
4 changed files with 48 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
README.md
View File

@ -1,11 +1,32 @@
minifirewall is shellscripts for easy firewalling on a standalone server Minifirewall is shellscripts for easy firewalling on a standalone server
we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
See https://forge.evolix.org/projects/minifirewall See https://forge.evolix.org/projects/minifirewall
Usage : # Install
-------
* download minifirewall and minifirewall.conf Copy minifirewall script and config :
* copy minifirewall.conf in /etc (for Debian, use /etc/default/minifirewall)
and configure it ~~~
* start / stop with : minifirewall start / minifirewall stop cp minifirewall /usr/local/sbin
ln -s /usr/local/sbin/minifirewall /sbin
cp minifirewall.conf /etc/default/minifirewall
~~~
## Systemd
Copy systemd service in /etc/systemd/system :
~~~
cp minifirewall.service /etc/systemd/systemd/
systemctl daemon-reload
systemctl enable minifirewall
~~~
## Sysvinit
Make a link to minifirewall script (SysVinit compatible) in /etc/init.d :
~~~
ln -s /usr/local/sbin/minifirewall /etc/init.d
update-rc.d defaults minifirewall
~~~

2
cron_minifirewall
View File

@ -4,7 +4,7 @@
# to refresh ips resolutions # to refresh ips resolutions
# Make sure this file is executable ! # Make sure this file is executable !
FIREWALL=/etc/init.d/minifirewall FIREWALL=/sbin/minifirewall
if [ -x "$FIREWALL" ] ; then if [ -x "$FIREWALL" ] ; then
$FIREWALL restart >/dev/null $FIREWALL restart >/dev/null

7
minifirewall
View File

@ -51,10 +51,15 @@ BROAD='255.255.255.255'
PORTSROOT='0:1023' PORTSROOT='0:1023'
PORTSUSER='1024:65535' PORTSUSER='1024:65535'
# Detect systemd unit
[ -f /etc/system/system/minifirewall.service ] && SYSTEMD="true"
[ -f /lib/systemd/system/minifirewall.service ] && SYSTEMD="true"
case "$1" in case "$1" in
start) start)
[ -n "SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl start minifirewall && exit 0
echo "Start IPTables rules..." echo "Start IPTables rules..."
# Stop and warn if error! # Stop and warn if error!
@ -313,6 +318,8 @@ trap - INT TERM EXIT
stop) stop)
[ -n "$SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl stop minifirewall && exit 0
echo "Flush all rules and accept everything..." echo "Flush all rules and accept everything..."
# Delete all rules # Delete all rules

12
minifirewall.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=Easy firewalling on a standalone server
[Service]
Type=oneshot
Environment="SYSTEMCTL=yes"
ExecStart=/sbin/minifirewall start
ExecStop=/sbin/minifirewall stop
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target