Add a systemd unit
This commit is contained in:
parent
0450c12f5d
commit
f21d58f870
35
README.md
35
README.md
|
@ -1,11 +1,32 @@
|
|||
minifirewall is shellscripts for easy firewalling on a standalone server
|
||||
Minifirewall is shellscripts for easy firewalling on a standalone server
|
||||
we used netfilter/iptables http://netfilter.org/ designed for recent Linux kernel
|
||||
See https://forge.evolix.org/projects/minifirewall
|
||||
|
||||
Usage :
|
||||
-------
|
||||
# Install
|
||||
|
||||
* download minifirewall and minifirewall.conf
|
||||
* copy minifirewall.conf in /etc (for Debian, use /etc/default/minifirewall)
|
||||
and configure it
|
||||
* start / stop with : minifirewall start / minifirewall stop
|
||||
Copy minifirewall script and config :
|
||||
|
||||
~~~
|
||||
cp minifirewall /usr/local/sbin
|
||||
ln -s /usr/local/sbin/minifirewall /sbin
|
||||
cp minifirewall.conf /etc/default/minifirewall
|
||||
~~~
|
||||
|
||||
## Systemd
|
||||
|
||||
Copy systemd service in /etc/systemd/system :
|
||||
|
||||
~~~
|
||||
cp minifirewall.service /etc/systemd/systemd/
|
||||
systemctl daemon-reload
|
||||
systemctl enable minifirewall
|
||||
~~~
|
||||
|
||||
## Sysvinit
|
||||
|
||||
Make a link to minifirewall script (SysVinit compatible) in /etc/init.d :
|
||||
|
||||
~~~
|
||||
ln -s /usr/local/sbin/minifirewall /etc/init.d
|
||||
update-rc.d defaults minifirewall
|
||||
~~~
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# to refresh ips resolutions
|
||||
# Make sure this file is executable !
|
||||
|
||||
FIREWALL=/etc/init.d/minifirewall
|
||||
FIREWALL=/sbin/minifirewall
|
||||
|
||||
if [ -x "$FIREWALL" ] ; then
|
||||
$FIREWALL restart >/dev/null
|
||||
|
|
|
@ -51,10 +51,15 @@ BROAD='255.255.255.255'
|
|||
PORTSROOT='0:1023'
|
||||
PORTSUSER='1024:65535'
|
||||
|
||||
# Detect systemd unit
|
||||
[ -f /etc/system/system/minifirewall.service ] && SYSTEMD="true"
|
||||
[ -f /lib/systemd/system/minifirewall.service ] && SYSTEMD="true"
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
|
||||
[ -n "SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl start minifirewall && exit 0
|
||||
|
||||
echo "Start IPTables rules..."
|
||||
|
||||
# Stop and warn if error!
|
||||
|
@ -313,6 +318,8 @@ trap - INT TERM EXIT
|
|||
|
||||
stop)
|
||||
|
||||
[ -n "$SYSTEMD" ] && [ -z "$SYSTEMCTL" ] && systemctl stop minifirewall && exit 0
|
||||
|
||||
echo "Flush all rules and accept everything..."
|
||||
|
||||
# Delete all rules
|
||||
|
|
12
minifirewall.service
Normal file
12
minifirewall.service
Normal file
|
@ -0,0 +1,12 @@
|
|||
[Unit]
|
||||
Description=Easy firewalling on a standalone server
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
Environment="SYSTEMCTL=yes"
|
||||
ExecStart=/sbin/minifirewall start
|
||||
ExecStop=/sbin/minifirewall stop
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue