[systemd-devel] transforming Iptables bash script to systemd service file -help
Simon McVittie
simon.mcvittie at collabora.co.uk
Wed Oct 22 04:37:36 PDT 2014
On 21/10/14 20:30, Lennart Poettering wrote:
> But in cases like the iptables tool (which
> is written in a style that kinda requires the usage of shell scripts
> to invoke it, since it is more a programming language and is seldom
> called just once at boot)
If your ruleset is static (e.g. does not depend on the local IP
address), it's very close to not needing a shell: all it would need is
for systemd to support StandardInput=/a/file/path, or for
iptables-restore to support "--file /a/file/path", or something similar.
iptables-save | sudo tee /etc/my-firewall
ip6tables-save | sudo tee /etc/my-firewall6
ExecStart=/bin/sh -c 'iptables-restore < /etc/my-firewall'
ExecStart=/bin/sh -c 'ip6tables-restore < /etc/my-firewall6'
S
More information about the systemd-devel
mailing list