[systemd-devel] transforming Iptables bash script to systemd service file -help
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Fri Sep 12 02:59:50 PDT 2014
Hi,
this approach doesn't make much sense, for a few reasons.
First, having systemd execute each line as a separate command
is not very efficient: systemd is doing other things at the same
time, and will interleave other jobs with the commands, log lots
of things, etc.
Second, embedding such conditionals in the unit file is always
going to be very awkward for editing and updating.
Third, most important probably, is that you really want iptables'
rules to be loaded atomically. Using iptables-restore gives you
such atomicity and is much better.
IMHO, you should use this approach, ie. somehow construct the set
of rules and load it all at once.
Zbyszek
More information about the systemd-devel
mailing list