[systemd-devel] transforming Iptables bash script to systemd service file -help

Reindl Harald h.reindl at thelounge.net
Fri Sep 12 05:20:01 PDT 2014


Am 12.09.2014 um 14:04 schrieb lux-integ:
> On Friday 12 September 2014 11:53:23 Simon McVittie wrote:
>> The way to do this is to write a script in the programming language of
>> your choice (bash is one possibility), and have the systemd service file
>> run that. There would be little point in systemd reinventing a generic
>> script interpreter: we already have lots of those (bash, Python, etc.)
> 
> thanks to you and others
> I only ask as I was under the impression that bash scripting was a no-no for 
> systemd implementations
> 
> 
>  I will stick with the tried and tested bash scripts  for iptables 
> then  try something like 
> 
> ExecStart=/bin/sh -c  " path/to/IptablesScript"
> 
> inside a  servce file
> 
> will this suffce ?

why want you do that?

on Redhat systems end your script with "/usr/sbin/iptables-save > /etc/sysconfig/iptables"
and just enable the iptables service, the pre-generated rules will be loaded at boot from
iptables - there is really no need to fire up the shell script each boot

i maintain around 30 servers that way with a distributed "iptables.sh"
which has general rules and some depending on $HOSTNAME for many years

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140912/f482a7cc/attachment.sig>


More information about the systemd-devel mailing list