Chinaunix首页 | 论坛 | 博客

Go ahead, try it now..ulovko.blog.chinaunix.net

首页 |  博文目录 |  关于我

ulovko

  • 博客访问: 733819
  • 博文数量: 235
  • 博客积分: 4309
  • 博客等级: 中校
  • 技术积分: 2325
  • 用 户 组: 普通用户
  • 注册时间: 2011-01-17 11:25
个人简介

If you don\\\\\\\\\\\\\\\'t wanna do it, you find an EXCUSE; if you do, you\\\\\\\\\\\\\\\'ll find a WAY :-)

文章分类

全部博文(235)

文章存档

2014年(3)

2013年(2)

2012年(31)

2011年(199)

我的朋友
最近访客
推荐博文
相关博文
iptables systemd systemctl

分类: LINUX

2011-01-17 17:50:01


1. 

  1. # Ubuntu - WARNING: Iptables and NetworkManager can conflict
  2. $ sudo apt remove network-manager
  3. or
  4. $ sudo apt --purge remove network-manager # use with caution

2. iptables version1.8.3

  1. # There are 5 methods to run iptables automatically at Startup


3. rc-local.service

  1. # Method 1

  3. # rc-local.service - /etc/rc.d/rc.local

  5. # systemctl status rc-local.service

  7. # chmod a+x /etc/rc.d/rc.local; ll /etc/rc.d/rc.local
  8. # systemctl daemon-reload

  10. # systemctl list-dependencies multi-user.target | grep rc-local

  12. # chown root:root /etc/iptables.start.rules
  13. # chmod 700 /etc/iptables.start.rules

  15. # echo "/etc/iptables.start.rules" >> /etc/rc.d/rc.local


4.  利用systemd 构建 serivce

  1. #
  2. # Method 2

  4. # Systemctl Service
  5. # /usr/lib/systemd/system - system level
  6. # /etc/systemd/system - user level


  9. # 2.1
  10. # sudo bash iptables.autoconf.sh

  12. # cat iptables.autoconf.sh
  13. #!/bin/bash
  14. #

  16. # disable ufw service
  17. systemctl disable ufw.service

  19. # copy the appropriate files to the target location
  20. cp ./iptables.{start,stop}.rules /etc/
  21. cp ./iptables.service /etc/systemd/system/

  23. # make the iptables script executable
  24. chmod a+x /etc/iptables.{start,stop}.rules

  26. # apply the customized iptables rules
  27. /bin/bash /etc/iptables.start.rules

  29. # dump iptables rules to a file
  30. /sbin/iptables-save > /etc/iptables.start.rules

  32. # enable the unit
  33. systemctl enable iptables.service


  36. #
  37. # Customizing Service
  38. $ cat /etc/systemd/system/iptables.service

  40. [Unit]
  41. Description=iptables firewall
  42. Documentation=man:iptables(8)
  43. DefaultDependencies=no
  44. Before=network.target

  46. [Service]
  47. Type=oneshot
  48. RemainAfterExit=yes
  49. ExecStart=/bin/bash -c "/sbin/iptables-restore < /etc/iptables.start.rules"
  50. ExecStop=/bin/bash -c "/etc/iptables.stop.rules"

  52. [Install]
  53. WantedBy=multi-user.target

  55. # enable the unit
  56. $ sudo systemctl enable iptables.service

  58. #
  59. # disable and remove the symlinked service

  61. $ sudo systemctl disable iptables.service
  62. $ sudo rm /etc/systemd/system/iptables.service


5. 利用systemd 构建 serivce,脚本模式

  1. # 2.2
  2. # sudo bash iptables.script.autoconf.sh

  4. # cat iptables.script.autoconf.sh
  5. #!/bin/bash
  6. #

  8. # disable ufw service
  9. systemctl disable ufw.service

  11. # copy the appropriate files to the target location
  12. cp ./iptables.{start,stop}.rules /etc/
  13. cp ./iptables.script.service /etc/systemd/system/

  15. # make the iptables script executable
  16. chmod a+x /etc/iptables.{start,stop}.rules

  18. # apply the customized iptables rules
  19. /bin/bash /etc/iptables.start.rules

  21. # enable the unit
  22. systemctl enable iptables.script.service

  24. #
  25. # disable and remove the symlinked service

  27. $ sudo systemctl disable iptables.script.service
  28. $ sudo rm /etc/systemd/system/iptables.script.service


  31. #
  32. # Customizing Service
  33. $ cat /etc/systemd/system/iptables.script.service

  35. [Unit]
  36. Description=iptables firewall
  37. Documentation=man:iptables(8)
  38. DefaultDependencies=no
  39. Before=network.target

  41. [Service]
  42. Type=oneshot
  43. RemainAfterExit=yes
  44. ExecStart=/bin/bash -c "/etc/iptables.start.rules"
  45. ExecStop=/bin/bash -c "/etc/iptables.stop.rules"

  47. [Install]
  48. WantedBy=multi-user.target


6. iptables-persistent

  1. #
  2. # Method 3

  4. # iptables-persistent
  5. # Install and use the iptables-persistent package

  7. $ sudo apt install iptables-persistent
7.

  1. #
  2. # Method 4 #(might be obsolete)
  3. /etc/network/interfaces


8.

  1. #
  2. # Method 5 #(might be obsolete)
  3. /etc/network/if-pre-up.d
  4. /etc/network/if-post-down.d


9. reference
阅读(939) | 评论(0) | 转发(0) |
0

上一篇:刘备 曾仕强 麻将 和 驴

下一篇:mounting an USB device as normal user in OpenBSD

给主人留下些什么吧!~~
关于我们 | 关于IT168 | 联系方式 | 广告合作 | 法律声明 | 免费注册

Copyright 2001-2010 ChinaUnix.net All Rights Reserved 北京皓辰网域网络信息技术有限公司. 版权所有

感谢所有关心和支持过ChinaUnix的朋友们

16024965号-6