2023-04-11 13:01:02 +02:00
|
|
|
# vim: ft=systemd
|
|
|
|
[Unit]
|
|
|
|
WantedBy=multi-user.target
|
|
|
|
|
2023-05-05 15:33:00 +02:00
|
|
|
# See `man systemd.exec` and `man systemd.service` for most options below
|
2023-04-11 13:01:02 +02:00
|
|
|
[Service]
|
|
|
|
ExecStart=/path/to/reaction -c /etc/reaction.yml
|
|
|
|
|
|
|
|
# Create an iptables chain for reaction
|
2023-10-05 12:00:00 +02:00
|
|
|
ExecStartPre=/path/to/ip46tables -w -N reaction
|
2023-04-11 13:01:02 +02:00
|
|
|
# Set its default to ACCEPT
|
2023-10-05 12:00:00 +02:00
|
|
|
ExecStartPre=/path/to/ip46tables -w -A reaction -j ACCEPT
|
2023-05-26 13:53:59 +02:00
|
|
|
# Always accept 127.0.0.1
|
2023-10-05 12:00:00 +02:00
|
|
|
ExecStartPre=/path/to/ip46tables -w -I reaction 1 -s 127.0.0.1 -j ACCEPT
|
|
|
|
# Always accept ::1
|
|
|
|
ExecStartPre=/path/to/ip46tables -w -I reaction 1 -s ::1 -j ACCEPT
|
2023-04-11 13:01:02 +02:00
|
|
|
# Insert this chain as the first item of the INPUT chain (for incoming connections)
|
2023-10-05 12:00:00 +02:00
|
|
|
ExecStartPre=/path/to/ip46tables -w -I INPUT -p all -j reaction
|
2023-04-11 13:01:02 +02:00
|
|
|
|
|
|
|
# Remove the chain from the INPUT chain
|
2023-10-05 12:00:00 +02:00
|
|
|
ExecStopPost=/path/to/ip46tables -w -D INPUT -p all -j reaction
|
2023-04-11 13:01:02 +02:00
|
|
|
# Empty the chain
|
2023-10-05 12:00:00 +02:00
|
|
|
ExecStopPost=/path/to/ip46tables -w -F reaction
|
2023-04-27 12:38:57 +02:00
|
|
|
# Delete the chain
|
2023-10-05 12:00:00 +02:00
|
|
|
ExecStopPost=/path/to/ip46tables -w -X reaction
|
2023-04-11 13:01:02 +02:00
|
|
|
|
|
|
|
# Ask systemd to create /var/lib/reaction (/var/lib/ is implicit)
|
|
|
|
StateDirectory=reaction
|
2023-05-05 15:33:00 +02:00
|
|
|
# Ask systemd to create /run/reaction at runtime (/run/ is implicit)
|
|
|
|
RuntimeDirectory=reaction
|
2023-04-11 13:01:02 +02:00
|
|
|
# Start reaction in its state directory
|
|
|
|
WorkingDirectory=/var/lib/reaction
|