92e07f5fe6
wrote `ip46tables` C minimal program to handle both ipv4 and ipv6 at the same time. fix #22
33 lines
1.2 KiB
Desktop File
33 lines
1.2 KiB
Desktop File
# vim: ft=systemd
|
|
[Unit]
|
|
WantedBy=multi-user.target
|
|
|
|
# See `man systemd.exec` and `man systemd.service` for most options below
|
|
[Service]
|
|
ExecStart=/path/to/reaction -c /etc/reaction.yml
|
|
|
|
# Create an iptables chain for reaction
|
|
ExecStartPre=/path/to/ip46tables -w -N reaction
|
|
# Set its default to ACCEPT
|
|
ExecStartPre=/path/to/ip46tables -w -A reaction -j ACCEPT
|
|
# Always accept 127.0.0.1
|
|
ExecStartPre=/path/to/ip46tables -w -I reaction 1 -s 127.0.0.1 -j ACCEPT
|
|
# Always accept ::1
|
|
ExecStartPre=/path/to/ip46tables -w -I reaction 1 -s ::1 -j ACCEPT
|
|
# Insert this chain as the first item of the INPUT chain (for incoming connections)
|
|
ExecStartPre=/path/to/ip46tables -w -I INPUT -p all -j reaction
|
|
|
|
# Remove the chain from the INPUT chain
|
|
ExecStopPost=/path/to/ip46tables -w -D INPUT -p all -j reaction
|
|
# Empty the chain
|
|
ExecStopPost=/path/to/ip46tables -w -F reaction
|
|
# Delete the chain
|
|
ExecStopPost=/path/to/ip46tables -w -X reaction
|
|
|
|
# Ask systemd to create /var/lib/reaction (/var/lib/ is implicit)
|
|
StateDirectory=reaction
|
|
# Ask systemd to create /run/reaction at runtime (/run/ is implicit)
|
|
RuntimeDirectory=reaction
|
|
# Start reaction in its state directory
|
|
WorkingDirectory=/var/lib/reaction
|