On 21/10/14 20:30, Lennart Poettering wrote:
> But in cases like the iptables tool (which
> is written in a style that kinda requires the usage of shell scripts
> to invoke it, since it is more a programming language and is seldom
> called just once at boot)
If your ruleset is static (e.g. does not depend on the local IP
address), it's very close to not needing a shell: all it would need is
for systemd to support StandardInput=/a/file/path, or for
iptables-restore to support "--file /a/file/path", or something similar.
iptables-save | sudo tee /etc/my-firewall
ip6tables-save | sudo tee /etc/my-firewall6
ExecStart=/bin/sh -c 'iptables-restore < /etc/my-firewall'
ExecStart=/bin/sh -c 'ip6tables-restore < /etc/my-firewall6'
S
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
