From cf7737238d1265d8b4d914c72396bd3281bc7491 Mon Sep 17 00:00:00 2001 From: hwdsl2 Date: Sun, 21 Oct 2018 00:05:21 -0500 Subject: [PATCH] Improve IPTables on boot - Improve loading of IPTables rules on boot for systems with "netplan" such as Ubuntu 18.04, by creating a systemd service. This is needed because ifupdown scripts do not run under netplan --- vpnsetup.sh | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/vpnsetup.sh b/vpnsetup.sh index 1b25244..485c599 100755 --- a/vpnsetup.sh +++ b/vpnsetup.sh @@ -434,10 +434,34 @@ iptables-restore < /etc/iptables.rules exit 0 EOF +if [ -f /usr/sbin/netplan ]; then + mkdir -p /etc/systemd/system +cat > /etc/systemd/system/load-iptables-rules.service <<'EOF' +[Unit] +Description = Load /etc/iptables.rules +DefaultDependencies=no + +Before=network-pre.target +Wants=network-pre.target + +Wants=systemd-modules-load.service local-fs.target +After=systemd-modules-load.service local-fs.target + +[Service] +Type=oneshot +ExecStart=/etc/network/if-pre-up.d/iptablesload + +[Install] +WantedBy=multi-user.target +EOF + systemctl enable load-iptables-rules 2>/dev/null +fi + for svc in fail2ban ipsec xl2tpd; do update-rc.d "$svc" enable >/dev/null 2>&1 systemctl enable "$svc" 2>/dev/null done + if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then if [ -f /etc/rc.local ]; then conf_bk "/etc/rc.local" @@ -451,7 +475,6 @@ cat >> /etc/rc.local <<'EOF' (sleep 15 service ipsec restart service xl2tpd restart -[ -f "/usr/sbin/netplan" ] && { iptables-restore < /etc/iptables.rules; service fail2ban restart; } echo 1 > /proc/sys/net/ipv4/ip_forward)& exit 0 EOF