mirror/setup-ipsec-vpn
1
0
Fork 0
mirror of synced 2024-11-26 06:46:06 +03:00
Code Issues Projects Releases Wiki Activity

Improve IPTables on boot

Browse Source 
- Improve loading of IPTables rules on boot for systems with "netplan"
  such as Ubuntu 18.04, by creating a systemd service. This is needed
  because ifupdown scripts do not run under netplan
This commit is contained in:
hwdsl2 2018-10-21 00:05:21 -05:00
parent 599eb1aa8a
commit cf7737238d
1 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
vpnsetup.sh
View File

@ -434,10 +434,34 @@ iptables-restore < /etc/iptables.rules
exit 0 exit 0
EOF EOF
if [ -f /usr/sbin/netplan ]; then
mkdir -p /etc/systemd/system
cat > /etc/systemd/system/load-iptables-rules.service <<'EOF'
[Unit]
Description = Load /etc/iptables.rules
DefaultDependencies=no
Before=network-pre.target
Wants=network-pre.target
Wants=systemd-modules-load.service local-fs.target
After=systemd-modules-load.service local-fs.target
[Service]
Type=oneshot
ExecStart=/etc/network/if-pre-up.d/iptablesload
[Install]
WantedBy=multi-user.target
EOF
systemctl enable load-iptables-rules 2>/dev/null
fi
for svc in fail2ban ipsec xl2tpd; do for svc in fail2ban ipsec xl2tpd; do
update-rc.d "$svc" enable >/dev/null 2>&1 update-rc.d "$svc" enable >/dev/null 2>&1
systemctl enable "$svc" 2>/dev/null systemctl enable "$svc" 2>/dev/null
done done
if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
if [ -f /etc/rc.local ]; then if [ -f /etc/rc.local ]; then
conf_bk "/etc/rc.local" conf_bk "/etc/rc.local"
@ -451,7 +475,6 @@ cat >> /etc/rc.local <<'EOF'
(sleep 15 (sleep 15
service ipsec restart service ipsec restart
service xl2tpd restart service xl2tpd restart
[ -f "/usr/sbin/netplan" ] && { iptables-restore < /etc/iptables.rules; service fail2ban restart; }
echo 1 > /proc/sys/net/ipv4/ip_forward)& echo 1 > /proc/sys/net/ipv4/ip_forward)&
exit 0 exit 0
EOF EOF