Improve services on boot

- Better handling of starting IPTables & Fail2Ban on boot
- Use iptables-services and disable firewalld for CentOS 7

extras/vpnupgrade_centos.sh

@@ -108,7 +108,7 @@ yum -y install nss-devel nspr-devel pkgconfig pam-devel \
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
   yum -y install libevent2-devel || exiterr2
-elif grep -qs "release 7" /etc/redhat-release; then
+else
   yum -y install libevent-devel systemd-devel || exiterr2
 fi
 

vpnsetup.sh

@@ -162,6 +162,8 @@ apt-get -yq install ppp xl2tpd || exiterr2
 
 # Install Fail2Ban to protect SSH server
 apt-get -yq install fail2ban || exiterr2
+update-rc.d fail2ban enable
+systemctl enable fail2ban 2>/dev/null
 
 # Compile and install Libreswan
 swan_ver=3.18
@@ -438,7 +440,6 @@ EOF
     echo "sleep 30" >> /etc/rc.local
   fi
 cat >> /etc/rc.local <<'EOF'
-service fail2ban restart || /bin/true
 service ipsec start
 service xl2tpd start
 echo 1 > /proc/sys/net/ipv4/ip_forward

vpnsetup_centos.sh

@@ -156,7 +156,7 @@ yum -y install fail2ban || exiterr2
 if grep -qs "release 6" /etc/redhat-release; then
   yum -y remove libevent-devel
   yum -y install libevent2-devel || exiterr2
-elif grep -qs "release 7" /etc/redhat-release; then
+else
   yum -y install libevent-devel systemd-devel || exiterr2
 fi
 
@@ -408,13 +408,6 @@ fi
 # Create basic Fail2Ban rules
 if [ ! -f /etc/fail2ban/jail.local ] ; then
 cat > /etc/fail2ban/jail.local <<'EOF'
-[DEFAULT]
-ignoreip = 127.0.0.1/8
-bantime  = 600
-findtime  = 600
-maxretry = 5
-backend = auto
-
 [ssh-iptables]
 enabled  = true
 filter   = sshd
@@ -424,13 +417,19 @@ EOF
 fi
 
 # Start services at boot
+if grep -qs "release 6" /etc/redhat-release; then
+  chkconfig iptables on
+  chkconfig fail2ban on
+else
+  systemctl --now mask firewalld
+  yum -y install iptables-services || exiterr2
+  systemctl enable iptables fail2ban
+fi
 if ! grep -qs "hwdsl2 VPN script" /etc/rc.local; then
   conf_bk "/etc/rc.local"
 cat >> /etc/rc.local <<'EOF'
 
 # Added by hwdsl2 VPN script
-iptables-restore < /etc/sysconfig/iptables
-service fail2ban restart
 service ipsec start
 service xl2tpd start
 echo 1 > /proc/sys/net/ipv4/ip_forward