forked from pool/nftables
Implement nftables.service for static firewall configurations (bsc#1237277)
It seems users are missing this service which is not part of the upstream project but present in most other Linux distributions. It allows to setup simple static nftables based firewalls via configuration files.
This commit is contained in:
Matthias Gerstner
22
nftables.service
Normal file
22
nftables.service
Normal file
@@ -0,0 +1,22 @@
|
||||
[Unit]
|
||||
Description=nftables static rule set
|
||||
Documentation=file:/usr/share/doc/packages/nftables/README.SUSE
|
||||
Wants=network-pre.target
|
||||
Before=network-pre.target shutdown.target
|
||||
Conflicts=shutdown.target
|
||||
DefaultDependencies=no
|
||||
AssertPathExists=/etc/nftables/rules/main.nft
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
StandardInput=null
|
||||
ProtectSystem=full
|
||||
ProtectHome=true
|
||||
AssertPathExists=/etc/nftables/rules/main.nft
|
||||
ExecStart=/usr/sbin/nft -f /etc/nftables/rules/main.nft
|
||||
ExecReload=/usr/sbin/nft -f /etc/nftables/rules/main.nft
|
||||
ExecStop=/usr/sbin/nft flush ruleset
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
||||
Reference in New Issue
Block a user