bugs icon indicating copy to clipboard operation
bugs copied to clipboard

Published 20 hours ago verified publisher icon coreos

Add ipset.service

Open polarina opened this issue 9 years ago • 2 comments

Can a ipset service be added to restore ipset configuration? I took a quick stab at making a service definition, based on the one provided by Arch GNU/Linux.

[Unit]
Description=Loading IP Sets
Before=network.target iptables-restore.service ip6tables-restore.service
Wants=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/ipset -f /etc/ipset.conf restore
ExecReload=/usr/sbin/ipset -f /etc/ipset.conf restore
ExecStop=/usr/sbin/ipset destroy

[Install]
WantedBy=basic.target

polarina avatar Sep 13 '15 20:09 polarina

We should check if a unit is in Gentoo yet or not too.

marineam avatar Sep 15 '15 00:09 marineam

@polarina thanks for your service file! Simple and working. The only thing I would add is -exist flag, so service can be reloaded to load new configuration file without issues. Fragment of container linux config for interested people:

    - name: ipset.service
      enabled: true
      contents: |
        [Unit]
        Description=Loading IP Sets
        Before=network.target iptables-restore.service ip6tables-restore.service
        Wants=network.target

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/sbin/ipset -exist -f /etc/ipset.conf restore
        ExecReload=/usr/sbin/ipset -exist -f /etc/ipset.conf restore
        ExecStop=/usr/sbin/ipset destroy

        [Install]
        WantedBy=basic.target

invidian avatar Feb 20 '19 08:02 invidian