Answer the question
In order to leave comments, you need to log in
What is the best way to write a systemd service with iptables?
You need to run OpenVPN on a non-standard port. The distribution does not imply this, you need to write your own service for systemd.
I have seen in the distribution or online manuals that permissions for iptables are included directly in the service. To what extent is this correct?
I need to write an automatic unwrapper for such a service, i.e. in any case, it will be necessary to somehow configure iptables. How to make it as kosher as possible? Using additional entities like ufw is probably not very good, but I don't mind. The idea of adding directly to a systemd unit seems fresh and quite interesting to me, everything is in one place and uninstallation will be simpler. Including the fact that rules can be deleted during OpenVPN shutdown.
What do you think?
Answer the question
In order to leave comments, you need to log in
Is your openvpn already configured/built to work with systemd?
Openvpn --version gives the line enable-systemd=yes? The service port is changed in the server configuration.
And then Server:
Place your server configuration file in /etc/openvpn/server
Use the [email protected] like so:
$ sudo systemctl start [email protected]{Server-config}
Replace {Server-config} with the name of your config file without the .conf And Start at boot:
Replace start with enable
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question