From ab05db660f994a2f0d3944bdea3ae44f189e1b0a Mon Sep 17 00:00:00 2001 From: Konano Date: Wed, 23 Oct 2024 23:46:03 +0800 Subject: [PATCH] =?UTF-8?q?fix(iptables):=20=E9=80=9A=E8=BF=87=E5=A2=9E?= =?UTF-8?q?=E5=8A=A0=20iptables-load.service=20=E8=A7=A3=E5=86=B3=E4=BA=86?= =?UTF-8?q?=20ifupdown=20=E4=B8=8D=E5=90=AF=E7=94=A8=E6=97=B6=20iptables-l?= =?UTF-8?q?oad=20=E4=B8=8D=E7=94=9F=E6=95=88=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- configure_priv.sh | 30 +++++++++++++++++++++++++----- files/iptables-load.service | 12 ++++++++++++ files/zsh/51-alias.zsh | 5 ++++- 3 files changed, 41 insertions(+), 6 deletions(-) create mode 100644 files/iptables-load.service diff --git a/configure_priv.sh b/configure_priv.sh index 39be410..e0618d9 100755 --- a/configure_priv.sh +++ b/configure_priv.sh @@ -324,13 +324,33 @@ configure_fail2ban() { } configure_iptables() { - [ -f /etc/network/if-pre-up.d/iptables-load ] && return [ $offline -eq 1 ] && return + if command_exists ifquery && systemctl is-active --quiet networking; then + # ifupdown: /etc/network/if-pre-up.d/iptables-load + [ -f /etc/network/if-pre-up.d/iptables-load ] && return + if confirm_action "要配置 iptables 吗?" "N"; then + sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load + sudo chmod +x /etc/network/if-pre-up.d/iptables-load + sudo sh /etc/network/if-pre-up.d/iptables-load + fi + else + # systemd: /etc/network/iptables-load + [ -f /etc/network/iptables-load ] && return + if confirm_action "要配置 iptables 吗?" "N"; then + if [ -f /etc/network/if-pre-up.d/iptables-load ]; then + sudo mv /etc/network/if-pre-up.d/iptables-load /etc/network/iptables-load + else + sudo cp $scriptdir/files/iptables-load /etc/network/iptables-load + sudo chmod +x /etc/network/iptables-load + sudo sh /etc/network/iptables-load + fi - if confirm_action "要配置 iptables 吗?" "N"; then - sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load - sudo chmod +x /etc/network/if-pre-up.d/iptables-load - sudo sh /etc/network/if-pre-up.d/iptables-load + sudo cp $scriptdir/files/iptables-load.service /etc/systemd/system/iptables-load.service + sudo chmod +x /etc/systemd/system/iptables-load.service + sudo systemctl daemon-reload + sudo systemctl start iptables-load.service + sudo systemctl enable iptables-load.service + fi fi } diff --git a/files/iptables-load.service b/files/iptables-load.service new file mode 100644 index 0000000..327dad6 --- /dev/null +++ b/files/iptables-load.service @@ -0,0 +1,12 @@ +[Unit] +Description=Load iptables rules during network pre-up +Wants=network-pre.target +Before=network-pre.target + +[Service] +Type=oneshot +ExecStart=/etc/network/iptables-load +RemainAfterExit=yes + +[Install] +WantedBy=network-pre.target diff --git a/files/zsh/51-alias.zsh b/files/zsh/51-alias.zsh index 033ae21..3fd4e21 100644 --- a/files/zsh/51-alias.zsh +++ b/files/zsh/51-alias.zsh @@ -14,7 +14,10 @@ command_exists() { command -v "$@" >/dev/null 2>&1; } if command_exists iptables; then alias ipl='sudo iptables -L -n' - if [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then + if [ -f "/etc/network/iptables-load" ]; then + alias ipe='sudo vi /etc/network/iptables-load' + alias ips='sudo /etc/network/iptables-load' + elif [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then alias ipe='sudo vi /etc/network/if-pre-up.d/iptables-load' alias ips='sudo /etc/network/if-pre-up.d/iptables-load' fi