fix(iptables): 通过增加 iptables-load.service 解决了 ifupdown 不启用时 iptables-load 不生效的问题
This commit is contained in:
parent
306c0fb0b5
commit
ab05db660f
@ -324,14 +324,34 @@ configure_fail2ban() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
configure_iptables() {
|
configure_iptables() {
|
||||||
[ -f /etc/network/if-pre-up.d/iptables-load ] && return
|
|
||||||
[ $offline -eq 1 ] && return
|
[ $offline -eq 1 ] && return
|
||||||
|
if command_exists ifquery && systemctl is-active --quiet networking; then
|
||||||
|
# ifupdown: /etc/network/if-pre-up.d/iptables-load
|
||||||
|
[ -f /etc/network/if-pre-up.d/iptables-load ] && return
|
||||||
if confirm_action "要配置 iptables 吗?" "N"; then
|
if confirm_action "要配置 iptables 吗?" "N"; then
|
||||||
sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load
|
sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load
|
||||||
sudo chmod +x /etc/network/if-pre-up.d/iptables-load
|
sudo chmod +x /etc/network/if-pre-up.d/iptables-load
|
||||||
sudo sh /etc/network/if-pre-up.d/iptables-load
|
sudo sh /etc/network/if-pre-up.d/iptables-load
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
# systemd: /etc/network/iptables-load
|
||||||
|
[ -f /etc/network/iptables-load ] && return
|
||||||
|
if confirm_action "要配置 iptables 吗?" "N"; then
|
||||||
|
if [ -f /etc/network/if-pre-up.d/iptables-load ]; then
|
||||||
|
sudo mv /etc/network/if-pre-up.d/iptables-load /etc/network/iptables-load
|
||||||
|
else
|
||||||
|
sudo cp $scriptdir/files/iptables-load /etc/network/iptables-load
|
||||||
|
sudo chmod +x /etc/network/iptables-load
|
||||||
|
sudo sh /etc/network/iptables-load
|
||||||
|
fi
|
||||||
|
|
||||||
|
sudo cp $scriptdir/files/iptables-load.service /etc/systemd/system/iptables-load.service
|
||||||
|
sudo chmod +x /etc/systemd/system/iptables-load.service
|
||||||
|
sudo systemctl daemon-reload
|
||||||
|
sudo systemctl start iptables-load.service
|
||||||
|
sudo systemctl enable iptables-load.service
|
||||||
|
fi
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_hostname() {
|
configure_hostname() {
|
||||||
|
|||||||
12
files/iptables-load.service
Normal file
12
files/iptables-load.service
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Load iptables rules during network pre-up
|
||||||
|
Wants=network-pre.target
|
||||||
|
Before=network-pre.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/etc/network/iptables-load
|
||||||
|
RemainAfterExit=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=network-pre.target
|
||||||
@ -14,7 +14,10 @@ command_exists() { command -v "$@" >/dev/null 2>&1; }
|
|||||||
|
|
||||||
if command_exists iptables; then
|
if command_exists iptables; then
|
||||||
alias ipl='sudo iptables -L -n'
|
alias ipl='sudo iptables -L -n'
|
||||||
if [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then
|
if [ -f "/etc/network/iptables-load" ]; then
|
||||||
|
alias ipe='sudo vi /etc/network/iptables-load'
|
||||||
|
alias ips='sudo /etc/network/iptables-load'
|
||||||
|
elif [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then
|
||||||
alias ipe='sudo vi /etc/network/if-pre-up.d/iptables-load'
|
alias ipe='sudo vi /etc/network/if-pre-up.d/iptables-load'
|
||||||
alias ips='sudo /etc/network/if-pre-up.d/iptables-load'
|
alias ips='sudo /etc/network/if-pre-up.d/iptables-load'
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user