fix(iptables): 通过增加 iptables-load.service 解决了 ifupdown 不启用时 iptables-load 不生效的问题

2024-10-23 23:46:03 +08:00 · 2024-10-23 23:46:03 +08:00 · ab05db660f
commit ab05db660f
parent 306c0fb0b5
3 changed files with 41 additions and 6 deletions
--- a/configure_priv.sh
+++ b/configure_priv.sh
@ -324,14 +324,34 @@ configure_fail2ban() {
 }

 configure_iptables() {
-    [ -f /etc/network/if-pre-up.d/iptables-load ] && return
    [ $offline -eq 1 ] && return
-
+    if command_exists ifquery && systemctl is-active --quiet networking; then
+        # ifupdown: /etc/network/if-pre-up.d/iptables-load
+        [ -f /etc/network/if-pre-up.d/iptables-load ] && return
        if confirm_action "要配置 iptables 吗？" "N"; then
            sudo cp $scriptdir/files/iptables-load /etc/network/if-pre-up.d/iptables-load
            sudo chmod +x /etc/network/if-pre-up.d/iptables-load
            sudo sh /etc/network/if-pre-up.d/iptables-load
        fi
+    else
+        # systemd: /etc/network/iptables-load
+        [ -f /etc/network/iptables-load ] && return
+        if confirm_action "要配置 iptables 吗？" "N"; then
+            if [ -f /etc/network/if-pre-up.d/iptables-load ]; then
+                sudo mv /etc/network/if-pre-up.d/iptables-load /etc/network/iptables-load
+            else
+                sudo cp $scriptdir/files/iptables-load /etc/network/iptables-load
+                sudo chmod +x /etc/network/iptables-load
+                sudo sh /etc/network/iptables-load
+            fi
+
+            sudo cp $scriptdir/files/iptables-load.service /etc/systemd/system/iptables-load.service
+            sudo chmod +x /etc/systemd/system/iptables-load.service
+            sudo systemctl daemon-reload
+            sudo systemctl start iptables-load.service
+            sudo systemctl enable iptables-load.service
+        fi
+    fi
 }

 configure_hostname() {
--- a/files/iptables-load.service
+++ b/files/iptables-load.service
@ -0,0 +1,12 @@
+[Unit]
+Description=Load iptables rules during network pre-up
+Wants=network-pre.target
+Before=network-pre.target
+
+[Service]
+Type=oneshot
+ExecStart=/etc/network/iptables-load
+RemainAfterExit=yes
+
+[Install]
+WantedBy=network-pre.target
--- a/files/zsh/51-alias.zsh
+++ b/files/zsh/51-alias.zsh
@ -14,7 +14,10 @@ command_exists() { command -v "$@" >/dev/null 2>&1; }

 if command_exists iptables; then
    alias ipl='sudo iptables -L -n'
-    if [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then
+    if [ -f "/etc/network/iptables-load" ]; then
+        alias ipe='sudo vi /etc/network/iptables-load'
+        alias ips='sudo /etc/network/iptables-load'
+    elif [ -f "/etc/network/if-pre-up.d/iptables-load" ]; then
        alias ipe='sudo vi /etc/network/if-pre-up.d/iptables-load'
        alias ips='sudo /etc/network/if-pre-up.d/iptables-load'
    fi