Persist SSH firewall rules running OpenVPN

Solution 1:

The easiest I've found is to create a service like so:

# Documentation available at:
# https://www.freedesktop.org/software/systemd/man/systemd.service.html

[Unit]
Description=Setup Firewall on each reboot
Before=network.target

[Service]
Type=oneshot
WorkingDirectory=~
RemainAfterExit=yes
ExecStart=/usr/sbin/set-ssh-rules.sh
User=root
Group=root

[Install]
WantedBy=multi-user.target

# vim: syntax=dosini

Your script must be placed in a location which you can refer with a full path as shown above.

To install the file, you can copy it here:

/lib/systemd/system/my-firewall.service

When you manually add a new file, you need to nudge the system to wake it up with the following:

systemctl daemon-reload

The systemd commands will also tell you to run that command if you edit your .service file(s) so it can update itself as required before attempting to run other commands. This is done automatically when you install/uninstall a package, but not when you do this manually.

Then you can enable it and it will kick in on each reboot.

systemctl enable my-firewall

To see whether it worked, check the status:

systemctl status my-firewall

Also you can start/stop manually to verify that the script runs as expected:

systemctl start my-firewall
systemctl stop my-firewall

Since I don't have a script to stop my firewall, nothing happens in the stop, but if already running the start won't do anything... so you need to stop in order to do a start. (you can also use restart)