Persist SSH firewall rules running OpenVPN
Solution 1:
The easiest I've found is to create a service like so:
# Documentation available at:
# https://www.freedesktop.org/software/systemd/man/systemd.service.html
[Unit]
Description=Setup Firewall on each reboot
Before=network.target
[Service]
Type=oneshot
WorkingDirectory=~
RemainAfterExit=yes
ExecStart=/usr/sbin/set-ssh-rules.sh
User=root
Group=root
[Install]
WantedBy=multi-user.target
# vim: syntax=dosini
Your script must be placed in a location which you can refer with a full path as shown above.
To install the file, you can copy it here:
/lib/systemd/system/my-firewall.service
When you manually add a new file, you need to nudge the system to wake it up with the following:
systemctl daemon-reload
The systemd commands will also tell you to run that command if you edit your .service file(s) so it can update itself as required before attempting to run other commands. This is done automatically when you install/uninstall a package, but not when you do this manually.
Then you can enable it and it will kick in on each reboot.
systemctl enable my-firewall
To see whether it worked, check the status:
systemctl status my-firewall
Also you can start/stop manually to verify that the script runs as expected:
systemctl start my-firewall
systemctl stop my-firewall
Since I don't have a script to stop my firewall, nothing happens in the stop
, but if already running the start
won't do anything... so you need to stop
in order to do a start
. (you can also use restart
)