search

coreos / bugs

Issue tracker for CoreOS Container Linux
https://coreos.com/os/eol/
146 stars 30 forks source link

Add ipset.service #470

Open polarina opened 9 years ago

polarina commented 9 years ago

Can a ipset service be added to restore ipset configuration? I took a quick stab at making a service definition, based on the one provided by Arch GNU/Linux.

[Unit]
Description=Loading IP Sets
Before=network.target iptables-restore.service ip6tables-restore.service
Wants=network.target

[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/sbin/ipset -f /etc/ipset.conf restore
ExecReload=/usr/sbin/ipset -f /etc/ipset.conf restore
ExecStop=/usr/sbin/ipset destroy

[Install]
WantedBy=basic.target
marineam commented 9 years ago

We should check if a unit is in Gentoo yet or not too.

invidian commented 5 years ago

@polarina thanks for your service file! Simple and working. The only thing I would add is -exist flag, so service can be reloaded to load new configuration file without issues. Fragment of container linux config for interested people:

    - name: ipset.service
      enabled: true
      contents: |
        [Unit]
        Description=Loading IP Sets
        Before=network.target iptables-restore.service ip6tables-restore.service
        Wants=network.target

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/sbin/ipset -exist -f /etc/ipset.conf restore
        ExecReload=/usr/sbin/ipset -exist -f /etc/ipset.conf restore
        ExecStop=/usr/sbin/ipset destroy

        [Install]
        WantedBy=basic.target