On 21/10/14 20:30, Lennart Poettering wrote: > But in cases like the iptables tool (which > is written in a style that kinda requires the usage of shell scripts > to invoke it, since it is more a programming language and is seldom > called just once at boot)
If your ruleset is static (e.g. does not depend on the local IP address), it's very close to not needing a shell: all it would need is for systemd to support StandardInput=/a/file/path, or for iptables-restore to support "--file /a/file/path", or something similar. iptables-save | sudo tee /etc/my-firewall ip6tables-save | sudo tee /etc/my-firewall6 ExecStart=/bin/sh -c 'iptables-restore < /etc/my-firewall' ExecStart=/bin/sh -c 'ip6tables-restore < /etc/my-firewall6' S _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel