pátek 3. března 2023

Debian 11

Staticka IP adresa

(pred  systemctl restart networking je obcas nutne rucne smazat IP adresy zarizeni, jinak se zmeny v /etc/network/interfaces neprojevi)


Aktivace rc.local

(podle https://blog.wijman.net/enable-rc-local-in-debian-bullseye/ )

Create a file /etc/rc.local

#!/bin/sh
  # ...
  # By default this script does nothing.
  /etc/rc.firewall
  touch /var/lock/subsys/local
  exit 0
chmod +x /etc/rc.local

Then we need to reload the systemd manager configuration:

systemctl daemon-reload

Then we start the rc-local daemon:

systemctl start rc-local

And then we check the status of rc-local to confirm it ran OK:


systemctl status rc-local 

Pokud definice sluzby chybi: (podle https://www.cyberciti.biz/faq/how-to-enable-rc-local-shell-script-on-systemd-while-booting-linux-system/

[Unit]
Description=/etc/rc.local
ConditionPathExists=/etc/rc.local
 
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
 
[Install]
WantedBy=multi-user.target

anebo delsi a ukecanejsi soubor (ale musi mit sekci [Install]): 

  
# /etc/systemd/system/rc-local.service
#  SPDX-License-Identifier: LGPL-2.1+
#
#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU Lesser General Public License as published by
#  the Free Software Foundation; either version 2.1 of the License, or
#  (at your option) any later version.
 
# This unit gets pulled automatically into multi-user.target by
# systemd-rc-local-generator if /etc/rc.local is executable.
[Unit]
Description=/etc/rc.local Compatibility
Documentation=man:systemd-rc-local-generator(8)
ConditionFileIsExecutable=/etc/rc.local
After=network.target
 
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
RemainAfterExit=yes
GuessMainPID=no
StandardOutput=journal+console
StandardError=journal+console
[Install]
WantedBy=multi-user.target
 [Install]
WantedBy=multi-user.target

Iptables firewall

iptables negate: (https://www.cyberciti.biz/faq/iptables-invert-ip-or-protocol-with/) 

Narozdil od starsi implementace, negace se dava pred "option" (viz man iptables): --option ! this is deprecated in favour of ! --option this

--------------

Vystavil v

Žádné komentáře:

Okomentovat

Přihlásit se k odběru: Komentáře k příspěvku (Atom)