From 9fee7467633e2af6cc6f42bea2431e4480daadb3 Mon Sep 17 00:00:00 2001
From: Peter Cai <peter@typeblog.net>
Date: Sat, 19 Aug 2017 18:27:37 +0800
Subject: [PATCH] systemd_example: add server example

---
 doc/systemd_example.md | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/doc/systemd_example.md b/doc/systemd_example.md
index e07a3c3..99f9233 100644
--- a/doc/systemd_example.md
+++ b/doc/systemd_example.md
@@ -1,4 +1,6 @@
 # systemd service file
+
+### Client
 ```
 [Unit]
 Description=UDP2RAW service
@@ -20,7 +22,29 @@ StartLimitBurst=10
 WantedBy=multi-user.target
 ```
 
-Please replace `SERVER_IP`, `SERVER_PORT` and `LOCAL_PORT` with your own parameters and replace the pathes to `iptables` and `udp2raw` according to your own system configuration.
+### Server
+```
+[Unit]
+Description=UDP2RAW service
+After=network-online.service
+
+[Service]
+User=nobody
+Type=simple
+PermissionsStartOnly=true
+CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
+ExecStartPre=/sbin/iptables -I INPUT -p tcp --dport SERVER_PORT -j DROP
+ExecStart=/usr/bin/udp2raw -s -l0.0.0.0:SERVER_PORT -r127.0.0.1:REMOTE_PORT -k PASSWORD --raw-mode faketcp
+ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport SERVER_PORT -j DROP
+Restart=always
+RestartSec=30
+StartLimitBurst=10
+
+[Install]
+WantedBy=multi-user.target
+```
+
+Please replace `SERVER_IP`, `SERVER_PORT`, `REMOTE_PORT` and `LOCAL_PORT` with your own parameters and replace the pathes to `iptables` and `udp2raw` according to your own system configuration.
 
 The above unit will only execute the `iptables` commands as root, and will execute the main `udp2raw` command as `nobody`, with `CapabilityBoundingSet` that grants necessary permissions.