github/wangyu-udp2raw
1
0
Fork 0
mirror of https://github.com/wangyu-/udp2raw.git synced 2025-04-24 12:59:34 +08:00
Code Issues Packages Projects Releases Wiki Activity
wangyu-udp2raw/doc/systemd_example.md
Peter Cai 9fee746763 systemd_example: add server example
2017-08-19 18:27:37 +08:00

1.6 KiB
Raw Blame History

systemd service file

Client

[Unit]
Description=UDP2RAW service
After=network-online.service

[Service]
User=nobody
Type=simple
PermissionsStartOnly=true
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
ExecStartPre=/sbin/iptables -I INPUT -s SERVER_IP -p tcp --sport SERVER_PORT -j DROP
ExecStart=/usr/bin/udp2raw -c -l127.0.0.1:LOCAL_PORT -rSERVER_IP:SERVER_PORT -k PASSWORD --raw-mode faketcp
ExecStopPost=/sbin/iptables -D INPUT -s SERVER_IP -p tcp --sport SERVER_PORT -j DROP
Restart=always
RestartSec=30
StartLimitBurst=10

[Install]
WantedBy=multi-user.target

Server

[Unit]
Description=UDP2RAW service
After=network-online.service

[Service]
User=nobody
Type=simple
PermissionsStartOnly=true
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN
ExecStartPre=/sbin/iptables -I INPUT -p tcp --dport SERVER_PORT -j DROP
ExecStart=/usr/bin/udp2raw -s -l0.0.0.0:SERVER_PORT -r127.0.0.1:REMOTE_PORT -k PASSWORD --raw-mode faketcp
ExecStopPost=/sbin/iptables -D INPUT -p tcp --dport SERVER_PORT -j DROP
Restart=always
RestartSec=30
StartLimitBurst=10

[Install]
WantedBy=multi-user.target

Please replace SERVER_IP, SERVER_PORT, REMOTE_PORT and LOCAL_PORT with your own parameters and replace the pathes to iptables and udp2raw according to your own system configuration.

The above unit will only execute the iptables commands as root, and will execute the main udp2raw command as nobody, with CapabilityBoundingSet that grants necessary permissions.

You may also need to run setcap cap_net_raw,cap_net_admin+ep udp2raw on the udp2raw binary