Introduce a systemd service file

[melroy89]

• Introducing a service file
• Update README with additional setup of systemd service file

Remember that /etc/rc.local is discontinued and obsolete.

[melroy89]

@trick77 Could you please merge this? It would help myself in the upcoming future again..

[trick77]

Hey @melroy89
I think there is a problem with that PR. It currently removes the first rule in the INPUT chain, which may not always be the intended rule. This makes the script non-idempotent and could cause unexpected behavior. Please revise the script to safely delete only the specific rule added by the ExecStart command. If you prefer, you can always fork the project and include your changes in your own repository.

[melroy89]

Hey @melroy89 I think there is a problem with that PR. It currently removes the first rule in the INPUT chain, which may not always be the intended rule. This makes the script non-idempotent and could cause unexpected behavior. Please revise the script to safely delete only the specific rule added by the ExecStart command. If you prefer, you can always fork the project and include your changes in your own repository.

But that is exactly what your snippet is doing now as well in your Readme: https://github.com/trick77/ipset-blacklist#iptables-filter-rule

The problem is that you now also tell people to use /etc/rc.local which should really not be used any anymore.

[trick77]

The README.md says to delete the top rule in the INPUT chain?

[melroy89]

Ow sorry your Readme only saids to add the blacklist to top chain it seems.

[trick77]

I'm with you though that the rc.local approach is outdated.