diff options
Diffstat (limited to 'dnschain.service')
-rw-r--r-- | dnschain.service | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/dnschain.service b/dnschain.service new file mode 100644 index 000000000000..7084838a84d1 --- /dev/null +++ b/dnschain.service @@ -0,0 +1,31 @@ +# Example systemd unit file. Some assembly required. + +[Unit] +Description=dnschain +After=network.target +Wants=namecoin.service + +[Service] +ExecStart=/usr/bin/dnschain +Environment=DNSCHAIN_SYSD_VER=0.0.1 +PermissionsStartOnly=true +ExecStartPre=sysctl -w net.ipv4.ip_forward=1 +ExecStartPre=iptables -A INPUT -p udp --dport 5333 -j ACCEPT +ExecStartPre=iptables -t nat -A PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 5333 +ExecStopPost=iptables -D INPUT -p udp --dport 5333 -j ACCEPT +ExecStopPost=iptables -t nat -D PREROUTING -p udp --dport 53 -j REDIRECT --to-ports 5333 +User=root +Group=root +Restart=always +RestartSec=5 +WorkingDirectory=/root/ +PrivateTmp=true +NoNewPrivileges=true +ReadOnlyDirectories=/etc + +# Unfortunately, capabilities are basically worthless because they're designed to restrict root daemons. Instead, we use iptables to listen on privileged ports. +# Capabilities=cap_net_bind_service+pei +# SecureBits=keep-caps + +[Install] +WantedBy=multi-user.target |