LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-25-2015, 08:30 PM   #1
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 385

Rep: Reputation: 158Reputation: 158
systemd and loading init file


I recently changed from Debian 7 to 8 which now uses systemd as the default init.
I had a init file that worked fine (see below) and works fine when directly invoked
Code:
$ sudo /etc/init.d/iptables start
however fails when indirectly invoked
Code:
$ sudo service iptables start
Job for iptables.service failed. See 'systemctl status iptables.service' and 'journalctl -xn' for details.
Code:
$ systemctl status iptables.service
 iptables.service - LSB: Iptable setup
   Loaded: loaded (/etc/init.d/iptables)
   Active: failed (Result: exit-code) since Mon 2015-05-25 17:18:37 PDT; 5s ago
  Process: 4825 ExecStart=/etc/init.d/iptables start (code=exited, status=203/EXEC)
Code:
$ journalctl -xn
No journal files were found.
I don't understand the error except that it "failed" and is loaded.
I have disabled and re-enabled the service with these commands:

Code:
sudo systemctl disable iptables
sudo systemctl enable iptables
which completes successfully but did not fix the problem.


INIT file
Code:
### BEGIN INIT INFO
# Provides:          iptables
# Required-Start:    $network $remote_fs $syslog
# Required-Stop:     $network $remote_fs $syslog
# Should-Start:      $portmap
# Should-Stop:       $portmap
# X-Start-Before:    nis
# X-Stop-After:      nis
# Default-Start:     2 
# Default-Stop:      1
# X-Interactive:     false
# Short-Description: Iptable setup
# Description:       Sets iptable rules
#                    
### END INIT INFO

ipt=/sbin/iptables

loadrules() {

if [ -e /etc/iptables_ruleset ]; then iptables-restore < /etc/iptables_ruleset && exit 0; fi

$ipt -F
$ipt -X

# Policies and Chains
$ipt -P INPUT DROP
$ipt -P FORWARD DROP
$ipt -P OUTPUT ACCEPT
$ipt -N SSH
$ipt -N WEBSERVER

$ipt -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
$ipt -A INPUT -i lo -j ACCEPT # Allow loopback

# Services
$ipt -A INPUT -p tcp -m multiport --dport 443,80 -j WEBSERVER # WEBSERVER chain 
$ipt -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j SSH # Jump to SSH chain
$ipt -A INPUT -p tcp -s 192.168.1.1/24 --dport 445 -j ACCEPT # samba

# Reject message for LAN
$ipt -A INPUT -s 192.168.1.1/24 -j REJECT

# WEBSERVER chain
$ipt -A WEBSERVER -p tcp -m multiport --dport 443,80 -m conntrack --ctstate NEW -j LOG
$ipt -A WEBSERVER -p tcp -m multiport --dport 443,80 -j ACCEPT

# SSH chain
$ipt -A SSH -p tcp --dport 22 -m recent --set --name SSH # Set SSH recent
$ipt -A SSH -p tcp --dport 22 -m recent --name SSH --update --seconds 10 --hitcount 2 --rttl -j LOG # Log if over counter
$ipt -A SSH -p tcp --dport 22 -s 192.168.1.1/24 -m recent --name SSH --update --seconds 10 --hitcount 10 --rttl -j REJECT # Reject from lan if over counter
$ipt -A SSH -p tcp --dport 22 ! -s 192.168.1.1/24 -m recent --name SSH --update --seconds 10 --hitcount 2 --rttl -j DROP # Drop if over counter
$ipt -A SSH -p tcp --dport 22 -j ACCEPT

iptables-save > /etc/iptables_ruleset
}

removerules() {
$ipt -P INPUT ACCEPT
$ipt -P FORWARD ACCEPT
$ipt -P OUTPUT ACCEPT
$ipt -F
$ipt -X
}

restartrules() {
rm /etc/iptables_ruleset
loadrules
}

case "$1" in
	start)
		loadrules
		;;
	stop)
		removerules
		;;
        restart)
                restartrules
                ;;
    	*)
        	echo "Usage: $0 start|stop|restart" >&2
        	exit 3
        	;;
esac
Edit:
Checking /var/log/daemon.log gives me this info:
Code:
May 25 19:13:29 hostname systemd[6004]: Failed at step EXEC spawning /etc/init.d/iptables: Exec format error
May 25 19:13:29 hostname systemd[1]: iptables.service: control process exited, code=exited status=203
May 25 19:13:29 hostname systemd[1]: Failed to start LSB: Iptable setup.
May 25 19:13:29 hostname systemd[1]: Unit iptables.service entered failed state.

Last edited by Sefyir; 05-25-2015 at 10:42 PM.
 
Old 05-25-2015, 10:16 PM   #2
mralk3
Member
 
Registered: May 2015
Posts: 760

Rep: Reputation: 232Reputation: 232Reputation: 232
Systemd does not use init files. You need to create a unit file for systemd that issues an iptables-restore or iptables-save and loads your iptables rules from a file in /etc. Unfortunately the Debian wiki has not been updated to include how to do this in Debian.

See this and this for an explanation of what I am talking about. Those links should point you in the right direction to create a unit file for iptables or ip6tables so you can use systemctl to manage iptables.

Here is the Debian wiki article on Systemd. Systemd was one of the reasons I stopped using Debian after 10 years. I switched to Slackware shortly after Debian Jessie was made the Stable branch and I did not experiment much with Systemd and creating unit files.

Hopefully someone who uses Systemd on a regular basis can chime in here and provide some better insight.

Edit: The Arch Linux wiki seems to have better documentation on configuring iptables with systemd, here.

Last edited by mralk3; 05-25-2015 at 10:18 PM.
 
1 members found this post helpful.
Old 05-25-2015, 10:42 PM   #3
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 385

Original Poster
Rep: Reputation: 158Reputation: 158
I "solved" it.

Turns out it's not too hard to reinstall sys-init
Code:
# apt-get install sysvinit-core
I enabled it (my init iptables script) with chkconfig and it works flawlessly.
I can't remove systemd since it appears to be completely tied in with gnome3 (the default one)

But the problem is otherwise solved

Thanks mralk3 for looking up the systemd information though (it encouraged me to try and get init back since I heard it was possible to use it in Debian Jessie.)

Last edited by Sefyir; 05-25-2015 at 10:45 PM.
 
Old 05-26-2015, 05:58 AM   #4
mralk3
Member
 
Registered: May 2015
Posts: 760

Rep: Reputation: 232Reputation: 232Reputation: 232
systemd and loading init file

You are welcome. I regret to inform you that you are still running systemd under the hood, just not as PID 1. There is no way to avoid this in Debian.
 
Old 05-26-2015, 11:28 AM   #5
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 385

Original Poster
Rep: Reputation: 158Reputation: 158
It looks like it is possible to remove systemd from debian
http://without-systemd.org/wiki/inde...d_installation
Like I said though, with gnome and the desktop manager amongst others (see code) tied in it's going to devastate that. I might install xfce and remove it then

Code:
apt-get remove --purge --auto-remove systemd
  brasero* colord* gdm3* gnome* gnome-bluetooth* gnome-color-manager* gnome-control-center* gnome-core*
  gnome-disk-utility* gnome-music* gnome-packagekit* gnome-packagekit-session* gnome-session* gnome-settings-daemon*
  gnome-shell* gnome-shell-extension-weather* gnome-shell-extensions* gnome-sushi* gnome-system-log*
  gnome-user-share* gvfs* gvfs-backends* gvfs-daemons* gvfs-fuse* libpam-systemd* nautilus* nautilus-sendto*
  network-manager* network-manager-gnome* packagekit* packagekit-tools* policykit-1* policykit-1-gnome* systemd*
  task-gnome-desktop* udisks2*
 
Old 05-26-2015, 01:12 PM   #6
Head_on_a_Stick
Senior Member
 
Registered: Dec 2014
Location: London, England
Distribution: Arch & Debian
Posts: 1,183

Rep: Reputation: 283Reputation: 283Reputation: 283
For anybody interested in creating custom unit files for systemd rather than changing back to SysVinit, read the documentation: systemd.service(5) & systemd.unit(5)
 
Old 05-26-2015, 01:34 PM   #7
273
LQ Addict
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 5,999

Rep: Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611Reputation: 1611
As a potential word of warning, Sefyir, removing GNOME libraries could mean you uninstall things you use under XFCE as well.
XFCE does have it's own applications but it is, as I understand it, reliant upon GTK.

Last edited by 273; 05-27-2015 at 12:56 PM. Reason: Typo' in a tag.
 
Old 05-27-2015, 05:32 AM   #8
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,130
Blog Entries: 2

Rep: Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825Reputation: 4825
If you want a systemd-free Debian you might want to take a look at Devuan instead.
 
Old 06-05-2015, 10:39 PM   #9
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 385

Original Poster
Rep: Reputation: 158Reputation: 158
I removed systemd which removed a tremendous number of packages.
http://without-systemd.org/wiki/inde...d_installation
If interested, I suggest downloading the packages for wicd or some other network manager prior since the removal of network-manager will cause a loss of all connection (even lan).
Works great otherwise. Installed xfce, wicd and various other programs - it runs very fast.
 
Old 06-06-2015, 06:42 AM   #10
Head_on_a_Stick
Senior Member
 
Registered: Dec 2014
Location: London, England
Distribution: Arch & Debian
Posts: 1,183

Rep: Reputation: 283Reputation: 283Reputation: 283
Quote:
Originally Posted by Sefyir View Post
I removed systemd which removed a tremendous number of packages.
http://without-systemd.org/wiki/inde...d_installation
That's just ridiculous.

Removing systemd and using APT pinning will drastically reduce the functionality of your system.

You should use this command to stop Debian from using systemd as PID1:
Code:
apt-get install sysvinit-core systemd-shim systemd-sysv-
https://wiki.debian.org/FAQsFromDebi...9_on_Jessie.3F

This will keep the systemd and it's associated libraries on your machine and let you use any and all software in the Debian repositories.
 
Old 06-06-2015, 08:51 PM   #11
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 385

Original Poster
Rep: Reputation: 158Reputation: 158
Quote:
Originally Posted by Head_on_a_Stick View Post
Removing systemd and using APT pinning will drastically reduce the functionality of your system.
In what way?
I've been able to freely install software without issue since I removed systemd?
I haven't pushed installation too much or done any compiling, but apt is working fine, I've even been able to install steam without issue.
I'm not saying you're wrong - but I haven't seen "drastically reduced functionality" yet or noticed any real limitation (besides installing gnome)
 
Old 06-06-2015, 09:02 PM   #12
Head_on_a_Stick
Senior Member
 
Registered: Dec 2014
Location: London, England
Distribution: Arch & Debian
Posts: 1,183

Rep: Reputation: 283Reputation: 283Reputation: 283
Quote:
Originally Posted by Sefyir View Post
In what way?
Well you've already given two important examples -- GNOME and NetworkManager; read this link:
https://wiki.debian.org/FAQsFromDebi...ssie_system.3F

It seems somewhat churlish to use APT pinning to prevent the installation of systemd libraries (which are listed as dependencies by a growing number of upstream packages) when the command I have listed above achieves the desired effect (ie, sets SysVinit as PID1) without restricting software choice in any way.

As it says in the DebianUser FAQ, the systemd libraries are inert unless called up by systemd and this will *not* happed if SysVinit is PID1.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: The Story Behind ‘init’ and ‘systemd’: Why ‘init’ Needed to be Replaced with ‘systemd’ in Linu LXer Syndicated Linux News 0 09-06-2014 02:33 AM
How do I replace systemd init? Pixxt Debian 3 06-22-2014 10:59 AM
Convert init script to systemd file service igor012 Linux - Software 1 10-15-2012 11:05 AM
Informaton on systemd init system? arashi256 Linux - Newbie 1 06-04-2011 08:06 PM
Init.d services take a long time loading after fixing a corrupted hosts file ishaypeled Fedora 2 01-29-2007 08:20 AM


All times are GMT -5. The time now is 04:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration