Hello and greetings!
I posted on this forum a year or so ago and here is the thread: NFS IPtables Troubles
I was invoking iptables through an autostart script and everything worked fine with NFS. . . for a while. I want to start iptables through systemd and I referenced this thread as it included iptables.service setup instructions: VPN: Include default iptables rule for tun0 or at least optional
I want to invoke it through systemd as I want iptables started before my network is online. I followed the instructions for creating the iptables.service and iptables starts fine as I am totally unable to ssh into the box (which is good for me). My NFS mounts unfortunately do not mount. Here are my sample configuration files:
iptables.service
[Unit]
Description=Packet Filtering Framework
Before=network-pre.target
Wants=network-pre.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables-restore /storage/.config/iptables.rules
ExecReload=/usr/sbin/iptables-restore /storage/.config/iptables.rules
ExecStop=/usr/sbin/iptables -F
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
Display More
nfs mount:
[Unit]
Description=Disk1
After=network-online.service
Wants=network-online.service
Before=kodi.service
[Mount]
What=192.168.1.100:/run/media/alarm/Disk2/
Where=/storage/NFS/Disk2
Options=ro,auto,hard,timeo=100,rsize=262144
Type=nfs
[Install]
WantedBy=multi-user.target
Display More
and finally my iptables.rules:
*filter
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
COMMIT
I believe my problem essentially comes down to something like After=Network-online.service interfering with something. Any help or insight would be sincerely appreciated! My client is an Odroid C2.