(For Debian, the only change is /etc/sysconfig → /etc/default. Though I'd really like to just put options directly in ExecStart, but, eh, compatibility.)
hipfw.service will need an additional script that would clear the rules before killing the daemon, since currently there is no ExecStopPre= (a feature request could be made), so it has to be put in ExecStop= instead.
## flush-and-sigterm.sh
#!/bin/sh
if [ "$MAINPID" ]; then
iptables ...
iptables ...
iptables ...
# use exactly 'kill $MAINPID', do not -9, do not read pidfiles,
# DO NOT pkill, DO NOT killall – systemd will take care of it
kill "$MAINPID"
else
echo "error: \$MAINPID not set" >&2
exit 1
fi
## EOF
Note: I used Type=forking and left the -b option enabled. You could remove both (the default is Type=simple which expects the process to stay in "foreground"), although the forking behaviour is probably more useful, as systemd knows when the service has finished initializing. (It would be nice to implement Type=notify though.)
hipd.service and hipdnsproxy.service are trivial:
## hipd.service
[Unit]
Description=Host Identity Protocol IPsec Management Daemon
[Service] HIPD_OPTS= -b =-/etc/ sysconfig/ hipd /usr/sbin/ hipd $HIPD_OPTS
Type=forking
Environment=
EnvironmentFile
ExecStart=
[Install] multi-user. target
WantedBy=
## EOF
## hipdnsproxy.service
[Unit]
Description=Host Identity Protocol DNS Proxy Daemon
[Service] DNSPROXY_ OPTS=-b =-/etc/ sysconfig/ hipdnsproxy /usr/sbin/ hipdnsproxy $DNSPROXY_OPTS
Type=forking
Environment=
EnvironmentFile
ExecStart=
## EOF
(For Debian, the only change is /etc/sysconfig → /etc/default. Though I'd really like to just put options directly in ExecStart, but, eh, compatibility.)
hipfw.service will need an additional script that would clear the rules before killing the daemon, since currently there is no ExecStopPre= (a feature request could be made), so it has to be put in ExecStop= instead.
## hipfw.service
[Unit]
Description=Host Identity Protocol Firewall Daemon
[Service] HIPFW_OPTS= -blpF =-/etc/ sysconfig/ hipfw /usr/sbin/ hipfw $HIPFW_OPTS /usr/lib/ hipl/flush- and-sigterm. sh
Type=forking
Environment=
EnvironmentFile
ExecStart=
ExecStop=
## EOF
## flush-and- sigterm. sh
#!/bin/sh
if [ "$MAINPID" ]; then
iptables ...
iptables ...
iptables ...
# use exactly 'kill $MAINPID', do not -9, do not read pidfiles,
# DO NOT pkill, DO NOT killall – systemd will take care of it
kill "$MAINPID"
else
echo "error: \$MAINPID not set" >&2
exit 1
fi
## EOF
Note: I used Type=forking and left the -b option enabled. You could remove both (the default is Type=simple which expects the process to stay in "foreground"), although the forking behaviour is probably more useful, as systemd knows when the service has finished initializing. (It would be nice to implement Type=notify though.)