Permalink
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
48 lines (36 sloc) 1.31 KB
# This file is part of Qubes+Whonix.
# Copyright (C) 2015 Jason Mehring <nrgaway@gmail.com>
# License: GPL-2+
[Unit]
Description=sets up Qubes-Whonix-Gateway external and internal network interface
Documentation=https://github.com/Whonix/qubes-whonix
## Does nothing on Whonix-Workstation.
DefaultDependencies=no
## Fail Closed Mechanism.
## When the Whonix firewall systemd service failed, do not bring up the
## network.
After=whonix-firewall.service
Requires=whonix-firewall.service
## There is no iptables.service as of Debian jessie.
#After=iptables.service
Before=network.target
Wants=network.target
After=sysinit.target
After=network-pre.target
Before=shutdown.target
Conflicts=shutdown.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/qubes-whonix/init/network-proxy-setup
[Install]
WantedBy=multi-user.target
## This is important.
## This disables qubes-network.service. Otherwise, the following would run:
## qubes-network.service -> /usr/lib/qubes/init/network-proxy-setup.sh -> /usr/lib/qubes/qubes-setup-dnat-to-ns
## And /usr/lib/qubes/qubes-setup-dnat-to-ns contains:
## (echo "*nat"; echo "$RULE1"; echo "$RULE2"; echo COMMIT) | iptables-restore -n
## Which could interfere with Whonix firewall rules.
Alias=qubes-network.service
## Prevent systemd ordering cycle.
Alias=networking.service