2

I have an iptables script I want to run at boot.
I created /etc/rc.d/rc.local file with CHMOD 755 permissions which have worked on previous operating systems.
Root owns the file.
I also have #!/bin/bash as the first line.
I have also tried #!/bin/sh
I have also added a 5 second sleep thinking maybe something needs to finish.
I have temporarily disabled selinux to eliminate that as a cause.
The rc.local file looks like this: 

#!/bin/bash  
sleep 5  
/usr/local/sbin/miniptables

The miniptables file is also owned by root, chmod 755, starts with #!/bin/bash, contains some iptables commands, and has worked on hundreds of servers.
What am I missing?
Thanks in advance.

xivix
  • 543
  • 2
  • 8
  • 15

2 Answers2

1

TL;DR: Just create /etc/rc.d/rc.local and make it executable. That's all.

I have no idea why so many articles and blogs mentions the unnecessary and incorrect step of enabling rc-local service unit. It won't even work as the default rc.local file does not have WantedBy statement on purpose, because systemd carries so called generator that checks if such file exists and it is executable it automatically generates the mentioned rc-local.service. There is no need to enable it manually, in fact, you cannot do that until systemd boots and generates it or you run the generator manually:

# systemctl enable --now rc-local
The unit files have no installation config (WantedBy=, RequiredBy=, Also=,
Alias= settings in the [Install] section, and DefaultInstance= for template
units). This means they are not meant to be enabled using systemctl.

Possible reasons for having this kind of units are:
• A unit may be statically enabled by being symlinked from another unit's
  .wants/ or .requires/ directory.
• A unit's purpose may be to act as a helper for some other unit which has
  a requirement dependency on it.
• A unit may be started when needed via activation (socket, path, timer,
  D-Bus, udev, scripted systemctl call, ...).
• In case of template units, the unit is meant to be enabled with some
  instance name specified.
lzap
  • 2,704
  • 2
  • 22
  • 22
0

The /etc/rc.d/rc.local file doesn't have execute permissions by default, so set it executable:

# chmod +x /etc/rc.d/rc.local

Also, the file is not run unless the systemd rc-local service is enabled, but it is disabled by default. So you need to enable (and start) it:

# systemctl start rc-local
# systemctl enable rc-local

For systemd systems, it is usually better to write your own systemd service.

Community
  • 1
e42d3
  • 75
  • 2
  • It would be helpful if you offered explanations of what those commands do, instead of encouraging blind copy/paste sysadmin practices. – EEAA Dec 28 '15 at 21:59
  • unfortunately your suggestion did not work. I forgot to mention that I checked rc-local service as well. The execution bit was already set per chmod 755 but I did your command anyway. Here is the output: systemctl status rc-local ... Loaded: loaded (/usr/lib/systemd/system/rc-local.service; static; vendor preset: disabled) Active: active (exited) since Mon 2015-12-28 14:58:17 CST; 1h 0min ago ... systemctl is-enabled rc-local static systemctl enable rc-local The unit files have no [Install] section. They are not meant to be enabled using systemctl. ... – xivix Dec 28 '15 at 22:08
  • Add "logger test" call to /etc/rc.local and after reboot check journalctl if test record was added. – e42d3 Dec 28 '15 at 22:10
  • Added logger test and now it is working and I don't know why :( Thanks though – xivix Dec 28 '15 at 22:26