You are not logged in.
How to dynamically setup iptables firewall rules when an interface managed by systemd-networkd comes up/down?
I have a wg0.netdev and a wg0.network (a netdev of type Wireguard interface). I can bring it up with networkctl (or by restarting systemd-networkd). The interface works fine.
How do I run a one-shot wg0.service whenever systemd-networkd brings this interface up or down?
If it were a physical interface like en0, I should be able to do:
[Unit]
BindsTo=sys-subsystem-net-devices-en0.device
[Service]
ExecStart=/usr/bin/iptables ....
ExecStop=/usr/bin/iptables ....
But there is no unit created for wg0.netdev in systemctl list-units, which I think is why the above method does not work for wg0. Without a unit, can't make use of the dependency directives: After=/Before=/WantedBy=/etc. Any way to tell systemd to create a unit, just like it does for physical interfaces?
Note: network-online.target and network-pre.target do not seem useful for this problem. I have read [1] but it doesn't cover the simple use case above.
Offline
There should be a sys-subsystem-net-devices-wg0.device unit created - are you sure it's not there?
Offline
There should be a sys-subsystem-net-devices-wg0.device unit created - are you sure it's not there?
Indeed.... just checked, and.... it's there. wtf. Thanks. Either a dumb mistake or got into some kind of limbo state when working on this yesterday. I'll try hooking up via BindsTo= dependency.
Offline