1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
[Unit]
Description=go-mmproxy
After=network.target
[Service]
Type=simple
LimitNOFILE=65535
CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_NET_ADMIN
ExecStartPost=+/sbin/ip rule add from 127.0.0.1/8 iif lo table 123
ExecStartPost=+/sbin/ip route add local 0.0.0.0/0 dev lo table 123
ExecStartPost=+/sbin/ip -6 rule add from ::1/128 iif lo table 123
ExecStartPost=+/sbin/ip -6 route add local ::/0 dev lo table 123
ExecStart=/usr/bin/go-mmproxy -4 127.0.0.1:1000 -6 "[::1]:1000" -allowed-subnets /etc/go-mmproxy/net-prefixes.txt -l 0.0.0.0:1234
ExecStopPost=+/sbin/ip rule del from 127.0.0.1/8 iif lo table 123
ExecStopPost=+/sbin/ip route del local 0.0.0.0/0 dev lo table 123
ExecStopPost=+/sbin/ip -6 rule del from ::1/128 iif lo table 123
ExecStopPost=+/sbin/ip -6 route del local ::/0 dev lo table 123
Restart=on-failure
RestartSec=10s
DynamicUser=yes
ProtectSystem=full
PrivateTmp=true
WorkingDirectory=/tmp
[Install]
WantedBy=multi-user.target
|
