ubuntu 16.04 增加 bash 脚本为service，比如iptables 规则脚本

1./lib/systemd/system/apple.service

[Unit]
Description=my apple iptables and fn key set
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
WorkingDirectory=/etc/init.d/
Type=forking
ExecStart=/bin/bash myiptables

[Install]
WantedBy=multi-user.target

2./etc/init.d/myiptables

#!/bin/bash
IPT=/sbin/iptables
$IPT -F
$IPT -A INPUT -p tcp -m state --state INVALID -j DROP
$IPT -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A INPUT -p udp  -s 127.0.0.1 --dport 53 -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 53 -j ACCEPT
$IPT -A INPUT -p udp  -s 192.168.1.105 --dport 53 -j ACCEPT
$IPT -A INPUT -p tcp  -s 192.168.1.105 --dport 53 -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 9999 -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 1234 -j ACCEPT
$IPT -A INPUT -p tcp  -s 192.168.1.105  --dport 1234 -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 80  -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 48100  -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 48102  -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 3306   -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1 --dport 8080 -j ACCEPT
$IPT -A INPUT -p tcp  -s 127.0.0.1  -j ACCEPT
$IPT -A INPUT -p tcp  -s 192.168.1.105   -j ACCEPT
$IPT -A INPUT -p tcp  -s 192.168.1.102 -j ACCEPT

#为了能调试qml，增加下面这一行
#$IPT -A INPUT -p tcp  -s 127.0.0.1  -j ACCEPT
$IPT -P INPUT DROP
#$IPT -P INPUT ACCEPT
$IPT -A OUTPUT -p udp --dport 53 -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 21 -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 80 -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 81 -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 82 -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 443 -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 11979 -j ACCEPT
$IPT -A OUTPUT -d 192.168.1.108 -j ACCEPT
$IPT -A OUTPUT -p tcp  --dport 22 -j ACCEPT
$IPT -A OUTPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -p icmp -m state --state ESTABLISHED,RELATED -j ACCEPT
#$IPT -A OUTPUT -j DROP
#$IPT -A FORWARD -j DROP
$IPT -A FORWARD -j ACCEPT

echo 2 | sudo tee /sys/module/hid_apple/parameters/fnmode&
sslocal -c /home/iamdsy/shadowsocks.conf&

3.设置让脚本开机自动启动

sudo systemctl enable apple.service