On Sat, Aug 29, 2015 at 11:07 PM, ToddAndMargo <[log in to unmask]> wrote: > On 08/29/2015 06:04 PM, Nico Kadel-Garcia wrote: >> >> It's not necessary to put in rc.local: I just went through this with >> someone else: that's what init scripts are for, to allow you to turn >> on, and turn off, the relevant feature in a user legible fashion, even >> in RHEL 7. > > Yes and no. It kind of depends on what you are trying to do. > I use rc.local as a grab bag of little miscellaneous one lines > I like to do. > > I did create a init script for my firewall. Even if you just have one command, writing a systemd unit isn't much more work than adding a line to rc.local. I have the following on my laptop in order to create a bridge for kvm: # cat /etc/systemd/system/tom-kvm-bridge0.service [Unit] Description=KVM Bridge0 After=network-online.target After=tom-kvm-masquerade.service Requires=tom-kvm-masquerade.service [Service] Type=oneshot ExecStart=/home/root/bin/p-kvm-bridge0-up.sh ExecStop=/home/root/bin/p-kvm-bridge0-down.sh RemainAfterExit=yes [Install] WantedBy=multi-user.target ("/home/root" isn't root's homedir) It's less work than writing a sysvinit script so it's easier to avoid using rc.local and it allows you to target the startup conditions more accurately (and start/stop/restart that job on its own). Distributions differ in their treatment of rc.local. If you were kicking off your iptables rules via rc.local on SL, you'd be OK (I think). But if you were doing so on Debian or Ubuntu, you'd be kicking them off after bringing up the network because Debian adds the following fragment: # cat /lib/systemd/system/rc-local.service.d/debian.conf [Unit] # not specified by LSB, but has been behaving that way in Debian under SysV # init and upstart After=network-online.target # Often contains status messages which users expect to see on the console # during boot [Service] StandardOutput=journal+console StandardError=journal+console