| # Copyright 2016 The Chromium OS Authors. All rights reserved. |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| [Unit] |
| Description=Run the netfilter-queue-helper multicast firewall extension |
| PartOf=system-services.target |
| After=system-services.target |
| [Service] |
| EnvironmentFile=/usr/sbin/netfilter-common |
| Environment=EXEC_NAME=/usr/sbin/netfilter-queue-helper |
| Restart=always |
| ExecStart=/sbin/minijail0 -u nfqueue -g nfqueue -c 1000 -i \ |
| -S /usr/share/policy/nfqueue-seccomp.policy -n \ |
| ${EXEC_NAME} \ |
| --input-queue=${NETFILTER_INPUT_NFQUEUE} \ |
| --output-queue=${NETFILTER_OUTPUT_NFQUEUE} |