wireguard-setup/packer/rootfs/etc/systemd/system/udptunnel.service

[Unit]
Description=udptunnel service
Requires=udptunnel.socket
ConditionPathExists=!/etc/udptunnel/udptunnel_not_to_be_run

[Service]
Type=notify
Restart=always
ExecStart=/usr/local/bin/udptunnel --server --verbose 127.0.0.1:51820
StandardOutput=journal
StandardError=journal
UMask=0077
DynamicUser=yes
ProtectSystem=strict
ProtectHome=yes
PrivateTmp=yes
PrivateDevices=yes
PrivateUsers=yes
ProtectHostname=yes
ProtectClock=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectKernelLogs=yes
ProtectControlGroups=yes
ProtectProc=invisible
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
LockPersonality=yes
MemoryDenyWriteExecute=yes
SystemCallFilter=~@clock
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@debug
SystemCallFilter=~@module
SystemCallFilter=~@mount
SystemCallFilter=~@obsolete
SystemCallFilter=~@privileged
SystemCallFilter=~@raw-io
SystemCallFilter=~@reboot
SystemCallFilter=~@resources
SystemCallFilter=~@swap
SystemCallArchitectures=native
CapabilityBoundingSet=
DevicePolicy=closed
ProcSubset=pid
NoNewPrivileges=yes

[Install]
WantedBy=multi-user.target
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`[Unit]`
			`Description=udptunnel service`
			`Requires=udptunnel.socket`
			`ConditionPathExists=!/etc/udptunnel/udptunnel_not_to_be_run`

			`[Service]`
			`Type=notify`
Restart always 2021-03-28 17:02:47 +02:00			`Restart=always`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`ExecStart=/usr/local/bin/udptunnel --server --verbose 127.0.0.1:51820`
			`StandardOutput=journal`
			`StandardError=journal`
Hardened udptunnel service 2021-11-21 15:44:36 +01:00			`UMask=0077`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`DynamicUser=yes`
			`ProtectSystem=strict`
			`ProtectHome=yes`
Hardened udptunnel service 2021-11-21 15:44:36 +01:00			`PrivateTmp=yes`
			`PrivateDevices=yes`
			`PrivateUsers=yes`
			`ProtectHostname=yes`
			`ProtectClock=yes`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`ProtectKernelTunables=yes`
			`ProtectKernelModules=yes`
Hardened udptunnel service 2021-11-21 15:44:36 +01:00			`ProtectKernelLogs=yes`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`ProtectControlGroups=yes`
Hardened udptunnel service 2021-11-21 15:44:36 +01:00			`ProtectProc=invisible`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6`
			`RestrictNamespaces=yes`
Hardened udptunnel service 2021-11-21 15:44:36 +01:00			`RestrictRealtime=yes`
			`RestrictSUIDSGID=yes`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`LockPersonality=yes`
			`MemoryDenyWriteExecute=yes`
Hardened udptunnel service 2021-11-21 15:44:36 +01:00			`SystemCallFilter=~@clock`
			`SystemCallFilter=~@cpu-emulation`
			`SystemCallFilter=~@debug`
			`SystemCallFilter=~@module`
			`SystemCallFilter=~@mount`
			`SystemCallFilter=~@obsolete`
			`SystemCallFilter=~@privileged`
			`SystemCallFilter=~@raw-io`
			`SystemCallFilter=~@reboot`
			`SystemCallFilter=~@resources`
			`SystemCallFilter=~@swap`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00			`SystemCallArchitectures=native`
Hardened udptunnel service 2021-11-21 15:44:36 +01:00			`CapabilityBoundingSet=`
			`DevicePolicy=closed`
			`ProcSubset=pid`
			`NoNewPrivileges=yes`
Added udptunnel to circumvent some firewalls 2020-06-19 00:12:25 +02:00
			`[Install]`
			`WantedBy=multi-user.target`