Systemd needs to support ExecStopPre to delete the chain.
%YAML 1.1
---
# Suricata Emergingthreats Pro Open Rulesets Recommended
+reference-config-file: /etc/suricata/reference.config
# Number of packets allowed to be processed simultaneously. Default is a
# conservative 50. a higher number will make sure CPU's/CPU cores will be
name = suricata
version = 1.1beta3
-release = 3
+release = 4
groups = Networking/IDS
url = http://www.openinfosecfoundation.org/
packages
package %{name}
+
+ prerquires = systemd-units
+
+ configfiles
+ /etc/suricata/suricata.conf
+ end
+
+ script postin
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script preun
+ /bin/systemctl --no-reload disable suricata.service >/dev/null 2>&1 || :
+ /bin/systemctl stop suricata.service >/dev/null 2>&1 || :
+ end
+
+ script postun
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ end
+
+ script postup
+ /bin/systemctl daemon-reload >/dev/null 2>&1 || :
+ /bin/systemctl try-restart suricata.service >/dev/null 2>&1 || :
+ end
+
end
package %{name}-devel
--- /dev/null
+[Unit]
+Description=Open Source Next Generation Intrusion Detection and Prevention Engine
+After=syslog.target network.target
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.conf -q 0 -q 1 -D
+ExecStartPost=/sbin/iptables -I INPUT -j NFQUEUE -–queue-balance 0:1
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStopPre=/sbin/iptables -D INPUT -j NFQUEUE -–queue-balance 0:1
+ExecStop=/bin/kill $MAINPID
+
+[Install]
+WantedBy=multi-user.target