added systemd unit for setting iptables rules using added script, added DSNet systemd unit

roles/init-server/files/systemd/system/dsnet.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=dsnet
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/dsnet up
+ExecStop=/usr/bin/dsnet down
+RemainAfterExit=yes
+ExecReload=/usr/bin/dsnet sync
+
+[Install]
+WantedBy=default.target

roles/init-server/files/systemd/system/thrunet.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=thrunet
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/bin/dsnet-forward.sh start
+ExecStop=/usr/local/bin/dsnet-forward.sh stop
+RemainAfterExit=yes
+# ExecReload=/usr/bin/dsnet sync
+
+[Install]
+WantedBy=default.target

roles/init-server/files/usr/local/bin/dsnet-forward.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -euo pipefail
+
+if [[ "$1" == "start" ]]; then
+    /usr/sbin/iptables -A FORWARD -i dsnet -p tcp --sport {80,443,465,587,995,110,143,993} -j ACCEPT
+    /usr/sbin/iptables -t nat -A POSTROUTING -o dsnet -j MASQUERADE
+elif [[ "$1" == "stop" ]]; then
+    /usr/sbin/iptables -D FORWARD -i dsnet -p tcp --sport {80,443,465,587,995,110,143,993} -j ACCEPT
+    /usr/sbin/iptables -t nat -D POSTROUTING -o dsnet -j MASQUERADE
+fi