From 4b891bdd23a3cb07d44d2fe09309967b4cadd2c8 Mon Sep 17 00:00:00 2001
From: ohrensessel <git@leokrueger.de>
Date: Tue, 19 Aug 2014 11:17:34 +0200
Subject: [PATCH] Implement policy routing for IPv6

---
 files/etc/iptables/rules.v6 | 17 +++++++++++++++++
 manifests/init.pp           |  7 +++++--
 2 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 files/etc/iptables/rules.v6

diff --git a/files/etc/iptables/rules.v6 b/files/etc/iptables/rules.v6
new file mode 100644
index 0000000..4ee0a77
--- /dev/null
+++ b/files/etc/iptables/rules.v6
@@ -0,0 +1,17 @@
+# Generated by ip6tables-save v1.4.14 on Mon Aug 18 22:31:43 2014
+*mangle
+:PREROUTING ACCEPT [347182:29416089]
+:INPUT ACCEPT [95377:10719074]
+:FORWARD ACCEPT [50710:3964545]
+:OUTPUT ACCEPT [108706:9522484]
+:POSTROUTING ACCEPT [161591:13748029]
+-A PREROUTING -i br-ffhh -j MARK --set-xmark 0x1/0xffffffff
+COMMIT
+# Completed on Mon Aug 18 22:31:43 2014
+# Generated by ip6tables-save v1.4.14 on Mon Aug 18 22:31:43 2014
+*filter
+:INPUT ACCEPT [1244932:115240832]
+:FORWARD ACCEPT [51046:3997994]
+:OUTPUT ACCEPT [1330577:118074893]
+COMMIT
+# Completed on Mon Aug 18 22:31:43 2014
diff --git a/manifests/init.pp b/manifests/init.pp
index fe9b724..ba69839 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -167,7 +167,6 @@ class ff_gw::fastd($mesh_mac, $gw_ipv4, $gw_ipv4_netmask, $gw_ipv6, $gw_ipv6_pre
         "set iface[. = '${bat_if}']/up 'ip link set \$IFACE up'",
         "set iface[. = '${bat_if}']/post-up[1] 'brctl addif ${br_if} \$IFACE'",
         "set iface[. = '${bat_if}']/post-up[2] 'batctl it 10000'",
-        "set iface[. = '${bat_if}']/post-up[3] '/sbin/ip rule add from all fwmark 0x1 table 42'",
         "set iface[. = '${bat_if}']/pre-down 'brctl delif ${br_if} \$IFACE || true'",
         "set iface[. = '${bat_if}']/down 'ip link set \$IFACE down'",
       ];
@@ -478,9 +477,12 @@ class ff_gw::iptables {
     '/etc/iptables/rules.v4':
       ensure => file,
       source => 'puppet:///modules/ff_gw/etc/iptables/rules.v4';
+    '/etc/iptables/rules.v6':
+      ensure => file,
+      source => 'puppet:///modules/ff_gw/etc/iptables/rules.v6';
     '/etc/rc.local':
       ensure  => file,
-      content => '#!/bin/sh -e
+      content => '#!/bin/sh
 # managed by puppet
 #
 # rc.local
@@ -496,6 +498,7 @@ class ff_gw::iptables {
 
 /sbin/ip route add unreachable default table 42
 /sbin/ip rule add from all fwmark 0x1 table 42
+/sbin/ip -6 rule add from all fwmark 0x1 table 42
 exit 0';
   }
   ~>