Implement policy routing for IPv6

This commit is contained in:
ohrensessel 2014-08-19 11:17:34 +02:00
parent a9bb0605cf
commit 4b891bdd23
2 changed files with 22 additions and 2 deletions

View file

@ -0,0 +1,17 @@
# Generated by ip6tables-save v1.4.14 on Mon Aug 18 22:31:43 2014
*mangle
:PREROUTING ACCEPT [347182:29416089]
:INPUT ACCEPT [95377:10719074]
:FORWARD ACCEPT [50710:3964545]
:OUTPUT ACCEPT [108706:9522484]
:POSTROUTING ACCEPT [161591:13748029]
-A PREROUTING -i br-ffhh -j MARK --set-xmark 0x1/0xffffffff
COMMIT
# Completed on Mon Aug 18 22:31:43 2014
# Generated by ip6tables-save v1.4.14 on Mon Aug 18 22:31:43 2014
*filter
:INPUT ACCEPT [1244932:115240832]
:FORWARD ACCEPT [51046:3997994]
:OUTPUT ACCEPT [1330577:118074893]
COMMIT
# Completed on Mon Aug 18 22:31:43 2014

View file

@ -167,7 +167,6 @@ class ff_gw::fastd($mesh_mac, $gw_ipv4, $gw_ipv4_netmask, $gw_ipv6, $gw_ipv6_pre
"set iface[. = '${bat_if}']/up 'ip link set \$IFACE up'",
"set iface[. = '${bat_if}']/post-up[1] 'brctl addif ${br_if} \$IFACE'",
"set iface[. = '${bat_if}']/post-up[2] 'batctl it 10000'",
"set iface[. = '${bat_if}']/post-up[3] '/sbin/ip rule add from all fwmark 0x1 table 42'",
"set iface[. = '${bat_if}']/pre-down 'brctl delif ${br_if} \$IFACE || true'",
"set iface[. = '${bat_if}']/down 'ip link set \$IFACE down'",
];
@ -478,9 +477,12 @@ class ff_gw::iptables {
'/etc/iptables/rules.v4':
ensure => file,
source => 'puppet:///modules/ff_gw/etc/iptables/rules.v4';
'/etc/iptables/rules.v6':
ensure => file,
source => 'puppet:///modules/ff_gw/etc/iptables/rules.v6';
'/etc/rc.local':
ensure => file,
content => '#!/bin/sh -e
content => '#!/bin/sh
# managed by puppet
#
# rc.local
@ -496,6 +498,7 @@ class ff_gw::iptables {
/sbin/ip route add unreachable default table 42
/sbin/ip rule add from all fwmark 0x1 table 42
/sbin/ip -6 rule add from all fwmark 0x1 table 42
exit 0';
}
~>