2017-10-13 07:59:43 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
#
|
|
|
|
|
# {{ ansible_managed }}
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
|
2019-03-19 15:23:12 +01:00
|
|
|
{% if server_type == 'gateway' or server_type == 'monitoring' %}
|
2017-10-13 07:59:43 +02:00
|
|
|
{% for mesh in meshes %}
|
2017-11-06 21:24:56 +01:00
|
|
|
ip -4 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
2019-03-02 18:10:48 +01:00
|
|
|
ip -6 rule del from all oif {{ mesh.id }}br lookup mwu priority 7
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2019-03-19 15:23:12 +01:00
|
|
|
{% endif %}
|
|
|
|
|
{% for network in my_wireguard_networks %}
|
|
|
|
|
ip -4 rule del from all iif wg-{{ network.remote[:11] }} lookup mwu priority 7
|
|
|
|
|
ip -6 rule del from all iif wg-{{ network.remote[:11] }} lookup mwu priority 7
|
|
|
|
|
ip -4 rule del from all oif wg-{{ network.remote[:11] }} lookup mwu priority 7
|
|
|
|
|
ip -6 rule del from all oif wg-{{ network.remote[:11] }} lookup mwu priority 7
|
|
|
|
|
{% endfor %}
|
2019-03-02 18:10:48 +01:00
|
|
|
{% for prefix in internal_prefixes %}
|
|
|
|
|
ip -4 rule del from {{ prefix.ipv4 }} lookup mwu priority 7
|
|
|
|
|
ip -4 rule del to {{ prefix.ipv4 }} lookup mwu priority 7
|
|
|
|
|
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
|
|
|
|
|
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2019-03-02 18:10:48 +01:00
|
|
|
{% for prefix in public_prefixes %}
|
|
|
|
|
ip -6 rule del from {{ prefix.ipv6 }} lookup mwu priority 7
|
|
|
|
|
ip -6 rule del to {{ prefix.ipv6 }} lookup mwu priority 7
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
|
|
|
|
|
2019-03-02 18:10:48 +01:00
|
|
|
{% if server_type == 'gateway' %}
|
2017-10-13 07:59:43 +02:00
|
|
|
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
|
|
|
|
|
{% for mesh in meshes %}
|
2017-11-06 21:24:56 +01:00
|
|
|
ip -4 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
2019-03-02 18:10:48 +01:00
|
|
|
ip -6 rule del from all oif {{ mesh.id }}br lookup icvpn priority 23
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2019-03-02 18:10:48 +01:00
|
|
|
{% for prefix in internal_prefixes %}
|
|
|
|
|
ip -4 rule del from {{ prefix.ipv4 }} lookup icvpn priority 23
|
|
|
|
|
ip -4 rule del to {{ prefix.ipv4 }} lookup icvpn priority 23
|
|
|
|
|
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
|
|
|
|
|
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2019-03-02 18:10:48 +01:00
|
|
|
{% for prefix in public_prefixes %}
|
|
|
|
|
ip -6 rule del from {{ prefix.ipv6 }} lookup icvpn priority 23
|
|
|
|
|
ip -6 rule del to {{ prefix.ipv6 }} lookup icvpn priority 23
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2017-11-06 21:24:56 +01:00
|
|
|
ip -4 rule del from all oif icvpn lookup icvpn priority 23
|
|
|
|
|
ip -6 rule del from all oif icvpn lookup icvpn priority 23
|
2017-10-13 07:59:43 +02:00
|
|
|
|
|
|
|
|
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
|
|
|
|
|
{% for mesh in meshes %}
|
2019-03-02 18:10:48 +01:00
|
|
|
ip -6 rule del from all oif {{ mesh.id }}br lookup internet priority 41
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2019-03-02 18:10:48 +01:00
|
|
|
{% for prefix in internal_prefixes %}
|
|
|
|
|
ip -4 rule del from {{ prefix.ipv4 }} lookup internet priority 41
|
|
|
|
|
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
|
|
|
|
|
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2019-03-02 18:10:48 +01:00
|
|
|
{% for prefix in public_prefixes %}
|
|
|
|
|
ip -6 rule del from {{ prefix.ipv6 }} lookup internet priority 41
|
|
|
|
|
ip -6 rule del to {{ prefix.ipv6 }} lookup internet priority 41
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2017-10-14 22:07:01 +02:00
|
|
|
ip -4 rule del from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
|
|
|
|
ip -4 rule del to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
|
2017-10-13 07:59:43 +02:00
|
|
|
|
|
|
|
|
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
|
|
|
|
|
{% for mesh in meshes %}
|
2017-11-06 21:24:56 +01:00
|
|
|
ip -4 rule del from all iif {{ mesh.id }}br type unreachable priority 61
|
|
|
|
|
ip -6 rule del from all iif {{ mesh.id }}br type unreachable priority 61
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
2017-11-06 21:24:56 +01:00
|
|
|
ip -4 rule del from all iif icvpn type unreachable priority 61
|
2017-10-13 07:59:43 +02:00
|
|
|
ip -4 rule del from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
|
2018-08-07 10:32:23 +02:00
|
|
|
{% for server_id, server_value in ffrl_exit_server.items() %}
|
2017-10-13 07:59:43 +02:00
|
|
|
ip -4 rule del from all iif {{ server_id }} type unreachable priority 61
|
|
|
|
|
ip -6 rule del from all iif {{ server_id }} type unreachable priority 61
|
|
|
|
|
{% endfor %}
|
2017-11-06 21:24:56 +01:00
|
|
|
ip -6 rule del from all iif icvpn type unreachable priority 61
|
2017-10-13 07:59:43 +02:00
|
|
|
ip -6 rule del from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
|
2019-03-02 18:10:48 +01:00
|
|
|
{% for prefix in public_prefixes %}
|
|
|
|
|
ip -6 rule del from {{ prefix.ipv6 }} type unreachable priority 61
|
|
|
|
|
ip -6 rule del to {{ prefix.ipv6 }} type unreachable priority 61
|
2017-10-13 07:59:43 +02:00
|
|
|
{% endfor %}
|
|
|
|
|
|
|
|
|
|
# Priority 107 - lookup policies for the gateway host self originating traffic
|
|
|
|
|
ip -4 rule del from all lookup mwu priority 107
|
|
|
|
|
ip -4 rule del from all lookup icvpn priority 107
|
|
|
|
|
ip -6 rule del from all lookup mwu priority 107
|
|
|
|
|
ip -6 rule del from all lookup icvpn priority 107
|
2018-09-09 10:26:23 +02:00
|
|
|
{% endif %}
|
2017-10-13 07:59:43 +02:00
|
|
|
|
|
|
|
|
exit 0
|
