ansible-ffibk/roles/service-rclocal/templates/rc.local.j2

#!/bin/sh -e
#
# {{ ansible_managed }}
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

#
# IP rules
#

# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup mwu priority 7
ip -6 rule add to {{ ula }} lookup mwu priority 7
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup mwu priority 7
ip -6 rule add to {{ public }} lookup mwu priority 7
{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7
{% endfor %}

# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup icvpn priority 23
ip -6 rule add to {{ ula }} lookup icvpn priority 23
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup icvpn priority 23
ip -6 rule add to {{ public }} lookup icvpn priority 23
{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23
{% endfor %}
ip -4 rule add from all oif icVPN lookup icvpn priority 23
ip -6 rule add from all oif icVPN lookup icvpn priority 23

# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
{% for ula in mesh.ipv6_ula %}
ip -6 rule add from {{ ula }} lookup internet priority 41
ip -6 rule add to {{ ula }} lookup internet priority 41
{% endfor %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} lookup internet priority 41
ip -6 rule add to {{ public }} lookup internet priority 41
{% endfor %}
ip -6 rule add from all oif {{ mesh.id }}BR lookup internet priority 41
{% endfor %}
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41

# Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for mesh in meshes %}
ip -4 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
ip -6 rule add from all iif {{ mesh.id }}BR type unreachable priority 61
{% endfor %}
ip -4 rule add from all iif icVPN type unreachable priority 61
ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
{% for server_id, server_value in ffrl_exit_server.iteritems() %}
ip -4 rule add from all iif {{ server_id }} type unreachable priority 61
ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
{% endfor %}
ip -6 rule add from all iif icVPN type unreachable priority 61
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for mesh in meshes %}
{% for public in mesh.ipv6_public %}
ip -6 rule add from {{ public }} type unreachable priority 61
ip -6 rule add to {{ public }} type unreachable priority 61
{% endfor %}
{% endfor %}

# Priority 107 - lookup policies for the gateway host self originating traffic
ip -4 rule add from all lookup mwu priority 107
ip -4 rule add from all lookup icvpn priority 107
ip -6 rule add from all lookup mwu priority 107
ip -6 rule add from all lookup icvpn priority 107

exit 0
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`#!/bin/sh -e`
			`#`
			`# {{ ansible_managed }}`
			`#`
			`# rc.local`
			`#`
			`# This script is executed at the end of each multiuser runlevel.`
			`# Make sure that the script will "exit 0" on success or any other`
			`# value on error.`
			`#`
			`# In order to enable or disable this script just change the execution`
			`# bits.`
			`#`
			`# By default this script does nothing.`

			`#`
			`# IP rules`
			`#`

			`# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for mesh in meshes %}`
			`ip -4 rule add from {{ mesh.ipv4_network \| ipaddr('network') }}/16 lookup mwu priority 7`
			`ip -4 rule add to {{ mesh.ipv4_network \| ipaddr('network') }}/16 lookup mwu priority 7`
			`ip -4 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7`
			`{% for ula in mesh.ipv6_ula %}`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`ip -6 rule add from {{ ula }} lookup mwu priority 7`
			`ip -6 rule add to {{ ula }} lookup mwu priority 7`
			`{% endfor %}`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for public in mesh.ipv6_public %}`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`ip -6 rule add from {{ public }} lookup mwu priority 7`
			`ip -6 rule add to {{ public }} lookup mwu priority 7`
			`{% endfor %}`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`ip -6 rule add from all oif {{ mesh.id }}BR lookup mwu priority 7`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`{% endfor %}`

			`# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for mesh in meshes %}`
			`ip -4 rule add from {{ mesh.ipv4_network \| ipaddr('network') }}/16 lookup icvpn priority 23`
			`ip -4 rule add to {{ mesh.ipv4_network \| ipaddr('network') }}/16 lookup icvpn priority 23`
			`ip -4 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23`
			`{% for ula in mesh.ipv6_ula %}`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`ip -6 rule add from {{ ula }} lookup icvpn priority 23`
			`ip -6 rule add to {{ ula }} lookup icvpn priority 23`
			`{% endfor %}`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for public in mesh.ipv6_public %}`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`ip -6 rule add from {{ public }} lookup icvpn priority 23`
			`ip -6 rule add to {{ public }} lookup icvpn priority 23`
			`{% endfor %}`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`ip -6 rule add from all oif {{ mesh.id }}BR lookup icvpn priority 23`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`{% endfor %}`
			`ip -4 rule add from all oif icVPN lookup icvpn priority 23`
			`ip -6 rule add from all oif icVPN lookup icvpn priority 23`

			`# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for mesh in meshes %}`
			`ip -4 rule add from {{ mesh.ipv4_network \| ipaddr('network') }}/16 lookup internet priority 41`
			`{% for ula in mesh.ipv6_ula %}`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`ip -6 rule add from {{ ula }} lookup internet priority 41`
			`ip -6 rule add to {{ ula }} lookup internet priority 41`
			`{% endfor %}`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for public in mesh.ipv6_public %}`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`ip -6 rule add from {{ public }} lookup internet priority 41`
			`ip -6 rule add to {{ public }} lookup internet priority 41`
			`{% endfor %}`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`ip -6 rule add from all oif {{ mesh.id }}BR lookup internet priority 41`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`{% endfor %}`
Update some ipaddr filters 2017-10-06 00:15:31 +02:00			`ip -4 rule add from {{ ffrl_public_ipv4_nat \| ipaddr('host') }} lookup internet priority 41`
			`ip -4 rule add to {{ ffrl_public_ipv4_nat \| ipaddr('host') }} lookup internet priority 41`
Add role service-rclocal 2017-09-09 11:06:54 +02:00
			`# Priority 61 - at this point this is the end of policy routing for freifunk related routes`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for mesh in meshes %}`
			`ip -4 rule add from all iif {{ mesh.id }}BR type unreachable priority 61`
			`ip -6 rule add from all iif {{ mesh.id }}BR type unreachable priority 61`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`{% endfor %}`
			`ip -4 rule add from all iif icVPN type unreachable priority 61`
Role service-rclocal: fix wrong interface 2017-10-04 01:02:15 +02:00			`ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61`
Update loop keys 2017-10-03 20:52:02 +02:00			`{% for server_id, server_value in ffrl_exit_server.iteritems() %}`
			`ip -4 rule add from all iif {{ server_id }} type unreachable priority 61`
			`ip -6 rule add from all iif {{ server_id }} type unreachable priority 61`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`{% endfor %}`
			`ip -6 rule add from all iif icVPN type unreachable priority 61`
Role service-rclocal: fix wrong interface 2017-10-04 01:02:15 +02:00			`ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61`
Migrate nested dictionary `meshes` into a list of dictionaries - migrate dictionary `ipv6` into two simple lists - migrate dictionary `forward_zones` into a list 2017-10-06 22:58:00 +02:00			`{% for mesh in meshes %}`
			`{% for public in mesh.ipv6_public %}`
Add role service-rclocal 2017-09-09 11:06:54 +02:00			`ip -6 rule add from {{ public }} type unreachable priority 61`
			`ip -6 rule add to {{ public }} type unreachable priority 61`
			`{% endfor %}`
			`{% endfor %}`

			`# Priority 107 - lookup policies for the gateway host self originating traffic`
			`ip -4 rule add from all lookup mwu priority 107`
			`ip -4 rule add from all lookup icvpn priority 107`
			`ip -6 rule add from all lookup mwu priority 107`
			`ip -6 rule add from all lookup icvpn priority 107`

			`exit 0`