ansible-ffibk/roles/network-routing/templates/ffmwu-add-ip-rules.sh.j2

85 lines
3.7 KiB
Text
Raw Normal View History

#!/bin/sh
2017-09-09 11:06:54 +02:00
#
# {{ ansible_managed }}
#
# Priority 7 - lookup rt_table mwu for all incoming traffic of freifunk related interfaces
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup mwu priority 7
2017-11-06 21:24:56 +01:00
ip -4 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
{% for ula in mesh.ipv6_ula %}
2017-09-09 11:06:54 +02:00
ip -6 rule add from {{ ula }} lookup mwu priority 7
ip -6 rule add to {{ ula }} lookup mwu priority 7
{% endfor %}
{% for public in mesh.ipv6_public %}
2017-09-09 11:06:54 +02:00
ip -6 rule add from {{ public }} lookup mwu priority 7
ip -6 rule add to {{ public }} lookup mwu priority 7
{% endfor %}
2017-11-06 21:24:56 +01:00
ip -6 rule add from all oif {{ mesh.id }}br lookup mwu priority 7
2017-09-09 11:06:54 +02:00
{% endfor %}
{% if ffmwu_server_type == 'gateway' %}
2017-09-09 11:06:54 +02:00
# Priority 23 - lookup rt_table icvpn for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
ip -4 rule add to {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup icvpn priority 23
2017-11-06 21:24:56 +01:00
ip -4 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
{% for ula in mesh.ipv6_ula %}
2017-09-09 11:06:54 +02:00
ip -6 rule add from {{ ula }} lookup icvpn priority 23
ip -6 rule add to {{ ula }} lookup icvpn priority 23
{% endfor %}
{% for public in mesh.ipv6_public %}
2017-09-09 11:06:54 +02:00
ip -6 rule add from {{ public }} lookup icvpn priority 23
ip -6 rule add to {{ public }} lookup icvpn priority 23
{% endfor %}
2017-11-06 21:24:56 +01:00
ip -6 rule add from all oif {{ mesh.id }}br lookup icvpn priority 23
2017-09-09 11:06:54 +02:00
{% endfor %}
2017-11-06 21:24:56 +01:00
ip -4 rule add from all oif icvpn lookup icvpn priority 23
ip -6 rule add from all oif icvpn lookup icvpn priority 23
2017-09-09 11:06:54 +02:00
# Priority 41 - lookup rt_table internet for all incoming traffic of freifunk bridges
{% for mesh in meshes %}
ip -4 rule add from {{ mesh.ipv4_network | ipaddr('network') }}/16 lookup internet priority 41
{% for ula in mesh.ipv6_ula %}
2017-09-09 11:06:54 +02:00
ip -6 rule add from {{ ula }} lookup internet priority 41
ip -6 rule add to {{ ula }} lookup internet priority 41
{% endfor %}
{% for public in mesh.ipv6_public %}
2017-09-09 11:06:54 +02:00
ip -6 rule add from {{ public }} lookup internet priority 41
ip -6 rule add to {{ public }} lookup internet priority 41
{% endfor %}
2017-11-06 21:24:56 +01:00
ip -6 rule add from all oif {{ mesh.id }}br lookup internet priority 41
2017-09-09 11:06:54 +02:00
{% endfor %}
2017-10-06 00:15:31 +02:00
ip -4 rule add from {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
ip -4 rule add to {{ ffrl_public_ipv4_nat | ipaddr('host') }} lookup internet priority 41
2017-09-09 11:06:54 +02:00
# Priority 61 - at this point this is the end of policy routing for freifunk related routes
{% for mesh in meshes %}
2017-11-06 21:24:56 +01:00
ip -4 rule add from all iif {{ mesh.id }}br type unreachable priority 61
ip -6 rule add from all iif {{ mesh.id }}br type unreachable priority 61
2017-09-09 11:06:54 +02:00
{% endfor %}
2017-11-06 21:24:56 +01:00
ip -4 rule add from all iif icvpn type unreachable priority 61
ip -4 rule add from all iif {{ ansible_default_ipv4.interface }} type unreachable priority 61
{% for server_id, server_value in ffrl_exit_server.items() %}
2017-10-03 20:52:02 +02:00
ip -4 rule add from all iif {{ server_id }} type unreachable priority 61
ip -6 rule add from all iif {{ server_id }} type unreachable priority 61
2017-09-09 11:06:54 +02:00
{% endfor %}
2017-11-06 21:24:56 +01:00
ip -6 rule add from all iif icvpn type unreachable priority 61
ip -6 rule add from all iif {{ ansible_default_ipv6.interface }} type unreachable priority 61
{% for mesh in meshes %}
{% for public in mesh.ipv6_public %}
2017-09-09 11:06:54 +02:00
ip -6 rule add from {{ public }} type unreachable priority 61
ip -6 rule add to {{ public }} type unreachable priority 61
{% endfor %}
{% endfor %}
# Priority 107 - lookup policies for the gateway host self originating traffic
ip -4 rule add from all lookup mwu priority 107
ip -4 rule add from all lookup icvpn priority 107
ip -6 rule add from all lookup mwu priority 107
ip -6 rule add from all lookup icvpn priority 107
{% endif %}
2017-09-09 11:06:54 +02:00
exit 0