/ifup-extra - Annotate - snf-network - Greek Research and Technology Network's projects

root / ifup-extra @ 184370fd

History | View | Annotate | Download (1.8 kB)

1	66c58448	Dimitris Aragiorgis	#!/bin/bash
2	66c58448	Dimitris Aragiorgis
3	c05f2608	Dimitris Aragiorgis	# IMPORTANT: Your custom script must configure the network interface FULLY,
4	c05f2608	Dimitris Aragiorgis	# regardless of whether your custom tag, e.g., some-prefix:allow_this, is set.
5	c05f2608	Dimitris Aragiorgis	#
6	c05f2608	Dimitris Aragiorgis	# This is necessary to ensure the interface is in a consistent state when
7	c05f2608	Dimitris Aragiorgis	# local-prefix:allow_this is not defined. Thus you should undo the changes
8	c05f2608	Dimitris Aragiorgis	# which a previous invocation of this script may have done.
9	c05f2608	Dimitris Aragiorgis	#
10	c05f2608	Dimitris Aragiorgis	# In the future, if Ganeti acquires the ability to run ifdown scripts,
11	c05f2608	Dimitris Aragiorgis	# this functionality will be moved there, greatly simplifying the ifup scripts
12	c05f2608	Dimitris Aragiorgis	#
13	c05f2608	Dimitris Aragiorgis	# some-prefix must NOT be synnefo:network: since this is already used by
14	c05f2608	Dimitris Aragiorgis	# synnefo for setting up firewalls, etc.
15	c05f2608	Dimitris Aragiorgis
16	66c58448	Dimitris Aragiorgis	source /etc/default/snf-network
17	66c58448	Dimitris Aragiorgis	source /usr/lib/snf-network/common.sh
18	66c58448	Dimitris Aragiorgis
19	66c58448	Dimitris Aragiorgis	# Useful environment vars
20	66c58448	Dimitris Aragiorgis	# INTERFACE, INSTANCE, IP, NETWORK_TAGS, MODE, TABLE
21	66c58448	Dimitris Aragiorgis
22	c05f2608	Dimitris Aragiorgis	# This cleans up the rules that might have been applied by a previous ifup-extra
23	c05f2608	Dimitris Aragiorgis	function clean_extra (){
24	c780a7c5	Dimitris Aragiorgis
25	c780a7c5	Dimitris Aragiorgis	iptables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
26	c780a7c5	Dimitris Aragiorgis	ip6tables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
27	c780a7c5	Dimitris Aragiorgis
28	c780a7c5	Dimitris Aragiorgis	}
29	c780a7c5	Dimitris Aragiorgis
30	c05f2608	Dimitris Aragiorgis	# This looks for the following tag examples:
31	c05f2608	Dimitris Aragiorgis	# some-prefix:1:mail
32	c05f2608	Dimitris Aragiorgis	# some-prefix:snf-nic-12345:mail
33	c05f2608	Dimitris Aragiorgis	# some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail
34	c05f2608	Dimitris Aragiorgis	# some-prefix:mail
35	c05f2608	Dimitris Aragiorgis	# and issues some iptables rules
36	c05f2608	Dimitris Aragiorgis	function setup_extra () {
37	c05f2608	Dimitris Aragiorgis
38	c05f2608	Dimitris Aragiorgis	ifprefixindex="some-prefix:$INTERFACE_INDEX:"
39	c05f2608	Dimitris Aragiorgis	ifprefixname="some-prefix:$INTERFACE_NAME:"
40	c05f2608	Dimitris Aragiorgis	ifprefixuuid="some-prefix:$INTERFACE_UUID:"
41	c05f2608	Dimitris Aragiorgis	ifprefix="some-prefix:"
42	c05f2608	Dimitris Aragiorgis
43	c05f2608	Dimitris Aragiorgis	for tag in $TAGS; do
44	c05f2608	Dimitris Aragiorgis	tag=${tag#$ifprefixindex}
45	c05f2608	Dimitris Aragiorgis	tag=${tag#$ifprefixname}
46	c05f2608	Dimitris Aragiorgis	tag=${tag#$ifprefixuuid}
47	c05f2608	Dimitris Aragiorgis	tag=${tag#$ifprefix}
48	c05f2608	Dimitris Aragiorgis	case $tag in
49	c05f2608	Dimitris Aragiorgis	mail)
50	c05f2608	Dimitris Aragiorgis	# Here add iptalbes rule..
51	c05f2608	Dimitris Aragiorgis	iptables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
52	c05f2608	Dimitris Aragiorgis	ip6tables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
53	c05f2608	Dimitris Aragiorgis	;;
54	c05f2608	Dimitris Aragiorgis	esac
55	c05f2608	Dimitris Aragiorgis	done
56	c05f2608	Dimitris Aragiorgis
57	c05f2608	Dimitris Aragiorgis	}
58	c05f2608	Dimitris Aragiorgis
59	c05f2608	Dimitris Aragiorgis	try clean_extra
60	c05f2608	Dimitris Aragiorgis
61	c05f2608	Dimitris Aragiorgis	setup_extra
62	66c58448	Dimitris Aragiorgis
63	66c58448	Dimitris Aragiorgis	exit 0

Synnefo » snf-network

root / ifup-extra @ 184370fd