Revision 2e8a73e0 kvm-vif-bridge
| b/kvm-vif-bridge | ||
|---|---|---|
| 117 | 117 |
ebtables -A FORWARD -o $TAP -j $TO |
| 118 | 118 |
#accept dhcp responses from host (nfdhcpd) |
| 119 | 119 |
ebtables -A $TO -p ipv4 --ip-protocol=udp --ip-destination-port=68 -j ACCEPT |
| 120 |
if [ "$TYPE" == "private" ]; then |
|
| 121 |
if [ ! -z "$GATEWAY" -a $ENABLE_MASQ ]; then |
|
| 122 |
# allow packets from/to router (for masquerading |
|
| 123 |
ebtables -A $TO -s $ROUTER_MAC -j ACCEPT |
|
| 124 |
ebtables -A INPUT -i $TAP -j $FROM |
|
| 125 |
ebtables -A OUTPUT -o $TAP -j $TO |
|
| 126 |
fi |
|
| 127 |
# allow only packets from the same mac prefix |
|
| 128 |
ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP |
|
| 120 |
# allow only packets from the same mac prefix |
|
| 121 |
ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP |
|
| 122 |
if [ $ENABLE_MASQ -a -n "$GATEWAY" ]; then |
|
| 123 |
# allow packets from/to router (for masquerading) |
|
| 124 |
ebtables -A $TO -s $PUBLIC_MAC -j ACCEPT |
|
| 125 |
ebtables -A INPUT -i $TAP -j $FROM |
|
| 126 |
ebtables -A OUTPUT -o $TAP -j $TO |
|
| 129 | 127 |
fi |
| 130 | 128 |
} |
| 131 | 129 |
|
| ... | ... | |
| 156 | 154 |
source $DEFAULT |
| 157 | 155 |
source $CONF |
| 158 | 156 |
|
| 159 |
NODEINFRAFILE=$SHAREDDIR/infra/$(hostname)
|
|
| 157 |
INFRA=$STATE_DIR/infra
|
|
| 160 | 158 |
|
| 161 |
if [ -e "$NODEINFRAFILE" ]; then |
|
| 162 |
source $NODEINFRAFILE |
|
| 163 |
fi |
|
| 164 |
|
|
| 165 |
CLUSTERINFRAFILE=$SHAREDDIR/infra/cluster |
|
| 159 |
source $INFRA |
|
| 166 | 160 |
|
| 167 |
if [ -e "$CLUSTERINFRAFILE" ]; then |
|
| 168 |
source $CLUSTERINFRAFILE |
|
| 169 |
fi |
|
| 170 | 161 |
|
| 171 |
TABLE=rt_$NETWORK |
|
| 172 | 162 |
clear_routed_setup_ipv4 > /dev/null 2>&1 |
| 173 | 163 |
clear_routed_setup_ipv6 > /dev/null 2>&1 |
| 174 | 164 |
clear_routed_setup_firewall > /dev/null 2>&1 |
| 175 | 165 |
clear_ebtables > /dev/null 2>&1 |
| 176 | 166 |
|
| 177 | 167 |
if [ "$MODE" = "routed" ]; then |
| 168 |
TABLE=$LINK |
|
| 178 | 169 |
# use a constant predefined MAC address for the tap |
| 179 | 170 |
ip link set $INTERFACE addr $TAP_CONSTANT_MAC |
| 180 | 171 |
# bring the tap up |
| ... | ... | |
| 191 | 182 |
ifconfig $INTERFACE 0.0.0.0 up |
| 192 | 183 |
brctl addif $BRIDGE $INTERFACE |
| 193 | 184 |
setup_nfdhcpd $BRIDGE |
| 194 |
setup_ebtables > /dev/null 2>&1 |
|
| 185 |
if [ $ENABLE_EBTABLES -a "$TYPE" = "private" ]; then |
|
| 186 |
setup_ebtables > /dev/null 2>&1 |
|
| 187 |
fi |
|
| 195 | 188 |
fi |
Also available in: Unified diff