Statistics
| Branch: | Tag: | Revision:

root / ifup-extra @ 4d3b0880

History | View | Annotate | Download (1.8 kB)

1 62ebfafe Dimitris Aragiorgis
#!/bin/bash
2 62ebfafe Dimitris Aragiorgis
3 4d3b0880 Dimitris Aragiorgis
# IMPORTANT: Your custom script must configure the network interface FULLY,
4 4d3b0880 Dimitris Aragiorgis
# regardless of whether your custom tag, e.g., some-prefix:allow_this, is set.
5 4d3b0880 Dimitris Aragiorgis
#
6 4d3b0880 Dimitris Aragiorgis
# This is necessary to ensure the interface is in a consistent state when
7 4d3b0880 Dimitris Aragiorgis
# local-prefix:allow_this is not defined. Thus you should undo the changes
8 4d3b0880 Dimitris Aragiorgis
# which a previous invocation of this script may have done.
9 4d3b0880 Dimitris Aragiorgis
#
10 4d3b0880 Dimitris Aragiorgis
# In the future, if Ganeti acquires the ability to run ifdown scripts,
11 4d3b0880 Dimitris Aragiorgis
# this functionality will be moved there, greatly simplifying the ifup scripts
12 4d3b0880 Dimitris Aragiorgis
#
13 4d3b0880 Dimitris Aragiorgis
# some-prefix must NOT be synnefo:network: since this is already used by
14 4d3b0880 Dimitris Aragiorgis
# synnefo for setting up firewalls, etc.
15 4d3b0880 Dimitris Aragiorgis
16 62ebfafe Dimitris Aragiorgis
source /etc/default/snf-network
17 62ebfafe Dimitris Aragiorgis
source /usr/lib/snf-network/common.sh
18 62ebfafe Dimitris Aragiorgis
19 62ebfafe Dimitris Aragiorgis
# Useful environment vars
20 62ebfafe Dimitris Aragiorgis
# INTERFACE, INSTANCE, IP, NETWORK_TAGS, MODE, TABLE
21 62ebfafe Dimitris Aragiorgis
22 4d3b0880 Dimitris Aragiorgis
# This cleans up the rules that might have been applied by a previous ifup-extra
23 4d3b0880 Dimitris Aragiorgis
function clean_extra (){
24 dc1aa5d9 Dimitris Aragiorgis
25 dc1aa5d9 Dimitris Aragiorgis
  iptables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
26 dc1aa5d9 Dimitris Aragiorgis
  ip6tables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
27 dc1aa5d9 Dimitris Aragiorgis
28 dc1aa5d9 Dimitris Aragiorgis
}
29 dc1aa5d9 Dimitris Aragiorgis
30 4d3b0880 Dimitris Aragiorgis
# This looks for the following tag examples:
31 4d3b0880 Dimitris Aragiorgis
#  some-prefix:1:mail
32 4d3b0880 Dimitris Aragiorgis
#  some-prefix:snf-nic-12345:mail
33 4d3b0880 Dimitris Aragiorgis
#  some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail
34 4d3b0880 Dimitris Aragiorgis
#  some-prefix:mail
35 4d3b0880 Dimitris Aragiorgis
# and issues some iptables rules
36 4d3b0880 Dimitris Aragiorgis
function setup_extra () {
37 4d3b0880 Dimitris Aragiorgis
38 4d3b0880 Dimitris Aragiorgis
  ifprefixindex="some-prefix:$INTERFACE_INDEX:"
39 4d3b0880 Dimitris Aragiorgis
  ifprefixname="some-prefix:$INTERFACE_NAME:"
40 4d3b0880 Dimitris Aragiorgis
  ifprefixuuid="some-prefix:$INTERFACE_UUID:"
41 4d3b0880 Dimitris Aragiorgis
  ifprefix="some-prefix:"
42 4d3b0880 Dimitris Aragiorgis
43 4d3b0880 Dimitris Aragiorgis
  for tag in $TAGS; do
44 4d3b0880 Dimitris Aragiorgis
    tag=${tag#$ifprefixindex}
45 4d3b0880 Dimitris Aragiorgis
    tag=${tag#$ifprefixname}
46 4d3b0880 Dimitris Aragiorgis
    tag=${tag#$ifprefixuuid}
47 4d3b0880 Dimitris Aragiorgis
    tag=${tag#$ifprefix}
48 4d3b0880 Dimitris Aragiorgis
    case $tag in
49 4d3b0880 Dimitris Aragiorgis
      mail)
50 4d3b0880 Dimitris Aragiorgis
      # Here add iptalbes rule..
51 4d3b0880 Dimitris Aragiorgis
      iptables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
52 4d3b0880 Dimitris Aragiorgis
      ip6tables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
53 4d3b0880 Dimitris Aragiorgis
    ;;
54 4d3b0880 Dimitris Aragiorgis
    esac
55 4d3b0880 Dimitris Aragiorgis
  done
56 4d3b0880 Dimitris Aragiorgis
57 4d3b0880 Dimitris Aragiorgis
}
58 4d3b0880 Dimitris Aragiorgis
59 4d3b0880 Dimitris Aragiorgis
try clean_extra
60 4d3b0880 Dimitris Aragiorgis
61 4d3b0880 Dimitris Aragiorgis
setup_extra
62 62ebfafe Dimitris Aragiorgis
63 62ebfafe Dimitris Aragiorgis
exit 0