root / ifup-extra @ 4d3b0880
History | View | Annotate | Download (1.8 kB)
1 | 62ebfafe | Dimitris Aragiorgis | #!/bin/bash |
---|---|---|---|
2 | 62ebfafe | Dimitris Aragiorgis | |
3 | 4d3b0880 | Dimitris Aragiorgis | # IMPORTANT: Your custom script must configure the network interface FULLY, |
4 | 4d3b0880 | Dimitris Aragiorgis | # regardless of whether your custom tag, e.g., some-prefix:allow_this, is set. |
5 | 4d3b0880 | Dimitris Aragiorgis | # |
6 | 4d3b0880 | Dimitris Aragiorgis | # This is necessary to ensure the interface is in a consistent state when |
7 | 4d3b0880 | Dimitris Aragiorgis | # local-prefix:allow_this is not defined. Thus you should undo the changes |
8 | 4d3b0880 | Dimitris Aragiorgis | # which a previous invocation of this script may have done. |
9 | 4d3b0880 | Dimitris Aragiorgis | # |
10 | 4d3b0880 | Dimitris Aragiorgis | # In the future, if Ganeti acquires the ability to run ifdown scripts, |
11 | 4d3b0880 | Dimitris Aragiorgis | # this functionality will be moved there, greatly simplifying the ifup scripts |
12 | 4d3b0880 | Dimitris Aragiorgis | # |
13 | 4d3b0880 | Dimitris Aragiorgis | # some-prefix must NOT be synnefo:network: since this is already used by |
14 | 4d3b0880 | Dimitris Aragiorgis | # synnefo for setting up firewalls, etc. |
15 | 4d3b0880 | Dimitris Aragiorgis | |
16 | 62ebfafe | Dimitris Aragiorgis | source /etc/default/snf-network |
17 | 62ebfafe | Dimitris Aragiorgis | source /usr/lib/snf-network/common.sh |
18 | 62ebfafe | Dimitris Aragiorgis | |
19 | 62ebfafe | Dimitris Aragiorgis | # Useful environment vars |
20 | 62ebfafe | Dimitris Aragiorgis | # INTERFACE, INSTANCE, IP, NETWORK_TAGS, MODE, TABLE |
21 | 62ebfafe | Dimitris Aragiorgis | |
22 | 4d3b0880 | Dimitris Aragiorgis | # This cleans up the rules that might have been applied by a previous ifup-extra |
23 | 4d3b0880 | Dimitris Aragiorgis | function clean_extra (){ |
24 | dc1aa5d9 | Dimitris Aragiorgis | |
25 | dc1aa5d9 | Dimitris Aragiorgis | iptables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT |
26 | dc1aa5d9 | Dimitris Aragiorgis | ip6tables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT |
27 | dc1aa5d9 | Dimitris Aragiorgis | |
28 | dc1aa5d9 | Dimitris Aragiorgis | } |
29 | dc1aa5d9 | Dimitris Aragiorgis | |
30 | 4d3b0880 | Dimitris Aragiorgis | # This looks for the following tag examples: |
31 | 4d3b0880 | Dimitris Aragiorgis | # some-prefix:1:mail |
32 | 4d3b0880 | Dimitris Aragiorgis | # some-prefix:snf-nic-12345:mail |
33 | 4d3b0880 | Dimitris Aragiorgis | # some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail |
34 | 4d3b0880 | Dimitris Aragiorgis | # some-prefix:mail |
35 | 4d3b0880 | Dimitris Aragiorgis | # and issues some iptables rules |
36 | 4d3b0880 | Dimitris Aragiorgis | function setup_extra () { |
37 | 4d3b0880 | Dimitris Aragiorgis | |
38 | 4d3b0880 | Dimitris Aragiorgis | ifprefixindex="some-prefix:$INTERFACE_INDEX:" |
39 | 4d3b0880 | Dimitris Aragiorgis | ifprefixname="some-prefix:$INTERFACE_NAME:" |
40 | 4d3b0880 | Dimitris Aragiorgis | ifprefixuuid="some-prefix:$INTERFACE_UUID:" |
41 | 4d3b0880 | Dimitris Aragiorgis | ifprefix="some-prefix:" |
42 | 4d3b0880 | Dimitris Aragiorgis | |
43 | 4d3b0880 | Dimitris Aragiorgis | for tag in $TAGS; do |
44 | 4d3b0880 | Dimitris Aragiorgis | tag=${tag#$ifprefixindex} |
45 | 4d3b0880 | Dimitris Aragiorgis | tag=${tag#$ifprefixname} |
46 | 4d3b0880 | Dimitris Aragiorgis | tag=${tag#$ifprefixuuid} |
47 | 4d3b0880 | Dimitris Aragiorgis | tag=${tag#$ifprefix} |
48 | 4d3b0880 | Dimitris Aragiorgis | case $tag in |
49 | 4d3b0880 | Dimitris Aragiorgis | mail) |
50 | 4d3b0880 | Dimitris Aragiorgis | # Here add iptalbes rule.. |
51 | 4d3b0880 | Dimitris Aragiorgis | iptables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT |
52 | 4d3b0880 | Dimitris Aragiorgis | ip6tables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT |
53 | 4d3b0880 | Dimitris Aragiorgis | ;; |
54 | 4d3b0880 | Dimitris Aragiorgis | esac |
55 | 4d3b0880 | Dimitris Aragiorgis | done |
56 | 4d3b0880 | Dimitris Aragiorgis | |
57 | 4d3b0880 | Dimitris Aragiorgis | } |
58 | 4d3b0880 | Dimitris Aragiorgis | |
59 | 4d3b0880 | Dimitris Aragiorgis | try clean_extra |
60 | 4d3b0880 | Dimitris Aragiorgis | |
61 | 4d3b0880 | Dimitris Aragiorgis | setup_extra |
62 | 62ebfafe | Dimitris Aragiorgis | |
63 | 62ebfafe | Dimitris Aragiorgis | exit 0 |