root / kvm-vif-bridge @ a67910c4
History | View | Annotate | Download (1.4 kB)
| 1 |
#!/bin/bash |
|---|---|
| 2 |
|
| 3 |
# This is an example of a Ganeti kvm ifup script that configures network |
| 4 |
# interfaces based on the initial deployment of the Okeanos project |
| 5 |
|
| 6 |
source /etc/default/snf-network |
| 7 |
source /usr/lib/snf-network/common.sh |
| 8 |
|
| 9 |
FROM=FROM${INTERFACE^^}
|
| 10 |
TO=TO${INTERFACE^^}
|
| 11 |
|
| 12 |
try clear_routed_setup_ipv4 |
| 13 |
try clear_routed_setup_ipv6 |
| 14 |
try clear_routed_setup_firewall |
| 15 |
try clear_ebtables |
| 16 |
try clear_nfdhcpd |
| 17 |
|
| 18 |
if [ "$MODE" = "routed" ]; then |
| 19 |
TABLE=$LINK |
| 20 |
ip link set $INTERFACE addr $TAP_CONSTANT_MAC up |
| 21 |
INDEV=$INTERFACE |
| 22 |
DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP" |
| 23 |
elif [ "$MODE" = "bridged" ]; then |
| 24 |
ip link set $INTERFACE up |
| 25 |
brctl addif $BRIDGE $INTERFACE |
| 26 |
INDEV=$BRIDGE |
| 27 |
try init_ebtables |
| 28 |
# nfdhcpd creates responses with src mac the mac of indec |
| 29 |
INDEV_MAC=$(cat /sys/class/net/$INDEV/address) |
| 30 |
DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP" |
| 31 |
fi |
| 32 |
|
| 33 |
|
| 34 |
for tag in $NETWORK_TAGS; do |
| 35 |
case $tag in |
| 36 |
$IP_LESS_ROUTED_TAG) |
| 37 |
try routed_setup_ipv4 |
| 38 |
try routed_setup_ipv6 |
| 39 |
try routed_setup_firewall |
| 40 |
;; |
| 41 |
$NFDHCPD_TAG) |
| 42 |
# Drop unicast BOOTP/DHCP packets |
| 43 |
$DROPDHCPREQCMD |
| 44 |
try setup_nfdhcpd |
| 45 |
;; |
| 46 |
$MAC_FILTERED_TAG) |
| 47 |
try setup_ebtables |
| 48 |
;; |
| 49 |
$MASQ_TAG) |
| 50 |
try setup_masq |
| 51 |
;; |
| 52 |
esac |
| 53 |
done |
| 54 |
|
| 55 |
if [ -x "$IFUP_EXTRA_SCRIPT" ]; then |
| 56 |
exec $IFUP_EXTRA_SCRIPT "$@" |
| 57 |
fi |
| 58 |
|
| 59 |
exit 0 |