Statistics
| Branch: | Tag: | Revision:

root / ifup-extra @ c05f2608

History | View | Annotate | Download (1.8 kB)

1
#!/bin/bash
2

    
3
# IMPORTANT: Your custom script must configure the network interface FULLY,
4
# regardless of whether your custom tag, e.g., some-prefix:allow_this, is set.
5
#
6
# This is necessary to ensure the interface is in a consistent state when
7
# local-prefix:allow_this is not defined. Thus you should undo the changes
8
# which a previous invocation of this script may have done.
9
#
10
# In the future, if Ganeti acquires the ability to run ifdown scripts,
11
# this functionality will be moved there, greatly simplifying the ifup scripts
12
#
13
# some-prefix must NOT be synnefo:network: since this is already used by
14
# synnefo for setting up firewalls, etc.
15

    
16
source /etc/default/snf-network
17
source /usr/lib/snf-network/common.sh
18

    
19
# Useful environment vars
20
# INTERFACE, INSTANCE, IP, NETWORK_TAGS, MODE, TABLE
21

    
22
# This cleans up the rules that might have been applied by a previous ifup-extra
23
function clean_extra (){
24

    
25
  iptables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
26
  ip6tables -D FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
27

    
28
}
29

    
30
# This looks for the following tag examples:
31
#  some-prefix:1:mail
32
#  some-prefix:snf-nic-12345:mail
33
#  some-prefix:8252fabd-1021-411c-b8f7-ed79ed509bb8:mail
34
#  some-prefix:mail
35
# and issues some iptables rules
36
function setup_extra () {
37

    
38
  ifprefixindex="some-prefix:$INTERFACE_INDEX:"
39
  ifprefixname="some-prefix:$INTERFACE_NAME:"
40
  ifprefixuuid="some-prefix:$INTERFACE_UUID:"
41
  ifprefix="some-prefix:"
42

    
43
  for tag in $TAGS; do
44
    tag=${tag#$ifprefixindex}
45
    tag=${tag#$ifprefixname}
46
    tag=${tag#$ifprefixuuid}
47
    tag=${tag#$ifprefix}
48
    case $tag in
49
      mail)
50
      # Here add iptalbes rule..
51
      iptables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
52
      ip6tables -I FORWARD -i $INTERFACE -p tcp --dport 25 -j ACCEPT
53
    ;;
54
    esac
55
  done
56

    
57
}
58

    
59
try clean_extra
60

    
61
setup_extra
62

    
63
exit 0
64