]>
Commit | Line | Data |
---|---|---|
c27d58f3 DM |
1 | #!/bin/sh |
2 | ||
3 | # create a VETH device and plug it into bridge ${IF_VETH_BRIDGETO} | |
4 | ||
5 | if [ -z "${IF_VETH_BRIDGETO}" ]; then | |
6 | exit 0 | |
7 | fi | |
8 | ||
9 | if [ ! -x /sbin/brctl ] | |
10 | then | |
11 | exit 0 | |
12 | fi | |
13 | ||
14 | if [ "${MODE}" = "start" ]; then | |
79f08c62 DM |
15 | |
16 | case "$PHASE" in | |
17 | pre-up) | |
18 | ||
19 | test -d "/sys/class/net/${IF_VETH_BRIDGETO}" || ifup "${IF_VETH_BRIDGETO}" || exit 1 | |
20 | ip link add name "${IFACE}" type veth peer name "${IFACE}peer" || exit 1 | |
21 | ip link set "${IFACE}peer" up || exit 1 | |
22 | brctl addif "${IF_VETH_BRIDGETO}" "${IFACE}peer" || exit 1 | |
23 | ;; | |
24 | ||
25 | post-up) | |
26 | test -n "${IF_VETH_MASQUERADE}" || exit 0 | |
27 | if [ -n "${IF_ADDRESS}" -a -n "${IF_NETMASK}" ]; then | |
28 | iptables -t raw -A PREROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1 | |
29 | iptables -t raw -A PREROUTING -d "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1 | |
30 | iptables -t nat -A POSTROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -o "${IF_VETH_MASQUERADE}" -j MASQUERADE | |
31 | else | |
32 | echo "unable to setup VETH_MASQUERADE - no address/network" | |
33 | exit 0 | |
34 | fi | |
35 | ;; | |
36 | esac | |
37 | ||
c27d58f3 | 38 | elif [ "${MODE}" = "stop" ]; then |
79f08c62 DM |
39 | |
40 | case "$PHASE" in | |
41 | post-down) | |
42 | ||
43 | brctl delif "${IF_VETH_BRIDGETO}" "${IFACE}peer" | |
44 | ip link set "${IFACE}peer" down || exit 1 | |
45 | ip link del "${IFACE}" || exit 1 | |
46 | ;; | |
47 | ||
48 | pre-down) | |
49 | test -n "${IF_VETH_MASQUERADE}" || exit 0 | |
50 | if [ -n "${IF_ADDRESS}" -a -n "${IF_NETMASK}" ]; then | |
51 | iptables -t raw -D PREROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1 | |
52 | iptables -t raw -D PREROUTING -d "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1 | |
53 | iptables -t nat -D POSTROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -o "${IF_VETH_MASQUERADE}" -j MASQUERADE | |
54 | fi | |
55 | ;; | |
56 | ||
57 | esac | |
58 | ||
c27d58f3 DM |
59 | fi |
60 | ||
61 | exit 0 |