fi
if [ "${MODE}" = "start" ]; then
- ifconfig "${IF_VETH_BRIDGETO}" up
- ip link add name "${IFACE}" type veth peer name "${IFACE}peer"
- ip link set "${IFACE}peer" up
- brctl addif "${IF_VETH_BRIDGETO}" "${IFACE}peer"
+
+ case "$PHASE" in
+ pre-up)
+
+ test -d "/sys/class/net/${IF_VETH_BRIDGETO}" || ifup "${IF_VETH_BRIDGETO}" || exit 1
+ ip link add name "${IFACE}" type veth peer name "${IFACE}peer" || exit 1
+ ip link set "${IFACE}peer" up || exit 1
+ brctl addif "${IF_VETH_BRIDGETO}" "${IFACE}peer" || exit 1
+ ;;
+
+ post-up)
+ test -n "${IF_VETH_MASQUERADE}" || exit 0
+ if [ -n "${IF_ADDRESS}" -a -n "${IF_NETMASK}" ]; then
+ iptables -t raw -A PREROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1
+ iptables -t raw -A PREROUTING -d "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1
+ iptables -t nat -A POSTROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -o "${IF_VETH_MASQUERADE}" -j MASQUERADE
+ else
+ echo "unable to setup VETH_MASQUERADE - no address/network"
+ exit 0
+ fi
+ ;;
+ esac
+
elif [ "${MODE}" = "stop" ]; then
- brctl delif "${IF_VETH_BRIDGETO}" "${IFACE}peer"
- ip link set "${IFACE}peer" down
- ip link del "${IFACE}"
+
+ case "$PHASE" in
+ post-down)
+
+ brctl delif "${IF_VETH_BRIDGETO}" "${IFACE}peer"
+ ip link set "${IFACE}peer" down || exit 1
+ ip link del "${IFACE}" || exit 1
+ ;;
+
+ pre-down)
+ test -n "${IF_VETH_MASQUERADE}" || exit 0
+ if [ -n "${IF_ADDRESS}" -a -n "${IF_NETMASK}" ]; then
+ iptables -t raw -D PREROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1
+ iptables -t raw -D PREROUTING -d "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT --zone 1
+ iptables -t nat -D POSTROUTING -s "${IF_ADDRESS}/${IF_NETMASK}" -o "${IF_VETH_MASQUERADE}" -j MASQUERADE
+ fi
+ ;;
+
+ esac
+
fi
exit 0