]>
git.proxmox.com Git - pve-firewall.git/blob - debian/ifupdown.sh
3 # create a VETH device and plug it into bridge ${IF_VETH_BRIDGETO}
5 if [ -z "${IF_VETH_BRIDGETO}" ]; then
9 if [ ! -x /sbin
/brctl
]
14 if [ "${MODE}" = "start" ]; then
19 test -d "/sys/class/net/${IF_VETH_BRIDGETO}" || ifup
"${IF_VETH_BRIDGETO}" ||
exit 1
20 ip link add name
"${IFACE}" type veth peer name
"${IFACE}peer" ||
exit 1
21 ip link
set "${IFACE}peer" up ||
exit 1
22 brctl addif
"${IF_VETH_BRIDGETO}" "${IFACE}peer" ||
exit 1
26 test -n "${IF_VETH_MASQUERADE}" ||
exit 0
27 if [ -n "${IF_ADDRESS}" -a -n "${IF_NETMASK}" ]; then
28 iptables
-t raw
-A PREROUTING
-s "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT
--zone 1
29 iptables
-t raw
-A PREROUTING
-d "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT
--zone 1
30 iptables
-t nat
-A POSTROUTING
-s "${IF_ADDRESS}/${IF_NETMASK}" -o "${IF_VETH_MASQUERADE}" -j MASQUERADE
32 echo "unable to setup VETH_MASQUERADE - no address/network"
38 elif [ "${MODE}" = "stop" ]; then
43 brctl delif
"${IF_VETH_BRIDGETO}" "${IFACE}peer"
44 ip link
set "${IFACE}peer" down ||
exit 1
45 ip link del
"${IFACE}" ||
exit 1
49 test -n "${IF_VETH_MASQUERADE}" ||
exit 0
50 if [ -n "${IF_ADDRESS}" -a -n "${IF_NETMASK}" ]; then
51 iptables
-t raw
-D PREROUTING
-s "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT
--zone 1
52 iptables
-t raw
-D PREROUTING
-d "${IF_ADDRESS}/${IF_NETMASK}" -i "${IF_VETH_BRIDGETO}" -j CT
--zone 1
53 iptables
-t nat
-D POSTROUTING
-s "${IF_ADDRESS}/${IF_NETMASK}" -o "${IF_VETH_MASQUERADE}" -j MASQUERADE
projects / pve-firewall.git / blob