fix localnet ipset

b63bffc1 · nanahira · 091d2266 · b63bffc1 · b63bffc1 · b63bffc1
Commit b63bffc1 authored Feb 04, 2021 by nanahira
Showing with 8 additions and 1 deletion

files/bridge-post-scripts/post-up.sh.j2 files/bridge-post-scripts/post-up.sh.j2 +1 -0

files/initialize.sh.j2 files/initialize.sh.j2 +1 -1

files/utility.sh.j2 files/utility.sh.j2 +6 -0

No files found.
--- a/files/bridge-post-scripts/post-up.sh.j2
+++ b/files/bridge-post-scripts/post-up.sh.j2
@@ -57,6 +57,7 @@ handle_gateway {{gateway.id}} {{gateway.address}} {% if gateway.mac is defined a

 {% if br.masq is defined and br.masq %}
 # Masquerade
+ensure_localnet_ipset
 iptables -t nat -A POSTROUTING -o "$BRIDGE_NAME" -m set --match-set localnet src -m set ! --match-set localnet dst -j MASQUERADE
 {% endif %}


--- a/files/initialize.sh.j2
+++ b/files/initialize.sh.j2
 #!/bin/bash
 source {{ansible_user_dir}}/nextgen-router/scripts/utility.sh

-ipset restore -f {{ansible_user_dir}}/nextgen-router/localnet-ipset
+ensure_localnet_ipset
 iptables-restore --noflush {{ansible_user_dir}}/iptables-gateways
 {% for subnet in localnets %}
 ip rule add pref 80 to {{subnet}} lookup main

--- a/files/utility.sh.j2
+++ b/files/utility.sh.j2
+ensure_localnet_ipset() {
+  ipset restore -f {{ansible_user_dir}}/nextgen-router/localnet-ipset
+}
+
 restore_mark() {
  OPTION=$1
  MARK=$2
@@ -12,6 +16,7 @@ restore_mark() {
 }

 ppp_origin() {
+  ensure_localnet_ipset
  OPTION=$1
  INTERFACE=$2
  MARK=$[1000 + $(echo "$INTERFACE" | sed "s/ppp//g")]
@@ -21,6 +26,7 @@ ppp_origin() {
 }

 eth_origin() {
+  ensure_localnet_ipset
  OPTION=$1
  BRIDGE_NAME=$2
  GATEWAY_ID=$3