summaryrefslogtreecommitdiffhomepage
path: root/contrib/package/freifunk-policyrouting/files/etc
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/package/freifunk-policyrouting/files/etc')
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting6
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting72
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting78
-rw-r--r--contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting7
4 files changed, 163 insertions, 0 deletions
diff --git a/contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting
new file mode 100644
index 0000000000..ba58625bc1
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/config/freifunk-policyrouting
@@ -0,0 +1,6 @@
+
+config 'settings' 'pr'
+ option 'enable' '0'
+ option 'strict' '1'
+ option 'zones' ''
+
diff --git a/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting
new file mode 100644
index 0000000000..3e6f8155c2
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/firewall/24-policyrouting
@@ -0,0 +1,72 @@
+if [ "$ACTION" = "add" ] && [ "$INTERFACE" = "wan" ]; then
+ pr=`uci get freifunk-policyrouting.pr.enable`
+ strict=`uci get freifunk-policyrouting.pr.strict`
+ zones=`uci get freifunk-policyrouting.pr.zones`
+
+ if [ $pr = "1" ]; then
+
+ # The wan device name
+ if [ -n "`uci -p /var/state get network.wan.ifname`" ]; then
+ wandev=`uci -p /var/state get network.wan.ifname`
+ else
+ wandev=`uci -p /var/state get network.wan.device`
+ fi
+
+ iptables -t mangle -D PREROUTING -j prerouting_policy > /dev/null 2>&1
+ iptables -t mangle -F prerouting_policy > /dev/null 2>&1
+ iptables -t mangle -N prerouting_policy > /dev/null 2>&1
+ iptables -t mangle -I PREROUTING -j prerouting_policy > /dev/null 2>&1
+
+ # If no route is in table olsr-default, then usually the hosts local default route is used.
+ # If set to strict then we add a filter which prevents this
+ if [ "$strict" == "1" ]; then
+ ln=$(( `iptables -L FORWARD -v --line-numbers | grep -m 1 reject | awk {' print $1 '}` - 1 ))
+ if [ ! $ln -gt 0 ]; then
+ ln=1
+ fi
+ if [ -z "`iptables -L |grep 'Chain forward_policy'`" ]; then
+ iptables -N forward_policy
+ fi
+ if [ -z "`iptables -L FORWARD -v |grep forward_policy`" ]; then
+ iptables -I FORWARD $ln -m mark --mark 1 -j forward_policy
+ fi
+ iptables -F forward_policy
+ iptables -I forward_policy -o $wandev -j REJECT --reject-with icmp-net-prohibited
+ fi
+
+ # set mark 1 for all packets coming in via enabled zones
+ for i in $zones; do
+ # find out which interfaces belong to this zone
+ zone=`uci show firewall |grep "name=$i" |awk {' FS="."; print $1"."$2 '}`
+ interfaces=`uci get $zone.network`
+ if [ "$interfaces" == "" ]; then
+ interfaces=$i
+ fi
+ for int in $interfaces; do
+ if [ "`uci -q get network.$int.type`" == "bridge" ]; then
+ dev="br-$int"
+ else
+ dev=`uci get network.$int.ifname`
+ fi
+ logger -t policyrouting "Add mark 1 to packages coming in via interface $dev"
+ iptables -t mangle -I prerouting_policy -i $dev -j MARK --set-mark 1
+ done
+ done
+ else
+ # Cleanup policy routing stuff that might be lingering around
+ if [ -n "`iptables -t mangle -L PREROUTING |grep _policy`" ]; then
+ logger -t policyrouting "Delete prerouting_policy chain in table mangle"
+ iptables -t mangle -D PREROUTING -j prerouting_policy
+ iptables -t mangle -F prerouting_policy
+ iptables -t mangle -X prerouting_policy
+ fi
+ if [ -n "`iptables -L FORWARD |grep forward_policy`" ]; then
+ logger -t policyrouting "Delete strict forwarding rules"
+ iptables -D FORWARD -m mark --mark 1 -j forward_policy
+ iptables -F forward_policy
+ iptables -X forward_policy
+ fi
+ logger -t policyrouting "All firewall rules for policyrouting removed."
+ fi
+fi
+
diff --git a/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting
new file mode 100644
index 0000000000..e3b0edeb30
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/hotplug.d/iface/30-policyrouting
@@ -0,0 +1,78 @@
+[ "$INTERFACE" != "wan" ] && exit 0
+
+case $ACTION in
+ ifup)
+ pr=`uci get freifunk-policyrouting.pr.enable`
+ if [ $pr = "1" ]; then
+ logger -t policyrouting "Starting policy routing on $INTERFACE"
+
+ # Setup new tables
+ tables="/etc/iproute2/rt_tables"
+ if [ -z "`grep "111" $tables`" ]; then
+ echo "111 olsr" >> $tables
+ fi
+ if [ -z "`grep "112" $tables`" ]; then
+ echo "112 olsr-default" >> $tables
+ fi
+
+ # Make sure Rt_tables in olsrd are in place
+ if [ ! "`uci -q get olsrd.@olsrd[0].RtTable`" == "111" ] || [ ! "`uci -q get olsrd.@olsrd[0].RtTableDefault`" == "112" ]; then
+ uci set olsrd.@olsrd[0].RtTable='111'
+ uci set olsrd.@olsrd[0].RtTableDefault='112'
+ uci commit
+ /etc/init.d/olsrd restart
+ fi
+
+ # Disable dyn_gw and dyngw_plain
+ dyngwlib=`uci show olsrd |grep dyn_gw.so |awk {' FS="."; print $1"."$2 '}`
+ if [ -n "$dyngwlib" ]; then
+ uci set $dyngwlib.ignore=1
+ uci commit
+ fi
+
+ dyngwplainlib=`uci show olsrd |grep dyn_gw_plain |awk {' FS="."; print $1"."$2 '}`
+ if [ -n "$dyngwplainlib" ]; then
+ uci set $dyngwplainlib.ignore=1
+ uci commit
+ fi
+
+ gw=`uci -p /var/state get network.wan.gateway`
+ netmask=`uci -p /var/state get network.wan.netmask`
+ if [ -z "$netmask" ]; then
+ NETMASK="255.255.255.255"
+ fi
+
+ if [ -n "`uci -p /var/state get network.wan.ifname`" ]; then
+ device=`uci -p /var/state get network.wan.ifname`
+ else
+ device=`uci -p /var/state get network.wan.device`
+ fi
+
+ eval `ipcalc.sh $gw $netmask`
+
+ test -n "`ip r s t default`" && ip r d default t default
+ test -n "`ip r s |grep default`" && ip route del default
+ ip route add $NETWORK/$NETMASK dev $device table default
+ ip route add default via $gw dev $device table default
+
+ ip rule del lookup main
+ ip rule add fwmark 1 lookup olsr-default
+ ip rule add lookup main
+ ip rule add lookup olsr
+ else
+ # Remove custom routing tables from olsrd
+ if [ "`uci -q get olsrd.@olsrd[0].RtTable`" == "111" ] || [ "`uci -q get olsrd.@olsrd[0].RtTableDefault`" == "112" ]; then
+ uci delete olsrd.@olsrd[0].RtTable
+ uci delete olsrd.@olsrd[0].RtTableDefault
+ uci commit
+ /etc/init.d/olsrd restart
+ fi
+ fi
+ ;;
+
+ ifdown)
+ logger -t policyrouting "Deleting policy rules for $INTERFACE"
+ ip rule del fwmark 1 lookup olsr-default > /dev/null 2>&1
+ ip rule del lookup olsr > /dev/null 2>&1
+ ;;
+esac
diff --git a/contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting b/contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting
new file mode 100644
index 0000000000..a6412d4df0
--- /dev/null
+++ b/contrib/package/freifunk-policyrouting/files/etc/uci-defaults/freifunk-policyrouting
@@ -0,0 +1,7 @@
+#!/bin/sh
+uci batch <<-EOF
+ add ucitrack freifunk-policyrouting
+ add_list ucitrack.@freifunk-policyrouting[-1].affects="network"
+ commit ucitrack
+EOF
+