"Fossies" - the Fresh Open Source Software Archive

Member "aif-2.1.1/share/arno-iptables-firewall/plugins/50multiroute.plugin" (16 Sep 2020, 7709 Bytes) of package /linux/privat/aif-2.1.1.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "50multiroute.plugin": 2.1.0_vs_2.1.1.

    1 # ------------------------------------------------------------------------------
    2 #            -= Arno's Iptables Firewall(AIF) - Multirouting plugin =-
    3 #
    4 PLUGIN_NAME="Multirouting plugin"
    5 PLUGIN_VERSION="1.00"
    6 PLUGIN_CONF_FILE="multiroute.conf"
    7 #
    8 # Last changed          : February 6, 2020
    9 # Requirements          : iproute2 (package) + kernel 2.6 with the following options set in:
   10 #                         Networking, Networking support, TCP/IP networking:
   11 #                               CONFIG_IP_ADVANCED_ROUTER=y (IP: advanced router)
   12 #                               CONFIG_IP_MULTIPLE_TABLES=y (IP: policy routing)
   13 #                               CONFIG_IP_ROUTE_MULTIPATH=y (IP: equal cost multipath)
   14 #
   15 # Comments              : This plugin enables IP multirouting (load balancing). Note
   16 #                         that it does NOT support redundant connections (fallback when
   17 #                         one of the links is down). This is NOT a limitation of this
   18 #                         plugin, but of the current Linux kernel that does not support
   19 #                         this(yet). To obtain the information needed to configure this plugin
   20 #                         use the 'ifconfig' and 'route' commands.
   21 #
   22 # Author                : (C) Copyright 2005-2020 by Arno van Amersfoort
   23 # Homepage              : https://rocky.eld.leidenuniv.nl/
   24 # Email                 : a r n o v a AT r o c k y DOT e l d DOT l e i d e n u n i v DOT n l
   25 #                         (note: you must remove all spaces and substitute the @ and the .
   26 #                         at the proper locations!)
   27 # ------------------------------------------------------------------------------
   28 # This program is free software; you can redistribute it and/or
   29 # modify it under the terms of the GNU General Public License
   30 # version 2 as published by the Free Software Foundation.
   31 #
   32 # This program is distributed in the hope that it will be useful,
   33 # but WITHOUT ANY WARRANTY; without even the implied warranty of
   34 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   35 # GNU General Public License for more details.
   36 #
   37 # You should have received a copy of the GNU General Public License
   38 # along with this program; if not, write to the Free Software
   39 # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
   40 # ------------------------------------------------------------------------------
   41 
   42 # Plugin start function
   43 plugin_start()
   44 {
   45   if [ "$RP_FILTER_DISABLE" = "1" ]; then
   46     # In some cases the rp_filter gives some problems, so we disable it and
   47     # rely on the anti-spoof rules in the firewall
   48     echo "${INDENT}Disabling RP_FILTER..."
   49     echo "0" >/proc/sys/net/ipv4/conf/$MULTIROUTE_EXT_IF1/rp_filter
   50     echo "0" >/proc/sys/net/ipv4/conf/$MULTIROUTE_EXT_IF2/rp_filter
   51   fi
   52 
   53   # Purge, just in case
   54   ip rule del from $MULTIROUTE_EXT_IP1 lookup 1 2>/dev/null
   55   ip rule del from $MULTIROUTE_EXT_IP2 lookup 2 2>/dev/null
   56 
   57   # Setup source IP routing rules for external interface 1
   58   echo "${INDENT}Setup source IP routing for $MULTIROUTE_EXT_IP1"
   59   ip rule add from $MULTIROUTE_EXT_IP1 lookup 1
   60 #    ip route replace 0/0 via $MULTIROUTE_EXT_ROUTER1 table 1
   61 
   62   echo "${INDENT}Setting default route for $MULTIROUTE_EXT_IF1 to $MULTIROUTE_EXT_ROUTER1 (table 1)"
   63   ip route replace default via $MULTIROUTE_EXT_ROUTER1 dev $MULTIROUTE_EXT_IF1 table 1
   64 
   65   echo "${INDENT}Setting route for $MULTIROUTE_INT_NET to $MULTIROUTE_INT_IP (table 1)"
   66   ip route replace $MULTIROUTE_INT_NET via $MULTIROUTE_INT_IP table 1
   67 
   68   # Setup source IP routing rules for external interface 2
   69   echo "${INDENT}Setup source IP routing for $MULTIROUTE_EXT_IP2"
   70   ip rule add from $MULTIROUTE_EXT_IP2 lookup 2
   71 #    ip route replace 0/0 via $MULTIROUTE_EXT_ROUTER2 table 2
   72 
   73   echo "${INDENT}Setting default route for $MULTIROUTE_EXT_IF2 to $MULTIROUTE_EXT_ROUTER2 (table 2)"
   74   ip route replace default via $MULTIROUTE_EXT_ROUTER2 dev $MULTIROUTE_EXT_IF2 table 2
   75 
   76   echo "${INDENT}Setting route for $MULTIROUTE_INT_NET to $MULTIROUTE_INT_IP (table 2)"
   77   ip route replace $MULTIROUTE_INT_NET via $MULTIROUTE_INT_IP table 2
   78 
   79   # Destroy old routes
   80   ip route del default via $MULTIROUTE_EXT_ROUTER1 dev $MULTIROUTE_EXT_IF1 2>/dev/null
   81   ip route del default via $MULTIROUTE_EXT_ROUTER2 dev $MULTIROUTE_EXT_IF2 2>/dev/null
   82   
   83   # Setup the actual loadbalancing
   84   echo "${INDENT}Enabling loadbalancing"
   85   echo "${INDENT} Adding external interface $MULTIROUTE_EXT_IF1, gw=$MULTIROUTE_EXT_ROUTER1, weight=$MULTIROUTE_EXT_WEIGHT1"
   86   echo "${INDENT} Adding external interface $MULTIROUTE_EXT_IF2, gw=$MULTIROUTE_EXT_ROUTER2, weight=$MULTIROUTE_EXT_WEIGHT2"
   87   ip route add default scope global \
   88     nexthop via $MULTIROUTE_EXT_ROUTER1 dev $MULTIROUTE_EXT_IF1 weight $MULTIROUTE_EXT_WEIGHT1 \
   89     nexthop via $MULTIROUTE_EXT_ROUTER2 dev $MULTIROUTE_EXT_IF2 weight $MULTIROUTE_EXT_WEIGHT2
   90 
   91   # Flush route cache
   92 #    echo "1" >/proc/sys/net/ipv4/route/flush
   93   ip route flush cache
   94 
   95   return 0
   96 }
   97 
   98 
   99 # Plugin stop function
  100 plugin_stop()
  101 {
  102   echo "${INDENT}Removing lookup rules"
  103   ip rule del from $MULTIROUTE_EXT_IP1 lookup 1
  104   ip rule del from $MULTIROUTE_EXT_IP2 lookup 2
  105   
  106   ip route del default via $MULTIROUTE_EXT_ROUTER1 dev $MULTIROUTE_EXT_IF1 2>/dev/null
  107   ip route del default via $MULTIROUTE_EXT_ROUTER2 dev $MULTIROUTE_EXT_IF2 2>/dev/null
  108 
  109   # Set default route to the first interface
  110   echo "${INDENT}Setting default (single) route to $MULTIROUTE_EXT_ROUTER1 on interface $MULTIROUTE_EXT_IF1"
  111   ip route add default via $MULTIROUTE_EXT_ROUTER1 dev $MULTIROUTE_EXT_IF1
  112 
  113   # Flush route cache
  114 #    echo "1" >/proc/sys/net/ipv4/route/flush
  115   ip route flush cache
  116     
  117   return 0
  118 }
  119 
  120 
  121 # Plugin status function
  122 plugin_status()
  123 {
  124   ip rule show
  125   ip route show
  126   
  127   return 0
  128 }
  129 
  130 
  131 # Check sanity of eg. environment
  132 plugin_sanity_check()
  133 {
  134   # Set default weight, if not specified
  135   if [ -z "$MULTIROUTE_EXT_WEIGHT1" ]; then
  136     MULTIROUTE_EXT_WEIGHT1=1
  137   fi
  138   
  139   # Set default weight, if not specified
  140   if [ -z "$MULTIROUTE_EXT_WEIGHT2" ]; then
  141     MULTIROUTE_EXT_WEIGHT2=1
  142   fi
  143 
  144   if [ -z "$MULTIROUTE_EXT_IF1" -o -z "$MULTIROUTE_EXT_ROUTER1" -o -z "$MULTIROUTE_EXT_IP1" -o \
  145        -z "$MULTIROUTE_EXT_IF2" -o -z "$MULTIROUTE_EXT_ROUTER2" -o -z "$MULTIROUTE_EXT_IP2" -o \
  146        -z "$MULTIROUTE_INT_IP"  -o -z "$MULTIROUTE_INT_NET" -o \
  147        $MULTIROUTE_EXT_WEIGHT1 -le 0 -o $MULTIROUTE_EXT_WEIGHT2 -le 0 ]; then
  148     printf "\033[40m\033[1;31m  ERROR: The plugin config file is not properly set!\033[0m\n" >&2
  149     return 1
  150   fi
  151 
  152   return 0
  153 }
  154 
  155 
  156 ############
  157 # Mainline #
  158 ############
  159 
  160 # Check where to find the config file
  161 CONF_FILE=""
  162 if [ -n "$PLUGIN_CONF_PATH" ]; then
  163   CONF_FILE="$PLUGIN_CONF_PATH/$PLUGIN_CONF_FILE"
  164 fi
  165 
  166 # Preinit to success:
  167 PLUGIN_RET_VAL=0
  168 
  169 # Check if the config file exists
  170 if [ ! -f "$CONF_FILE" ]; then
  171   printf "NOTE: Config file \"$CONF_FILE\" not found!\n        Plugin \"$PLUGIN_NAME v$PLUGIN_VERSION\" ignored!\n" >&2
  172 else
  173   # Source the plugin config file
  174   . "$CONF_FILE"
  175 
  176   if [ "$ENABLED" = "1" ] ||
  177      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "stop" ] ||
  178      [ -n "$PLUGIN_LOAD_FILE" -a "$PLUGIN_CMD" = "status" ]; then
  179     # Show who we are:
  180     echo "${INDENT}$PLUGIN_NAME v$PLUGIN_VERSION"
  181 
  182     # Increment indention
  183     INDENT="$INDENT "
  184 
  185     # Only proceed if environment ok
  186     if ! plugin_sanity_check; then
  187       PLUGIN_RET_VAL=1
  188     else
  189       case $PLUGIN_CMD in
  190         start|'') plugin_start; PLUGIN_RET_VAL=$? ;;
  191         stop    ) plugin_stop; PLUGIN_RET_VAL=$? ;;
  192         status  ) plugin_status; PLUGIN_RET_VAL=$? ;;
  193         *       ) PLUGIN_RET_VAL=1; printf "\033[40m\033[1;31m${INDENT}ERROR: Invalid plugin option \"$PLUGIN_CMD\"!\033[0m\n" >&2 ;;
  194       esac
  195     fi
  196   fi
  197 fi