summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Pouzenc <ludovic@pouzenc.fr>2016-08-29 19:54:38 +0200
committerLudovic Pouzenc <ludovic@pouzenc.fr>2016-08-29 19:54:38 +0200
commit7c658d08729d4bff498abd2a52214a8248313e9e (patch)
treee7643d5bb815582a8bb21dffdd1ee613c3d59cdb
parent303513ab472c2d6405f72c75130c61760935e0d8 (diff)
downloadchd_gestion-7c658d08729d4bff498abd2a52214a8248313e9e.zip
chd_gestion-7c658d08729d4bff498abd2a52214a8248313e9e.tar.gz
chd_gestion-7c658d08729d4bff498abd2a52214a8248313e9e.tar.bz2
misc/setup_routing.sh: bugfix : could leave stale NAT rules if equipment change on an already active service
-rwxr-xr-xmisc/setup_routing.sh8
1 files changed, 8 insertions, 0 deletions
diff --git a/misc/setup_routing.sh b/misc/setup_routing.sh
index e11d5ee..6ca904f 100755
--- a/misc/setup_routing.sh
+++ b/misc/setup_routing.sh
@@ -153,6 +153,14 @@ function nat_setup() {
ip addr show dev lo | grep -q "$ip4_public/32" || $DRY ip addr add $ip4_public/32 dev lo
+ # Remove PRE/POST old rules for the same ip4_public but wrong ip4_nexthop
+ # (happens if active service is updated, new equipement)
+ ruleno_pre=$(iptables -t nat -L PREROUTING -n --line-numbers | grep " $ip4_public " | grep -vE "to:$ip4_nexthop$" | cut -d' ' -f1 | head -n1)
+ [ -n "$ruleno_pre" ] && $DRY iptables -t nat -D PREROUTING $ruleno_pre
+ ruleno_post=$(iptables -t nat -L POSTROUTING -n --line-numbers | grep -E "to:$ip4_public$" | grep -v " $ip4_nexthop " | cut -d' ' -f1 | head -n1)
+ [ -n "$ruleno_post" ] && $DRY iptables -t nat -D POSTROUTING $ruleno_post
+
+ # Insert PRE/POST rules if not already there
iptables -t nat -L PREROUTING -n --line-numbers | grep -E "to:$ip4_nexthop$" -q \
|| $DRY iptables -t nat -A PREROUTING -d $ip4_public -j DNAT --to-destination $ip4_nexthop