diff options
author | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2016-08-29 19:54:38 +0200 |
---|---|---|
committer | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2016-08-29 19:54:38 +0200 |
commit | 7c658d08729d4bff498abd2a52214a8248313e9e (patch) | |
tree | e7643d5bb815582a8bb21dffdd1ee613c3d59cdb /misc | |
parent | 303513ab472c2d6405f72c75130c61760935e0d8 (diff) | |
download | chd_gestion-7c658d08729d4bff498abd2a52214a8248313e9e.zip chd_gestion-7c658d08729d4bff498abd2a52214a8248313e9e.tar.gz chd_gestion-7c658d08729d4bff498abd2a52214a8248313e9e.tar.bz2 |
misc/setup_routing.sh: bugfix : could leave stale NAT rules if equipment change on an already active service
Diffstat (limited to 'misc')
-rwxr-xr-x | misc/setup_routing.sh | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/misc/setup_routing.sh b/misc/setup_routing.sh index e11d5ee..6ca904f 100755 --- a/misc/setup_routing.sh +++ b/misc/setup_routing.sh @@ -153,6 +153,14 @@ function nat_setup() { ip addr show dev lo | grep -q "$ip4_public/32" || $DRY ip addr add $ip4_public/32 dev lo + # Remove PRE/POST old rules for the same ip4_public but wrong ip4_nexthop + # (happens if active service is updated, new equipement) + ruleno_pre=$(iptables -t nat -L PREROUTING -n --line-numbers | grep " $ip4_public " | grep -vE "to:$ip4_nexthop$" | cut -d' ' -f1 | head -n1) + [ -n "$ruleno_pre" ] && $DRY iptables -t nat -D PREROUTING $ruleno_pre + ruleno_post=$(iptables -t nat -L POSTROUTING -n --line-numbers | grep -E "to:$ip4_public$" | grep -v " $ip4_nexthop " | cut -d' ' -f1 | head -n1) + [ -n "$ruleno_post" ] && $DRY iptables -t nat -D POSTROUTING $ruleno_post + + # Insert PRE/POST rules if not already there iptables -t nat -L PREROUTING -n --line-numbers | grep -E "to:$ip4_nexthop$" -q \ || $DRY iptables -t nat -A PREROUTING -d $ip4_public -j DNAT --to-destination $ip4_nexthop |