From 1cd0ef3ee17e9e63f5cad06560f8acea82c0da30 Mon Sep 17 00:00:00 2001 From: Nils Schneider Date: Tue, 12 Apr 2016 12:24:35 +0200 Subject: [PATCH] gluon-next-node: split gluon-next-node-batman-adv Move ebtables rules dealing with bat0 to gluon-next-node-batman-adv. This new package should be used in batman-adv based setups instead of gluon-next-node. --- package/gluon-next-node-batman-adv/Makefile | 31 +++++++++++++++++++ .../gluon/ebtables/250-next-node-batman-adv | 17 ++++++++++ package/gluon-next-node/Makefile | 2 +- .../files/lib/gluon/ebtables/250-next-node | 15 --------- 4 files changed, 49 insertions(+), 16 deletions(-) create mode 100644 package/gluon-next-node-batman-adv/Makefile create mode 100644 package/gluon-next-node-batman-adv/files/lib/gluon/ebtables/250-next-node-batman-adv diff --git a/package/gluon-next-node-batman-adv/Makefile b/package/gluon-next-node-batman-adv/Makefile new file mode 100644 index 00000000..488c4e74 --- /dev/null +++ b/package/gluon-next-node-batman-adv/Makefile @@ -0,0 +1,31 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=gluon-next-node-batman-adv +PKG_VERSION:=1 + +PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME) + +include $(GLUONDIR)/include/package.mk + +define Package/gluon-next-node-batman-adv + SECTION:=gluon + CATEGORY:=Gluon + TITLE:=Next-node anycast address ebtables filter for batman-adv + DEPENDS:=+gluon-core +gluon-ebtables +gluon-next-node +gluon-mesh-batman-adv +kmod-macvlan +endef + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) +endef + +define Build/Configure +endef + +define Build/Compile +endef + +define Package/gluon-next-node-batman-adv/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,gluon-next-node-batman-adv)) diff --git a/package/gluon-next-node-batman-adv/files/lib/gluon/ebtables/250-next-node-batman-adv b/package/gluon-next-node-batman-adv/files/lib/gluon/ebtables/250-next-node-batman-adv new file mode 100644 index 00000000..6b9588f7 --- /dev/null +++ b/package/gluon-next-node-batman-adv/files/lib/gluon/ebtables/250-next-node-batman-adv @@ -0,0 +1,17 @@ +local site = require 'gluon.site_config' +local next_node = site.next_node + +rule('FORWARD --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') +rule('OUTPUT --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') +rule('FORWARD --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') +rule('OUTPUT --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') + +rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') +rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') +rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') +rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') + +rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') +rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') +rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP') +rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP') diff --git a/package/gluon-next-node/Makefile b/package/gluon-next-node/Makefile index df27ecbe..c08890b9 100644 --- a/package/gluon-next-node/Makefile +++ b/package/gluon-next-node/Makefile @@ -11,7 +11,7 @@ define Package/gluon-next-node SECTION:=gluon CATEGORY:=Gluon TITLE:=Next-node anycast address - DEPENDS:=+gluon-core +gluon-ebtables +gluon-mesh-batman-adv +kmod-macvlan + DEPENDS:=+gluon-core +gluon-ebtables +kmod-macvlan endef define Package/gluon-next-node/description diff --git a/package/gluon-next-node/files/lib/gluon/ebtables/250-next-node b/package/gluon-next-node/files/lib/gluon/ebtables/250-next-node index 0df7abcc..8ef5b986 100644 --- a/package/gluon-next-node/files/lib/gluon/ebtables/250-next-node +++ b/package/gluon-next-node/files/lib/gluon/ebtables/250-next-node @@ -3,18 +3,3 @@ local next_node = site.next_node rule('FORWARD --logical-in br-client -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP') rule('FORWARD --logical-in br-client -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP') - -rule('FORWARD --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP') -rule('FORWARD --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP') - -rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP') -rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP') - -rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP') -rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP') -rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')