Skip to content

T
tun
Commit 5c3adadb authored by nanahira's avatar nanahira
Browse files
Options

fix

parent 02b637e9
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 7 deletions
ansible/scripts/global-postdown.sh.j2
View file @ 5c3adadb
...@@ -6,18 +6,19 @@ ...@@ -6,18 +6,19 @@
{% if gateway.isTun %} {% if gateway.isTun %}
DEV={{gateway.dev_or_via}} DEV={{gateway.dev_or_via}}
IPTABLES_MARK_CONDITION="-i $DEV"
ip route del default dev $DEV table {{gateway.mark}} ip route del default dev $DEV table {{gateway.mark}}
iptables -t mangle -D PREROUTING -i $DEV -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
{% else %} {% else %}
ping {{gateway.dev_or_via}} -c - ping {{gateway.dev_or_via}} -c 1
NEIGH_LINE=$(ip neigh show {{gateway.dev_or_via}}) NEIGH_LINE=$(ip neigh show {{gateway.dev_or_via}})
DEV=$(echo $NEIGH_LINE | awk '{print $3}') DEV=$(echo $NEIGH_LINE | awk '{print $3}')
MAC=$(echo $NEIGH_LINE | awk '{print $5}') MAC=$(echo $NEIGH_LINE | awk '{print $5}')
IPTABLES_MARK_CONDITION="-i $DEV -m mac --mac-source $MAC"
ip route del default via {{gateway.dev_or_via}} dev $DEV table {{gateway.mark}} ip route del default via {{gateway.dev_or_via}} dev $DEV table {{gateway.mark}}
iptables -t mangle -D PREROUTING -i $DEV -m mac --mac-source $MAC -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
{% endif %} {% endif %}
bash -c "iptables -t mangle -D PREROUTING $IPTABLES_MARK_CONDITION -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}} ; iptables -t mangle -D PREROUTING -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark ; iptables -t mangle -D OUTPUT -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark" iptables -t mangle -D PREROUTING -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
iptables -t mangle -D OUTPUT -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
{% endif %} {% endif %}
......
ansible/scripts/global-postup.sh.j2
View file @ 5c3adadb
...@@ -12,18 +12,19 @@ ipset restore -f /etc/wireguard/{{list}}.ipset ...@@ -12,18 +12,19 @@ ipset restore -f /etc/wireguard/{{list}}.ipset
{% if gateway.isTun %} {% if gateway.isTun %}
DEV={{gateway.dev_or_via}} DEV={{gateway.dev_or_via}}
IPTABLES_MARK_CONDITION="-i $DEV"
ip route add default dev $DEV table {{gateway.mark}} ip route add default dev $DEV table {{gateway.mark}}
iptables -t mangle -A PREROUTING -i $DEV -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
{% else %} {% else %}
ping {{gateway.dev_or_via}} -c 1 ping {{gateway.dev_or_via}} -c 1
NEIGH_LINE=$(ip neigh show {{gateway.dev_or_via}}) NEIGH_LINE=$(ip neigh show {{gateway.dev_or_via}})
DEV=$(echo $NEIGH_LINE | awk '{print $3}') DEV=$(echo $NEIGH_LINE | awk '{print $3}')
MAC=$(echo $NEIGH_LINE | awk '{print $5}') MAC=$(echo $NEIGH_LINE | awk '{print $5}')
IPTABLES_MARK_CONDITION="-i $DEV -m mac --mac-source $MAC"
ip route add default via {{gateway.dev_or_via}} dev $DEV table {{gateway.mark}} ip route add default via {{gateway.dev_or_via}} dev $DEV table {{gateway.mark}}
iptables -t mangle -A PREROUTING -i $DEV -m mac --mac-source $MAC -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}}
{% endif %} {% endif %}
bash -c "iptables -t mangle -A PREROUTING $IPTABLES_MARK_CONDITION -m set ! --match-set mycard src -j CONNMARK --set-xmark {{gateway.mark}} ; iptables -t mangle -A PREROUTING -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark ; iptables -t mangle -A OUTPUT -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark" iptables -t mangle -A PREROUTING -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m connmark --mark {{gateway.mark}} -j CONNMARK --restore-mark
{% endif %} {% endif %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment