Skip to content

T
tun
Commit 7ce44dfb authored by nanahira's avatar nanahira
Browse files
Options

use china and oversea ipset instead

parent 0c7baac2
Show whitespace changes
Inline Side-by-side
Showing with 15 additions and 19 deletions
ansible/scripts/switch-rules-up.sh.j2
View file @ 7ce44dfb
#!/bin/bash #!/bin/bash
source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh
## route plans chnroute
{% for plan in routePlans %}
ip rule add pref 400 fwmark {{plan.destMark}} lookup {{plan.destMark}}
interface_switch_chnroute -A u_{{plan.name}}_chnroute {{plan.destMark}}
restore_mark_switch -A {{plan.destMark}}
{% endfor %}
## local gateways chnroute
{% for gw in gateways %}
{% if gw.selectionMark > 0 %}
interface_switch_chnroute -A u_{{gw.isp}}_chnroute {{gw.selectionMark}}
restore_mark_switch -A {{gw.selectionMark}}
{% endif %}
{% endfor %}
## route plans ## route plans
{% for plan in routePlans %} {% for plan in routePlans %}
interface_switch -A u_{{plan.name}}_all {{plan.destMark}} ip rule add pref 400 fwmark {{plan.destMark}} lookup {{plan.destMark}}
interface_switch_china -A u_{{plan.name}}_china {{plan.destMark}}
interface_switch_oversea -A u_{{plan.name}}_oversea {{plan.destMark}}
restore_mark_switch -A {{plan.destMark}} restore_mark_switch -A {{plan.destMark}}
{% endfor %} {% endfor %}
## local gateways ## local gateways
{% for gw in gateways %} {% for gw in gateways %}
{% if gw.selectionMark > 0 %} {% if gw.selectionMark > 0 %}
interface_switch-A u_{{gw.isp}}_all {{gw.selectionMark}} interface_switch_china -A u_{{gw.isp}}_china {{gw.selectionMark}}
interface_switch_oversea -A u_{{gw.isp}}_oversea {{gw.selectionMark}}
restore_mark_switch -A {{gw.selectionMark}} restore_mark_switch -A {{gw.selectionMark}}
{% endif %} {% endif %}
{% endfor %} {% endfor %}
......
ansible/scripts/utility.sh.j2
View file @ 7ce44dfb
...@@ -52,10 +52,18 @@ interface_switch() { ...@@ -52,10 +52,18 @@ interface_switch() {
$IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst -j CONNMARK --set-xmark "$MARK" $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst -j CONNMARK --set-xmark "$MARK"
} }
interface_switch_chnroute() { interface_switch_china() {
OPTION=$1 OPTION=$1
IPSET=$2 IPSET=$2
MARK=$3 MARK=$3
ipset create "$IPSET" hash:net maxelem 1000000 || true ipset create "$IPSET" hash:net maxelem 1000000 || true
$IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set --match-set chnrouter dst -j CONNMARK --set-xmark "$MARK" $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst ! -m set --match-set chnrouter dst -j CONNMARK --set-xmark "$MARK"
}
interface_switch_oversea() {
OPTION=$1
IPSET=$2
MARK=$3
ipset create "$IPSET" hash:net maxelem 1000000 || true
$IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst -m set --match-set chnrouter dst -j CONNMARK --set-xmark "$MARK"
} }
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment