fix create chain

9b821997 · nanahira · 335d0f12 · 9b821997
Commit 9b821997 authored Apr 17, 2021 by nanahira
Show whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

ansible/scripts/global-postup.sh.j2 ansible/scripts/global-postup.sh.j2 +2 -2

No files found.
--- a/ansible/scripts/global-postup.sh.j2
+++ b/ansible/scripts/global-postup.sh.j2
@@ -20,7 +20,7 @@ $IPTABLES_EXEC -t nat -A POSTROUTING -m set --match-set mycard src -m set ! --ma
 {% endfor %}

 # chain for wg origin
-# $IPTABLES_EXEC -t mangle -N NEXTGEN_ORIGIN
+$IPTABLES_EXEC -t mangle -N NEXTGEN_ORIGIN
 $IPTABLES_EXEC -t mangle -I PREROUTING -m mark --mark 0x0 ! -p ospf -j NEXTGEN_ORIGIN
 {% for interface in masqInterfaces %}
 $IPTABLES_EXEC -t mangle -A NEXTGEN_ORIGIN -i {{interface.name}} ! -p ospf -m set ! --match-set mycard src -j CONNMARK --set-xmark {{interface.mark}}
@@ -29,7 +29,7 @@ $IPTABLES_EXEC -t mangle -A OUTPUT -m connmark --mark {{interface.mark}} -j CONN
 # TODO: ip rule
 # ip rule add pref 300 fwmark {{interface.mark}} lookup {{interface.mark}}
 {% endfor %}
-# $IPTABLES_EXEC -t mangle -N NEXTGEN_SWITCH
+$IPTABLES_EXEC -t mangle -N NEXTGEN_SWITCH
 $IPTABLES_EXEC -t mangle -A PREROUTING -m mark --mark 0x0 ! -p ospf -m set ! --match-set mycard dst -j NEXTGEN_SWITCH

 $IPTABLES_EXEC -t mangle -I OUTPUT -m mark ! --mark 0 -j RETURN