unfinished

dc1f12e9 · nanahira · 9b821997 · dc1f12e9 · dc1f12e9 · dc1f12e9
Commit dc1f12e9 authored May 05, 2021 by nanahira
3 changed files
--- a/ansible/scripts/switch-rules-down.sh.j2
+++ b/ansible/scripts/switch-rules-down.sh.j2
 #!/bin/bash
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh

+ip rule del pref 300 fwmark 999 table 999
+ip route del local default dev lo table 999
 iptables -t mangle -F NEXTGEN_SWITCH

 ## restore mark

--- a/ansible/scripts/switch-rules-up.sh.j2
+++ b/ansible/scripts/switch-rules-up.sh.j2
 #!/bin/bash
 source {{ansible_user_dir}}/nextgen-network/scripts/utility.sh

+ip rule add pref 300 fwmark 999 table 999
+ip route replace local default dev lo table 999
+
 ## route plans
 {% for plan in routePlans %}
 ip rule add pref 400 fwmark {{plan.destMark}} lookup {{plan.destMark}}
@@ -15,6 +18,9 @@ restore_mark_switch -A {{plan.destMark}}
 interface_switch_china -A u_{{gw.isp}}_china {{gw.selectionMark}}
 interface_switch_oversea -A u_{{gw.isp}}_oversea {{gw.selectionMark}}
 restore_mark_switch -A {{gw.selectionMark}}
+{% if not gw.hidden %}
+interface_switch_tproxy -A {{gw.selectionMark}} {{gw.haproxyPort}}
+{% endif %}
 {% endif %}
 {% endfor %}


--- a/ansible/scripts/utility.sh.j2
+++ b/ansible/scripts/utility.sh.j2
@@ -67,3 +67,10 @@ interface_switch_oversea() {
  ipset create "$IPSET" hash:net maxelem 1000000 || true
  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark 0 -m set --match-set "$IPSET" src -m set ! --match-set mycard dst -m set --match-set chnrouter dst -j CONNMARK --set-xmark "$MARK"
 }
+
+interface_switch_tproxy() {
+  OPTION=$1
+  MARK=$2
+  HAPROXY_PORT=$3
+  $IPTABLES_EXEC -t mangle "$OPTION" NEXTGEN_SWITCH -m mark --mark "$MARK" -m set ! --match-set mycard dst -p tcp -m multiport --dports 80,443 -j TPROXY --on-port "$HAPROXY_PORT" --tproxy-mark 999
+}