bundles/pppd: add iptables rules on ifup/ifdown

2020-11-13 23:04:43 +01:00 · 2020-11-13 23:04:43 +01:00 · 870a5252e5
parent f65e216828
commit 870a5252e5
3 changed files with 20 additions and 0 deletions
--- a/bundles/pppd/files/ip-down
+++ b/bundles/pppd/files/ip-down
@ -0,0 +1,5 @@
+#!/bin/bash
+
+rm /etc/iptables-rules.d/90-pppd
+
+/usr/local/sbin/iptables-enforce
--- a/bundles/pppd/files/ip-up
+++ b/bundles/pppd/files/ip-up
@ -0,0 +1,7 @@
+#!/bin/bash
+
+INTERFACE=$1
+
+echo "iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE" > /etc/iptables-rules.d/90-pppd
+
+/usr/local/sbin/iptables-enforce
--- a/bundles/pppd/items.py
+++ b/bundles/pppd/items.py
@ -50,6 +50,14 @@ files = {
            'svc_systemd:pppoe:restart',
        },
    },
+    '/etc/ppp/ip-down.d/iptables': {
+        'source': 'ip-down',
+        'mode': '0755',
+    },
+    '/etc/ppp/ip-up.d/iptables': {
+        'source': 'ip-up',
+        'mode': '0755',
+    },
    '/etc/ppp/peers/provider': {
        'content_type': 'mako',
        'context': node.metadata['pppd'],