From 870a5252e568f4331c6f4cc1d67634f2d85ae76f Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Fri, 13 Nov 2020 23:04:43 +0100
Subject: [PATCH] bundles/pppd: add iptables rules on ifup/ifdown

---
 bundles/pppd/files/ip-down | 5 +++++
 bundles/pppd/files/ip-up   | 7 +++++++
 bundles/pppd/items.py      | 8 ++++++++
 3 files changed, 20 insertions(+)
 create mode 100644 bundles/pppd/files/ip-down
 create mode 100644 bundles/pppd/files/ip-up

diff --git a/bundles/pppd/files/ip-down b/bundles/pppd/files/ip-down
new file mode 100644
index 0000000..cb23a63
--- /dev/null
+++ b/bundles/pppd/files/ip-down
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+rm /etc/iptables-rules.d/90-pppd
+
+/usr/local/sbin/iptables-enforce
diff --git a/bundles/pppd/files/ip-up b/bundles/pppd/files/ip-up
new file mode 100644
index 0000000..faec9fe
--- /dev/null
+++ b/bundles/pppd/files/ip-up
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+INTERFACE=$1
+
+echo "iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE" > /etc/iptables-rules.d/90-pppd
+
+/usr/local/sbin/iptables-enforce
diff --git a/bundles/pppd/items.py b/bundles/pppd/items.py
index 3d63ca1..ff8378d 100644
--- a/bundles/pppd/items.py
+++ b/bundles/pppd/items.py
@@ -50,6 +50,14 @@ files = {
             'svc_systemd:pppoe:restart',
         },
     },
+    '/etc/ppp/ip-down.d/iptables': {
+        'source': 'ip-down',
+        'mode': '0755',
+    },
+    '/etc/ppp/ip-up.d/iptables': {
+        'source': 'ip-up',
+        'mode': '0755',
+    },
     '/etc/ppp/peers/provider': {
         'content_type': 'mako',
         'context': node.metadata['pppd'],