-
Notifications
You must be signed in to change notification settings - Fork 0
/
rt.sh
executable file
·137 lines (101 loc) · 3.12 KB
/
rt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
#!/bin/bash
MYDIR=$(dirname ${BASH_SOURCE[0]})
if [ -z $2 ]; then
echo "Please set profile name to use"
exit 1
fi
. $MYDIR/conf/profiles/$2
APP=${APP:-} # used for ipset table name
MYTABLE=${MYTABLE:-}
MYFWMARK=${MYFWMARK:-}
DEV=${DEV:-}
IPROUTE=${IPROUTE:-}
create_ipset_restore() {
local rules=$1
if [ -z ${rules} ]; then
local ROUTES=`python ${MYDIR}/main.py ipv4`
else
local ROUTES=`python ${MYDIR}/main.py ipv4 --nets="${rules}"`
fi
for r in ${ROUTES}; do
echo "add ${APP} ${r}\n"
done
}
do_custom_route(){
local rules=$1
ping -c 1 -n -W 1 ${IPROUTE} 1>/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Router ping test failed...aborting"
exit 1
fi
echo "My Router IP: ${IPROUTE}/${DEV}"
ipset create ${APP} hash:net 1>/dev/null 2>&1
echo "Getting sub-nets list for ${rules} and publishing them to the storage..."
echo -e $(create_ipset_restore ${rules}) | ipset restore -!
iptables -t mangle -A PREROUTING -m set --match-set ${APP} dst -j MARK --set-mark ${MYFWMARK}
iptables -t mangle -A OUTPUT -m set --match-set ${APP} dst -j MARK --set-mark ${MYFWMARK}
ip rule add fwmark ${MYFWMARK} table ${MYTABLE}
ip route add default via ${IPROUTE} dev ${DEV} table ${MYTABLE} prio 100
# allow async routes to work properly
echo 2 > /proc/sys/net/ipv4/conf/${DEV}/rp_filter
}
do_route(){
ping -c 1 -n -W 1 ${IPROUTE} 1>/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Router ping test failed...aborting"
exit 1
fi
echo "My Router IP: ${IPROUTE}"
ipset create ${APP} hash:net 1>/dev/null 2>&1
if [ $? -eq 0 ]; then
echo "Getting sub-nets list and publishing routes to the storage..."
echo -e $(create_ipset_restore) | ipset restore -!
else
echo "Using cached routes (run rt.sh reset to update cache) ..".
fi
iptables -t mangle -A PREROUTING -m set --match-set ${APP} dst -j MARK --set-mark ${MYFWMARK}
iptables -t mangle -A OUTPUT -m set --match-set ${APP} dst -j MARK --set-mark ${MYFWMARK}
ip rule add fwmark ${MYFWMARK} table ${MYTABLE}
ip route add default via ${IPROUTE} table ${MYTABLE} prio 100
# allow async routes to work properly
echo 2 > /proc/sys/net/ipv4/conf/${DEV}/rp_filter
}
do_unroute(){
echo "Removing routes..."
ping -c 1 -n -W 1 ${IPROUTE} 1>/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "Router ping test failed...aborting"
exit 1
fi
iptables -t mangle -D PREROUTING -m set --match-set ${APP} dst -j MARK --set-mark ${MYFWMARK} 1>/dev/null 2>&1
iptables -t mangle -D OUTPUT -m set --match-set ${APP} dst -j MARK --set-mark ${MYFWMARK} 1>/dev/null 2>&1
ip rule del fwmark ${MYFWMARK} table ${MYTABLE} 1>/dev/null 2>&1
ip route del prio 100 via ${IPROUTE} table ${MYTABLE} 1>/dev/null 2>&1
ip route del default table ${MYTABLE} prio 100
}
do_reset_cache(){
echo "Removing cached routes.."
ipset destroy ${APP} 1>/dev/null 2>&1
}
case $1 in
start)
do_route
;;
update)
if [ -z $3 ]; then
echo "please provide rule list to apply as argument"
exit 1
fi
do_custom_route "$3"
;;
stop)
do_unroute
;;
reset)
do_unroute
do_reset_cache
;;
*)
echo "rt.sh start|update|stop|reset <profile name> [rule name]"
;;
esac