diff options
author | Peter Palfrader <peter@palfrader.org> | 2008-03-27 18:46:12 +0000 |
---|---|---|
committer | weasel <weasel@bc3d92e2-beff-0310-a7cd-cc87d7ac0ede> | 2008-03-27 18:46:12 +0000 |
commit | 0741d0d39fc9c0554e82b22cd32d696b25b4c790 (patch) | |
tree | a7ca28ec28c12d49a662a759ee8ae5f1a2f40887 | |
parent | bc6bff18e54797adde19456f15ab73ef3241e482 (diff) |
fermstuff
git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@322 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede
-rwxr-xr-x | Generate | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -390,6 +390,7 @@ hostlist.each{ |host| iptables = File.new("#{dir}/#{$NAMESPACE}.iptables.sh", "w") ip6tables = File.new("#{dir}/#{$NAMESPACE}.ip6tables.sh", "w") + ipferm = File.new("#{dir}/#{$NAMESPACE}.iptables.ferm", "w") iptables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}." iptables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin" iptables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'" @@ -404,6 +405,9 @@ hostlist.each{ |host| ip6tables.puts "ip6tables --flush vpn-#{$NAMESPACE}" end + ipferm.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}." + ipferm.puts "def &vpn_#{$NAMESPACE}() = {" + daemonsfilename = "#{dir}/#{$NAMESPACE}.quagga.daemons" daemons = File.new(daemonsfilename, "w") daemons.puts QUAGGA_DAEMONS.gsub('HOSTNAME', host['name']) @@ -698,6 +702,17 @@ hostlist.each{ |host| ip6tables.puts " --jump ACCEPT" end + ipferm.puts "#" + ipferm.puts "# to/from #{peer['name']}" + ipferm.puts " saddr #{ peer['host_address'] || '0.0.0.0/0' } daddr #{ host['host_address'] || '0.0.0.0/0' } " + + " proto udp dport #{ host['inet_port'][ peer['name'] ]['local'] } " + + " ACCEPT;" + + ipferm.puts " saddr #{ peer['vpn_address'] } daddr #{ host['vpn_address'] } " + + " proto tcp dport #{ host['bgp_port'] or '179' } " + + " interface #{ peer['ifacename'] } " + + " ACCEPT;" + ########## bgpd.puts "!" bgpd.puts "! ** peer #{peer['name']} **" @@ -739,6 +754,8 @@ hostlist.each{ |host| iptables.close ip6tables.close + ipferm.puts "}" + ipferm.close bgpd.close File.chmod(0600, bgpdfilename) == 1 or throw "Cannot chmod #{bgpdfilename}" |