summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rwxr-xr-xGenerate17
1 files changed, 17 insertions, 0 deletions
diff --git a/Generate b/Generate
index 6752a89..82882c1 100755
--- a/Generate
+++ b/Generate
@@ -390,6 +390,7 @@ hostlist.each{ |host|
iptables = File.new("#{dir}/#{$NAMESPACE}.iptables.sh", "w")
ip6tables = File.new("#{dir}/#{$NAMESPACE}.ip6tables.sh", "w")
+ ipferm = File.new("#{dir}/#{$NAMESPACE}.iptables.ferm", "w")
iptables.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}."
iptables.puts "PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"
iptables.puts "echo 'Doing #{$NAMESPACE} VPN rules.'"
@@ -404,6 +405,9 @@ hostlist.each{ |host|
ip6tables.puts "ip6tables --flush vpn-#{$NAMESPACE}"
end
+ ipferm.puts "# Automatically created on #{THISHOST} at #{RIGHTNOW} by #{THISPROGRAM}."
+ ipferm.puts "def &vpn_#{$NAMESPACE}() = {"
+
daemonsfilename = "#{dir}/#{$NAMESPACE}.quagga.daemons"
daemons = File.new(daemonsfilename, "w")
daemons.puts QUAGGA_DAEMONS.gsub('HOSTNAME', host['name'])
@@ -698,6 +702,17 @@ hostlist.each{ |host|
ip6tables.puts " --jump ACCEPT"
end
+ ipferm.puts "#"
+ ipferm.puts "# to/from #{peer['name']}"
+ ipferm.puts " saddr #{ peer['host_address'] || '0.0.0.0/0' } daddr #{ host['host_address'] || '0.0.0.0/0' } " +
+ " proto udp dport #{ host['inet_port'][ peer['name'] ]['local'] } " +
+ " ACCEPT;"
+
+ ipferm.puts " saddr #{ peer['vpn_address'] } daddr #{ host['vpn_address'] } " +
+ " proto tcp dport #{ host['bgp_port'] or '179' } " +
+ " interface #{ peer['ifacename'] } " +
+ " ACCEPT;"
+
##########
bgpd.puts "!"
bgpd.puts "! ** peer #{peer['name']} **"
@@ -739,6 +754,8 @@ hostlist.each{ |host|
iptables.close
ip6tables.close
+ ipferm.puts "}"
+ ipferm.close
bgpd.close
File.chmod(0600, bgpdfilename) == 1 or throw "Cannot chmod #{bgpdfilename}"