diff options
author | Simon Rettberg | 2022-02-16 09:08:28 +0100 |
---|---|---|
committer | Simon Rettberg | 2022-02-16 09:08:28 +0100 |
commit | 8c5192827ca98211d924eef7f7acead0a9d3aa8d (patch) | |
tree | eff2b36f26493801dae808be46c501a031869eb6 /core/modules/run-virt | |
parent | [qemu] Downgrade Maven assembly plugin for Java 8 compatibility (diff) | |
download | mltk-8c5192827ca98211d924eef7f7acead0a9d3aa8d.tar.gz mltk-8c5192827ca98211d924eef7f7acead0a9d3aa8d.tar.xz mltk-8c5192827ca98211d924eef7f7acead0a9d3aa8d.zip |
[run-virt] Allow FORWARDing for all additional bridged NICs
Diffstat (limited to 'core/modules/run-virt')
-rwxr-xr-x | core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env index 0022bfd0..c3fc378e 100755 --- a/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env +++ b/core/modules/run-virt/data/opt/openslx/scripts/systemd-run_virt_env @@ -166,6 +166,21 @@ echo "1" >/proc/sys/net/ipv4/conf/nat1/forwarding echo "1" >/proc/sys/net/ipv4/conf/br0/forwarding 2>/dev/null # iptables masquerade rule is now inserted by /opt/openslx/iptables/rules.d/50-virt-nat1-masquerading +# Whitelist all additionally bridged nics for forwarding +extra= +echo "#!/bin/ash" > "/tmp/nic-forward.tmp" +for nic in /sys/class/net/br-nic-*; do + [ -d "$nic" ] || continue + extra=1 + echo "iptables -A FORWARD -i ${nic##*/} -j ACCEPT" + echo "iptables -A FORWARD -o ${nic##*/} -j ACCEPT" +done >> "/tmp/nic-forward.tmp" +if [ -n "$extra" ]; then + chmod +x "/tmp/nic-forward.tmp" + mv "/tmp/nic-forward.tmp" "/opt/openslx/iptables/rules.d/10-forward-additional-nics" +else + unlink "/tmp/nic-forward.tmp" +fi # creating and configuring vsw2 brctl addbr vsw2 |