aboutsummaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorMartin Schanzenbach <mschanzenbach@posteo.de>2022-03-07 09:34:29 +0100
committerMartin Schanzenbach <mschanzenbach@posteo.de>2022-03-07 09:34:38 +0100
commitfd88ee22f383b42084acbb2a44c356e2d277e912 (patch)
tree6d43a4d3f2c088845f0458645f8ea1289fbdc74f /contrib
parent1f240bd13fbbe28b1610fe10d298afcd7c61b81e (diff)
downloadgnunet-fd88ee22f383b42084acbb2a44c356e2d277e912.tar.gz
gnunet-fd88ee22f383b42084acbb2a44c356e2d277e912.zip
-use nft instead of iptables for netjail
Diffstat (limited to 'contrib')
m---------contrib/gana0
-rwxr-xr-xcontrib/netjail/netjail_core.sh4
-rwxr-xr-xcontrib/netjail/netjail_start.sh8
3 files changed, 7 insertions, 5 deletions
diff --git a/contrib/gana b/contrib/gana
Subproject 6b889c206c1948cf7180e9d5478fd8fba65617e Subproject 048ad729b3177a5de1726517bc905e6cd7688d0
diff --git a/contrib/netjail/netjail_core.sh b/contrib/netjail/netjail_core.sh
index ed363cf35..de8838775 100755
--- a/contrib/netjail/netjail_core.sh
+++ b/contrib/netjail/netjail_core.sh
@@ -188,7 +188,9 @@ netjail_node_add_nat() {
188 local ADDRESS=$2 188 local ADDRESS=$2
189 local MASK=$3 189 local MASK=$3
190 190
191 ip netns exec $NODE iptables -t nat -A POSTROUTING -s "$ADDRESS/$MASK" -j MASQUERADE 191 ip netns exec $NODE nft add table nat
192 ip netns exec $NODE nft add chain nat postrouting { type nat hook postrouting priority 0 \; }
193 ip netns exec $NODE nft add rule ip nat postrouting ip saddr "$ADDRESS/$MASK" counter masquerade
192} 194}
193 195
194netjail_node_add_default() { 196netjail_node_add_default() {
diff --git a/contrib/netjail/netjail_start.sh b/contrib/netjail/netjail_start.sh
index f7c417c27..d8e69c9cf 100755
--- a/contrib/netjail/netjail_start.sh
+++ b/contrib/netjail/netjail_start.sh
@@ -77,12 +77,12 @@ for N in $(seq $GLOBAL_N); do
77 77
78 if [ "1" == "${R_TCP[$N]}" ] 78 if [ "1" == "${R_TCP[$N]}" ]
79 then 79 then
80 ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p tcp -d $GLOBAL_GROUP.$N --dport 60002 -j DNAT --to $LOCAL_GROUP.1 80 ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N tcp dport 60002 counter dnat to $LOCAL_GROUP.1
81 ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 81 ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept
82 fi 82 fi
83 if [ "1" == "${R_UDP[$N]}" ] 83 if [ "1" == "${R_UDP[$N]}" ]
84 then 84 then
85 ip netns exec ${ROUTERS[$N]} iptables -t nat -A PREROUTING -p udp -d $GLOBAL_GROUP.$N --dport $PORT -j DNAT --to $LOCAL_GROUP.1 85 ip netns exec ${ROUTERS[$N]} nft add rule ip nat prerouting ip daddr $GLOBAL_GROUP.$N udp dport $PORT counter dnat to $LOCAL_GROUP.1
86 ip netns exec ${ROUTERS[$N]} iptables -A FORWARD -d $LOCAL_GROUP.1 -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT 86 ip netns exec ${ROUTERS[$N]} nft add rule ip filter FORWARD ip daddr $LOCAL_GROUP.1 ct state new,related,established counter accept
87 fi 87 fi
88done 88done
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 02:35:58 +0000