diff options
| -rwxr-xr-x | scripts/firewall/vyatta-firewall.pl | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index b29ded9..d9fca19 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -363,9 +363,13 @@ sub add_route_table { if ($table_count < 1) { my $mark = 0x7FFFFFFF + $table; system("ip rule add pref $table fwmark $mark table $table"); + system("ip -6 rule add pref $table fwmark $mark table $table"); run_cmd("iptables -t mangle -N VYATTA_PBR_$table", 1); run_cmd("iptables -t mangle -I VYATTA_PBR_$table 1 -j MARK --set-mark $mark", 1); run_cmd("iptables -t mangle -I VYATTA_PBR_$table 2 -j ACCEPT", 1); + run_cmd("ip6tables -t mangle -N VYATTA_PBR_$table", 1); + run_cmd("ip6tables -t mangle -I VYATTA_PBR_$table 1 -j MARK --set-mark $mark", 1); + run_cmd("ip6tables -t mangle -I VYATTA_PBR_$table 2 -j ACCEPT", 1); } write_refcnt_file($policy_ref_file, @newlines); @@ -393,7 +397,12 @@ sub remove_route_table { if ($ref < 1) { my $mark = 0x7FFFFFFF + $table; + system("ip -6 rule del pref $table fwmark $mark table $table"); system("ip rule del pref $table fwmark $mark table $table"); + run_cmd("ip6tables -t mangle -D VYATTA_PBR_$table 2", 1); + run_cmd("ip6tables -t mangle -D VYATTA_PBR_$table 1", 1); + run_cmd("ip6tables -t mangle -F VYATTA_PBR_$table", 1); + run_cmd("ip6tables -t mangle -X VYATTA_PBR_$table", 1); run_cmd("iptables -t mangle -D VYATTA_PBR_$table 2", 1); run_cmd("iptables -t mangle -D VYATTA_PBR_$table 1", 1); run_cmd("iptables -t mangle -F VYATTA_PBR_$table", 1); |