From 17b7778bb9c1b98562b46b2352ac023f7da28bc1 Mon Sep 17 00:00:00 2001 From: William Steve Applegate Date: Wed, 19 Mar 2014 03:31:30 +0100 Subject: Fix missing autogenerated chain for IPv6 policy routing. Signed-off-by: Daniil Baturin --- scripts/firewall/vyatta-firewall.pl | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'scripts/firewall') diff --git a/scripts/firewall/vyatta-firewall.pl b/scripts/firewall/vyatta-firewall.pl index b29ded9..d9fca19 100755 --- a/scripts/firewall/vyatta-firewall.pl +++ b/scripts/firewall/vyatta-firewall.pl @@ -363,9 +363,13 @@ sub add_route_table { if ($table_count < 1) { my $mark = 0x7FFFFFFF + $table; system("ip rule add pref $table fwmark $mark table $table"); + system("ip -6 rule add pref $table fwmark $mark table $table"); run_cmd("iptables -t mangle -N VYATTA_PBR_$table", 1); run_cmd("iptables -t mangle -I VYATTA_PBR_$table 1 -j MARK --set-mark $mark", 1); run_cmd("iptables -t mangle -I VYATTA_PBR_$table 2 -j ACCEPT", 1); + run_cmd("ip6tables -t mangle -N VYATTA_PBR_$table", 1); + run_cmd("ip6tables -t mangle -I VYATTA_PBR_$table 1 -j MARK --set-mark $mark", 1); + run_cmd("ip6tables -t mangle -I VYATTA_PBR_$table 2 -j ACCEPT", 1); } write_refcnt_file($policy_ref_file, @newlines); @@ -393,7 +397,12 @@ sub remove_route_table { if ($ref < 1) { my $mark = 0x7FFFFFFF + $table; + system("ip -6 rule del pref $table fwmark $mark table $table"); system("ip rule del pref $table fwmark $mark table $table"); + run_cmd("ip6tables -t mangle -D VYATTA_PBR_$table 2", 1); + run_cmd("ip6tables -t mangle -D VYATTA_PBR_$table 1", 1); + run_cmd("ip6tables -t mangle -F VYATTA_PBR_$table", 1); + run_cmd("ip6tables -t mangle -X VYATTA_PBR_$table", 1); run_cmd("iptables -t mangle -D VYATTA_PBR_$table 2", 1); run_cmd("iptables -t mangle -D VYATTA_PBR_$table 1", 1); run_cmd("iptables -t mangle -F VYATTA_PBR_$table", 1); -- cgit v1.2.3