diff options
author | Bob Gilligan <gilligan@vyatta.com> | 2009-12-02 11:49:20 -0800 |
---|---|---|
committer | Bob Gilligan <gilligan@vyatta.com> | 2009-12-02 11:49:20 -0800 |
commit | 6831f57d42c6384d9eb6aea4a4ca3c7a501e0283 (patch) | |
tree | 9af1c6dcc62606d7ba21d76301ab329da39c3ae1 | |
parent | 89ed6f0c001b336de55e285ed758cb7ac770e18a (diff) | |
download | vyatta-cfg-system-6831f57d42c6384d9eb6aea4a4ca3c7a501e0283.tar.gz vyatta-cfg-system-6831f57d42c6384d9eb6aea4a4ca3c7a501e0283.zip |
Co-ordinate global and per-interface IPv6 forwarding control.
Now a flag file indicates that IPv6 forwarding is disabled on a specific
interface.
-rw-r--r-- | templates/system/ipv6/disable-forwarding/node.def | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/templates/system/ipv6/disable-forwarding/node.def b/templates/system/ipv6/disable-forwarding/node.def index 5a7576c3..2c8f4ac5 100644 --- a/templates/system/ipv6/disable-forwarding/node.def +++ b/templates/system/ipv6/disable-forwarding/node.def @@ -1,3 +1,25 @@ -help: Disable IPv6 forwarding -create: sudo sh -c "echo 0 > /proc/sys/net/ipv6/conf/all/forwarding" -delete: sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/all/forwarding" +help: Disable IPv6 forwarding on all interfaces + +# Disable IPv6 forwarding for all interfaces we currently have, +# and set default such that it will be disabled on any new interfaces +# that come up after this. +create: + sudo sh -c "echo 0 > /proc/sys/net/ipv6/conf/all/forwarding" + sudo sh -c "echo 0 > /proc/sys/net/ipv6/conf/default/forwarding" + +# Re-enable IPv6 forwarding globally. But only enable it for those +# interfaces that do not have forwarding disabled on a per-interface +# basis. A per-interface flag file under /var/run/vyatta/ tells us if +# it is disabled. Restore default value so that any new interfaces +# that come up after this will have forwarding enabled. +delete: + cd /proc/sys/net/ipv6/conf + for i in * ; do + if [ "$i" = "default" -o "$i" = "all" -o ! -d "$i" ]; then + continue + fi + if [ ! -e /var/run/vyatta/ipv6_no_fwd.$i ]; then + sudo sh -c "echo 1 > $i/forwarding" + fi + done + sudo sh -c "echo 1 > /proc/sys/net/ipv6/conf/default/forwarding" |