diff options
| author | Wojciech Kosior <kwojtus@protonmail.com> | 2020-06-17 20:01:53 +0200 |
|---|---|---|
| committer | Wojciech Kosior <kwojtus@protonmail.com> | 2020-06-17 20:01:53 +0200 |
| commit | 498f538bfa910e6954c667ff4e651f50f6bd9898 (patch) | |
| tree | 4517466c06198e4ffc04c819b223aec4c713c33f | |
| parent | fc1e1d66c35807b856591caa470886ea51507a0e (diff) | |
| download | 0tdns-498f538bfa910e6954c667ff4e651f50f6bd9898.tar.gz 0tdns-498f538bfa910e6954c667ff4e651f50f6bd9898.zip | |
don't enable routing on all interfaces
| -rwxr-xr-x | src/netns-script | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/netns-script b/src/netns-script index f4380eb..9401ece 100755 --- a/src/netns-script +++ b/src/netns-script @@ -12,6 +12,10 @@ # ROUTE_THROUGH_VETH # PHYSICAL_IP +# tag veth names so that they are uniqie between instances of this script +VETH0=v0tdns${WRAPPER_PID}_0 +VETH1=v0tdns${WRAPPER_PID}_1 + case $script_type in up) ip netns add $NAMESPACE_NAME @@ -36,8 +40,9 @@ case $script_type in ip netns exec $NAMESPACE_NAME ip link set $VETH1 up ;; route-up) - # TODO change to only forward from necessary interfaces - echo 1 > /proc/sys/net/ipv4/conf/all/forwarding + # user is responsible for enabling routing from physical + # interface to veth devices, we're enabling the reverse way + echo 1 > /proc/sys/net/ipv4/conf/$VETH0/forwarding ip netns exec $NAMESPACE_NAME ip route add default via "$ifconfig_remote" |