From 498f538bfa910e6954c667ff4e651f50f6bd9898 Mon Sep 17 00:00:00 2001
From: Wojciech Kosior <kwojtus@protonmail.com>
Date: Wed, 17 Jun 2020 20:01:53 +0200
Subject: don't enable routing on all interfaces

---
 src/netns-script | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/netns-script b/src/netns-script
index f4380eb..9401ece 100755
--- a/src/netns-script
+++ b/src/netns-script
@@ -12,6 +12,10 @@
 #    ROUTE_THROUGH_VETH
 #    PHYSICAL_IP
 
+# tag veth names so that they are uniqie between instances of this script
+VETH0=v0tdns${WRAPPER_PID}_0
+VETH1=v0tdns${WRAPPER_PID}_1
+
 case $script_type in
     up)
 	        ip netns add $NAMESPACE_NAME
@@ -36,8 +40,9 @@ case $script_type in
 		ip netns exec $NAMESPACE_NAME ip link set $VETH1 up
                 ;;
         route-up)
-	        # TODO change to only forward from necessary interfaces
-	        echo 1 > /proc/sys/net/ipv4/conf/all/forwarding
+	        # user is responsible for enabling routing from physical
+	        # interface to veth devices, we're enabling the reverse way
+                echo 1 > /proc/sys/net/ipv4/conf/$VETH0/forwarding
 		
 	        ip netns exec $NAMESPACE_NAME ip route add default via "$ifconfig_remote"
 	    
-- 
cgit v1.2.3