[opensuse] Policy routing question
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, Is it possible to define somewhere ip(route2) rules for activation during boot or I will need to write my own init script. Thank you in advance. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUtwRgAAoJEH8sJoKRFRU5+QUP+gPIiBUyODEAkDyjXJBDWG2r /d3NuMvv/s82xeRvuzZZJj7yXbgQQT4wwoV9kTDZRumTEYg5WD7CvOTvFy0INIFW wyZ23JdA9mRu+pQN0A1I5Krfz4+EPoX1k9TvddoIqJAn6YV+hffy1LCqAAJG+I8m ocCIJ8EH+kNNGN6Or1CoBcAMVDejoiVBQ/Zr/pay4pNHcyCcHCPuWA6uj3a2QWI5 QWnb9vO2OO5386aPzYixfcb0MfplRaA2ZZM0cwMg/arvtxnyI15e67+STHd67UyO 2T8Nq4yskJxYKZbhl2la2tmSFGcyH7Ex6AFK2o2OOjjtPpyKgur2abliY72CeKxZ gDFvvQizDmhREU1OuhHEIRA0wWolDTC2R2bZQpgPlnwChlM33U22uplQXY3+dTWI sZKTIvCTCwo51hz3d4xSYNDgwH0H8HsADbdfltJm/flYBpTkxnHF6lquQRbvZAcy 69kMUhVyeB8IEUQ4MPzgbmkezLlyyzggGjNpAOsg/Tao9Vrh7x5+snkNzoOJz211 JKbfa2Gth8Q6hLTrMWBuyCVr8M91ZQHuJxB73Ey+AFq3lFMzTxnZ7tCaGhnOidhh shf2J+HrLEbpWbyO7TK5r9ht11PqcYXBw8uAxOfWXEVSF8fGokpKst3G5mjYNHhH C0DoOZYtLCgWQS7LyEGt =pVtN -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 15 Jan 2015 01:05, I.Petrov
Hello,
Is it possible to define somewhere ip(route2) rules for activation during boot or I will need to write my own init script.
Thank you in advance.
Have a look at the SuSEfirewall2 configs. in "/etc/sysconfig/SuSEfirewall2" there is a item 'FW_CUSTOMRULES=' where you can include your own script with your private rules. Included is a example script: "/etc/sysconfig/scripts/SuSEfirewall2-custom" That should be much easier than writing a complete initscript / systemd unit. - Yamaban. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I.Petrov wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
Is it possible to define somewhere ip(route2) rules for activation during boot or I will need to write my own init script.
Static routes can be added to /etc/sysconfig/network/routes, is that what you're after? -- Per Jessen, Zürich (5.1°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/15/2015 03:32 AM, Per Jessen wrote:
I.Petrov wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
Is it possible to define somewhere ip(route2) rules for activation during boot or I will need to write my own init script. Static routes can be added to /etc/sysconfig/network/routes, is that what you're after?
They're normally added with the ip route add command. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 01/15/2015 03:32 AM, Per Jessen wrote:
I.Petrov wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
Is it possible to define somewhere ip(route2) rules for activation during boot or I will need to write my own init script. Static routes can be added to /etc/sysconfig/network/routes, is that what you're after?
They're normally added with the ip route add command.
Yep, so when you want them added on start-up, it's easier to amend that config. -- Per Jessen, Zürich (4.9°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/15/2015 01:36 PM, Per Jessen wrote:
They're normally added with the ip route add command.
Yep, so when you want them added on start-up, it's easier to amend that config.
Or in Yast. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, The /etc/sysconfig/network/routes is not a solution because as James says the file is used only for defining additional routes. I use it already for adding different gateways to different tables. I need for example the following rule: ip rule add from all fwmark 1 table 200 pref 200 which to be applied at boot time. The Yamaban suggestion is good but the documentation says that only iptables rules can be added in the SuSEfirewall2-custom file. I can modify directly /sbin/SuSEfirewall2 and to add the rules there at the end of the script. I think however that an additional init script will be a more elegant solution. Thanks for the suggestions. Best Regards, I. Petrov On 01/15/2015 09:01 PM, James Knott wrote:
On 01/15/2015 01:36 PM, Per Jessen wrote:
They're normally added with the ip route add command.
Yep, so when you want them added on start-up, it's easier to amend that config.
Or in Yast.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUuBRMAAoJEH8sJoKRFRU5R98QAJQKUztuXXrCAZcUEukIYM1j qs/sYZgQfwkL3qFvEdSb8QxARGGpbUu9k9xsVjotuRQuFtEEpk0vP6IakBXfMeab ONY/npuenEnaw+je+fw6E2Z7K8UVtfywZbLrNnew7M1ThNyQxM3kuzNNuoCdyOav DYD7iadMZaIi/q6yTpRK47VnwuIO8Y0FRtT41rXUSXtDJGv6sfyuXhxOC8LLLlwZ mbGk09U5/Mz3PZLOgKJre+wZXXi25YOS5uho9z2Jl1JKWyWcdSP7THUtZpkEvKtR vDwhnIae+61qwhiZ10bR6hWo76SB3IvrdAXphdxG4W1fiW6dC0cahHQShng0gHur XtMkHPqAAttGeoJAIz0+b/jnWE71qX44kc5A4uCOucENBFMmGjpgDUIm4cJ25+gp ZHI/Nc4j5bT8Eld9Bf+1DQEYE1sCsIyBKWeWB/+sgLgdCo0irjPlx2m/SBgq0Twj hm4vbm+IsVnATAw+VRF6kJSSDQhK2RCme7sHh8T0CKMUz2fCwrL7dowrMYuRuu6E +Dsi5AT6Om8+lPz2Gs5SjNTuU8I27YmM3HenKI2XCnvqtgJ5e2eVv+Vmzy4YiImW kLpmrJvQcw/v7bWlsc23FJEHvmx4g5DlfpD1Ysv6y2h4ZTrR8I+I+O3yvWKrMhdz 8mkceY++vgHdVNYbzV6g =+f17 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I.Petrov wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello,
The /etc/sysconfig/network/routes is not a solution because as James says the file is used only for defining additional routes. I use it already for adding different gateways to different tables. I need for example the following rule:
ip rule add from all fwmark 1 table 200 pref 200
It wasn't clear what you were really after. I would add that kind of thing in a separate startup unit. -- Per Jessen, Zürich (4.2°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (4)
-
I.Petrov -
James Knott -
Per Jessen -
Yamaban