citadel/meta-citadel/recipes-core/base-files/files/citadel-ifconfig.sh

#!/bin/bash
#
# Called from /etc/udev/rules.d/citadel-network.rules to configure
# external network interfaces and the vz-clear bridge which is created
# automatically by systemd-nspawn when --network-zone=clear (or Zone=clear)
# option is used to launch a container.
# 
# Both the bridge device and external interfaces are masqueraded so that
# container veth instances added to the bridge will work.
#
# TODO: External interfaces need to have a set of filering rules applied.  
# The filtering rules should go in a separate script file in a more visible
# location such as /usr/share/citadel/citadel-firewall.sh
#

VZ_CLEAR_ADDRESS="172.17.0.1/24"

# add NAT rule for external interfaces and also for vz-clear bridge

iptables -t nat -A POSTROUTING -o ${1} -j MASQUERADE

if [[ ${1} == "vz-clear" ]]; then
    ip addr add ${VZ_CLEAR_ADDRESS} dev vz-clear
    ip link set vz-clear up
    exit 0
fi
Support for bridge-based veth networking 2018-03-06 13:52:07 -05:00			`#!/bin/bash`
			`#`
			`# Called from /etc/udev/rules.d/citadel-network.rules to configure`
			`# external network interfaces and the vz-clear bridge which is created`
			`# automatically by systemd-nspawn when --network-zone=clear (or Zone=clear)`
			`# option is used to launch a container.`
			`#`
			`# Both the bridge device and external interfaces are masqueraded so that`
			`# container veth instances added to the bridge will work.`
			`#`
			`# TODO: External interfaces need to have a set of filering rules applied.`
			`# The filtering rules should go in a separate script file in a more visible`
			`# location such as /usr/share/citadel/citadel-firewall.sh`
			`#`

			`VZ_CLEAR_ADDRESS="172.17.0.1/24"`

			`# add NAT rule for external interfaces and also for vz-clear bridge`

			`iptables -t nat -A POSTROUTING -o ${1} -j MASQUERADE`

			`if [[ ${1} == "vz-clear" ]]; then`
			`ip addr add ${VZ_CLEAR_ADDRESS} dev vz-clear`
			`ip link set vz-clear up`
			`exit 0`
			`fi`