[systemd-devel] Policy Routing on a machine using systemd-networkd
Brendan Horan
brendanhoran at basstech.net
Tue Dec 22 17:11:06 PST 2015
----- On 20 Dec, 2015, at 9:52 PM, Marc Haber mh+systemd-devel at zugschlus.de wrote:
> *nudge*
>
> Is there really no option about this rather common issue?
Maybe you can post your work around for policy routing? (if you have one)
I would love to know as well.
>
> Greetings
> Marc
>
>
> On Tue, Dec 15, 2015 at 01:20:34PM +0100, Marc Haber wrote:
>> I would like to do policy routing on a router with ~ 10 interfaces
>> running Debian Linux and systemd. Networking is managed with ferm and
>> systemd-networkd.
>>
>> I now need Policy Routing. What is the recommended way to handle the
>> usual knot of iptables, ip rule and ip route statement in a clear and
>> beautiful way in a systemd environment?
>>
>> As far as I know, systemd-network has not yet implemented policy
>> routing, so the canonical way (for me, as a systemd newbie) to
>> implement this would be a sysv init script containing the needed
>> commands.
>>
>> What would be the "correct" way to do this in a systemd setup?
>>
>> Actually, I need something that does the following:
>>
>> o prevent a default route from being present in the main table (either
>> by preventing it from being set in the first place or removing it
>> idempotently)
>> o Establish a number of iptables rules to set fwmarks
>> o Establish a number of extra routing tables with a set of rules
>> o Establish a number of ip rule rules regarding source IP ranges or
>> fwmarks.
>>
>> How would I do that in systemd? Am I doing ok with a Type=oneshot
>> service unit with a bunch of ExecStart Options? Or is there another
>> recommended way?
>
> --
> -----------------------------------------------------------------------------
> Marc Haber | "I don't trust Computers. They | Mailadresse im Header
> Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
> Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
More information about the systemd-devel
mailing list