-
Notifications
You must be signed in to change notification settings - Fork 0
/
run.sh
executable file
·93 lines (77 loc) · 2.26 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/sh
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
set -e
IPTABLES=${IPTABLES:-/sbin/iptables}
SLEEP_INTERVAL=${SLEEP_INTERVAL:-10}
CONFIG_DIR=${CONFIG_DIR:-/cfg}
if [[ -z ${UUID:-} ]]; then
UUID=$(date "+%s")
fi
COMMENT_PREFIX="custom-iptables-${UUID}"
log() {
local ts=$(date '+%m-%d %H:%M:%S')
echo "${ts}]" "$@"
}
update_nat() {
local mode=$1 # 'A' for add, 'D' for delete.
local subnet=$2
local comment=$3
# Check if the rule already exists if adding.
if [[ ${mode} = 'A' ]]; then
if ${IPTABLES} -t nat -C POSTROUTING -d ${subnet} \
-m comment --comment "${comment}" -j MASQUERADE \
2>/dev/null; then
log "NAT rule ${comment} is installed"
return
fi
fi
${IPTABLES} \
-t nat \
-${mode} POSTROUTING \
-d ${subnet} \
-m comment --comment "${comment}" \
-j MASQUERADE
case ${mode} in
'A') log "NAT rule ${comment} added";;
'D') log "NAT rule ${comment} deleted";;
esac
}
main() {
log "Starting custom-iptables (${CONFIG_DIR})"
local nat_rules=
while true; do
local old_nat_rules=${nat_rules}
nat_rules=
if [[ -r ${CONFIG_DIR}/nat.rules ]]; then
nat_rules=$(cat ${CONFIG_DIR}/nat.rules | sed 's/[ \n\t]\+$/x/g')
fi
# Remove the old NAT rules if config file has changed.
if [[ "${old_nat_rules}" != "${nat_rules}" ]]; then
log "Configuration change detected"
for subnet in ${old_nat_rules}; do
update_nat D ${subnet} "${COMMENT_PREFIX}: ${subnet}"
done
fi
if [[ -z "${nat_rules}" ]]; then
log "No NAT rules configured"
else
for subnet in ${old_nat_rules}; do
update_nat A ${subnet} "${COMMENT_PREFIX}: ${subnet}"
done
fi
sleep "${SLEEP_INTERVAL}"
done
}
main