# Unknown network
[ -z "$network" ] && exit 0
+if [ "$state" == "started" ]; then
+ # Start border
+ set_forward_border "$network" "$device" enable
+
+ # Configure device
+ conf_set "$device" accept_ra 2
+ conf_set "$device" forwarding 2
+
+ # Trigger RS
+ conf_set "$device" disable_ipv6 1
+ conf_set "$device" disable_ipv6 0
+
+ exit 0
+elif [ "$state" == "stopped" ]; then
+ # Deconfigure device
+ conf_set "$device" accept_ra 1
+ conf_set "$device" forwarding 1
+
+ # Disable border
+ set_forward_border "$network" "$device" disable
+
+ exit 0
+fi
# Announce prefixes
for prefix in $PREFIXES; do
done
-# Enable relaying if requested
+# Enable relaying if requested and we didn't get a prefix, disable otherwise
local fallback="stop"
[ -z "$PREFIXES" -a "$state" != "unbound" ] && fallback="start"
setup_prefix_fallback "$fallback" "$network" "$device"
# Operations in case of success
[ "$state" == "timeout" -o "$state" == "unbound" ] && exit 0
+# Handshake completed, disable forwarding border
+set_forward_border "$network" "$device" disable
+
local peerdns
config_get_bool peerdns "$network" peerdns 1
[ "$peerdns" -eq "1" ] && {
restart_master_relay() {
local network="$1"
local mode="$2"
- local pid_fallback="/var/run/ipv6-relay-fallback-$network.pid"
- local pid_forced="/var/run/ipv6-relay-forced-$network.pid"
# Disable active relaying to this interface
config_get relay_master "$network" relay_master
network_is_up "$relay_master" || return
# Detect running mode
- [ -z "$mode" && -f "$pid_fallback" ] && mode="fallback"
- [ -z "$mode" && -f "$pid_forced" ] && mode="forced"
+ local pid_fallback="/var/run/ipv6-relay-fallback-$relay_master.pid"
+ local pid_forced="/var/run/ipv6-relay-forced-$relay_master.pid"
+ [ -z "$mode" -a -f "$pid_fallback" ] && mode="fallback"
+ [ -z "$mode" -a -f "$pid_forced" ] && mode="forced"
# Restart relay if running or start requested
[ -n "$mode" ] && restart_relay "$relay_master" "$mode"
}
+set_forward_border() {
+ local network="$1"
+ local device="$2"
+ local method="$3"
+ local fwscript="/var/etc/ipv6-firewall.d/forward-border-$network.sh"
+
+ if [ "$method" == "enable" ]; then
+ mkdir -p $(dirname "$fwscript")
+ echo "ip6tables -A forwarding_rule -o \"$device\" -j REJECT --reject-with icmp6-no-route" > "$fwscript"
+ . "$fwscript"
+ else
+ [ -f "$fwscript" ] || return
+ rm -f "$fwscript"
+ # Racy race race
+ ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
+ ip6tables -D forwarding_rule -o "$device" -j REJECT --reject-with icmp6-no-route 2>/dev/null
+ fi
+}
+
+
disable_interface() {
local network="$1"
[ "$global_forward" != "1" ] && conf_set all forwarding 1
# Configure device
- conf_set "$device" accept_ra 1
conf_set "$device" forwarding 1
+ conf_set "$device" accept_ra 1
# Enable ULA
enable_ula_prefix "$network" global "$device"
local network="$1"
local device="$2"
- # Configure device
- conf_set "$device" accept_ra 2
- conf_set "$device" forwarding 2
-
- # Trigger RS
- conf_set "$device" disable_ipv6 1
- conf_set "$device" disable_ipv6 0
-
# Configure DHCPv6-client
local dhcp6_opts="$device"