ansible
4b01dfb51d
Quote all variable expansions in setup-bridge.sh, teardown-bridge.sh, and install.sh. Fix redirect order and unused variable in test-suite.sh. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
31 lines
1.1 KiB
Bash
Executable File
31 lines
1.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# Set up the fireclaw bridge and NAT rules
|
|
# Run with sudo
|
|
|
|
set -euo pipefail
|
|
|
|
BRIDGE="fcbr0"
|
|
BRIDGE_IP="172.16.0.1/24"
|
|
SUBNET="172.16.0.0/24"
|
|
EXT_IFACE=$(ip route show default | awk '{print $5; exit}')
|
|
|
|
echo "Creating bridge ${BRIDGE}..."
|
|
ip link add "${BRIDGE}" type bridge 2>/dev/null || echo "Bridge already exists"
|
|
ip addr add "${BRIDGE_IP}" dev "${BRIDGE}" 2>/dev/null || echo "Address already set"
|
|
ip link set "${BRIDGE}" up
|
|
|
|
echo "Enabling IP forwarding..."
|
|
sysctl -w net.ipv4.ip_forward=1
|
|
|
|
echo "Setting up NAT via ${EXT_IFACE}..."
|
|
iptables -t nat -C POSTROUTING -s "${SUBNET}" -o "${EXT_IFACE}" -j MASQUERADE 2>/dev/null || \
|
|
iptables -t nat -A POSTROUTING -s "${SUBNET}" -o "${EXT_IFACE}" -j MASQUERADE
|
|
|
|
iptables -C FORWARD -i "${BRIDGE}" -o "${EXT_IFACE}" -j ACCEPT 2>/dev/null || \
|
|
iptables -A FORWARD -i "${BRIDGE}" -o "${EXT_IFACE}" -j ACCEPT
|
|
|
|
iptables -C FORWARD -i "${EXT_IFACE}" -o "${BRIDGE}" -m state --state RELATED,ESTABLISHED -j ACCEPT 2>/dev/null || \
|
|
iptables -A FORWARD -i "${EXT_IFACE}" -o "${BRIDGE}" -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
echo "Done. Bridge ${BRIDGE} ready."
|