#!/bin/sh source @@confddir@@/qemu-networking checkconfig() { if [ -z "${VMNETWORK}" ] || [ -z "${VMROUTERIP}" ] || [ -z "${BRIDGEDEV}" ] || [ -z "${TAPDEV}" ] then logger -s -p daemon.err -t qemu-networking.service \ "Qemu Networking not set up, please edit /etc/conf.d/qemu-networking" return 1 fi if [ ! -x $(type -P iptables) ] then logger -s -p daemon.err -t qemu-networking.service \ "No 'iptables' executable found, please install 'net-misc/iptables'" return 1 fi if [ ! -x $(type -P vde_switch) ] then logger -s -p daemon.err -t qemu-networking.service \ "No 'vde_switch' executable found, please install 'net-misc/vde2'" return 1 fi if [ ! -x $(type -P sysctl) ] then logger -s -p daemon.err -t qemu-networking.service \ "No 'sysctl' executable found, please install 'sys-apps/procps'" return 1 fi if systemctl --quiet is-active firewalld then if [ ! -x $(type -P firewall-cmd) ] then logger -s -p daemon.err -t qemu-networking.service \ "No 'firewall-cmd' executable found, please install 'net-misc/firewalld'" return 1 fi fi return 0 } case $1 in start) checkconfig || exit 6 # create interface vde_switch -tap ${TAPDEV} -daemon -mod 660 -group kvm -p /var/run/vde-qemu.pid ifconfig ${TAPDEV} ${VMROUTERIP} up # maquerade and forward if systemctl --quiet is-active firewalld then zone="$(firewall-cmd --get-zone-of-interface ${BRIDGEDEV})" firewall-cmd --quiet --zone="${zone}" --add-masquerade else sysctl -q -w net.ipv4.ip_forward=1 iptables -t nat -A POSTROUTING -s ${VMNETWORK} -o ${BRIDGEDEV} -j MASQUERADE fi ;; stop) checkconfig || exit 6 # masquerade and forward if systemctl --quiet is-active firewalld then zone="$(firewall-cmd --get-zone-of-interface ${BRIDGEDEV})" firewall-cmd --quiet --zone="${zone}" --remove-masquerade else iptables -t nat -D POSTROUTING -s ${VMNETWORK} -o ${BRIDGEDEV} -j MASQUERADE fi # destroy interface ifconfig ${TAPDEV} down pgrep -f vde_switch | xargs --no-run-if-empty kill -TERM ;; esac