# Options:
# - pointopoint=IP: other endpoint's (private) IP (sets routing)
# - snat=1: enables SNAT ip rules
+# - dropkern=1: drops RST packets generated by the kernel
# - txqueuelen=N: sets TX queue
# - gre=<> : enable GRE tunnelling - several formats supported
# - gre=true|yes|name : computes GRE key as a hash of slice name (so it's valid across federations)
opt_txqueuelen = None
opt_rp_filter = None
opt_snat = None
+opt_dropkern = None
opt_ovs_dp = None
opt_pointopoint = None
opt_gre = None
intval = int(val)
if val=="1":
opt_snat = True
+ elif opt=="dropkern":
+ intval = int(val)
+ if val=="1":
+ opt_dropkern = True
elif opt=="pointopoint":
opt_pointopoint = val.strip()
try:
cmd_iptables_pr = "/sbin/iptables -t nat -A POSTROUTING -s %s/%d -j SNAT --to-source %s --random" % (vip, vmask, public_src)
cmd_iptables_del_pr = "/sbin/iptables -t nat -D POSTROUTING -s %s/%d -j SNAT --to-source %s --random > /dev/null 2>&1" % (vip, vmask, public_src)
+cmd_iptables_dk = "/sinb/iptables -I OUTPUT -p tcp -s %s/%d --tcp-flags RST RST -j DROP"%(vip,vmask)
+cmd_iptables_del_dk = "/sinb/iptables -D OUTPUT -p tcp -s %s/%d --tcp-flags RST RST -j DROP"%(vip,vmask)
if opt_gre:
cmd_gre_setup = "modprobe ip_gre ; ip link add %s type %s remote %s local %s ttl 64 csum key %s" % (
if (opt_snat):
os.system(cmd_iptables_pr)
+os.system(cmd_iptables_del_dk)
+if (opt_snat):
+ os.system(cmd_iptables_dk)
+
# Process additional options
if opt_rp_filter is not None:
rp_cmd = "/sbin/sysctl net.ipv4.conf.%s.rp_filter=%s" % (vif, opt_rp_filter)