Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- # cleanup
- for i in br-filt br-dev veth-dev veth-filt; do
- [ -d /sys/class/net/$i ] && ip link del dev $i
- done
- ip -all netns del
- # create bridges
- ip link add br-filt type bridge
- ip link add br-dev type bridge
- ip link set br-filt up
- ip link set br-dev up
- # create netns and disable IPv6 globally
- ip netns add filt
- ip netns add dev
- sysctl -w net.ipv6.conf.all.disable_ipv6=1
- ip -all netns exec sysctl -w net.ipv6.conf.all.disable_ipv6=1
- # create veth pairs
- ip link add veth-dev type veth peer name veth0 netns dev
- ip link add veth-filt type veth peer name veth0 netns filt
- ip link set veth-filt up
- ip link set veth-dev up
- ip -n filt link set lo up
- ip -n filt link set veth0 up promisc on
- ip -n dev link set lo up
- ip -n dev link set veth0 up promisc on
- # add tc drop rule
- tc -n dev qdisc replace dev veth0 clsact
- tc -n dev filter add dev veth0 ingress matchall action gact drop
- tc -n filt qdisc replace dev veth0 clsact
- tc -n filt qdisc replace dev veth0 clsact
- # create vlan dev in bridge with netdev
- ip link add veth-dev.1 link veth-dev type vlan id 1
- ip link set veth-dev.1 master br-dev
- ip link set veth-dev.1 up
- # add plain veth in bridge with vlan filtering
- ip link set veth-filt master br-filt
- # set vlan filtering
- ip link set dev br-filt up type bridge vlan_filtering 1
- bridge vlan del vid 1 dev veth-filt
- bridge vlan add vid 1 dev veth-filt
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
