Home / server / Questions / 377131
Accepted
brent
Asked: 2012-04-06 10:31:09 +0800 CST

Persistent ip rule on Linux (Redhat)

  • 772

How can I configure a persistent ip rule on Linux (specifically Redhat based distros)? Is there no built in method? Is my only option adding to /etc/rc.d/rc.local or creating my own rc.d script?

Edit: For clarification I am not referring to iptables but the ip tool (which I don't think a lot of people are familiar with). In any case, the rule I am trying to persist is added with the following command:

# ip rule add fwmark 1 lookup 100
# ip rule
...
32765: from all fwmark 0x1 lookup 100
...

The only reference I've found to doing this is from Novell: http://www.novell.com/support/viewContent.do?externalId=7008874&sliceId=1 which recommends creating an rc.d script

linux redhat networking

3 Answers

  1. Best Answer

    As is customary I stumble upon the answer to my own problem shortly after asking :) Found an answer at http://grokbase.com/t/centos/centos/099bmc07mq/persisting-iproute2-routes-and-rules

    On Redhat 5+ the /etc/sysconfig/network-scripts/ifup-routes script handles rule-* files. Relevant code below:

    # Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="$FILES /etc/sysconfig/network-scripts/rule-$2"
fi

for file in $FILES; do
   if [ -f "$file" ]; then
       { cat "$file" ; echo ; } | while read line; do
           if [[ ! "$line" =~ $MATCH ]]; then
           /sbin/ip rule add $line
       fi
       done
   fi
done

    Script for RHEL 6.5 (possibly older 6+):

    # Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
FILES="$FILES /etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2"
fi

for file in $FILES; do
   if [ -f "$file" ]; then
       handle_ip_file $file
   fi
done

handle_ip_file() {
    local f t type= file=$1 proto="-4"
    f=${file##*/}
    t=${f%%-*}
    type=${t%%6}
    if [ "$type" != "$t" ]; then
        proto="-6"
    fi
    { cat "$file" ; echo ; } | while read line; do
        if [[ ! "$line" =~ $MATCH ]]; then
            /sbin/ip $proto $type add $line
        fi
    done
}
    • 12

  2. The above is about 3/4 of the answer - the missing piece is how to format the /etc/sysconf/network-scripts/rule-ethX file. You also need to add the routing tables to /etc/iproute2/rt_tables:

    # add a line with a table identifier and name:
100    ISPname

    And add the rule file /etc/sysconfig/network-scripts/rule-eth0:

    # rule-eth0
from 1.2.3.4/24 table {table name from /etc/iproute2/rt_tables}
to 1.2.3.4/24 table {table name from /etc/iproute2/rt_tables}

    Note that the table names must match, and are case sensitive.

    • 7

  3. note if you use priorities in these rule files for any of the rules, you have to use priorities for all the rules. Otherwise, the ones that don't have any priorities all get added to the priority 0 chain.

    • 1