Persistent policy routes and the after.local script

English Network/Internet
1

This may be slightly OT for this forum. If so, please nudge me with a
suggestion and I’ll move it.

Picking up on an old thread (see “Saving policy routes and rules” in
this group if interested in the earlier discussion), I’ve been working
toward the goal of having my policy routes and rules reloaded at system
restart under openSUSE 12.1.

Suggestions from other (read: non-SUSE-specific) sources seem to focus
on adding these “ip rule add” and “ip route add” statements to rc.local.
As we do not have an rc.local per se, it seemed that an appropriate
place to put them would be in /etc/init.d/after.local.

To keep things neat, I created a new script in
/etc/systeconfig/network/scripts, called policy-routes. Here is a snippet:


#! /bin/sh
#
ip rule del from all lookup main
ip rule del from all lookup default
ip rule add from all pref 32767 lookup default
ip rule add from all pref 32766 lookup main
ip rule add from 192.168.102.2/32 table table2
ip rule add to 192.168.102.2/32 table table2
ip rule add tos 0x10 table table2
ip route add 192.168.102.0/24 dev eth0 src 192.168.102.2 table table2
ip route add default via 192.168.102.201 table table2

(The deletions and fresh additions of the main and default lookup table
rules are only there in case an ip rule flush is performed and this
script needs to be run again. Normally, it should not be necessary to
delete the main and default lookup rules, but if they are subsequently
re-added without a preference, they will be assigned a priority of 0,
and rules with a 0 priority apparently do not get flushed with ip rule
flush.)

The script is executable and when run manually, does what it is supposed
to do.

I have added the following (the only line) to after.local:


test "$RUNLEVEL" = "5" && /etc/sysconfig/network/scripts/policy-routes

Yet I see no evidence that after.local is calling policy-routes. ip rule
show reveals no rules added. Running it as root from a terminal,
however, does exactly what it is supposed to do.

Likewise, removing the above test, and simply placing the contents of
policy-routes into after.local yields the same results (i.e., removing
the runlevel condition).

It is/was my understanding that after.local is called after every
runlevel change.

Thoughts? Better place for these rules?

TIA


Lewis

Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC
visit my IT blog www.2rosenthals.net/wordpress

2

Knowing nothing from nothing … a few thoughts …
Firewall status – up before nic’s ?
Run levels for nic start before “5” … checking for ifup?
Nic asks dhcpd for IP and Routes?
/etc/sysconfig network status on - release/retain when down?
and have you check “ifstatus-route” ?

3

You need to read my blog on how to get the after.local file running in openSUSE 12.1

systemd and using the after.local script in openSUSE 12.1 - Blogs - openSUSE Forums

Thank You,

4

Okay, like I said “know nothing from nothing”, I’m running VM’s on 11.4 so I see I have something to think about if I upgrade … no offense, but I see you remaking the wheel here … why wouldn’t you use “/scripts/dhcpcd-hook” since it looks to me to be the place, according to it’s preamble?

5

The bottom line is that the after.local bash script does not work in openSUSE 12.1 after the switch to systemd. I give an example of how to get the after.local script to work. Its an example of what one might do in other such cases. rachelsdad indicated the after.local file did not work and my post shows you what to do. As always, if you know better, then go for it as I would love to hear what you would propose. Consider that systemd is here to stay, it continues to get better and such issues as the after.local fill will be fixed or superseded in the future. As mere users here, we learn how to live with what our openSUSE developers come up with.

Thank You,

6

On 08/30/12 10:06 pm, jdmcdaniel3 thus wrote :
>
> moduleight;2482750 Wrote:
>> Okay, like I said “know nothing from nothing”, I’m running VM’s on 11.4
>> so I see I have something to think about if I upgrade … no offense,
>> but I see you remaking the wheel here … why wouldn’t you use
>> “/scripts/dhcpcd-hook” since it looks to me to be the place, according
>> to it’s preamble?
>
> The bottom line is that the after.local bash script does not work in
> openSUSE 12.1 after the switch to systemd. I give an example of how to
> get the after.local script to work. Its an example of what one might do
> in other such cases. rachelsdad indicated the after.local file did not
> work and my post shows you what to do. As always, if you know better,
> then go for it as I would love to hear what you would propose. Consider
> that systemd is here to stay, it continues to get better and such issues
> as the after.local fill will be fixed or superseded in the future. As
> mere users here, we learn how to live with what our openSUSE developers
> come up with.
>
Thanks so much, guys (and especially thanks to James, who has hit the
proverbial nail on the head).

Great blog post!

Cheers


Lewis

Lewis G Rosenthal, CNA, CLP, CLE, CWTS
Rosenthal & Rosenthal, LLC
visit my IT blog www.2rosenthals.net/wordpress

7

I was very happy to help. After you get after.local running, if you have any comments or suggestions, please leave them in my blog. Good luck.

Thank You,