moth/packages/router/service/router/run

#! /bin/sh -e

exec 2>&1

echo 8192 > /proc/sys/net/ipv6/neigh/default/gc_thresh3
echo 4096 > /proc/sys/net/ipv6/neigh/default/gc_thresh2

PFX=fd84:b410:3441

log () {
    echo "router: $@"
    echo "router: $@" > /dev/console
}

if [ $(mount | grep -c /opt/) -gt 1 ]; then
    log "cannot run alongside other packages" > /dev/console
    exit 1
fi


# I'm a router
hostname router
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

# Bring up main ethernet interface
ip addr add $PFX:0::1/64 dev eth0
ip link set eth0 up

# Bring up vlans
for i in $(seq 24); do
  ip link add link eth0 name eth0.$i type vlan id $i
  ip addr add $PFX:$i::1/64 dev eth0.$i
  ip link set eth0.$i up
done

# Subnet route for SNL at TF4
ip route add fd80:1::/48 via fd84:b410:3441:24::2

# Drop SSH from non-management VLANs
ip6tables -A INPUT -s fd84:b410:3441:0::/64 -m tcp -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -m tcp -p tcp --dport 22 -j DROP
ip6tables -A FORWARD -d fd84:b410:3441:0::/64 -m tcp -p tcp --dport 22 -j DROP

sleep 8100d