[gentoo-user] Re: Where to put advanced routing configuration?

[Grant Edwards <grant.b.edwards@gmail.com>]

On 2013-10-03, Kerin Millar <kerframil@fastmail.co.uk> wrote:
> On 03/10/2013 20:27, Grant Edwards wrote:
>
>> Let's say you wanted to configure routing of TCP packets based on
>> destination port like in this example:
>>
>>    http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.netfilter.html
>>
>> [which contains a series of 'ip' and 'iptables' commands to get packets
>> destined for port 25 to use a specific gateway.]
>>
>> How do do this the "right" way on a Gentoo system?

[Where to put iptables and ip routing config/commands]

> The iptables runscript is ideal for persisting the rules. However, 
> during the initial construction of a non-trivial ruleset, I prefer to 
> write a script that adds the rules. An elegant way of doing this is to 
> use iptables-restore with a heredoc. The method - and its advantages - 
> are described in this document (section 3):
>
> http://inai.de/documents/Perfect_Ruleset.pdf

Excellent reference.

>> What about the 'ip' commands required to set up the tables, routes,
>> and rules?  Do those go in a startup script somewhere? Does one just
>> edit /etc/iproute2/rt_tables by hand? One would assume route
>> configuration belongs
>
> I would use the files under /etc/iproute2 for their intended purpose
> and a postup() hook in conf.d/net for anything else. When the
> postup() function is entered, the IFACE variable is automatically set
> to the name of the interface that triggered the event. Anything that
> is valid bash can go there.

Cool.  That's the main piece I hadn't figured out yet.  Thanks!

-- 
Grant Edwards               grant.b.edwards        Yow! Now KEN and BARBIE
                                  at               are PERMANENTLY ADDICTED to
                              gmail.com            MIND-ALTERING DRUGS ...