On 22.10.2022 15.55, Ian Pilcher wrote:
On 10/19/22 17:05, Ian Pilcher wrote:
I've managed to get systemd-networkd to request and IPv6 prefix from my
ISP, and I can see it the journal. Now I need to programmatically
retrieve it, so that my home-grown scripts can set up the various
routes, address, firewall rules, etc.
(I know that systemd-networkd can allocate subnets from the delegated
prefix to local interfaces, but that's not what I need to do in this
case.)
Is there an API of some sort that my scripts can use? A file that I can
monitor/parse? A command that I can run?
My searches thus far are coming up disturbingly empty ...
Anyone?
For firewall integration, perhaps PR #24570 (once merged) could be
useful for you. Then the assigned prefix can be used in NFTables rules
with NFT sets.
This is better than using networkd-dispatcher or NetworkManager scripts,
since the sets will be updated immediately by networkd when the
addresses are available, but of course it can't cover all possible cases
where scripts could be used.
myif.network:
[DHCPPrefixDelegation]
NFTSet=inet:myfilter:myif_ipv6_address
nftables.conf:
table inet myfilter {
set myif_ipv6_address {
type ipv6_addr
flags interval
}
chain myservice_input {
ip saddr @myif_ipv6_address accept
drop
}
}
-Topi
