Persistent ip rule on Linux (Redhat)

Question

How can I configure a persistent ip rule on Linux (specifically Redhat based distros)? Is there no built in method? Is my only option adding to /etc/rc.d/rc.local or creating my own rc.d script?

Edit: For clarification I am not referring to iptables but the ip tool (which I don't think a lot of people are familiar with). In any case, the rule I am trying to persist is added with the following command:

# ip rule add fwmark 1 lookup 100
# ip rule
...
32765: from all fwmark 0x1 lookup 100
...

The only reference I've found to doing this is from Novell: http://www.novell.com/support/viewContent.do?externalId=7008874&sliceId=1 which recommends creating an rc.d script

Can you share the IP rule you'd like to persist? – ewwhite Apr 05 '12 at 18:34 — ewwhite, Apr 05 '12 at 18:34
Rule is `ip rule add fwmark 1 lookup 100` – brent Apr 05 '12 at 18:50 — brent, Apr 05 '12 at 18:50

score 12 · Accepted Answer · edited Dec 11 '14 at 21:52

As is customary I stumble upon the answer to my own problem shortly after asking :) Found an answer at http://grokbase.com/t/centos/centos/099bmc07mq/persisting-iproute2-routes-and-rules

On Redhat 5+ the /etc/sysconfig/network-scripts/ifup-routes script handles rule-* files. Relevant code below:

# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
    FILES="$FILES /etc/sysconfig/network-scripts/rule-$2"
fi

for file in $FILES; do
   if [ -f "$file" ]; then
       { cat "$file" ; echo ; } | while read line; do
           if [[ ! "$line" =~ $MATCH ]]; then
           /sbin/ip rule add $line
       fi
       done
   fi
done

Script for RHEL 6.5 (possibly older 6+):

# Routing rules
FILES="/etc/sysconfig/network-scripts/rule-$1 /etc/sysconfig/network-scripts/rule6-$1"
if [ -n "$2" -a "$2" != "$1" ]; then
FILES="$FILES /etc/sysconfig/network-scripts/rule-$2 /etc/sysconfig/network-scripts/rule6-$2"
fi

for file in $FILES; do
   if [ -f "$file" ]; then
       handle_ip_file $file
   fi
done

handle_ip_file() {
    local f t type= file=$1 proto="-4"
    f=${file##*/}
    t=${f%%-*}
    type=${t%%6}
    if [ "$type" != "$t" ]; then
        proto="-6"
    fi
    { cat "$file" ; echo ; } | while read line; do
        if [[ ! "$line" =~ $MATCH ]]; then
            /sbin/ip $proto $type add $line
        fi
    done
}

score 7 · Answer 2 · answered Feb 11 '15 at 14:36

The above is about 3/4 of the answer - the missing piece is how to format the /etc/sysconf/network-scripts/rule-ethX file. You also need to add the routing tables to /etc/iproute2/rt_tables:

# add a line with a table identifier and name:
100    ISPname

And add the rule file /etc/sysconfig/network-scripts/rule-eth0:

# rule-eth0
from 1.2.3.4/24 table {table name from /etc/iproute2/rt_tables}
to 1.2.3.4/24 table {table name from /etc/iproute2/rt_tables}

Note that the table names must match, and are case sensitive.

score 1 · Answer 3 · answered Jun 12 '13 at 15:48

1

note if you use priorities in these rule files for any of the rules, you have to use priorities for all the rules. Otherwise, the ones that don't have any priorities all get added to the priority 0 chain.

answered Jun 12 '13 at 15:48

sabujp

339
2
4

Persistent ip rule on Linux (Redhat)

3 Answers3