#!/bin/bash
ENABLE_HAPROXY=1
HA_RT_TABLE="haproxy"
RT_TABLES=/etc/iproute2/rt_tables
HAPROXY_IPMARK=1 # Id for packets to go to haproxy

ip46tables() {
    # simple function that run rule on both IPv4 and IPv6
    iptables "$@"
    ip6tables "$@"
}

###############################################################################
# Marking packets for haproxy
###############################################################################

ip46tables -t mangle --flush PREROUTING
if [ -n "$ENABLE_HAPROXY" ]
then
        sysctl -q -w net.ipv4.ip_nonlocal_bind=1
        ip46tables -t mangle -A PREROUTING -m socket --transparent -j MARK --set-mark $HAPROXY_IPMARK

        if grep -q $HA_RT_TABLE $RT_TABLES
        then
                for ipversion in 4 6
                do
                        # all packets marked by HAPROXY_IPMARK should be routed using $HA_RT_TABLE
                        ip -$ipversion rule del fwmark $HAPROXY_IPMARK
                        ip -$ipversion rule add fwmark $HAPROXY_IPMARK lookup $HA_RT_TABLE

                        # default for routing table $HA_RT_TABLE is to try local bind
                        # Note that net.ipv4.ip_nonlocal_bind=1
                        ip -$ipversion route flush table $HA_RT_TABLE
                        ip -$ipversion route add local default dev lo table $HA_RT_TABLE
                done
        else
                $LOGGER -p user.crit -- "$RT_TABLES does not have $HA_RT_TABLE entry. Consider running \"echo 100 $HA_RT_TABLE >> $RT_TABLES\". haproxy rules disabled."
        fi
else
        sysctl -q -w net.ipv4.ip_nonlocal_bind=0
fi