[LARTC] Script To Delete All Routes and Rules

Carol Anne Ogdin caogdin@deepwoods.com
Thu, 8 May 2003 22:11:30 -0700


Dear Friends:
During my long learning process about routing and LARTC (which, I assert,
has only just begun), I've often longed for a script that would throw away
all my errant attempts at building a configuration, so I could start anew,
from a "tabula rasa."  Many months ago, I asked if anyone had such a
script, and never got quite what I needed.  So, I built my own.  And, in
the spirit of collaboration, from which I've so richly benefitted here, I'm
sharing it for all to use...PROVIDED, should you find errors or bugs or
make enhancements or improvements, please post them here (or email them to
me) so this can be an ever-improving tool for other newbies like me.

I call it "greenfield," because it restores the configuration to a pristine
condition, ready to be built upon.  In the process of tearing down routes,
it always leaves intact those routes on certain devices that are needed for
local administration (in my case, eth0 and lo), so I don't lose my
X-Windows access to the Linux box in the bargain.

#!/bin/bash

    #During debugging, show pre-execution conditions
    echo ***Before
    echo ...Rules...
    ip ru sh
    echo ...Routes...
    ip ro sh
    echo ...Rules for table WAN1...
    ip ro sh table WAN1
    echo ...Rules for table WAN2...
    ip ro sh table WAN2
    echo

#This script flushes all routes and rules, EXCEPT those specified to remain
# Copyright, 2003, Carol Anne Ogdin.  This script is freely available
# for use under the terms of the GNU General Public License published at
# http://www.gnu.org/copyleft/gpl.html.  Any improvements/enhancements
# gratefully accepted; send them to caogdin (at) deepwoods (dot) com.

# (Constants for the script)
# We must know the device names of interfaces (such as our local LAN, and
lo)
#  that should NEVER be taken down, so we can retain LAN-based control of
the
#  router (where our administrator is working).  For AWK, they're separated
#  by an "or" operator (vertical bar)
iifs="eth0|lo"                # interfaces we never touch (awk regexp)
# Next, we need to know the non-standard tables (if any) we use.  Again,
for
#  AWK, these need to be separated by vertical bars.
#  (In a future version, this information could be obtained by parsing
#  /etc/iproute2/rt_tables
ours="WAN1|WAN2"              # our table/lookup names used (awk regexp)
# (End of constants)

keepers="dev ($iifs)"         # devices NOT to be removed
tables="lookup ($ours)"       # rules that look like this are to be removed

# Initialize, and clean up any lingering stuff from prior test executions
# Step 1: Remove all default route(s), if any
#    Note a condition of this script:  Every ip ro sh and ip ru sh must
#    produce lines that are complete entries.  The only exception is the
#    "default" route which is separately deleted first because, if you're
#    configured for "split access," (see LARTC) may display on several
#    successive lines.
ip route delete default &>/dev/null  # Always get rid of default first
  # How the AWK program is constructed to delete all routes on $iifs
  # $0 !~ $keepers {{       Select only lines that aren't to be kept
  # print "ip route delete "Issue the command-building command
  # $0                        and output the routing table entry as
arguments
  # | "bash" }              Finally, pipe the constructed command to bash
# Step 2: Remove main routes not excluded by $keepers
ip route show | awk -v k="$keepers" '$0 !~ k \
    { print " ip route delete " $0 | "bash" }'
# Step 3: Remove all routes from our tables
for wan in ${ours//|/ }; do
  ip route flush table $wan &>/dev/null
done

# Remove all our rules
  # How the AWK program is constructed to get the results we want
  # $0 ~ $tables {{         Select only lines that are to be removed
  # sub(/from all /,"");    For those lines, delete any "from all " string
  # print "ip rule delete " Issue the command-building command
  # substr($0, 8)             and output all except the rule #
  # | "bash" }              Finally, pipe the constructed command to bash
ip rule show | awk -v k="$tables" '$0 ~ k \
    { sub(/from all/,""); print "ip rule delete " substr($0, 8) | "bash" }'

ip route flush cache        # Flush the cache so nothing lingers
# End of GNU General Public Licensed script.

    # While testing this script:  Show results.
    echo
    echo ***After
    echo ...Rules...
    ip ru sh
    echo ...Routes...
    ip ro sh
    echo ...Rules for table WAN1...
    ip ro sh table WAN1
    echo ...Rules for table WAN2...
    ip ro sh table WAN2

--Carol Anne
                                                                                    
 Carol Anne Ogdin            http://www.net-working.com                530/295-3657 
                                                                                    
 Deep Woods Technology, Inc.  http://www.deepwoods.com        CAOgdin@deepwoods.com 
                                                                                    
  Leveraging technology to                                                          
   restore the soul of the                                                          
        organization