From 1ca9e0ab7dbcf8528af67cc52d72cfee0208609b Mon Sep 17 00:00:00 2001
From: Bart De Schuymer <bdschuym@pandora.be>
Date: Tue, 14 Jun 2005 19:27:53 +0000
Subject: Rok Papez <rok.papez_at_ames.si>

---
 userspace/arptables/arptables-restore | 71 +++++++++++++++++++++++++++++++++++
 userspace/arptables/arptables-save    | 55 +++++++++++++++++++++++++++
 2 files changed, 126 insertions(+)
 create mode 100644 userspace/arptables/arptables-restore
 create mode 100644 userspace/arptables/arptables-save

(limited to 'userspace/arptables')

diff --git a/userspace/arptables/arptables-restore b/userspace/arptables/arptables-restore
new file mode 100644
index 0000000..d672d54
--- /dev/null
+++ b/userspace/arptables/arptables-restore
@@ -0,0 +1,71 @@
+#!/usr/bin/perl -w
+#
+#
+# A script that imports text ebtables rules. Similar to iptables-restore.
+# It can be used to restore configuration from /etc/sysconfig/ebtables.
+#
+
+use strict;
+my $tool = "/sbin/arptables";
+my $table;
+my $rc;
+my $line;
+
+# ==============================
+# clear_arptables
+# - sets policy to accept
+# - flushes chains
+# - removes custom chains
+# ==============================
+sub clear_arptables {
+	$rc = `$tool -P INPUT ACCEPT`;
+	unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+	$rc = `$tool -P FORWARD ACCEPT`;
+	unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+	$rc = `$tool -P OUTPUT ACCEPT`;
+	unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+
+	$rc = `$tool -F`;
+	unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+
+	$rc = `$tool -L`;
+	unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+	
+	foreach $line (split("\n",$rc)) {
+		unless ($line =~ m/Chain\s(.*?)\s\(.*references\)/) { next; }
+		$rc = `$tool -X $1`;
+		unless($? == 0) { print "ERROR: $rc\n"; exit -1 };
+	}
+}
+# ==============================
+
+
+unless (-x $tool) { print "ERROR: $tool isn't executable\n"; exit -1; };
+&clear_arptables();
+
+$line = 0;
+while(<>) {
+    $line++;
+    if(m/^#/) { next; };
+    if(m/^$/) { next; };
+
+    if(m/^\*(.*)/) {
+        $table = $1;
+        next;
+    }
+
+    # Process a chain directive
+    if(m/^\:(.*?)\s(.*)/) {
+	# is it a user or a built in chain ?
+	if ("$2" eq "-") { 
+        	$rc = `$tool -t $table -N $1`;
+	        unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
+		next; 
+	}
+        $rc = `$tool -t $table -P $1 $2`;
+        unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
+        next;
+    }
+    $rc = `$tool -t $table $_`;
+    unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1};
+}
diff --git a/userspace/arptables/arptables-save b/userspace/arptables/arptables-save
new file mode 100644
index 0000000..84ad890
--- /dev/null
+++ b/userspace/arptables/arptables-save
@@ -0,0 +1,55 @@
+#!/usr/bin/perl -w
+#
+#
+# A script that generates text output of the arptables rules.
+# Similar to iptables-save.
+#
+# It can be used to store active configuration to /etc/sysconfig/arptables
+
+use strict;
+my $table;
+my $tool = "/sbin/arptables";
+
+# ========================================================
+# Process filter table
+# ========================================================
+sub process_table {
+    my $chain = "";
+    my $rules = "";
+    my $chains = "";
+    my $custom_chains = "";
+    my $line = "";
+
+    foreach $line (split("\n",$_[0])) {
+        if ($line =~ m/Chain\s(.*?)\s\(policy\s(.*?)\s/) {
+            $chains = $chains . ":$1 $2\n";
+            $chain = $1;
+            next;
+        }
+        if ($line =~ m/Chain\s(.*?)\s\(/) {
+            $custom_chains = $custom_chains . ":$1 -\n";
+            $chain = $1;
+            next;
+        }
+        if ($line =~ m/^$/) {
+            next;
+        }
+	# Due to arptables "issues" with displaying device names
+        # we need to use -v and then do some processing
+	$line =~ s/\s,\s.*//;
+        $rules = $rules . "-A $chain $line\n";
+    }
+
+    print "*filter\n";
+    print $chains;
+    print $custom_chains;
+    print $rules;
+    print "\n";
+}
+# ========================================================
+
+unless (-x "$tool") { print "ERROR: Tool $tool isn't executable"; exit -1; };
+$table =`$tool -t filter -L -v`;
+unless ($? == 0) { print $table; exit -1 };
+&process_table($table);
+
-- 
cgit v1.2.3