diff options
| author | Bart De Schuymer <bdschuym@pandora.be> | 2005-06-14 19:27:53 +0000 |
|---|---|---|
| committer | Bart De Schuymer <bdschuym@pandora.be> | 2005-06-14 19:27:53 +0000 |
| commit | b8b9d15edc59dcdd36fff26ed825363e47dbe27b (patch) | |
| tree | 19e71a07b5f9cad58150835b880a70f29eed6a99 | |
| parent | eecf3118351ae866af6182792a5769f63ae94c69 (diff) | |
Rok Papez <rok.papez_at_ames.si>
| -rw-r--r-- | arptables-restore | 71 | ||||
| -rw-r--r-- | arptables-save | 55 |
2 files changed, 126 insertions, 0 deletions
diff --git a/arptables-restore b/arptables-restore new file mode 100644 index 0000000..d672d54 --- /dev/null +++ b/arptables-restore @@ -0,0 +1,71 @@ +#!/usr/bin/perl -w +# +# +# A script that imports text ebtables rules. Similar to iptables-restore. +# It can be used to restore configuration from /etc/sysconfig/ebtables. +# + +use strict; +my $tool = "/sbin/arptables"; +my $table; +my $rc; +my $line; + +# ============================== +# clear_arptables +# - sets policy to accept +# - flushes chains +# - removes custom chains +# ============================== +sub clear_arptables { + $rc = `$tool -P INPUT ACCEPT`; + unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; + $rc = `$tool -P FORWARD ACCEPT`; + unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; + $rc = `$tool -P OUTPUT ACCEPT`; + unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; + + $rc = `$tool -F`; + unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; + + $rc = `$tool -L`; + unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; + + foreach $line (split("\n",$rc)) { + unless ($line =~ m/Chain\s(.*?)\s\(.*references\)/) { next; } + $rc = `$tool -X $1`; + unless($? == 0) { print "ERROR: $rc\n"; exit -1 }; + } +} +# ============================== + + +unless (-x $tool) { print "ERROR: $tool isn't executable\n"; exit -1; }; +&clear_arptables(); + +$line = 0; +while(<>) { + $line++; + if(m/^#/) { next; }; + if(m/^$/) { next; }; + + if(m/^\*(.*)/) { + $table = $1; + next; + } + + # Process a chain directive + if(m/^\:(.*?)\s(.*)/) { + # is it a user or a built in chain ? + if ("$2" eq "-") { + $rc = `$tool -t $table -N $1`; + unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; + next; + } + $rc = `$tool -t $table -P $1 $2`; + unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; + next; + } + $rc = `$tool -t $table $_`; + unless($? == 0) {print "ERROR(line $line): $rc\n"; exit -1}; +} diff --git a/arptables-save b/arptables-save new file mode 100644 index 0000000..84ad890 --- /dev/null +++ b/arptables-save @@ -0,0 +1,55 @@ +#!/usr/bin/perl -w +# +# +# A script that generates text output of the arptables rules. +# Similar to iptables-save. +# +# It can be used to store active configuration to /etc/sysconfig/arptables + +use strict; +my $table; +my $tool = "/sbin/arptables"; + +# ======================================================== +# Process filter table +# ======================================================== +sub process_table { + my $chain = ""; + my $rules = ""; + my $chains = ""; + my $custom_chains = ""; + my $line = ""; + + foreach $line (split("\n",$_[0])) { + if ($line =~ m/Chain\s(.*?)\s\(policy\s(.*?)\s/) { + $chains = $chains . ":$1 $2\n"; + $chain = $1; + next; + } + if ($line =~ m/Chain\s(.*?)\s\(/) { + $custom_chains = $custom_chains . ":$1 -\n"; + $chain = $1; + next; + } + if ($line =~ m/^$/) { + next; + } + # Due to arptables "issues" with displaying device names + # we need to use -v and then do some processing + $line =~ s/\s,\s.*//; + $rules = $rules . "-A $chain $line\n"; + } + + print "*filter\n"; + print $chains; + print $custom_chains; + print $rules; + print "\n"; +} +# ======================================================== + +unless (-x "$tool") { print "ERROR: Tool $tool isn't executable"; exit -1; }; +$table =`$tool -t filter -L -v`; +unless ($? == 0) { print $table; exit -1 }; +&process_table($table); + |